v10.17.0

Since the output encoding autodetection was introduced, this test was no longer correct.
That wasn't detected because of the expectOutput bug.

CHANGELOG.md

@@ -13,6 +13,36 @@ All major and minor version changes will be documented in this file. Details of
 
 ## Details
 
+### [10.17.0] - 2024-04-13
+- Fix unit test 'expectOutput' implementation [@zb3] | [#1783]
+- Add accessibility labels for icons [@e218736] | [#1743]
+- Add focus styling for keyboard navigation [@e218736] | [#1739]
+- Add support for operation option hiding [@TheZ3ro] | [#541]
+- Improve efficiency of RAKE implementation [@sw5678] | [#1751]
+- Require (a, 26) to be coprime in 'Affine Encode' [@EvieHarv] | [#1788]
+- Added 'JWK to PEM' operation [@cplussharp] | [#1277]
+- Added 'PEM to JWK' operation [@cplussharp] | [#1277]
+- Added 'Public Key from Certificate' operation [@cplussharp] | [#1642]
+- Added 'Public Key from Private Key' operation [@cplussharp] | [#1642]
+
+### [10.16.0] - 2024-04-12
+- Added 'JA4Server Fingerprint' operation [@n1474335] | [#1789]
+
+### [10.15.0] - 2024-04-02
+- Fix Ciphersaber2 key concatenation [@zb3] | [#1765]
+- Fix DeriveEVPKey's array parsing [@zb3] | [#1767]
+- Fix JWT operations [@a3957273] | [#1769]
+- Added 'Parse Certificate Signing Request' operation [@jkataja] | [#1504]
+- Added 'Extract Hash Values' operation [@MShwed] | [#512]
+- Added 'DateTime Delta' operation [@tomgond] | [#1732]
+
+### [10.14.0] - 2024-03-31
+- Added 'To Float' and 'From Float' operations [@tcode2k16] | [#1762]
+- Fix ChaCha raw export option [@joostrijneveld] | [#1606]
+- Update x86 disassembler vendor library [@evanreichard] | [#1197]
+- Allow variable Blowfish key sizes [@cbeuw] | [#933]
+- Added 'XXTEA' operation [@devcydo] | [#1361]
+
 ### [10.13.0] - 2024-03-30
 - Added 'FangURL' operation [@breakersall] [@arnydo] | [#1591] [#654]
 
@@ -403,6 +433,10 @@ All major and minor version changes will be documented in this file. Details of
 ## [4.0.0] - 2016-11-28
 -  Initial open source commit [@n1474335] | [b1d73a72](https://github.com/gchq/CyberChef/commit/b1d73a725dc7ab9fb7eb789296efd2b7e4b08306)
 
+[10.17.0]: https://github.com/gchq/CyberChef/releases/tag/v10.17.0
+[10.16.0]: https://github.com/gchq/CyberChef/releases/tag/v10.16.0
+[10.15.0]: https://github.com/gchq/CyberChef/releases/tag/v10.15.0
+[10.14.0]: https://github.com/gchq/CyberChef/releases/tag/v10.14.0
 [10.13.0]: https://github.com/gchq/CyberChef/releases/tag/v10.13.0
 [10.12.0]: https://github.com/gchq/CyberChef/releases/tag/v10.12.0
 [10.11.0]: https://github.com/gchq/CyberChef/releases/tag/v10.11.0
@@ -576,6 +610,15 @@ All major and minor version changes will be documented in this file. Details of
 [@simonw]: https://github.com/simonw
 [@chriswhite199]: https://github.com/chriswhite199
 [@breakersall]: https://github.com/breakersall
+[@evanreichard]: https://github.com/evanreichard
+[@devcydo]: https://github.com/devcydo
+[@zb3]: https://github.com/zb3
+[@jkataja]: https://github.com/jkataja
+[@tomgond]: https://github.com/tomgond
+[@e218736]: https://github.com/e218736
+[@TheZ3ro]: https://github.com/TheZ3ro
+[@EvieHarv]: https://github.com/EvieHarv
+[@cplussharp]: https://github.com/cplussharp
 
 
 [8ad18b]: https://github.com/gchq/CyberChef/commit/8ad18bc7db6d9ff184ba3518686293a7685bf7b7
@@ -703,10 +746,24 @@ All major and minor version changes will be documented in this file. Details of
 [#1667]: https://github.com/gchq/CyberChef/issues/1667
 [#1555]: https://github.com/gchq/CyberChef/issues/1555
 [#1694]: https://github.com/gchq/CyberChef/issues/1694
-[#1699]: https://github.com/gchq/CyberChef/issues/1694
+[#1699]: https://github.com/gchq/CyberChef/issues/1699
 [#1757]: https://github.com/gchq/CyberChef/issues/1757
 [#1752]: https://github.com/gchq/CyberChef/issues/1752
 [#1753]: https://github.com/gchq/CyberChef/issues/1753
 [#1750]: https://github.com/gchq/CyberChef/issues/1750
 [#1591]: https://github.com/gchq/CyberChef/issues/1591
 [#654]: https://github.com/gchq/CyberChef/issues/654
+[#1762]: https://github.com/gchq/CyberChef/issues/1762
+[#1606]: https://github.com/gchq/CyberChef/issues/1606
+[#1197]: https://github.com/gchq/CyberChef/issues/1197
+[#933]: https://github.com/gchq/CyberChef/issues/933
+[#1361]: https://github.com/gchq/CyberChef/issues/1361
+[#1765]: https://github.com/gchq/CyberChef/issues/1765
+[#1767]: https://github.com/gchq/CyberChef/issues/1767
+[#1769]: https://github.com/gchq/CyberChef/issues/1769
+[#1759]: https://github.com/gchq/CyberChef/issues/1759
+[#1504]: https://github.com/gchq/CyberChef/issues/1504
+[#512]: https://github.com/gchq/CyberChef/issues/512
+[#1732]: https://github.com/gchq/CyberChef/issues/1732
+[#1789]: https://github.com/gchq/CyberChef/issues/1789
+

Gruntfile.js

@@ -86,10 +86,12 @@ module.exports = function (grunt) {
 
 
     // Project configuration
-    const compileTime = grunt.template.today("UTC:dd/mm/yyyy HH:MM:ss") + " UTC",
+    const compileYear = grunt.template.today("UTC:yyyy"),
+        compileTime = grunt.template.today("UTC:dd/mm/yyyy HH:MM:ss") + " UTC",
         pkg = grunt.file.readJSON("package.json"),
         webpackConfig = require("./webpack.config.js"),
         BUILD_CONSTANTS = {
+            COMPILE_YEAR: JSON.stringify(compileYear),
             COMPILE_TIME: JSON.stringify(compileTime),
             COMPILE_MSG: JSON.stringify(grunt.option("compile-msg") || grunt.option("msg") || ""),
             PKG_VERSION: JSON.stringify(pkg.version),
@@ -125,6 +127,7 @@ module.exports = function (grunt) {
                         filename: "index.html",
                         template: "./src/web/html/index.html",
                         chunks: ["main"],
+                        compileYear: compileYear,
                         compileTime: compileTime,
                         version: pkg.version,
                         minify: {
@@ -227,6 +230,7 @@ module.exports = function (grunt) {
                         filename: "index.html",
                         template: "./src/web/html/index.html",
                         chunks: ["main"],
+                        compileYear: compileYear,
                         compileTime: compileTime,
                         version: pkg.version,
                     })

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "cyberchef",
-  "version": "10.13.0",
+  "version": "10.17.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "cyberchef",
-      "version": "10.13.0",
+      "version": "10.17.0",
       "hasInstallScript": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -46,6 +46,7 @@
         "flat": "^6.0.1",
         "geodesy": "1.1.3",
         "highlight.js": "^11.9.0",
+        "ieee754": "^1.1.13",
         "jimp": "^0.16.13",
         "jquery": "3.7.1",
         "js-crc": "^0.2.0",
@@ -53,7 +54,7 @@
         "jsesc": "^3.0.2",
         "json5": "^2.2.3",
         "jsonpath-plus": "^8.0.0",
-        "jsonwebtoken": "^9.0.0",
+        "jsonwebtoken": "8.5.1",
         "jsqr": "^1.4.0",
         "jsrsasign": "^11.1.0",
         "kbpgp": "2.1.15",
@@ -9711,9 +9712,9 @@
       }
     },
     "node_modules/jsonwebtoken": {
-      "version": "9.0.2",
-      "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-9.0.2.tgz",
-      "integrity": "sha512-PRp66vJ865SSqOlgqS8hujT5U4AOgMfhrwYIuIhfKaoSCZcirrmASQr8CX7cUg+RMih+hgznrjp99o+W4pJLHQ==",
+      "version": "8.5.1",
+      "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-8.5.1.tgz",
+      "integrity": "sha512-XjwVfRS6jTMsqYs0EsuJ4LGxXV14zQybNd4L2r0UvbVnSF9Af8x7p5MzbJ90Ioz/9TI41/hTCvznF/loiSzn8w==",
       "dependencies": {
         "jws": "^3.2.2",
         "lodash.includes": "^4.3.0",
@@ -9724,43 +9725,21 @@
         "lodash.isstring": "^4.0.1",
         "lodash.once": "^4.0.0",
         "ms": "^2.1.1",
-        "semver": "^7.5.4"
+        "semver": "^5.6.0"
       },
       "engines": {
-        "node": ">=12",
-        "npm": ">=6"
-      }
-    },
-    "node_modules/jsonwebtoken/node_modules/lru-cache": {
-      "version": "6.0.0",
-      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz",
-      "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==",
-      "dependencies": {
-        "yallist": "^4.0.0"
-      },
-      "engines": {
-        "node": ">=10"
+        "node": ">=4",
+        "npm": ">=1.4.28"
       }
     },
     "node_modules/jsonwebtoken/node_modules/semver": {
-      "version": "7.6.0",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.0.tgz",
-      "integrity": "sha512-EnwXhrlwXMk9gKu5/flx5sv/an57AkRplG3hTK68W7FRDN+k+OWBj65M7719OkA82XLBxrcX0KSHj+X5COhOVg==",
-      "dependencies": {
-        "lru-cache": "^6.0.0"
-      },
+      "version": "5.7.1",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz",
+      "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==",
       "bin": {
-        "semver": "bin/semver.js"
-      },
-      "engines": {
-        "node": ">=10"
+        "semver": "bin/semver"
       }
     },
-    "node_modules/jsonwebtoken/node_modules/yallist": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz",
-      "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A=="
-    },
     "node_modules/jsqr": {
       "version": "1.4.0",
       "license": "Apache-2.0"

package.json

@@ -1,6 +1,6 @@
 {
   "name": "cyberchef",
-  "version": "10.13.0",
+  "version": "10.17.0",
   "description": "The Cyber Swiss Army Knife for encryption, encoding, compression and data analysis.",
   "author": "n1474335 <n1474335@gmail.com>",
   "homepage": "https://gchq.github.io/CyberChef",
@@ -122,6 +122,7 @@
     "escodegen": "^2.1.0",
     "esprima": "^4.0.1",
     "exif-parser": "^0.1.12",
+    "ieee754": "^1.1.13",
     "fernet": "^0.3.2",
     "file-saver": "^2.0.5",
     "flat": "^6.0.1",
@@ -134,7 +135,7 @@
     "jsesc": "^3.0.2",
     "json5": "^2.2.3",
     "jsonpath-plus": "^8.0.0",
-    "jsonwebtoken": "^9.0.0",
+    "jsonwebtoken": "8.5.1",
     "jsqr": "^1.4.0",
     "jsrsasign": "^11.1.0",
     "kbpgp": "2.1.15",

src/core/Utils.mjs

@@ -893,7 +893,7 @@ class Utils {
 
 
     /**
-     * Converts a string to it's title case equivalent.
+     * Converts a string to its title case equivalent.
      *
      * @param {string} str
      * @returns string

src/core/config/Categories.json

@@ -14,6 +14,8 @@
             "From Charcode",
             "To Decimal",
             "From Decimal",
+            "To Float",
+            "From Float",
             "To Binary",
             "From Binary",
             "To Octal",
@@ -153,7 +155,8 @@
             "Typex",
             "Lorenz",
             "Colossus",
-            "SIGABA"
+            "SIGABA",
+            "XXTEA"
         ]
     },
     {
@@ -165,6 +168,8 @@
             "Hex to PEM",
             "Hex to Object Identifier",
             "Object Identifier to Hex",
+            "PEM to JWK",
+            "JWK to PEM",
             "Generate PGP Key Pair",
             "PGP Encrypt",
             "PGP Decrypt",
@@ -176,7 +181,10 @@
             "RSA Verify",
             "RSA Encrypt",
             "RSA Decrypt",
-            "Parse SSH Host Key"
+            "Parse SSH Host Key",
+            "Parse CSR",
+            "Public Key from Certificate",
+            "Public Key from Private Key"
         ]
     },
     {
@@ -234,6 +242,7 @@
             "JA3 Fingerprint",
             "JA3S Fingerprint",
             "JA4 Fingerprint",
+            "JA4Server Fingerprint",
             "HASSH Client Fingerprint",
             "HASSH Server Fingerprint",
             "Format MAC addresses",
@@ -318,6 +327,7 @@
             "To UNIX Timestamp",
             "Windows Filetime to UNIX Timestamp",
             "UNIX Timestamp to Windows Filetime",
+            "DateTime Delta",
             "Extract dates",
             "Get Time",
             "Sleep"
@@ -334,6 +344,7 @@
             "Extract domains",
             "Extract file paths",
             "Extract dates",
+            "Extract hashes",
             "Regular expression",
             "XPath expression",
             "JPath expression",
@@ -382,7 +393,6 @@
             "SHA2",
             "SHA3",
             "SM3",
-            "MurmurHash3",
             "Keccak",
             "Shake",
             "RIPEMD",
@@ -407,6 +417,7 @@
             "Scrypt",
             "NT Hash",
             "LM Hash",
+            "MurmurHash3",
             "Fletcher-8 Checksum",
             "Fletcher-16 Checksum",
             "Fletcher-32 Checksum",

src/core/config/scripts/newOperation.mjs

@@ -147,7 +147,7 @@ class ${moduleName} extends Operation {
         this.name = "${result.opName}";
         this.module = "${result.module}";
         this.description = "${(new EscapeString).run(result.description, ["Special chars", "Double"])}";
-        this.infoURL = "${result.infoURL}";
+        this.infoURL = "${result.infoURL}"; // Usually a Wikipedia link. Remember to remove localisation (i.e. https://wikipedia.org/etc rather than https://en.wikipedia.org/etc)
         this.inputType = "${result.inputType}";
         this.outputType = "${result.outputType}";
         this.args = [

src/core/lib/CipherSaber2.mjs

@@ -4,7 +4,7 @@
  * @license Apache-2.0
  */
 export function encode(tempIVP, key, rounds, input) {
-    const ivp = new Uint8Array(key.concat(tempIVP));
+    const ivp = new Uint8Array([...key, ...tempIVP]);
     const state = new Array(256).fill(0);
     let j = 0, i = 0;
     const result = [];

src/core/lib/Ciphers.mjs

@@ -3,6 +3,7 @@
  *
  * @author Matt C [matt@artemisbot.uk]
  * @author n1474335 [n1474335@gmail.com]
+ * @author Evie H [evie@evie.sh]
  *
  * @copyright Crown Copyright 2018
  * @license Apache-2.0
@@ -10,6 +11,7 @@
  */
 
 import OperationError from "../errors/OperationError.mjs";
+import Utils from "../Utils.mjs";
 import CryptoJS from "crypto-js";
 
 /**
@@ -30,6 +32,10 @@ export function affineEncode(input, args) {
         throw new OperationError("The values of a and b can only be integers.");
     }
 
+    if (Utils.gcd(a, 26) !== 1) {
+        throw new OperationError("The value of `a` must be coprime to 26.");
+    }
+
     for (let i = 0; i < input.length; i++) {
         if (alphabet.indexOf(input[i]) >= 0) {
             // Uses the affine function ax+b % m = y (where m is length of the alphabet)

src/core/lib/FileSignatures.mjs

@@ -81,7 +81,7 @@ export const FILE_SIGNATURES = {
                 0: 0x00,
                 1: 0x00,
                 2: 0x00,
-                // 3 could be 0x24 or 0x18, so skip it
+                3: [0x24, 0x18],
                 4: 0x66, // ftypheic
                 5: 0x74,
                 6: 0x79,
@@ -2748,7 +2748,7 @@ export function extractGIF(bytes, offset) {
         stream.moveForwardsBy(11);
 
         // Loop until next Graphic Control Extension.
-        while (stream.getBytes(2) !== [0x21, 0xf9]) {
+        while (!Array.from(stream.getBytes(2)).equals([0x21, 0xf9])) {
             stream.moveBackwardsBy(2);
             stream.moveForwardsBy(stream.readInt(1));
             if (!stream.readInt(1))

src/core/lib/JA4.mjs

@@ -25,6 +25,9 @@ export function toJA4(bytes) {
     let tlsr = {};
     try {
         tlsr = parseTLSRecord(bytes);
+        if (tlsr.handshake.value.handshakeType.value !== 0x01) {
+            throw new Error();
+        }
     } catch (err) {
         throw new OperationError("Data is not a valid TLS Client Hello. QUIC is not yet supported.\n" + err);
     }
@@ -48,16 +51,7 @@ export function toJA4(bytes) {
             break;
         }
     }
-    switch (version) {
-        case 0x0304: version = "13"; break; // TLS 1.3
-        case 0x0303: version = "12"; break; // TLS 1.2
-        case 0x0302: version = "11"; break; // TLS 1.1
-        case 0x0301: version = "10"; break; // TLS 1.0
-        case 0x0300: version = "s3"; break; // SSL 3.0
-        case 0x0200: version = "s2"; break; // SSL 2.0
-        case 0x0100: version = "s1"; break; // SSL 1.0
-        default: version = "00"; // Unknown
-    }
+    version = tlsVersionMapper(version);
 
     /* SNI
         If the SNI extension (0x0000) exists, then the destination of the connection is a domain, or “d” in the fingerprint.
@@ -99,6 +93,7 @@ export function toJA4(bytes) {
         if (ext.type.value === "application_layer_protocol_negotiation") {
             alpn = parseFirstALPNValue(ext.value.data);
             alpn = alpn.charAt(0) + alpn.charAt(alpn.length - 1);
+            if (alpn.charCodeAt(0) > 127) alpn = "99";
             break;
         }
     }
@@ -164,3 +159,106 @@ export function toJA4(bytes) {
         "JA4_ro": `${ptype}${version}${sni}${cipherLen}${extLen}${alpn}_${originalCiphersRaw}_${originalExtensionsRaw}`,
     };
 }
+
+
+/**
+ * Calculate the JA4Server from a given TLS Server Hello Stream
+ * @param {Uint8Array} bytes
+ * @returns {string}
+ */
+export function toJA4S(bytes) {
+    let tlsr = {};
+    try {
+        tlsr = parseTLSRecord(bytes);
+        if (tlsr.handshake.value.handshakeType.value !== 0x02) {
+            throw new Error();
+        }
+    } catch (err) {
+        throw new OperationError("Data is not a valid TLS Server Hello. QUIC is not yet supported.\n" + err);
+    }
+
+    /* QUIC
+        “q” or “t”, which denotes whether the hello packet is for QUIC or TCP.
+        TODO: Implement QUIC
+    */
+    const ptype = "t";
+
+    /* TLS Version
+        TLS version is shown in 3 different places. If extension 0x002b exists (supported_versions), then the version
+        is the highest value in the extension. Remember to ignore GREASE values. If the extension doesn’t exist, then
+        the TLS version is the value of the Protocol Version. Handshake version (located at the top of the packet)
+        should be ignored.
+    */
+    let version = tlsr.version.value;
+    for (const ext of tlsr.handshake.value.extensions.value) {
+        if (ext.type.value === "supported_versions") {
+            version = parseHighestSupportedVersion(ext.value.data);
+            break;
+        }
+    }
+    version = tlsVersionMapper(version);
+
+    /* Number of Extensions
+        2 character number of cipher suites, so if there’s 6 cipher suites in the hello packet, then the value should be “06”.
+        If there’s > 99, which there should never be, then output “99”.
+    */
+    let extLen = tlsr.handshake.value.extensions.value.length;
+    extLen = extLen > 99 ? "99" : extLen.toString().padStart(2, "0");
+
+    /* ALPN Extension Chosen Value
+        The first and last characters of the ALPN (Application-Layer Protocol Negotiation) first value.
+        If there are no ALPN values or no ALPN extension then we print “00” as the value in the fingerprint.
+    */
+    let alpn = "00";
+    for (const ext of tlsr.handshake.value.extensions.value) {
+        if (ext.type.value === "application_layer_protocol_negotiation") {
+            alpn = parseFirstALPNValue(ext.value.data);
+            alpn = alpn.charAt(0) + alpn.charAt(alpn.length - 1);
+            if (alpn.charCodeAt(0) > 127) alpn = "99";
+            break;
+        }
+    }
+
+    /* Chosen Cipher
+        The hex value of the chosen cipher suite
+    */
+    const cipher = toHexFast(tlsr.handshake.value.cipherSuite.data);
+
+    /* Extension hash
+        A 12 character truncated sha256 hash of the list of extensions.
+        The extension list is created using the 4 character hex values of the extensions, lower case, comma delimited.
+    */
+    const extensionsList = [];
+    for (const ext of tlsr.handshake.value.extensions.value) {
+        extensionsList.push(toHexFast(ext.type.data));
+    }
+    const extensionsRaw = extensionsList.join(",");
+    const extensionsHash = runHash(
+        "sha256",
+        Utils.strToArrayBuffer(extensionsRaw)
+    ).substring(0, 12);
+
+    return {
+        "JA4S":    `${ptype}${version}${extLen}${alpn}_${cipher}_${extensionsHash}`,
+        "JA4S_r":  `${ptype}${version}${extLen}${alpn}_${cipher}_${extensionsRaw}`,
+    };
+}
+
+
+/**
+ * Takes a TLS version value and returns a JA4 TLS version string
+ * @param {Uint8Array} version - Two byte array of version number
+ * @returns {string}
+ */
+function tlsVersionMapper(version) {
+    switch (version) {
+        case 0x0304: return "13"; // TLS 1.3
+        case 0x0303: return "12"; // TLS 1.2
+        case 0x0302: return "11"; // TLS 1.1
+        case 0x0301: return "10"; // TLS 1.0
+        case 0x0300: return "s3"; // SSL 3.0
+        case 0x0200: return "s2"; // SSL 2.0
+        case 0x0100: return "s1"; // SSL 1.0
+        default: return "00"; // Unknown
+    }
+}

src/core/lib/TLS.mjs

@@ -70,13 +70,11 @@ function parseHandshake(bytes) {
 
     // Handshake type
     h.handshakeType = {
-        description: "Client Hello",
+        description: "Handshake Type",
         length: 1,
         data: b.getBytes(1),
         value: s.readInt(1)
     };
-    if (h.handshakeType.value !== 0x01)
-        throw new OperationError("Not a Client Hello.");
 
     // Handshake length
     h.handshakeLength = {
@@ -86,8 +84,33 @@ function parseHandshake(bytes) {
         value: s.readInt(3)
     };
     if (s.length !== h.handshakeLength.value + 4)
-        throw new OperationError("Not enough data in Client Hello.");
+        throw new OperationError("Not enough data in Handshake message.");
 
+
+    switch (h.handshakeType.value) {
+        case 0x01:
+            h.handshakeType.description = "Client Hello";
+            parseClientHello(s, b, h);
+            break;
+        case 0x02:
+            h.handshakeType.description = "Server Hello";
+            parseServerHello(s, b, h);
+            break;
+        default:
+            throw new OperationError("Not a known handshake message.");
+    }
+
+    return h;
+}
+
+/**
+ * Parse a TLS Client Hello
+ * @param {Stream} s
+ * @param {Stream} b
+ * @param {Object} h
+ * @returns {JSON}
+ */
+function parseClientHello(s, b, h) {
     // Hello version
     h.helloVersion = {
         description: "Client Hello Version",
@@ -171,6 +194,79 @@ function parseHandshake(bytes) {
     return h;
 }
 
+/**
+ * Parse a TLS Server Hello
+ * @param {Stream} s
+ * @param {Stream} b
+ * @param {Object} h
+ * @returns {JSON}
+ */
+function parseServerHello(s, b, h) {
+    // Hello version
+    h.helloVersion = {
+        description: "Server Hello Version",
+        length: 2,
+        data: b.getBytes(2),
+        value: s.readInt(2)
+    };
+
+    // Random
+    h.random = {
+        description: "Server Random",
+        length: 32,
+        data: b.getBytes(32),
+        value: s.getBytes(32)
+    };
+
+    // Session ID Length
+    h.sessionIDLength = {
+        description: "Session ID Length",
+        length: 1,
+        data: b.getBytes(1),
+        value: s.readInt(1)
+    };
+
+    // Session ID
+    h.sessionID = {
+        description: "Session ID",
+        length: h.sessionIDLength.value,
+        data: b.getBytes(h.sessionIDLength.value),
+        value: s.getBytes(h.sessionIDLength.value)
+    };
+
+    // Cipher Suite
+    h.cipherSuite = {
+        description: "Selected Cipher Suite",
+        length: 2,
+        data: b.getBytes(2),
+        value: CIPHER_SUITES_LOOKUP[s.readInt(2)] || "Unknown"
+    };
+
+    // Compression Method
+    h.compressionMethod = {
+        description: "Selected Compression Method",
+        length: 1,
+        data: b.getBytes(1),
+        value: s.readInt(1) // TODO: Compression method name here
+    };
+
+    // Extensions Length
+    h.extensionsLength = {
+        description: "Extensions Length",
+        length: 2,
+        data: b.getBytes(2),
+        value: s.readInt(2)
+    };
+
+    // Extensions
+    h.extensions = {
+        description: "Extensions",
+        length: h.extensionsLength.value,
+        data: b.getBytes(h.extensionsLength.value),
+        value: parseExtensions(s.getBytes(h.extensionsLength.value))
+    };
+}
+
 /**
  * Parse Cipher Suites
  * @param {Uint8Array} bytes
@@ -748,6 +844,11 @@ export const GREASE_VALUES = [
 export function parseHighestSupportedVersion(bytes) {
     const s = new Stream(bytes);
 
+    // The Server Hello supported_versions extension simply contains the chosen version
+    if (s.length === 2) {
+        return s.readInt(2);
+    }
+
     // Length
     let i = s.readInt(1);
 

src/core/operations/BlowfishDecrypt.mjs

@@ -70,10 +70,14 @@ class BlowfishDecrypt extends Operation {
             inputType = args[3],
             outputType = args[4];
 
-        if (key.length !== 8) {
+        if (key.length < 4 || key.length > 56) {
             throw new OperationError(`Invalid key length: ${key.length} bytes
 
-Blowfish uses a key length of 8 bytes (64 bits).`);
+Blowfish's key length needs to be between 4 and 56 bytes (32-448 bits).`);
+        }
+
+        if (iv.length !== 8) {
+            throw new OperationError(`Invalid IV length: ${iv.length} bytes. Expected 8 bytes`);
         }
 
         input = Utils.convertToByteString(input, inputType);

src/core/operations/BlowfishEncrypt.mjs

@@ -70,10 +70,14 @@ class BlowfishEncrypt extends Operation {
             inputType = args[3],
             outputType = args[4];
 
-        if (key.length !== 8) {
+        if (key.length < 4 || key.length > 56) {
             throw new OperationError(`Invalid key length: ${key.length} bytes
+    
+Blowfish's key length needs to be between 4 and 56 bytes (32-448 bits).`);
+        }
 
-Blowfish uses a key length of 8 bytes (64 bits).`);
+        if (iv.length !== 8) {
+            throw new OperationError(`Invalid IV length: ${iv.length} bytes. Expected 8 bytes`);
         }
 
         input = Utils.convertToByteString(input, inputType);

src/core/operations/ChaCha.mjs

@@ -100,7 +100,7 @@ class ChaCha extends Operation {
         super();
 
         this.name = "ChaCha";
-        this.module = "Default";
+        this.module = "Ciphers";
         this.description = "ChaCha is a stream cipher designed by Daniel J. Bernstein. It is a variant of the Salsa stream cipher. Several parameterizations exist; 'ChaCha' may refer to the original construction, or to the variant as described in RFC-8439. ChaCha is often used with Poly1305, in the ChaCha20-Poly1305 AEAD construction.<br><br><b>Key:</b> ChaCha uses a key of 16 or 32 bytes (128 or 256 bits).<br><br><b>Nonce:</b> ChaCha uses a nonce of 8 or 12 bytes (64 or 96 bits).<br><br><b>Counter:</b> ChaCha uses a counter of 4 or 8 bytes (32 or 64 bits); together, the nonce and counter must add up to 16 bytes. The counter starts at zero at the start of the keystream, and is incremented at every 64 bytes.";
         this.infoURL = "https://wikipedia.org/wiki/Salsa20#ChaCha_variant";
         this.inputType = "string";
@@ -191,7 +191,7 @@ ChaCha uses a nonce of 8 or 12 bytes (64 or 96 bits).`);
         if (outputType === "Hex") {
             return toHex(output);
         } else {
-            return Utils.arrayBufferToStr(output);
+            return Utils.arrayBufferToStr(Uint8Array.from(output).buffer);
         }
     }
 

src/core/operations/DateTimeDelta.mjs

@@ -0,0 +1,107 @@
+/**
+ * @author tomgond [tom.gonda@gmail.com]
+ * @copyright Crown Copyright 2024
+ * @license Apache-2.0
+ */
+
+import Operation from "../Operation.mjs";
+import moment from "moment-timezone";
+import {DATETIME_FORMATS, FORMAT_EXAMPLES} from "../lib/DateTime.mjs";
+
+/**
+ * DateTime Delta operation
+ */
+class DateTimeDelta extends Operation {
+
+    /**
+     * DateTimeDelta constructor
+     */
+    constructor() {
+        super();
+
+        this.name = "DateTime Delta";
+        this.module = "Default";
+        this.description = "Calculates a new DateTime value given an input DateTime value and a time difference (delta) from the input DateTime value.";
+        this.inputType = "string";
+        this.outputType = "html";
+        this.args = [
+            {
+                "name": "Built in formats",
+                "type": "populateOption",
+                "value": DATETIME_FORMATS,
+                "target": 1
+            },
+            {
+                "name": "Input format string",
+                "type": "binaryString",
+                "value": "DD/MM/YYYY HH:mm:ss"
+            },
+            {
+                "name": "Time Operation",
+                "type": "option",
+                "value": ["Add", "Subtract"]
+            },
+            {
+                "name": "Days",
+                "type": "number",
+                "value": 0
+            },
+            {
+                "name": "Hours",
+                "type": "number",
+                "value": 0
+            },
+            {
+                "name": "Minutes",
+                "type": "number",
+                "value": 0
+            },
+            {
+                "name": "Seconds",
+                "type": "number",
+                "value": 0
+            }
+
+        ];
+    }
+
+
+    /**
+     * @param {string} input
+     * @param {Object[]} args
+     * @returns {string}
+     */
+    run(input, args) {
+        const inputTimezone = "UTC";
+        const inputFormat = args[1];
+        const operationType = args[2];
+        const daysDelta = args[3];
+        const hoursDelta = args[4];
+        const minutesDelta = args[5];
+        const secondsDelta = args[6];
+        let date = "";
+
+        try {
+            date = moment.tz(input, inputFormat, inputTimezone);
+            if (!date || date.format() === "Invalid date") throw Error;
+        } catch (err) {
+            return `Invalid format.\n\n${FORMAT_EXAMPLES}`;
+        }
+        let newDate;
+        if (operationType === "Add") {
+            newDate = date.add(daysDelta, "days")
+                .add(hoursDelta, "hours")
+                .add(minutesDelta, "minutes")
+                .add(secondsDelta, "seconds");
+
+        } else {
+            newDate = date.add(-daysDelta, "days")
+                .add(-hoursDelta, "hours")
+                .add(-minutesDelta, "minutes")
+                .add(-secondsDelta, "seconds");
+        }
+        return newDate.tz(inputTimezone).format(inputFormat.replace(/[<>]/g, ""));
+    }
+}
+
+export default DateTimeDelta;

src/core/operations/DeriveEVPKey.mjs

@@ -62,11 +62,13 @@ class DeriveEVPKey extends Operation {
      * @returns {string}
      */
     run(input, args) {
-        const passphrase = Utils.convertToByteString(args[0].string, args[0].option),
+        const passphrase = CryptoJS.enc.Latin1.parse(
+                Utils.convertToByteString(args[0].string, args[0].option)),
             keySize = args[1] / 32,
             iterations = args[2],
             hasher = args[3],
-            salt = Utils.convertToByteString(args[4].string, args[4].option),
+            salt = CryptoJS.enc.Latin1.parse(
+                Utils.convertToByteString(args[4].string, args[4].option)),
             key = CryptoJS.EvpKDF(passphrase, salt, { // lgtm [js/insufficient-password-hash]
                 keySize: keySize,
                 hasher: CryptoJS.algo[hasher],

src/core/operations/ExtractHashes.mjs

@@ -0,0 +1,84 @@
+/**
+ * @author mshwed [m@ttshwed.com]
+ * @copyright Crown Copyright 2019
+ * @license Apache-2.0
+ */
+
+import Operation from "../Operation.mjs";
+import { search } from "../lib/Extract.mjs";
+
+/**
+ * Extract Hash Values operation
+ */
+class ExtractHashes extends Operation {
+
+    /**
+     * ExtractHashValues constructor
+     */
+    constructor() {
+        super();
+
+        this.name = "Extract hashes";
+        this.module = "Regex";
+        this.description = "Extracts potential hashes based on hash character length";
+        this.infoURL = "https://wikipedia.org/wiki/Comparison_of_cryptographic_hash_functions";
+        this.inputType = "string";
+        this.outputType = "string";
+        this.args = [
+            {
+                name: "Hash character length",
+                type: "number",
+                value: 40
+            },
+            {
+                name: "All hashes",
+                type: "boolean",
+                value: false
+            },
+            {
+                name: "Display Total",
+                type: "boolean",
+                value: false
+            }
+        ];
+    }
+
+    /**
+     * @param {string} input
+     * @param {Object[]} args
+     * @returns {string}
+     */
+    run(input, args) {
+        const results = [];
+        let hashCount = 0;
+
+        const [hashLength, searchAllHashes, showDisplayTotal] = args;
+
+        // Convert character length to bit length
+        let hashBitLengths = [(hashLength / 2) * 8];
+
+        if (searchAllHashes) hashBitLengths = [4, 8, 16, 32, 64, 128, 160, 192, 224, 256, 320, 384, 512, 1024];
+
+        for (const hashBitLength of hashBitLengths) {
+            // Convert bit length to character length
+            const hashCharacterLength = (hashBitLength / 8) * 2;
+
+            const regex = new RegExp(`(\\b|^)[a-f0-9]{${hashCharacterLength}}(\\b|$)`, "g");
+            const searchResults = search(input, regex, null, false);
+
+            hashCount += searchResults.length;
+            results.push(...searchResults);
+        }
+
+        let output = "";
+        if (showDisplayTotal) {
+            output = `Total Results: ${hashCount}\n\n`;
+        }
+
+        output = output + results.join("\n");
+        return output;
+    }
+
+}
+
+export default ExtractHashes;

src/core/operations/FangURL.mjs

@@ -20,6 +20,7 @@ class FangURL extends Operation {
         this.name = "Fang URL";
         this.module = "Default";
         this.description = "Takes a 'Defanged' Universal Resource Locator (URL) and 'Fangs' it. Meaning, it removes the alterations (defanged) that render it useless so that it can be used again.";
+        this.infoURL = "https://isc.sans.edu/forums/diary/Defang+all+the+things/22744/";
         this.inputType = "string";
         this.outputType = "string";
         this.args = [

src/core/operations/FileTree.mjs

@@ -1,6 +1,6 @@
 /**
  * @author sw5678
- * @copyright Crown Copyright 2016
+ * @copyright Crown Copyright 2023
  * @license Apache-2.0
  */
 
@@ -21,7 +21,8 @@ class FileTree extends Operation {
 
         this.name = "File Tree";
         this.module = "Default";
-        this.description = "Creates file tree from list of file paths (similar to the tree command in Linux)";
+        this.description = "Creates a file tree from a list of file paths (similar to the tree command in Linux)";
+        this.infoURL = "https://wikipedia.org/wiki/Tree_(command)";
         this.inputType = "string";
         this.outputType = "string";
         this.args = [

src/core/operations/FromBase58.mjs

@@ -60,7 +60,7 @@ class FromBase58 extends Operation {
     run(input, args) {
         let alphabet = args[0] || ALPHABET_OPTIONS[0].value;
         const removeNonAlphaChars = args[1] === undefined ? true : args[1],
-            result = [0];
+            result = [];
 
         alphabet = Utils.expandAlphRange(alphabet).join("");
 
@@ -87,11 +87,9 @@ class FromBase58 extends Operation {
                 }
             }
 
-            let carry = result[0] * 58 + index;
-            result[0] = carry & 0xFF;
-            carry = carry >> 8;
+            let carry = index;
 
-            for (let i = 1; i < result.length; i++) {
+            for (let i = 0; i < result.length; i++) {
                 carry += result[i] * 58;
                 result[i] = carry & 0xFF;
                 carry = carry >> 8;

src/core/operations/FromFloat.mjs

@@ -0,0 +1,78 @@
+/**
+ * @author tcode2k16 [tcode2k16@gmail.com]
+ * @copyright Crown Copyright 2019
+ * @license Apache-2.0
+ */
+
+import Operation from "../Operation.mjs";
+import Utils from "../Utils.mjs";
+import ieee754 from "ieee754";
+import {DELIM_OPTIONS} from "../lib/Delim.mjs";
+
+/**
+ * From Float operation
+ */
+class FromFloat extends Operation {
+
+    /**
+     * FromFloat constructor
+     */
+    constructor() {
+        super();
+
+        this.name = "From Float";
+        this.module = "Default";
+        this.description = "Convert from IEEE754 Floating Point Numbers";
+        this.infoURL = "https://wikipedia.org/wiki/IEEE_754";
+        this.inputType = "string";
+        this.outputType = "byteArray";
+        this.args = [
+            {
+                "name": "Endianness",
+                "type": "option",
+                "value": [
+                    "Big Endian",
+                    "Little Endian"
+                ]
+            },
+            {
+                "name": "Size",
+                "type": "option",
+                "value": [
+                    "Float (4 bytes)",
+                    "Double (8 bytes)"
+                ]
+            },
+            {
+                "name": "Delimiter",
+                "type": "option",
+                "value": DELIM_OPTIONS
+            }
+        ];
+    }
+
+    /**
+     * @param {string} input
+     * @param {Object[]} args
+     * @returns {byteArray}
+     */
+    run(input, args) {
+        if (input.length === 0) return [];
+
+        const [endianness, size, delimiterName] = args;
+        const delim = Utils.charRep(delimiterName || "Space");
+        const byteSize = size === "Double (8 bytes)" ? 8 : 4;
+        const isLE = endianness === "Little Endian";
+        const mLen = byteSize === 4 ? 23 : 52;
+        const floats = input.split(delim);
+
+        const output = new Array(floats.length*byteSize);
+        for (let i = 0; i < floats.length; i++) {
+            ieee754.write(output, parseFloat(floats[i]), i*byteSize, isLE, mLen, byteSize);
+        }
+        return output;
+    }
+
+}
+
+export default FromFloat;

src/core/operations/JA4ServerFingerprint.mjs

@@ -0,0 +1,66 @@
+/**
+ * @author n1474335 [n1474335@gmail.com]
+ * @copyright Crown Copyright 2024
+ * @license Apache-2.0
+ */
+
+import Operation from "../Operation.mjs";
+import Utils from "../Utils.mjs";
+import {toJA4S} from "../lib/JA4.mjs";
+
+/**
+ * JA4Server Fingerprint operation
+ */
+class JA4ServerFingerprint extends Operation {
+
+    /**
+     * JA4ServerFingerprint constructor
+     */
+    constructor() {
+        super();
+
+        this.name = "JA4Server Fingerprint";
+        this.module = "Crypto";
+        this.description = "Generates a JA4Server Fingerprint (JA4S) to help identify TLS servers or sessions based on hashing together values from the Server Hello.<br><br>Input: A hex stream of the TLS or QUIC Server Hello packet application layer.";
+        this.infoURL = "https://medium.com/foxio/ja4-network-fingerprinting-9376fe9ca637";
+        this.inputType = "string";
+        this.outputType = "string";
+        this.args = [
+            {
+                name: "Input format",
+                type: "option",
+                value: ["Hex", "Base64", "Raw"]
+            },
+            {
+                name: "Output format",
+                type: "option",
+                value: ["JA4S", "JA4S Raw", "Both"]
+            }
+        ];
+    }
+
+    /**
+     * @param {string} input
+     * @param {Object[]} args
+     * @returns {string}
+     */
+    run(input, args) {
+        const [inputFormat, outputFormat] = args;
+        input = Utils.convertToByteArray(input, inputFormat);
+        const ja4s = toJA4S(new Uint8Array(input));
+
+        // Output
+        switch (outputFormat) {
+            case "JA4S":
+                return ja4s.JA4S;
+            case "JA4S Raw":
+                return ja4s.JA4S_r;
+            case "Both":
+            default:
+                return `JA4S:   ${ja4s.JA4S}\nJA4S_r: ${ja4s.JA4S_r}`;
+        }
+    }
+
+}
+
+export default JA4ServerFingerprint;

src/core/operations/JWKToPem.mjs

@@ -0,0 +1,80 @@
+/**
+ * @author cplussharp
+ * @copyright Crown Copyright 2021
+ * @license Apache-2.0
+ */
+
+import r from "jsrsasign";
+import Operation from "../Operation.mjs";
+import OperationError from "../errors/OperationError.mjs";
+
+/**
+ * PEM to JWK operation
+ */
+class PEMToJWK extends Operation {
+
+    /**
+     * PEMToJWK constructor
+     */
+    constructor() {
+        super();
+
+        this.name = "JWK to PEM";
+        this.module = "PublicKey";
+        this.description = "Converts Keys in JSON Web Key format to PEM format (PKCS#8).";
+        this.infoURL = "https://datatracker.ietf.org/doc/html/rfc7517";
+        this.inputType = "string";
+        this.outputType = "string";
+        this.args = [];
+        this.checks = [
+            {
+                "pattern": "\"kty\":\\s*\"(EC|RSA)\"",
+                "flags": "gm",
+                "args": []
+            }
+        ];
+    }
+
+    /**
+     * @param {string} input
+     * @param {Object[]} args
+     * @returns {string}
+     */
+    run(input, args) {
+        const inputJson = JSON.parse(input);
+
+        let keys = [];
+        if (Array.isArray(inputJson)) {
+            // list of keys => transform all keys
+            keys = inputJson;
+        } else if (Array.isArray(inputJson.keys)) {
+            // JSON Web Key Set => transform all keys
+            keys = inputJson.keys;
+        } else if (typeof inputJson === "object") {
+            // single key
+            keys.push(inputJson);
+        } else {
+            throw new OperationError("Input is not a JSON Web Key");
+        }
+
+        let output = "";
+        for (let i=0; i<keys.length; i++) {
+            const jwk = keys[i];
+            if (typeof jwk.kty !== "string") {
+                throw new OperationError("Invalid JWK format");
+            } else if ("|RSA|EC|".indexOf(jwk.kty) === -1) {
+                throw new OperationError(`Unsupported JWK key type '${inputJson.kty}'`);
+            }
+
+            const key = r.KEYUTIL.getKey(jwk);
+            const pem = key.isPrivate ? r.KEYUTIL.getPEM(key, "PKCS8PRV") : r.KEYUTIL.getPEM(key);
+
+            // PEM ends with '\n', so a new key always starts on a new line
+            output += pem;
+        }
+
+        return output;
+    }
+}
+
+export default PEMToJWK;

src/core/operations/JWTSign.mjs

@@ -50,12 +50,7 @@ class JWTSign extends Operation {
 
         try {
             return jwt.sign(input, key, {
-                algorithm: algorithm === "None" ? "none" : algorithm,
-
-                // To utilize jsonwebtoken 9+ library and maintain backwards compatibility for regression tests
-                // This could be turned into operation args in a future PR
-                allowInsecureKeySizes: true,
-                allowInvalidAsymmetricKeyTypes: true
+                algorithm: algorithm === "None" ? "none" : algorithm
             });
         } catch (err) {
             throw new OperationError(`Error: Have you entered the key correctly? The key should be either the secret for HMAC algorithms or the PEM-encoded private key for RSA and ECDSA.

src/core/operations/MurmurHash3.mjs

@@ -22,7 +22,7 @@ class MurmurHash3 extends Operation {
         super();
 
         this.name = "MurmurHash3";
-        this.module = "Default";
+        this.module = "Hashing";
         this.description = "Generates a MurmurHash v3 for a string input and an optional seed input";
         this.infoURL = "https://wikipedia.org/wiki/MurmurHash";
         this.inputType = "string";
@@ -115,11 +115,7 @@ class MurmurHash3 extends Operation {
     * @return {number} 32-bit signed integer
     */
     unsignedToSigned(value) {
-        if (value & 0x80000000) {
-            return -0x100000000 + value;
-        } else {
-            return value;
-        }
+        return value & 0x80000000 ? -0x100000000 + value : value;
     }
 
     /**

src/core/operations/PEMToJWK.mjs

@@ -0,0 +1,88 @@
+/**
+ * @author cplussharp
+ * @copyright Crown Copyright 2021
+ * @license Apache-2.0
+ */
+
+import r from "jsrsasign";
+import Operation from "../Operation.mjs";
+import OperationError from "../errors/OperationError.mjs";
+
+/**
+ * PEM to JWK operation
+ */
+class PEMToJWK extends Operation {
+
+    /**
+     * PEMToJWK constructor
+     */
+    constructor() {
+        super();
+
+        this.name = "PEM to JWK";
+        this.module = "PublicKey";
+        this.description = "Converts Keys in PEM format to a JSON Web Key format.";
+        this.infoURL = "https://datatracker.ietf.org/doc/html/rfc7517";
+        this.inputType = "string";
+        this.outputType = "string";
+        this.args = [];
+        this.checks = [
+            {
+                "pattern": "-----BEGIN ((RSA |EC )?(PRIVATE|PUBLIC) KEY|CERTIFICATE)-----",
+                "args": []
+            }
+        ];
+    }
+
+    /**
+     * @param {string} input
+     * @param {Object[]} args
+     * @returns {string}
+     */
+    run(input, args) {
+        let output = "";
+        let match;
+        const regex = /-----BEGIN ([A-Z][A-Z ]+[A-Z])-----/g;
+        while ((match = regex.exec(input)) !== null) {
+            // find corresponding end tag
+            const indexBase64 = match.index + match[0].length;
+            const header = input.substring(match.index, indexBase64);
+            const footer = `-----END ${match[1]}-----`;
+            const indexFooter = input.indexOf(footer, indexBase64);
+            if (indexFooter === -1) {
+                throw new OperationError(`PEM footer '${footer}' not found`);
+            }
+
+            const pem = input.substring(match.index, indexFooter + footer.length);
+            if (match[1].indexOf("KEY") !== -1) {
+                if (header === "-----BEGIN RSA PUBLIC KEY-----") {
+                    throw new OperationError("Unsupported RSA public key format. Only PKCS#8 is supported.");
+                }
+
+                const key = r.KEYUTIL.getKey(pem);
+                if (key.type === "DSA") {
+                    throw new OperationError("DSA keys are not supported for JWK");
+                }
+                const jwk = r.KEYUTIL.getJWKFromKey(key);
+                if (output.length > 0) {
+                    output += "\n";
+                }
+                output += JSON.stringify(jwk);
+            } else if (match[1] === "CERTIFICATE") {
+                const cert = new r.X509();
+                cert.readCertPEM(pem);
+                const key = cert.getPublicKey();
+                const jwk = r.KEYUTIL.getJWKFromKey(key);
+                if (output.length > 0) {
+                    output += "\n";
+                }
+                output += JSON.stringify(jwk);
+            } else {
+                throw new OperationError(`Unsupported PEM type '${match[1]}'`);
+            }
+        }
+        return output;
+    }
+}
+
+export default PEMToJWK;

src/core/operations/ParseCSR.mjs

@@ -0,0 +1,273 @@
+/**
+ * @author jkataja
+ * @copyright Crown Copyright 2023
+ * @license Apache-2.0
+ */
+
+import Operation from "../Operation.mjs";
+import forge from "node-forge";
+import Utils from "../Utils.mjs";
+
+/**
+ * Parse CSR operation
+ */
+class ParseCSR extends Operation {
+
+    /**
+     * ParseCSR constructor
+     */
+    constructor() {
+        super();
+
+        this.name = "Parse CSR";
+        this.module = "PublicKey";
+        this.description = "Parse Certificate Signing Request (CSR) for an X.509 certificate";
+        this.infoURL = "https://wikipedia.org/wiki/Certificate_signing_request";
+        this.inputType = "string";
+        this.outputType = "string";
+        this.args = [
+            {
+                "name": "Input format",
+                "type": "option",
+                "value": ["PEM"]
+            },
+            {
+                "name": "Key type",
+                "type": "option",
+                "value": ["RSA"]
+            },
+            {
+                "name": "Strict ASN.1 value lengths",
+                "type": "boolean",
+                "value": true
+            }
+        ];
+        this.checks = [
+            {
+                "pattern": "^-+BEGIN CERTIFICATE REQUEST-+\\r?\\n[\\da-z+/\\n\\r]+-+END CERTIFICATE REQUEST-+\\r?\\n?$",
+                "flags": "i",
+                "args": ["PEM"]
+            }
+        ];
+    }
+
+    /**
+     * @param {string} input
+     * @param {Object[]} args
+     * @returns {string} Human-readable description of a Certificate Signing Request (CSR).
+     */
+    run(input, args) {
+        if (!input.length) {
+            return "No input";
+        }
+
+        const csr = forge.pki.certificationRequestFromPem(input, args[1]);
+
+        // RSA algorithm is the only one supported for CSR in node-forge as of 1.3.1
+        return `Version:          ${1 + csr.version} (0x${Utils.hex(csr.version)})
+Subject${formatSubject(csr.subject)}
+Subject Alternative Names${formatSubjectAlternativeNames(csr)}
+Public Key
+  Algorithm:      RSA
+  Length:         ${csr.publicKey.n.bitLength()} bits
+  Modulus:        ${formatMultiLine(chop(csr.publicKey.n.toString(16).replace(/(..)/g, "$&:")))}
+  Exponent:       ${csr.publicKey.e} (0x${Utils.hex(csr.publicKey.e)})
+Signature
+  Algorithm:      ${forge.pki.oids[csr.signatureOid]}
+  Signature:      ${formatMultiLine(Utils.strToByteArray(csr.signature).map(b => Utils.hex(b)).join(":"))}
+Extensions${formatExtensions(csr)}`;
+    }
+}
+
+/**
+ * Format Subject of the request as a multi-line string
+ * @param {*} subject CSR Subject
+ * @returns Multi-line string describing Subject
+ */
+function formatSubject(subject) {
+    let out = "\n";
+
+    for (const attribute of subject.attributes) {
+        out += `  ${attribute.shortName} = ${attribute.value}\n`;
+    }
+
+    return chop(out);
+}
+
+
+/**
+ * Format Subject Alternative Names from the name `subjectAltName` extension
+ * @param {*} extension CSR object
+ * @returns Multi-line string describing Subject Alternative Names
+ */
+function formatSubjectAlternativeNames(csr) {
+    let out = "\n";
+
+    for (const attribute of csr.attributes) {
+        for (const extension of attribute.extensions) {
+            if (extension.name === "subjectAltName") {
+                const names = [];
+                for (const altName of extension.altNames) {
+                    switch (altName.type) {
+                        case 1:
+                            names.push(`EMAIL: ${altName.value}`);
+                            break;
+                        case 2:
+                            names.push(`DNS: ${altName.value}`);
+                            break;
+                        case 6:
+                            names.push(`URI: ${altName.value}`);
+                            break;
+                        case 7:
+                            names.push(`IP: ${altName.ip}`);
+                            break;
+                        default:
+                            names.push(`(unable to format type ${altName.type} name)\n`);
+                    }
+                }
+                out += indent(2, names);
+            }
+        }
+    }
+
+    return chop(out);
+}
+
+/**
+ * Format known extensions of a CSR
+ * @param {*} csr CSR object
+ * @returns Multi-line string describing attributes
+ */
+function formatExtensions(csr) {
+    let out = "\n";
+
+    for (const attribute of csr.attributes) {
+        for (const extension of attribute.extensions) {
+            // formatted separately
+            if (extension.name === "subjectAltName") {
+                continue;
+            }
+            out += `  ${extension.name}${(extension.critical ? " CRITICAL" : "")}:\n`;
+            let parts = [];
+            switch (extension.name) {
+                case "basicConstraints" :
+                    parts = describeBasicConstraints(extension);
+                    break;
+                case "keyUsage" :
+                    parts = describeKeyUsage(extension);
+                    break;
+                case "extKeyUsage" :
+                    parts = describeExtendedKeyUsage(extension);
+                    break;
+                default :
+                    parts = ["(unable to format extension)"];
+            }
+            out += indent(4, parts);
+        }
+    }
+
+    return chop(out);
+}
+
+
+/**
+ * Format hex string onto multiple lines
+ * @param {*} longStr
+ * @returns Hex string as a multi-line hex string
+ */
+function formatMultiLine(longStr) {
+    const lines = [];
+
+    for (let remain = longStr ; remain !== "" ; remain = remain.substring(48)) {
+        lines.push(remain.substring(0, 48));
+    }
+
+    return lines.join("\n                  ");
+}
+
+/**
+ * Describe Basic Constraints
+ * @see RFC 5280 4.2.1.9. Basic Constraints https://www.ietf.org/rfc/rfc5280.txt
+ * @param {*} extension CSR extension with the name `basicConstraints`
+ * @returns Array of strings describing Basic Constraints
+ */
+function describeBasicConstraints(extension) {
+    const constraints = [];
+
+    constraints.push(`CA = ${extension.cA}`);
+    if (extension.pathLenConstraint !== undefined) constraints.push(`PathLenConstraint = ${extension.pathLenConstraint}`);
+
+    return constraints;
+}
+
+/**
+ * Describe Key Usage extension permitted use cases
+ * @see RFC 5280 4.2.1.3. Key Usage https://www.ietf.org/rfc/rfc5280.txt
+ * @param {*} extension CSR extension with the name `keyUsage`
+ * @returns Array of strings describing Key Usage extension permitted use cases
+ */
+function describeKeyUsage(extension) {
+    const usage = [];
+
+    if (extension.digitalSignature) usage.push("Digital signature");
+    if (extension.nonRepudiation) usage.push("Non-repudiation");
+    if (extension.keyEncipherment) usage.push("Key encipherment");
+    if (extension.dataEncipherment) usage.push("Data encipherment");
+    if (extension.keyAgreement) usage.push("Key agreement");
+    if (extension.keyCertSign) usage.push("Key certificate signing");
+    if (extension.cRLSign) usage.push("CRL signing");
+    if (extension.encipherOnly) usage.push("Encipher only");
+    if (extension.decipherOnly) usage.push("Decipher only");
+
+    if (usage.length === 0) usage.push("(none)");
+
+    return usage;
+}
+
+/**
+ * Describe Extended Key Usage extension permitted use cases
+ * @see RFC 5280 4.2.1.12. Extended Key Usage https://www.ietf.org/rfc/rfc5280.txt
+ * @param {*} extension CSR extension with the name `extendedKeyUsage`
+ * @returns Array of strings describing Extended Key Usage extension permitted use cases
+ */
+function describeExtendedKeyUsage(extension) {
+    const usage = [];
+
+    if (extension.serverAuth) usage.push("TLS Web Server Authentication");
+    if (extension.clientAuth) usage.push("TLS Web Client Authentication");
+    if (extension.codeSigning) usage.push("Code signing");
+    if (extension.emailProtection) usage.push("E-mail Protection (S/MIME)");
+    if (extension.timeStamping) usage.push("Trusted Timestamping");
+    if (extension.msCodeInd) usage.push("Microsoft Individual Code Signing");
+    if (extension.msCodeCom) usage.push("Microsoft Commercial Code Signing");
+    if (extension.msCTLSign) usage.push("Microsoft Trust List Signing");
+    if (extension.msSGC) usage.push("Microsoft Server Gated Crypto");
+    if (extension.msEFS) usage.push("Microsoft Encrypted File System");
+    if (extension.nsSGC) usage.push("Netscape Server Gated Crypto");
+
+    if (usage.length === 0) usage.push("(none)");
+
+    return usage;
+}
+
+/**
+ * Join an array of strings and add leading spaces to each line.
+ * @param {*} n How many leading spaces
+ * @param {*} parts Array of strings
+ * @returns Joined and indented string.
+ */
+function indent(n, parts) {
+    const fluff = " ".repeat(n);
+    return fluff + parts.join("\n" + fluff) + "\n";
+}
+
+/**
+ * Remove last character from a string.
+ * @param {*} s String
+ * @returns Chopped string.
+ */
+function chop(s) {
+    return s.substring(0, s.length - 1);
+}
+
+export default ParseCSR;

src/core/operations/PubKeyFromCert.mjs

@@ -0,0 +1,68 @@
+/**
+ * @author cplussharp
+ * @copyright Crown Copyright 2023
+ * @license Apache-2.0
+ */
+
+import r from "jsrsasign";
+import Operation from "../Operation.mjs";
+import OperationError from "../errors/OperationError.mjs";
+
+/**
+ * Public Key from Certificate operation
+ */
+class PubKeyFromCert extends Operation {
+
+    /**
+     * PubKeyFromCert constructor
+     */
+    constructor() {
+        super();
+
+        this.name = "Public Key from Certificate";
+        this.module = "PublicKey";
+        this.description = "Extracts the Public Key from a Certificate.";
+        this.infoURL = "https://en.wikipedia.org/wiki/X.509";
+        this.inputType = "string";
+        this.outputType = "string";
+        this.args = [];
+        this.checks = [];
+    }
+
+    /**
+     * @param {string} input
+     * @param {Object[]} args
+     * @returns {string}
+     */
+    run(input, args) {
+        let output = "";
+        let match;
+        const regex = /-----BEGIN CERTIFICATE-----/g;
+        while ((match = regex.exec(input)) !== null) {
+            // find corresponding end tag
+            const indexBase64 = match.index + match[0].length;
+            const footer = "-----END CERTIFICATE-----";
+            const indexFooter = input.indexOf(footer, indexBase64);
+            if (indexFooter === -1) {
+                throw new OperationError(`PEM footer '${footer}' not found`);
+            }
+
+            const certPem = input.substring(match.index, indexFooter + footer.length);
+            const cert = new r.X509();
+            cert.readCertPEM(certPem);
+            let pubKey;
+            try {
+                pubKey = cert.getPublicKey();
+            } catch {
+                throw new OperationError("Unsupported public key type");
+            }
+            const pubKeyPem = r.KEYUTIL.getPEM(pubKey);
+
+            // PEM ends with '\n', so a new key always starts on a new line
+            output += pubKeyPem;
+        }
+        return output;
+    }
+}
+
+export default PubKeyFromCert;

src/core/operations/PubKeyFromPrivKey.mjs

@@ -0,0 +1,82 @@
+/**
+ * @author cplussharp
+ * @copyright Crown Copyright 2023
+ * @license Apache-2.0
+ */
+
+import r from "jsrsasign";
+import Operation from "../Operation.mjs";
+import OperationError from "../errors/OperationError.mjs";
+
+/**
+ * Public Key from Private Key operation
+ */
+class PubKeyFromPrivKey extends Operation {
+
+    /**
+     * PubKeyFromPrivKey constructor
+     */
+    constructor() {
+        super();
+
+        this.name = "Public Key from Private Key";
+        this.module = "PublicKey";
+        this.description = "Extracts the Public Key from a Private Key.";
+        this.infoURL = "https://en.wikipedia.org/wiki/PKCS_8";
+        this.inputType = "string";
+        this.outputType = "string";
+        this.args = [];
+        this.checks = [];
+    }
+
+    /**
+     * @param {string} input
+     * @param {Object[]} args
+     * @returns {string}
+     */
+    run(input, args) {
+        let output = "";
+        let match;
+        const regex = /-----BEGIN ((RSA |EC |DSA )?PRIVATE KEY)-----/g;
+        while ((match = regex.exec(input)) !== null) {
+            // find corresponding end tag
+            const indexBase64 = match.index + match[0].length;
+            const footer = `-----END ${match[1]}-----`;
+            const indexFooter = input.indexOf(footer, indexBase64);
+            if (indexFooter === -1) {
+                throw new OperationError(`PEM footer '${footer}' not found`);
+            }
+
+            const privKeyPem = input.substring(match.index, indexFooter + footer.length);
+            let privKey;
+            try {
+                privKey = r.KEYUTIL.getKey(privKeyPem);
+            } catch (err) {
+                throw new OperationError(`Unsupported key type: ${err}`);
+            }
+            let pubKey;
+            if (privKey.type && privKey.type === "EC") {
+                pubKey = new r.KJUR.crypto.ECDSA({ curve: privKey.curve });
+                pubKey.setPublicKeyHex(privKey.generatePublicKeyHex());
+            } else if (privKey.type && privKey.type === "DSA") {
+                if (!privKey.y) {
+                    throw new OperationError(`DSA Private Key in PKCS#8 is not supported`);
+                }
+                pubKey = new r.KJUR.crypto.DSA();
+                pubKey.setPublic(privKey.p, privKey.q, privKey.g, privKey.y);
+            } else if (privKey.n && privKey.e) {
+                pubKey = new r.RSAKey();
+                pubKey.setPublic(privKey.n, privKey.e);
+            } else {
+                throw new OperationError(`Unsupported key type`);
+            }
+            const pubKeyPem = r.KEYUTIL.getPEM(pubKey);
+
+            // PEM ends with '\n', so a new key always starts on a new line
+            output += pubKeyPem;
+        }
+        return output;
+    }
+}
+
+export default PubKeyFromPrivKey;

src/core/operations/RAKE.mjs

@@ -101,22 +101,17 @@ class RAKE extends Operation {
         phrases = phrases.filter(subArray => subArray.length > 0);
 
         // Remove duplicate phrases
-        const uniquePhrases = [...new Set(phrases.map(function (phrase) {
-            return phrase.join(" ");
-        }))];
-        phrases = uniquePhrases.map(function (phrase) {
-            return phrase.split(" ");
-        });
-
+        phrases = phrases.unique();
+        
         // Generate word_degree_matrix and populate
-        const wordDegreeMatrix = Array.from(Array(tokens.length), _ => Array(tokens.length).fill(0));
-        phrases.forEach(function (phrase) {
-            phrase.forEach(function (word1) {
-                phrase.forEach(function (word2) {
+        const wordDegreeMatrix = Array(tokens.length).fill().map(() => Array(tokens.length).fill(0));
+        for (const phrase of phrases) {
+            for (const word1 of phrase) {
+                for (const word2 of phrase) {
                     wordDegreeMatrix[tokens.indexOf(word1)][tokens.indexOf(word2)]++;
-                });
-            });
-        });
+                }
+            }
+        }
 
         // Calculate degree score for each token
         const degreeScores = Array(tokens.length).fill(0);

src/core/operations/RegularExpression.mjs

@@ -67,6 +67,10 @@ class RegularExpression extends Operation {
                         name: "MAC address",
                         value: "[A-Fa-f\\d]{2}(?:[:-][A-Fa-f\\d]{2}){5}"
                     },
+                    {
+                        name: "UUID",
+                        value: "[0-9a-fA-F]{8}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{12}"
+                    },
                     {
                         name: "Date (yyyy-mm-dd)",
                         value: "((?:19|20)\\d\\d)[- /.](0[1-9]|1[012])[- /.](0[1-9]|[12][0-9]|3[01])"
@@ -83,10 +87,6 @@ class RegularExpression extends Operation {
                         name: "Strings",
                         value: "[A-Za-z\\d/\\-:.,_$%\\x27\"()<>= !\\[\\]{}@]{4,}"
                     },
-                    {
-                        name: "UUID (any version)",
-                        value: "[0-9a-fA-F]{8}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{4}\\b-[0-9a-fA-F]{12}"
-                    },
                 ],
                 "target": 1
             },

src/core/operations/RisonDecode.mjs

@@ -20,7 +20,7 @@ class RisonDecode extends Operation {
         super();
 
         this.name = "Rison Decode";
-        this.module = "Default";
+        this.module = "Encodings";
         this.description = "Rison, a data serialization format optimized for compactness in URIs. Rison is a slight variation of JSON that looks vastly superior after URI encoding. Rison still expresses exactly the same set of data structures as JSON, so data can be translated back and forth without loss or guesswork.";
         this.infoURL = "https://github.com/Nanonid/rison";
         this.inputType = "string";
@@ -29,11 +29,7 @@ class RisonDecode extends Operation {
             {
                 name: "Decode Option",
                 type: "editableOption",
-                value: [
-                    { name: "Decode", value: "Decode", },
-                    { name: "Decode Object", value: "Decode Object", },
-                    { name: "Decode Array", value: "Decode Array", },
-                ]
+                value: ["Decode", "Decode Object", "Decode Array"]
             },
         ];
     }
@@ -52,8 +48,9 @@ class RisonDecode extends Operation {
                 return rison.decode_object(input);
             case "Decode Array":
                 return rison.decode_array(input);
+            default:
+                throw new OperationError("Invalid Decode option");
         }
-        throw new OperationError("Invalid Decode option");
     }
 }
 

src/core/operations/RisonEncode.mjs

@@ -20,7 +20,7 @@ class RisonEncode extends Operation {
         super();
 
         this.name = "Rison Encode";
-        this.module = "Default";
+        this.module = "Encodings";
         this.description = "Rison, a data serialization format optimized for compactness in URIs. Rison is a slight variation of JSON that looks vastly superior after URI encoding. Rison still expresses exactly the same set of data structures as JSON, so data can be translated back and forth without loss or guesswork.";
         this.infoURL = "https://github.com/Nanonid/rison";
         this.inputType = "Object";
@@ -28,13 +28,8 @@ class RisonEncode extends Operation {
         this.args = [
             {
                 name: "Encode Option",
-                type: "editableOption",
-                value: [
-                    { name: "Encode", value: "Encode", },
-                    { name: "Encode Object", value: "Encode Object", },
-                    { name: "Encode Array", value: "Encode Array", },
-                    { name: "Encode URI", value: "Encode URI", }
-                ]
+                type: "option",
+                value: ["Encode", "Encode Object", "Encode Array", "Encode URI"]
             },
         ];
     }
@@ -55,8 +50,9 @@ class RisonEncode extends Operation {
                 return rison.encode_array(input);
             case "Encode URI":
                 return rison.encode_uri(input);
+            default:
+                throw new OperationError("Invalid encode option");
         }
-        throw new OperationError("Invalid encode option");
     }
 }
 

src/core/operations/Salsa20.mjs

@@ -22,7 +22,7 @@ class Salsa20 extends Operation {
         super();
 
         this.name = "Salsa20";
-        this.module = "Default";
+        this.module = "Ciphers";
         this.description = "Salsa20 is a stream cipher designed by Daniel J. Bernstein and submitted to the eSTREAM project; Salsa20/8 and Salsa20/12 are round-reduced variants. It is closely related to the ChaCha stream cipher.<br><br><b>Key:</b> Salsa20 uses a key of 16 or 32 bytes (128 or 256 bits).<br><br><b>Nonce:</b> Salsa20 uses a nonce of 8 bytes (64 bits).<br><br><b>Counter:</b> Salsa uses a counter of 8 bytes (64 bits). The counter starts at zero at the start of the keystream, and is incremented at every 64 bytes.";
         this.infoURL = "https://wikipedia.org/wiki/Salsa20";
         this.inputType = "string";

src/core/operations/ToBase58.mjs

@@ -43,7 +43,7 @@ class ToBase58 extends Operation {
     run(input, args) {
         input = new Uint8Array(input);
         let alphabet = args[0] || ALPHABET_OPTIONS[0].value,
-            result = [0];
+            result = [];
 
         alphabet = Utils.expandAlphRange(alphabet).join("");
 
@@ -60,11 +60,9 @@ class ToBase58 extends Operation {
         }
 
         input.forEach(function(b) {
-            let carry = (result[0] << 8) + b;
-            result[0] = carry % 58;
-            carry = (carry / 58) | 0;
+            let carry = b;
 
-            for (let i = 1; i < result.length; i++) {
+            for (let i = 0; i < result.length; i++) {
                 carry += result[i] << 8;
                 result[i] = carry % 58;
                 carry = (carry / 58) | 0;

src/core/operations/ToFloat.mjs

@@ -0,0 +1,80 @@
+/**
+ * @author tcode2k16 [tcode2k16@gmail.com]
+ * @copyright Crown Copyright 2019
+ * @license Apache-2.0
+ */
+
+import Operation from "../Operation.mjs";
+import OperationError from "../errors/OperationError.mjs";
+import Utils from "../Utils.mjs";
+import ieee754 from "ieee754";
+import {DELIM_OPTIONS} from "../lib/Delim.mjs";
+
+/**
+ * To Float operation
+ */
+class ToFloat extends Operation {
+
+    /**
+     * ToFloat constructor
+     */
+    constructor() {
+        super();
+
+        this.name = "To Float";
+        this.module = "Default";
+        this.description = "Convert to IEEE754 Floating Point Numbers";
+        this.infoURL = "https://wikipedia.org/wiki/IEEE_754";
+        this.inputType = "byteArray";
+        this.outputType = "string";
+        this.args = [
+            {
+                "name": "Endianness",
+                "type": "option",
+                "value": [
+                    "Big Endian",
+                    "Little Endian"
+                ]
+            },
+            {
+                "name": "Size",
+                "type": "option",
+                "value": [
+                    "Float (4 bytes)",
+                    "Double (8 bytes)"
+                ]
+            },
+            {
+                "name": "Delimiter",
+                "type": "option",
+                "value": DELIM_OPTIONS
+            }
+        ];
+    }
+
+    /**
+     * @param {byteArray} input
+     * @param {Object[]} args
+     * @returns {string}
+     */
+    run(input, args) {
+        const [endianness, size, delimiterName] = args;
+        const delim = Utils.charRep(delimiterName || "Space");
+        const byteSize = size === "Double (8 bytes)" ? 8 : 4;
+        const isLE = endianness === "Little Endian";
+        const mLen = byteSize === 4 ? 23 : 52;
+
+        if (input.length % byteSize !== 0) {
+            throw new OperationError(`Input is not a multiple of ${byteSize}`);
+        }
+
+        const output = [];
+        for (let i = 0; i < input.length; i+=byteSize) {
+            output.push(ieee754.read(input, i, isLE, mLen, byteSize));
+        }
+        return output.join(delim);
+    }
+
+}
+
+export default ToFloat;

src/core/operations/XSalsa20.mjs

@@ -22,7 +22,7 @@ class XSalsa20 extends Operation {
         super();
 
         this.name = "XSalsa20";
-        this.module = "Default";
+        this.module = "Ciphers";
         this.description = "XSalsa20 is a variant of the Salsa20 stream cipher designed by Daniel J. Bernstein; XSalsa uses longer nonces.<br><br><b>Key:</b> XSalsa20 uses a key of 16 or 32 bytes (128 or 256 bits).<br><br><b>Nonce:</b> XSalsa20 uses a nonce of 24 bytes (192 bits).<br><br><b>Counter:</b> XSalsa uses a counter of 8 bytes (64 bits). The counter starts at zero at the start of the keystream, and is incremented at every 64 bytes.";
         this.infoURL = "https://en.wikipedia.org/wiki/Salsa20#XSalsa20_with_192-bit_nonce";
         this.inputType = "string";

src/core/operations/XXTEA.mjs

@@ -0,0 +1,182 @@
+/**
+ * @author devcydo [devcydo@gmail.com]
+ * @author Ma Bingyao [mabingyao@gmail.com]
+ * @copyright Crown Copyright 2022
+ * @license Apache-2.0
+ */
+
+import Operation from "../Operation.mjs";
+import OperationError from "../errors/OperationError.mjs";
+import {toBase64} from "../lib/Base64.mjs";
+import Utils from "../Utils.mjs";
+
+/**
+ * XXTEA Encrypt operation
+ */
+class XXTEAEncrypt extends Operation {
+
+    /**
+     * XXTEAEncrypt constructor
+     */
+    constructor() {
+        super();
+
+        this.name = "XXTEA";
+        this.module = "Default";
+        this.description = "Corrected Block TEA (often referred to as XXTEA) is a block cipher designed to correct weaknesses in the original Block TEA. XXTEA operates on variable-length blocks that are some arbitrary multiple of 32 bits in size (minimum 64 bits). The number of full cycles depends on the block size, but there are at least six (rising to 32 for small block sizes). The original Block TEA applies the XTEA round function to each word in the block and combines it additively with its leftmost neighbour. Slow diffusion rate of the decryption process was immediately exploited to break the cipher. Corrected Block TEA uses a more involved round function which makes use of both immediate neighbours in processing each word in the block.";
+        this.infoURL = "https://wikipedia.org/wiki/XXTEA";
+        this.inputType = "string";
+        this.outputType = "string";
+        this.args = [
+            {
+                "name": "Key",
+                "type": "string",
+                "value": "",
+            },
+        ];
+    }
+
+    /**
+     * @param {string} input
+     * @param {Object[]} args
+     * @returns {string}
+     */
+    run(input, args) {
+        let key = args[0];
+
+        if (input === undefined || input === null || input.length === 0) {
+            throw new OperationError("Invalid input length (0)");
+        }
+
+        if (key === undefined || key === null || key.length === 0) {
+            throw new OperationError("Invalid key length (0)");
+        }
+
+        input = Utils.convertToByteString(input, "utf8");
+        key = Utils.convertToByteString(key, "utf8");
+
+        input = this.convertToUint32Array(input, true);
+        key = this.fixLength(this.convertToUint32Array(key, false));
+
+        let encrypted = this.encryptUint32Array(input, key);
+
+        encrypted = toBase64(this.toBinaryString(encrypted, false));
+
+        return encrypted;
+    }
+
+    /**
+     * Convert Uint32Array to binary string
+     *
+     * @param {Uint32Array} v
+     * @param {Boolean} includeLength
+     * @returns {string}
+     */
+    toBinaryString(v, includeLENGTH) {
+        const LENGTH = v.length;
+        let n = LENGTH << 2;
+        if (includeLENGTH) {
+            const M = v[LENGTH - 1];
+            n -= 4;
+            if ((M < n - 3) || (M > n)) {
+                return null;
+            }
+            n = M;
+        }
+        for (let i = 0; i < LENGTH; i++) {
+            v[i] = String.fromCharCode(
+                v[i] & 0xFF,
+                v[i] >>> 8 & 0xFF,
+                v[i] >>> 16 & 0xFF,
+                v[i] >>> 24 & 0xFF
+            );
+        }
+        const RESULT = v.join("");
+        if (includeLENGTH) {
+            return RESULT.substring(0, n);
+        }
+        return RESULT;
+    }
+
+    /**
+     * @param {number} sum
+     * @param {number} y
+     * @param {number} z
+     * @param {number} p
+     * @param {number} e
+     * @param {number} k
+     * @returns {number}
+     */
+    mx(sum, y, z, p, e, k) {
+        return ((z >>> 5 ^ y << 2) + (y >>> 3 ^ z << 4)) ^ ((sum ^ y) + (k[p & 3 ^ e] ^ z));
+    }
+
+
+    /**
+     * Encrypt Uint32Array
+     *
+     * @param {Uint32Array} v
+     * @param {number} k
+     * @returns {Uint32Array}
+     */
+    encryptUint32Array(v, k) {
+        const LENGTH = v.length;
+        const N = LENGTH - 1;
+        let y, z, sum, e, p, q;
+        z = v[N];
+        sum = 0;
+        for (q = Math.floor(6 + 52 / LENGTH) | 0; q > 0; --q) {
+            sum = (sum + 0x9E3779B9) & 0xFFFFFFFF;
+            e = sum >>> 2 & 3;
+            for (p = 0; p < N; ++p) {
+                y = v[p + 1];
+                z = v[p] = (v[p] + this.mx(sum, y, z, p, e, k)) & 0xFFFFFFFF;
+            }
+            y = v[0];
+            z = v[N] = (v[N] + this.mx(sum, y, z, N, e, k)) & 0xFFFFFFFF;
+        }
+        return v;
+    }
+
+    /**
+     * Fixes the Uint32Array lenght to 4
+     *
+     * @param {Uint32Array} k
+     * @returns {Uint32Array}
+     */
+    fixLength(k) {
+        if (k.length < 4) {
+            k.length = 4;
+        }
+        return k;
+    }
+
+    /**
+     * Convert string to Uint32Array
+     *
+     * @param {string} bs
+     * @param {Boolean} includeLength
+     * @returns {Uint32Array}
+     */
+    convertToUint32Array(bs, includeLength) {
+        const LENGTH = bs.length;
+        let n = LENGTH >> 2;
+        if ((LENGTH & 3) !== 0) {
+            ++n;
+        }
+        let v;
+        if (includeLength) {
+            v = new Array(n + 1);
+            v[n] = LENGTH;
+        } else {
+            v = new Array(n);
+        }
+        for (let i = 0; i < LENGTH; ++i) {
+            v[i >> 2] |= bs.charCodeAt(i) << ((i & 3) << 3);
+        }
+        return v;
+    }
+
+}
+
+export default XXTEAEncrypt;

src/core/vendor/DisassembleX86-64.mjs

@@ -4054,7 +4054,7 @@ function DecodeImmediate( type, BySize, SizeSetting )
     
     //Sign bit adjust.
     
-    if( V32 >= ( n >> 1 ) ) { V32 -= n; }
+    if( V32 >= ( n / 2 ) ) { V32 -= n; }
     
     //Add position.
     

src/web/HTMLOperation.mjs

@@ -85,6 +85,7 @@ class HTMLOperation {
         <div class="recip-icons">
             <i class="material-icons breakpoint" title="Set breakpoint" break="false" data-help-title="Setting breakpoints" data-help="Setting a breakpoint on an operation will cause execution of the Recipe to pause when it reaches that operation.">pause</i>
             <i class="material-icons disable-icon" title="Disable operation" disabled="false" data-help-title="Disabling operations" data-help="Disabling an operation will prevent it from being executed when the Recipe is baked. Execution will skip over the disabled operation and continue with subsequent operations.">not_interested</i>
+            <i class="material-icons hide-args-icon" title="Hide operation's arguments" hide-args="false" data-help-title="Hide operation's arguments" data-help="Hiding an operation's argument will save space in the Recipe window. Execution will still take place with the selected argument options.">keyboard_arrow_up</i>
         </div>
         <div class="clearfix">&nbsp;</div>`;
 

src/web/Manager.mjs

@@ -139,6 +139,7 @@ class Manager {
         document.getElementById("load-delete-button").addEventListener("click", this.controls.loadDeleteClick.bind(this.controls));
         document.getElementById("load-name").addEventListener("change", this.controls.loadNameChange.bind(this.controls));
         document.getElementById("load-button").addEventListener("click", this.controls.loadButtonClick.bind(this.controls));
+        document.getElementById("hide-icon").addEventListener("click", this.controls.hideRecipeArgsClick.bind(this.recipe));
         document.getElementById("support").addEventListener("click", this.controls.supportButtonClick.bind(this.controls));
         this.addMultiEventListeners("#save-texts textarea", "keyup paste", this.controls.saveTextChange, this.controls);
 
@@ -154,6 +155,7 @@ class Manager {
         // Recipe
         this.addDynamicListener(".arg:not(select)", "input", this.recipe.ingChange, this.recipe);
         this.addDynamicListener(".arg[type=checkbox], .arg[type=radio], select.arg", "change", this.recipe.ingChange, this.recipe);
+        this.addDynamicListener(".hide-args-icon", "click", this.recipe.hideArgsClick, this.recipe);
         this.addDynamicListener(".disable-icon", "click", this.recipe.disableClick, this.recipe);
         this.addDynamicListener(".breakpoint", "click", this.recipe.breakpointClick, this.recipe);
         this.addDynamicListener("#rec-list li.operation", "dblclick", this.recipe.operationDblclick, this.recipe);

src/web/html/index.html

@@ -1,10 +1,10 @@
 <!-- htmlmin:ignore --><!--
     CyberChef - The Cyber Swiss Army Knife
 
-    @copyright Crown Copyright 2016
+    @copyright Crown Copyright 2016-<%= htmlWebpackPlugin.options.compileYear %>
     @license Apache-2.0
 
-      Copyright 2016 Crown Copyright
+      Copyright 2016-<%= htmlWebpackPlugin.options.compileYear %> Crown Copyright
 
     Licensed under the Apache License, Version 2.0 (the "License");
     you may not use this file except in compliance with the License.
@@ -25,7 +25,7 @@
         <meta charset="UTF-8">
         <title>CyberChef</title>
 
-        <meta name="copyright" content="Crown Copyright 2016" />
+        <meta name="copyright" content="Crown Copyright 2016-<%= htmlWebpackPlugin.options.compileYear %>" />
         <meta name="description" content="The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis" />
         <meta name="keywords" content="base64, hex, decode, encode, encrypt, decrypt, compress, decompress, regex, regular expressions, hash, crypt, hexadecimal, user agent, url, certificate, x.509, parser, JSON, gzip,  md5, sha1, aes, des, blowfish, xor" />
 
@@ -142,8 +142,8 @@
             <div id="preloader-error" class="loading-error"></div>
         </div>
         <!-- End preloader overlay -->
-        <button type="button" class="btn btn-warning bmd-btn-icon" id="edit-favourites" data-toggle="tooltip" title="Edit favourites">
-            <i class="material-icons">star</i>
+        <button type="button" aria-label="Edit Favourites" class="btn btn-warning bmd-btn-icon" id="edit-favourites" data-toggle="tooltip" title="Edit favourites">
+            <i class="material-icons" aria-hidden="true">star</i>
         </button>
         <div id="content-wrapper">
             <div id="banner" class="row">
@@ -181,14 +181,17 @@
                     <div class="title no-select">
                         Recipe
                         <span class="pane-controls hide-on-maximised-output">
-                            <button type="button" class="btn btn-primary bmd-btn-icon" id="save" data-toggle="tooltip" title="Save recipe" data-help-title="Saving a recipe" data-help="<p>Recipes can be represented in a few different formats and saved for use at a later date. You can either copy the Recipe configuration and save it somewhere offline for later use, or use your browser's local storage.</p><ul><li><b>Deep link:</b> The easiest way to share a CyberChef Recipe is to copy the deep link, either from the address bar (which is updated as the Recipe or Input changes), or from the 'Save recipe' pane. When you visit this link, the Recipe and Input should be populated from where you left off.</li><li><b>Chef format:</b> This custom format is designed to be compact and easily readable. It is the format used in CyberChef's URL, so it largely uses characters that do not have to be escaped in URL encoding, making it a little easier to understand what a CyberChef URL contains.</li><li><b>Clean JSON:</b> This JSON format uses whitespace and indentation in a way that makes the Recipe easy to read.</li><li><b>Compact JSON:</b> This is the most compact way that the Recipe can be represented in JSON.</li><li><b>Local storage:</b> Alternatively, you can enter a name into the 'Recipe name' field and save to your browser's local storage. The Recipe will then be available to load from the 'Load Recipe' pane as long as you are using the same browser profile. Be aware that if your browser profile is cleaned, you may lose this data.</li></ul>">
-                                <i class="material-icons">save</i>
+                            <button type="button" aria-label="Hide arguments" class="btn btn-primary bmd-btn-icon" id="hide-icon" data-toggle="tooltip" title="Hide arguments" hide-args="false" data-help-title="Hiding every Operation's argument view in a Recipe" data-help="Clicking 'Hide arguments' will hide all the argument views for every Operation in the Recipe, to save space when you have too many Operation in your Recipe">
+                                <i class="material-icons">keyboard_arrow_up</i>
                             </button>
-                            <button type="button" class="btn btn-primary bmd-btn-icon" id="load" data-toggle="tooltip" title="Load recipe" data-help-title="Loading a recipe" data-help="<p>Saved recipes can be loaded using one of the following methods:</p><ul><li>If you have a CyberChef deep link, simply visit that link and the Recipe and Input should be populated automatically.</li><li>If you have a Recipe string in any of the accepted formats, paste it into the 'Load recipe' pane textbox and click 'Load'.</li><li>If you have saved a Recipe to your browser's local storage, it should be available in the dropdown menu in the 'Load recipe' pane. If it is not there, you may not be using the same browser profile, or your profile may have been cleared.</li></ul>">
-                                <i class="material-icons">folder</i>
+                            <button type="button" aria-label="Save recipe" class="btn btn-primary bmd-btn-icon" id="save" data-toggle="tooltip" title="Save recipe" data-help-title="Saving a recipe" data-help="<p>Recipes can be represented in a few different formats and saved for use at a later date. You can either copy the Recipe configuration and save it somewhere offline for later use, or use your browser's local storage.</p><ul><li><b>Deep link:</b> The easiest way to share a CyberChef Recipe is to copy the deep link, either from the address bar (which is updated as the Recipe or Input changes), or from the 'Save recipe' pane. When you visit this link, the Recipe and Input should be populated from where you left off.</li><li><b>Chef format:</b> This custom format is designed to be compact and easily readable. It is the format used in CyberChef's URL, so it largely uses characters that do not have to be escaped in URL encoding, making it a little easier to understand what a CyberChef URL contains.</li><li><b>Clean JSON:</b> This JSON format uses whitespace and indentation in a way that makes the Recipe easy to read.</li><li><b>Compact JSON:</b> This is the most compact way that the Recipe can be represented in JSON.</li><li><b>Local storage:</b> Alternatively, you can enter a name into the 'Recipe name' field and save to your browser's local storage. The Recipe will then be available to load from the 'Load Recipe' pane as long as you are using the same browser profile. Be aware that if your browser profile is cleaned, you may lose this data.</li></ul>">
+                                <i class="material-icons" aria-hidden="true">save</i>
                             </button>
-                            <button type="button" class="btn btn-primary bmd-btn-icon" id="clr-recipe" data-toggle="tooltip" title="Clear recipe" data-help-title="Clearing a recipe" data-help="Clicking the 'Clear recipe' button will remove all operations from the Recipe. It will not clear the Input, but it will trigger a Bake if Auto-bake is turned on, which will change the value of the Output.">
-                                <i class="material-icons">delete</i>
+                            <button type="button" aria-label="Load recipe" class="btn btn-primary bmd-btn-icon" id="load" data-toggle="tooltip" title="Load recipe" data-help-title="Loading a recipe" data-help="<p>Saved recipes can be loaded using one of the following methods:</p><ul><li>If you have a CyberChef deep link, simply visit that link and the Recipe and Input should be populated automatically.</li><li>If you have a Recipe string in any of the accepted formats, paste it into the 'Load recipe' pane textbox and click 'Load'.</li><li>If you have saved a Recipe to your browser's local storage, it should be available in the dropdown menu in the 'Load recipe' pane. If it is not there, you may not be using the same browser profile, or your profile may have been cleared.</li></ul>">
+                                <i class="material-icons" aria-hidden="true">folder</i>
+                            </button>
+                            <button type="button" aria-label="Clear recipe" class="btn btn-primary bmd-btn-icon" id="clr-recipe" data-toggle="tooltip" title="Clear recipe" data-help-title="Clearing a recipe" data-help="Clicking the 'Clear recipe' button will remove all operations from the Recipe. It will not clear the Input, but it will trigger a Bake if Auto-bake is turned on, which will change the value of the Output.">
+                                <i class="material-icons" aria-hidden="true">delete</i>
                             </button>
                         </span>
                     </div>
@@ -223,22 +226,22 @@
                             <label for="input-text">Input</label>
                             <span class="pane-controls">
                                 <div class="io-info" id="input-files-info"></div>
-                                <button type="button" class="btn btn-primary bmd-btn-icon" id="btn-new-tab" data-toggle="tooltip" title="Add a new input tab" data-help-title="Tabs" data-help="<p>New tabs can be created to support multiple Inputs. These tabs have their own associated character encodings and EOL separators, as defined in their status bars.</p><p>The deep link in the URL bar only contains information about the currently active tab.</p>">
-                                    <i class="material-icons">add</i>
+                                <button type="button" aria-label="Add new input tab" class="btn btn-primary bmd-btn-icon" id="btn-new-tab" data-toggle="tooltip" title="Add a new input tab" data-help-title="Tabs" data-help="<p>New tabs can be created to support multiple Inputs. These tabs have their own associated character encodings and EOL separators, as defined in their status bars.</p><p>The deep link in the URL bar only contains information about the currently active tab.</p>">
+                                    <i class="material-icons" aria-hidden="true">add</i>
                                 </button>
-                                <button type="button" class="btn btn-primary bmd-btn-icon" id="btn-open-folder" data-toggle="tooltip" title="Open folder as input" data-help-title="Opening a folder" data-help="<p>You can open a whole folder into CyberChef, which will result in each file being loaded into a separate Input tab.</p><p>CyberChef can handle lots of Input files, but be aware that performance may suffer, especially if the files are large in size.</p><p>Folders can also be loaded by dragging them over the Input pane and dropping them.</p>">
-                                    <i class="material-icons">folder_open</i>
+                                <button type="button" aria-label="Open folder as input" class="btn btn-primary bmd-btn-icon" id="btn-open-folder" data-toggle="tooltip" title="Open folder as input" data-help-title="Opening a folder" data-help="<p>You can open a whole folder into CyberChef, which will result in each file being loaded into a separate Input tab.</p><p>CyberChef can handle lots of Input files, but be aware that performance may suffer, especially if the files are large in size.</p><p>Folders can also be loaded by dragging them over the Input pane and dropping them.</p>">
+                                    <i class="material-icons" aria-hidden="true">folder_open</i>
                                     <input type="file" id="open-folder" style="display: none" multiple directory webkitdirectory>
                                 </button>
-                                <button type="button" class="btn btn-primary bmd-btn-icon" id="btn-open-file" data-toggle="tooltip" title="Open file as input" data-help-title="Opening a file" data-help="<p>Files can be loaded into CyberChef individually or in groups, either using the 'Open file as input' button, or by dragging and dropping them over the Input pane.</p><p>CyberChef can handle reasonably large files (at least 500MB, depending on hardware), but performance may be impacted and some Operations will run very slowly over large Inputs.</p>">
-                                    <i class="material-icons">input</i>
+                                <button type="button" aria-label="Open file as input" class="btn btn-primary bmd-btn-icon" id="btn-open-file" data-toggle="tooltip" title="Open file as input" data-help-title="Opening a file" data-help="<p>Files can be loaded into CyberChef individually or in groups, either using the 'Open file as input' button, or by dragging and dropping them over the Input pane.</p><p>CyberChef can handle reasonably large files (at least 500MB, depending on hardware), but performance may be impacted and some Operations will run very slowly over large Inputs.</p>">
+                                    <i class="material-icons" aria-hidden="true">input</i>
                                     <input type="file" id="open-file" style="display: none" multiple>
                                 </button>
-                                <button type="button" class="btn btn-primary bmd-btn-icon" id="clr-io" data-toggle="tooltip" title="Clear input and output" data-help-title="Clearing the Input and Output" data-help="Clicking the 'Clear input and output' button will remove all Inputs and Outputs. It will not clear the Recipe.">
-                                    <i class="material-icons">delete</i>
+                                <button type="button" aria-label="Clear input and output" class="btn btn-primary bmd-btn-icon" id="clr-io" data-toggle="tooltip" title="Clear input and output" data-help-title="Clearing the Input and Output" data-help="Clicking the 'Clear input and output' button will remove all Inputs and Outputs. It will not clear the Recipe.">
+                                    <i class="material-icons" aria-hidden="true">delete</i>
                                 </button>
-                                <button type="button" class="btn btn-primary bmd-btn-icon" id="reset-layout" data-toggle="tooltip" title="Reset pane layout" data-help-title="Resetting the pane layout" data-help="CyberChef's panes can be resized to suit your area of focus. This button will reset the pane sizes to their default configuration.">
-                                    <i class="material-icons">view_compact</i>
+                                <button type="button" aria-label="Reset pane layout" class="btn btn-primary bmd-btn-icon" id="reset-layout" data-toggle="tooltip" title="Reset pane layout" data-help-title="Resetting the pane layout" data-help="CyberChef's panes can be resized to suit your area of focus. This button will reset the pane sizes to their default configuration.">
+                                    <i class="material-icons" aria-hidden="true">view_compact</i>
                                 </button>
                             </span>
                         </div>
@@ -280,17 +283,17 @@
                                 <button type="button" class="btn btn-primary bmd-btn-icon" id="save-all-to-file" data-toggle="tooltip" title="Save all outputs to a zip file" style="display: none" data-help-title="Saving all outputs to a zip file" data-help="<p>When operating with multiple tabbed Inputs and Outputs, you can use this button to save off all the Outputs at once in a ZIP file.</p><p>Use the 'Bake' button to bake all Inputs at once.</p><p>You will be given the choice to specify the file extension for the Outputs, or you can let CyberChef attempt to detect the filetype of each one. If an Output's type is not clear, CyberChef will use the '.dat' extension.</p>">
                                         <i class="material-icons">archive</i>
                                     </button>
-                                <button type="button" class="btn btn-primary bmd-btn-icon" id="save-to-file" data-toggle="tooltip" title="Save output to file" data-help-title="Saving output to a file" data-help="The currently active Output can be saved to a file. You will be asked to specify a filename. CyberChef will attempt to guess the correct file extension based on the data. If a file type cannot be detected, the extension defaults to '.dat' but can be changed manually.">
-                                    <i class="material-icons">save</i>
+                                <button type="button" aria-label="save" class="btn btn-primary bmd-btn-icon" id="save-to-file" data-toggle="tooltip" title="Save output to file" data-help-title="Saving output to a file" data-help="The currently active Output can be saved to a file. You will be asked to specify a filename. CyberChef will attempt to guess the correct file extension based on the data. If a file type cannot be detected, the extension defaults to '.dat' but can be changed manually.">
+                                    <i class="material-icons" aria-hidden="true">save</i>
                                 </button>
-                                <button type="button" class="btn btn-primary bmd-btn-icon" id="copy-output" data-toggle="tooltip" title="Copy raw output to the clipboard" data-help-title="Copying raw output to the clipboard" data-help="<p>Data can be copied from the Output in the normal way by selecting text and copying it. This button provides a quick way of copying the entire output to the clipboard without having to select it. It directly copies the raw data rather than selecting text in the Output editor. Each method should have the same result, but the button may be more efficient for large Outputs as it does not require any DOM interaction.</p>">
-                                    <i class="material-icons">content_copy</i>
+                                <button type="button" aria-label="copy content" class="btn btn-primary bmd-btn-icon" id="copy-output" data-toggle="tooltip" title="Copy raw output to the clipboard" data-help-title="Copying raw output to the clipboard" data-help="<p>Data can be copied from the Output in the normal way by selecting text and copying it. This button provides a quick way of copying the entire output to the clipboard without having to select it. It directly copies the raw data rather than selecting text in the Output editor. Each method should have the same result, but the button may be more efficient for large Outputs as it does not require any DOM interaction.</p>">
+                                    <i class="material-icons" aria-hidden="true">content_copy</i>
                                 </button>
-                                <button type="button" class="btn btn-primary bmd-btn-icon" id="switch" data-toggle="tooltip" title="Replace input with output" data-help-title="Replacing input with output" data-help="<p>This button moves the currently active Output data into the currently active Input tab, overwriting whatever data was already there.</p><p>The Input character encoding and EOL sequence will be changed to match the current Output values, so that the data is interpreted correctly.</p>">
-                                    <i class="material-icons">open_in_browser</i>
+                                <button type="button" aria-label="replace input with output" class="btn btn-primary bmd-btn-icon" id="switch" data-toggle="tooltip" title="Replace input with output" data-help-title="Replacing input with output" data-help="<p>This button moves the currently active Output data into the currently active Input tab, overwriting whatever data was already there.</p><p>The Input character encoding and EOL sequence will be changed to match the current Output values, so that the data is interpreted correctly.</p>">
+                                    <i class="material-icons" aria-hidden="true">open_in_browser</i>
                                 </button>
-                                <button type="button" class="btn btn-primary bmd-btn-icon" id="maximise-output" data-toggle="tooltip" title="Maximise output pane" data-help-title="Maximising the Output pane" data-help="This button allows you to view the Output pane at maximum size, hiding the Operations, Recipe and Input panes. You can restore the pane to its normal size by clicking the same button again.">
-                                    <i class="material-icons">fullscreen</i>
+                                <button type="button" aria-label="maximise output pane" class="btn btn-primary bmd-btn-icon" id="maximise-output" data-toggle="tooltip" title="Maximise output pane" data-help-title="Maximising the Output pane" data-help="This button allows you to view the Output pane at maximum size, hiding the Operations, Recipe and Input panes. You can restore the pane to its normal size by clicking the same button again.">
+                                    <i class="material-icons" aria-hidden="true">fullscreen</i>
                                 </button>
                             </span>
 
@@ -562,10 +565,10 @@
                     <div class="modal-body">
                         <img aria-hidden="true" class="about-img-left" src="<%- require('../static/images/cyberchef-128x128.png') %>" alt="CyberChef Logo"/>
                         <p class="subtext">
-                            Version <%=  htmlWebpackPlugin.options.version %><br>
+                            Version <%= htmlWebpackPlugin.options.version %><br>
                             Compile time: <%= htmlWebpackPlugin.options.compileTime %>
                         </p>
-                        <p>&copy; Crown Copyright 2016.</p>
+                        <p>&copy; Crown Copyright 2016-<%= htmlWebpackPlugin.options.compileYear %>.</p>
                         <p>Released under the Apache Licence, Version 2.0.</p>
                         <p><a href="https://gitter.im/gchq/CyberChef">
                             <img src="<%- require('../static/images/gitter-badge.svg') %>">
@@ -861,7 +864,7 @@
                         <ul>
                             <li>Build time: <%= htmlWebpackPlugin.options.compileTime %></li>
                             <li>The changelog for this version can be viewed <a href="https://github.com/gchq/CyberChef/blob/master/CHANGELOG.md">here</a></li>
-                            <li>&copy; Crown Copyright 2016</li>
+                            <li>&copy; Crown Copyright 2016-<%= htmlWebpackPlugin.options.compileYear %></li>
                             <li>Released under the Apache Licence, Version 2.0</li>
                             <li>SHA256 hash: DOWNLOAD_HASH_PLACEHOLDER</li>
                         </ul>

src/web/stylesheets/layout/_modals.css

@@ -99,10 +99,12 @@
 .bmd-form-group.is-focused [class^='bmd-label'],
 .bmd-form-group.is-focused [class*=' bmd-label'],
 .bmd-form-group.is-focused label,
-.checkbox label:hover {
+.checkbox label:hover,
+.bmd-form-group.is-filled:focus-within .checkbox.option-item label {
     color: var(--input-highlight-colour);
 }
 
+
 .bmd-form-group.option-item label+.form-control{
     background-image:
         linear-gradient(to top, var(--input-highlight-colour) 2px, rgba(0, 0, 0, 0) 2px),

src/web/waiters/ControlsWaiter.mjs

@@ -345,6 +345,36 @@ class ControlsWaiter {
     }
 
 
+    /**
+     * Hides the arguments for all the operations in the current recipe.
+     */
+    hideRecipeArgsClick() {
+        const icon = document.getElementById("hide-icon");
+
+        if (icon.getAttribute("hide-args") === "false") {
+            icon.setAttribute("hide-args", "true");
+            icon.setAttribute("data-original-title", "Show arguments");
+            icon.children[0].innerText = "keyboard_arrow_down";
+            Array.from(document.getElementsByClassName("hide-args-icon")).forEach(function(item) {
+                item.setAttribute("hide-args", "true");
+                item.innerText = "keyboard_arrow_down";
+                item.classList.add("hide-args-selected");
+                item.parentNode.previousElementSibling.style.display = "none";
+            });
+        } else {
+            icon.setAttribute("hide-args", "false");
+            icon.setAttribute("data-original-title", "Hide arguments");
+            icon.children[0].innerText = "keyboard_arrow_up";
+            Array.from(document.getElementsByClassName("hide-args-icon")).forEach(function(item) {
+                item.setAttribute("hide-args", "false");
+                item.innerText = "keyboard_arrow_up";
+                item.classList.remove("hide-args-selected");
+                item.parentNode.previousElementSibling.style.display = "grid";
+            });
+        }
+    }
+
+
     /**
      * Populates the bug report information box with useful technical info.
      *

src/web/waiters/OutputWaiter.mjs

@@ -1541,10 +1541,12 @@ class OutputWaiter {
             this.app.ioSplitter.collapse(0);
 
             $(el).attr("data-original-title", "Restore output pane");
+            $(el).attr("aria-label", "Restore output pane");
             el.querySelector("i").innerHTML = "fullscreen_exit";
         } else {
             document.body.classList.remove("output-maximised");
             $(el).attr("data-original-title", "Maximise output pane");
+            $(el).attr("aria-label", "Maximise output pane");
             el.querySelector("i").innerHTML = "fullscreen";
             this.app.initialiseSplitter(false);
             this.app.resetLayout();

src/web/waiters/RecipeWaiter.mjs

@@ -215,6 +215,45 @@ class RecipeWaiter {
         window.dispatchEvent(this.manager.statechange);
     }
 
+    /**
+     * Handler for hide-args click events.
+     * Updates the icon status.
+     *
+     * @fires Manager#statechange
+     * @param {event} e
+     */
+    hideArgsClick(e) {
+        const icon = e.target;
+
+        if (icon.getAttribute("hide-args") === "false") {
+            icon.setAttribute("hide-args", "true");
+            icon.innerText = "keyboard_arrow_down";
+            icon.classList.add("hide-args-selected");
+            icon.parentNode.previousElementSibling.style.display = "none";
+        } else {
+            icon.setAttribute("hide-args", "false");
+            icon.innerText = "keyboard_arrow_up";
+            icon.classList.remove("hide-args-selected");
+            icon.parentNode.previousElementSibling.style.display = "grid";
+        }
+
+        const icons = Array.from(document.getElementsByClassName("hide-args-icon"));
+        if (icons.length > 1) {
+            // Check if ALL the icons are hidden/shown
+            const uniqueIcons = icons.map(function(item) {
+                return item.getAttribute("hide-args");
+            }).unique();
+
+            const controlsIconStatus = document.getElementById("hide-icon").getAttribute("hide-args");
+
+            // If all icons are in the same state and the global icon isn't, fix it
+            if (uniqueIcons.length === 1 && icon.getAttribute("hide-args") !== controlsIconStatus) {
+                this.manager.controls.hideRecipeArgsClick();
+            }
+        }
+
+        window.dispatchEvent(this.manager.statechange);
+    }
 
     /**
      * Handler for disable click events.

tests/browser/01_io.js

@@ -383,13 +383,17 @@ module.exports = {
         utils.setInput(browser, CHINESE_CHARS, false);
         utils.setChrEnc(browser, "input", "UTF-8");
         utils.bake(browser);
-        utils.expectOutput(browser, "\u00E4\u00B8\u008D\u00E8\u00A6\u0081\u00E6\u0081\u0090\u00E6\u0085\u008C\u00E3\u0080\u0082");
 
-        /* Changing output to match input works as expected */
-        utils.setChrEnc(browser, "output", "UTF-8");
-        utils.bake(browser);
+        /* Output encoding should be autodetected */
+        browser
+            .waitForElementVisible("#snackbar-container .snackbar-content", 5000)
+            .expect.element("#snackbar-container .snackbar-content").text.to.equal("Output character encoding has been detected and changed to UTF-8");
+
         utils.expectOutput(browser, CHINESE_CHARS);
 
+        /* Change the output encoding manually to test for URL presence */
+        utils.setChrEnc(browser, "output", "UTF-8");
+
         /* Encodings appear in the URL */
         browser.assert.urlContains("ienc=65001");
         browser.assert.urlContains("oenc=65001");

tests/browser/02_ops.js

@@ -37,7 +37,7 @@ module.exports = {
         testOp(browser, ["From Hex", "Add Text To Image", "To Base64"], Images.PNG_HEX, Images.PNG_CHEF_B64, [[], ["Chef", "Center", "Middle", 0, 0, 16], []]);
         testOp(browser, "Adler-32 Checksum", "test input", "16160411");
         testOp(browser, "Affine Cipher Decode", "test input", "rcqr glnsr", [1, 2]);
-        testOp(browser, "Affine Cipher Encode", "test input", "njln rbfpn", [2, 1]);
+        testOp(browser, "Affine Cipher Encode", "test input", "gndg zoujg", [3, 1]);
         testOp(browser, "AMF Decode", "\u000A\u0013\u0001\u0003a\u0006\u0009test", /"\$value": "test"/);
         testOp(browser, "AMF Encode", '{"a": "test"}', "\u000A\u0013\u0001\u0003a\u0006\u0009test");
         testOp(browser, "Analyse hash", "0123456789abcdef", /CRC-64/);
@@ -126,8 +126,8 @@ module.exports = {
         // testOp(browser, "Extract email addresses", "test input", "test_output");
         // testOp(browser, "Extract file paths", "test input", "test_output");
         testOpFile(browser, "Extract Files", "files/Hitchhikers_Guide.jpeg", ".card:last-child .collapsed", "extracted_at_0x3d38.zlib");
-        testOpFile(browser, "Extract ID3", "files/mp3example.mp3", "tr:last-child td:last-child", "Kevin MacLeod");
-        // testOp(browser, "Extract IP addresses", "test input", "test_output");
+        // This test seems unreliable on GitHub Actions, not reproducible locally.
+        // testOpFile(browser, "Extract ID3", "files/mp3example.mp3", "tr:last-child td:last-child", "Kevin MacLeod");        // testOp(browser, "Extract IP addresses", "test input", "test_output");
         // testOp(browser, "Extract LSB", "test input", "test_output");
         // testOp(browser, "Extract MAC addresses", "test input", "test_output");
         // testOp(browser, "Extract RGBA", "test input", "test_output");

tests/browser/browserUtils.js

@@ -176,13 +176,14 @@ function loadRecipe(browser, opName, input, args) {
  */
 function expectOutput(browser, expected) {
     browser.execute(expected => {
-        const output = window.app.manager.output.outputEditorView.state.doc.toString();
+        return window.app.manager.output.outputEditorView.state.doc.toString();
+    }, [expected], function({value}) {
         if (expected instanceof RegExp) {
-            return expected.test(output);
+            browser.expect(value).match(expected);
         } else {
-            return expected === output;
+            browser.expect(value).to.be.equal(expected);
         }
-    }, [expected]);
+    });
 }
 
 /** @function

tests/node/tests/operations.mjs

@@ -432,7 +432,7 @@ color: white;
     it("Disassemble x86", () => {
         const result = chef.disassembleX86(chef.toBase64("one two three"));
         const expected = `0000000000000000 0000                            ADD BYTE PTR [RAX],AL\r
-0000000000000002 0B250000000B                    OR ESP,DWORD PTR [0000000-F4FFFFF8]\r
+0000000000000002 0B250000000B                    OR ESP,DWORD PTR [000000000B000008]\r
 `;
         assert.strictEqual(result.toString(), expected);
     }),

tests/operations/index.mjs

@@ -62,6 +62,8 @@ import "./tests/DefangIP.mjs";
 import "./tests/ELFInfo.mjs";
 import "./tests/Enigma.mjs";
 import "./tests/ExtractEmailAddresses.mjs";
+import "./tests/ExtractHashes.mjs";
+import "./tests/Float.mjs";
 import "./tests/FileTree.mjs";
 import "./tests/FletcherChecksum.mjs";
 import "./tests/Fork.mjs";
@@ -81,12 +83,13 @@ import "./tests/HKDF.mjs";
 import "./tests/Image.mjs";
 import "./tests/IndexOfCoincidence.mjs";
 import "./tests/JA3Fingerprint.mjs";
-import "./tests/JA4Fingerprint.mjs";
+import "./tests/JA4.mjs";
 import "./tests/JA3SFingerprint.mjs";
 import "./tests/JSONBeautify.mjs";
 import "./tests/JSONMinify.mjs";
 import "./tests/JSONtoCSV.mjs";
 import "./tests/Jump.mjs";
+import "./tests/JWK.mjs";
 import "./tests/JWTDecode.mjs";
 import "./tests/JWTSign.mjs";
 import "./tests/JWTVerify.mjs";
@@ -118,6 +121,8 @@ import "./tests/PGP.mjs";
 import "./tests/PHP.mjs";
 import "./tests/PowerSet.mjs";
 import "./tests/Protobuf.mjs";
+import "./tests/PubKeyFromCert.mjs";
+import "./tests/PubKeyFromPrivKey.mjs";
 import "./tests/Rabbit.mjs";
 import "./tests/RAKE.mjs";
 import "./tests/Regex.mjs";
@@ -146,6 +151,7 @@ import "./tests/Typex.mjs";
 import "./tests/UnescapeString.mjs";
 import "./tests/Unicode.mjs";
 import "./tests/YARA.mjs";
+import "./tests/ParseCSR.mjs";
 
 const testStatus = {
     allTestsPassing: true,

tests/operations/tests/Base58.mjs

@@ -53,6 +53,28 @@ TestRegister.addTests([
             },
         ],
     },
+    {
+        name: "To Base58 all null",
+        input: "\0\0\0\0\0\0",
+        expectedOutput: "111111",
+        recipeConfig: [
+            {
+                op: "To Base58",
+                args: ["123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"],
+            },
+        ],
+    },
+    {
+        name: "From Base58 all null",
+        input: "111111",
+        expectedOutput: "\0\0\0\0\0\0",
+        recipeConfig: [
+            {
+                op: "From Base58",
+                args: ["123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"],
+            },
+        ],
+    },
     {
         name: "To Base58 with null prefix and suffix",
         input: "\0\0\0Hello\0\0\0",

tests/operations/tests/ChaCha.mjs

@@ -58,6 +58,25 @@ ChaCha uses a nonce of 8 or 12 bytes (64 or 96 bits).`,
             }
         ],
     },
+    {
+        name: "ChaCha: RFC8439 Raw output",
+        input: "Ladies and Gentlemen of the class of '99: If I could offer you only one tip for the future, sunscreen would be it.",
+        expectedOutput: "6e 2e 35 9a 25 68 f9 80 41 ba 07 28 dd 0d 69 81 e9 7e 7a ec 1d 43 60 c2 0a 27 af cc fd 9f ae 0b f9 1b 65 c5 52 47 33 ab 8f 59 3d ab cd 62 b3 57 16 39 d6 24 e6 51 52 ab 8f 53 0c 35 9f 08 61 d8 07 ca 0d bf 50 0d 6a 61 56 a3 8e 08 8a 22 b6 5e 52 bc 51 4d 16 cc f8 06 81 8c e9 1a b7 79 37 36 5a f9 0b bf 74 a3 5b e6 b4 0b 8e ed f2 78 5e 42 87 4d",
+        recipeConfig: [
+            {
+                "op": "ChaCha",
+                "args": [
+                    {"option": "Hex", "string": "00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:0f:10:11:12:13:14:15:16:17:18:19:1a:1b:1c:1d:1e:1f"},
+                    {"option": "Hex", "string": "00:00:00:00:00:00:00:4a:00:00:00:00"},
+                    1, "20", "Raw", "Raw",
+                ]
+            },
+            {
+                "op": "To Hex",
+                "args": []
+            },
+        ],
+    },
     {
         name: "ChaCha: draft-strombergson-chacha-test-vectors-01 TC7.1",
         input: "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00",

tests/operations/tests/CipherSaber2.mjs

@@ -21,13 +21,16 @@ TestRegister.addTests([
         ],
     },
     {
+        // input taken from https://ciphersaber.gurus.org/
         name: "CipherSaber2 Decrypt",
-        input: "\x5d\xd9\x7f\xeb\x77\x3c\x42\x9d\xfe\x9c\x3b\x21\x63\xbd\x53\x38\x18\x7c\x36\x37",
-        expectedOutput: "helloworld",
+        input: "\x6f\x6d\x0b\xab\xf3\xaa\x67\x19\x03\x15\x30\xed\xb6\x77"  +
+            "\xca\x74\xe0\x08\x9d\xd0\xe7\xb8\x85\x43\x56\xbb\x14\x48\xe3" +
+            "\x7c\xdb\xef\xe7\xf3\xa8\x4f\x4f\x5f\xb3\xfd",
+        expectedOutput: "This is a test of CipherSaber.",
         recipeConfig: [
             {
                 op: "CipherSaber2 Decrypt",
-                args: [{ "option": "Latin1", "string": "test" }, 20],
+                args: [{ "option": "Latin1", "string": "asdfg" }, 1],
             },
         ],
     },

tests/operations/tests/Crypt.mjs

@@ -1948,4 +1948,38 @@ DES uses a key length of 8 bytes (64 bits).`,
             }
         ],
     },
+    {
+        name: "Blowfish Encrypt with variable key length: CBC, ASCII, 4 bytes",
+        input: "The quick brown fox jumps over the lazy dog.",
+        expectedOutput: "823f337a53ecf121aa9ec1b111bd5064d1d7586abbdaaa0c8fd0c6cc43c831c88bf088ee3e07287e3f36cf2e45f9c7e6",
+        recipeConfig: [
+            {
+                "op": "Blowfish Encrypt",
+                "args": [
+                    {"option": "Hex", "string": "00112233"}, // Key
+                    {"option": "Hex", "string": "0000000000000000"}, // IV
+                    "CBC", // Mode
+                    "Raw", // Input
+                    "Hex" // Output
+                ]
+            }
+        ],
+    },
+    {
+        name: "Blowfish Encrypt with variable key length: CBC, ASCII, 42 bytes",
+        input: "The quick brown fox jumps over the lazy dog.",
+        expectedOutput: "19f5a68145b34321cfba72226b0f33922ce44dd6e7869fe328db64faae156471216f12ed2a37fd0bdd7cebf867b3cff0",
+        recipeConfig: [
+            {
+                "op": "Blowfish Encrypt",
+                "args": [
+                    {"option": "Hex", "string": "deadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdead"}, // Key
+                    {"option": "Hex", "string": "0000000000000000"}, // IV
+                    "CBC", // Mode
+                    "Raw", // Input
+                    "Hex" // Output
+                ]
+            }
+        ],
+    }
 ]);

tests/operations/tests/DateTime.mjs

@@ -31,4 +31,26 @@ TestRegister.addTests([
             },
         ],
     },
+    {
+        name: "DateTime Delta Positive",
+        input: "20/02/2024 13:36:00",
+        expectedOutput: "20/02/2024 13:37:00",
+        recipeConfig: [
+            {
+                op: "DateTime Delta",
+                args: ["Standard date and time", "DD/MM/YYYY HH:mm:ss", "Add", 0, 0, 1, 0],
+            },
+        ],
+    },
+    {
+        name: "DateTime Delta Negative",
+        input: "20/02/2024 14:37:00",
+        expectedOutput: "20/02/2024 13:37:00",
+        recipeConfig: [
+            {
+                op: "DateTime Delta",
+                args: ["Standard date and time", "DD/MM/YYYY HH:mm:ss", "Subtract", 0, 1, 0, 0],
+            },
+        ],
+    },
 ]);

tests/operations/tests/ExtractHashes.mjs

@@ -0,0 +1,77 @@
+/**
+ * ExtractHashes tests.
+ *
+ * @author mshwed [m@ttshwed.com]
+ * @copyright Crown Copyright 2024
+ * @license Apache-2.0
+ */
+import TestRegister from "../../lib/TestRegister.mjs";
+
+TestRegister.addTests([
+    {
+        name: "Extract MD5 hash",
+        input: "The quick brown fox jumps over the lazy dog\n\nMD5: 9e107d9d372bb6826bd81d3542a419d6",
+        expectedOutput: "9e107d9d372bb6826bd81d3542a419d6",
+        recipeConfig: [
+            {
+                "op": "Extract hashes",
+                "args": [32, false, false]
+            },
+        ],
+    },
+    {
+        name: "Extract SHA1 hash",
+        input: "The quick brown fox jumps over the lazy dog\n\nSHA1: 2fd4e1c67a2d28fced849ee1bb76e7391b93eb12",
+        expectedOutput: "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12",
+        recipeConfig: [
+            {
+                "op": "Extract hashes",
+                "args": [40, false, false]
+            },
+        ],
+    },
+    {
+        name: "Extract SHA256 hash",
+        input: "The quick brown fox jumps over the lazy dog\n\nSHA256: d7a8fbb307d7809469ca9abcb0082e4f8d5651e46d3cdb762d02d0bf37c9e592",
+        expectedOutput: "d7a8fbb307d7809469ca9abcb0082e4f8d5651e46d3cdb762d02d0bf37c9e592",
+        recipeConfig: [
+            {
+                "op": "Extract hashes",
+                "args": [64, false, false]
+            },
+        ],
+    },
+    {
+        name: "Extract SHA512 hash",
+        input: "The quick brown fox jumps over the lazy dog\n\nSHA512: 07e547d9586f6a73f73fbac0435ed76951218fb7d0c8d788a309d785436bbb642e93a252a954f23912547d1e8a3b5ed6e1bfd7097821233fa0538f3db854fee6",
+        expectedOutput: "07e547d9586f6a73f73fbac0435ed76951218fb7d0c8d788a309d785436bbb642e93a252a954f23912547d1e8a3b5ed6e1bfd7097821233fa0538f3db854fee6",
+        recipeConfig: [
+            {
+                "op": "Extract hashes",
+                "args": [128, false, false]
+            },
+        ],
+    },
+    {
+        name: "Extract all hashes",
+        input: "The quick brown fox jumps over the lazy dog\n\nMD5: 9e107d9d372bb6826bd81d3542a419d6\nSHA1: 2fd4e1c67a2d28fced849ee1bb76e7391b93eb12\nSHA256: d7a8fbb307d7809469ca9abcb0082e4f8d5651e46d3cdb762d02d0bf37c9e592",
+        expectedOutput: "9e107d9d372bb6826bd81d3542a419d6\n2fd4e1c67a2d28fced849ee1bb76e7391b93eb12\nd7a8fbb307d7809469ca9abcb0082e4f8d5651e46d3cdb762d02d0bf37c9e592",
+        recipeConfig: [
+            {
+                "op": "Extract hashes",
+                "args": [0, true, false]
+            },
+        ],
+    },
+    {
+        name: "Extract hashes with total count",
+        input: "The quick brown fox jumps over the lazy dog\n\nMD5: 9e107d9d372bb6826bd81d3542a419d6\nSHA1: 2fd4e1c67a2d28fced849ee1bb76e7391b93eb12\nSHA256: d7a8fbb307d7809469ca9abcb0082e4f8d5651e46d3cdb762d02d0bf37c9e592",
+        expectedOutput: "Total Results: 3\n\n9e107d9d372bb6826bd81d3542a419d6\n2fd4e1c67a2d28fced849ee1bb76e7391b93eb12\nd7a8fbb307d7809469ca9abcb0082e4f8d5651e46d3cdb762d02d0bf37c9e592",
+        recipeConfig: [
+            {
+                "op": "Extract hashes",
+                "args": [0, true, true]
+            },
+        ],
+    }
+]);

tests/operations/tests/Float.mjs

@@ -0,0 +1,164 @@
+/**
+ * Float tests.
+ *
+ * @author tcode2k16 [tcode2k16@gmail.com]
+ *
+ * @copyright Crown Copyright 2019
+ * @license Apache-2.0
+ */
+
+import TestRegister from "../../lib/TestRegister.mjs";
+
+
+TestRegister.addTests([
+    {
+        name: "To Float: nothing",
+        input: "",
+        expectedOutput: "",
+        recipeConfig: [
+            {
+                op: "From Hex",
+                args: ["Auto"]
+            },
+            {
+                op: "To Float",
+                args: ["Big Endian", "Float (4 bytes)", "Space"]
+            }
+        ],
+    },
+    {
+        name: "To Float (Big Endian, 4 bytes): 0.5",
+        input: "3f0000003f000000",
+        expectedOutput: "0.5 0.5",
+        recipeConfig: [
+            {
+                op: "From Hex",
+                args: ["Auto"]
+            },
+            {
+                op: "To Float",
+                args: ["Big Endian", "Float (4 bytes)", "Space"]
+            }
+        ]
+    },
+    {
+        name: "To Float (Little Endian, 4 bytes): 0.5",
+        input: "0000003f0000003f",
+        expectedOutput: "0.5 0.5",
+        recipeConfig: [
+            {
+                op: "From Hex",
+                args: ["Auto"]
+            },
+            {
+                op: "To Float",
+                args: ["Little Endian", "Float (4 bytes)", "Space"]
+            }
+        ]
+    },
+    {
+        name: "To Float (Big Endian, 8 bytes): 0.5",
+        input: "3fe00000000000003fe0000000000000",
+        expectedOutput: "0.5 0.5",
+        recipeConfig: [
+            {
+                op: "From Hex",
+                args: ["Auto"]
+            },
+            {
+                op: "To Float",
+                args: ["Big Endian", "Double (8 bytes)", "Space"]
+            }
+        ]
+    },
+    {
+        name: "To Float (Little Endian, 8 bytes): 0.5",
+        input: "000000000000e03f000000000000e03f",
+        expectedOutput: "0.5 0.5",
+        recipeConfig: [
+            {
+                op: "From Hex",
+                args: ["Auto"]
+            },
+            {
+                op: "To Float",
+                args: ["Little Endian", "Double (8 bytes)", "Space"]
+            }
+        ]
+    },
+    {
+        name: "From Float: nothing",
+        input: "",
+        expectedOutput: "",
+        recipeConfig: [
+            {
+                op: "From Float",
+                args: ["Big Endian", "Float (4 bytes)", "Space"]
+            },
+            {
+                op: "To Hex",
+                args: ["None"]
+            }
+        ]
+    },
+    {
+        name: "From Float (Big Endian, 4 bytes): 0.5",
+        input: "0.5 0.5",
+        expectedOutput: "3f0000003f000000",
+        recipeConfig: [
+            {
+                op: "From Float",
+                args: ["Big Endian", "Float (4 bytes)", "Space"]
+            },
+            {
+                op: "To Hex",
+                args: ["None"]
+            }
+        ]
+    },
+    {
+        name: "From Float (Little Endian, 4 bytes): 0.5",
+        input: "0.5 0.5",
+        expectedOutput: "0000003f0000003f",
+        recipeConfig: [
+            {
+                op: "From Float",
+                args: ["Little Endian", "Float (4 bytes)", "Space"]
+            },
+            {
+                op: "To Hex",
+                args: ["None"]
+            }
+        ]
+    },
+    {
+        name: "From Float (Big Endian, 8 bytes): 0.5",
+        input: "0.5 0.5",
+        expectedOutput: "3fe00000000000003fe0000000000000",
+        recipeConfig: [
+            {
+                op: "From Float",
+                args: ["Big Endian", "Double (8 bytes)", "Space"]
+            },
+            {
+                op: "To Hex",
+                args: ["None"]
+            }
+        ]
+    },
+    {
+        name: "From Float (Little Endian, 8 bytes): 0.5",
+        input: "0.5 0.5",
+        expectedOutput: "000000000000e03f000000000000e03f",
+        recipeConfig: [
+            {
+                op: "From Float",
+                args: ["Little Endian", "Double (8 bytes)", "Space"]
+            },
+            {
+                op: "To Hex",
+                args: ["None"]
+            }
+        ]
+    }
+]);

tests/operations/tests/JA4.mjs

@@ -1,5 +1,5 @@
 /**
- * JA4Fingerprint tests.
+ * JA4 tests.
  *
  * @author n1474335 [n1474335@gmail.com]
  * @copyright Crown Copyright 2024
@@ -52,4 +52,70 @@ TestRegister.addTests([
             }
         ],
     },
+    {
+        name: "JA4Server Fingerprint: TLS 1.2 h2 ALPN",
+        input: "16030300640200006003035f0236c07f47bfb12dc2da706ecb3fe7f9eeac9968cc2ddf444f574e4752440120b89ff1ab695278c69b8a73f76242ef755e0b13dc6d459aaaa784fec9c2dfce34cca900001800000000ff01000100000b00020100001000050003026832",
+        expectedOutput: "t1204h2_cca9_1428ce7b4018",
+        recipeConfig: [
+            {
+                "op": "JA4Server Fingerprint",
+                "args": ["Hex", "JA4S"]
+            }
+        ]
+    },
+    {
+        name: "JA4Server Fingerprint: TLS 1.2 h2 ALPN Raw",
+        input: "16030300640200006003035f0236c07f47bfb12dc2da706ecb3fe7f9eeac9968cc2ddf444f574e4752440120b89ff1ab695278c69b8a73f76242ef755e0b13dc6d459aaaa784fec9c2dfce34cca900001800000000ff01000100000b00020100001000050003026832",
+        expectedOutput: "t1204h2_cca9_0000,ff01,000b,0010",
+        recipeConfig: [
+            {
+                "op": "JA4Server Fingerprint",
+                "args": ["Hex", "JA4S Raw"]
+            }
+        ]
+    },
+    {
+        name: "JA4Server Fingerprint: TLS 1.3",
+        input: "160303007a020000760303236d214556452c55a0754487e64b1a8b0262c50ba23004c9d504166a6de3439920d0b0099243c9296a0c84153ea4ada7d87ad017f4211c2ea1350b0b3cc5514d5f130100002e00330024001d002099e3cc43a2c9941ae75af1b2c7a629bee3ee7031973cad85c82f2f23677fb244002b00020304",
+        expectedOutput: "t130200_1301_234ea6891581",
+        recipeConfig: [
+            {
+                "op": "JA4Server Fingerprint",
+                "args": ["Hex", "JA4S"]
+            }
+        ]
+    },
+    {
+        name: "JA4Server Fingerprint: TLS 1.3 Raw",
+        input: "160303007a020000760303236d214556452c55a0754487e64b1a8b0262c50ba23004c9d504166a6de3439920d0b0099243c9296a0c84153ea4ada7d87ad017f4211c2ea1350b0b3cc5514d5f130100002e00330024001d002099e3cc43a2c9941ae75af1b2c7a629bee3ee7031973cad85c82f2f23677fb244002b00020304",
+        expectedOutput: "t130200_1301_0033,002b",
+        recipeConfig: [
+            {
+                "op": "JA4Server Fingerprint",
+                "args": ["Hex", "JA4S Raw"]
+            }
+        ]
+    },
+    {
+        name: "JA4Server Fingerprint: TLS 1.3 non-ascii ALPN",
+        input: "160303007a020000760303897c232e3ee313314f2b662307ff4f7e2cf1caeec1b27711bca77f469519168520bc58b92f865e6b9aa4a6371cadcb0afe1da1c0f705209a11d52357f56d5dd962130100002e00330024001d002076b8b7ed0f96b63a773d85ab6f3a87a151c130529785b41a4defb53184055957002b00020304",
+        expectedOutput: "t130200_1301_234ea6891581",
+        recipeConfig: [
+            {
+                "op": "JA4Server Fingerprint",
+                "args": ["Hex", "JA4S"]
+            }
+        ]
+    },
+    {
+        name: "JA4Server Fingerprint: TLS 1.3 non-ascii ALPN Raw",
+        input: "160303007a020000760303897c232e3ee313314f2b662307ff4f7e2cf1caeec1b27711bca77f469519168520bc58b92f865e6b9aa4a6371cadcb0afe1da1c0f705209a11d52357f56d5dd962130100002e00330024001d002076b8b7ed0f96b63a773d85ab6f3a87a151c130529785b41a4defb53184055957002b00020304",
+        expectedOutput: "t130200_1301_0033,002b",
+        recipeConfig: [
+            {
+                "op": "JA4Server Fingerprint",
+                "args": ["Hex", "JA4S Raw"]
+            }
+        ]
+    },
 ]);

tests/operations/tests/JWK.mjs

@@ -0,0 +1,359 @@
+/**
+ * JWK conversion
+ *
+ * @author cplussharp
+ * @copyright Crown Copyright 2021
+ * @license Apache-2.0
+ */
+import TestRegister from "../../lib/TestRegister.mjs";
+
+// test data for RSA key pair
+const RSA_512 = {
+    private: {
+        pem1: `-----BEGIN RSA PRIVATE KEY-----
+MIIBOQIBAAJBAPKr0Dp6YdItzOfk6a7ma7L4BF4LnelMYKtboGLrk6ihtqFPZFRL
+NcJi68Hvnt8stMrP50t6jqwWQ2EjMdkj6fsCAwEAAQJAOJUpM0lv36MAQR3WAwsF
+F7DOy+LnigteCvaNWiNVxZ6jByB5Qb7sall/Qlu9sFI0ZwrlVcKS0kldee7JTYlL
+WQIhAP3UKEfOtpTgT1tYmdhaqjxqMfxBom0Ri+rt9ajlzs6vAiEA9L85B8/Gnb7p
+6Af7/wpmafL277OV4X4xBfzMR+TUzHUCIBq+VLQkInaTH6lXL3ZtLwyIf9W9MJjf
+RWeuRLjT5bM/AiBF7Kw6kx5Hy1fAtydEApCoDIaIjWJw/kC7WTJ0B+jUUQIgV6dw
+NSyj0feakeD890gmId+lvl/w/3oUXiczqvl/N9o=
+-----END RSA PRIVATE KEY-----`,
+        pem8: `-----BEGIN PRIVATE KEY-----
+MIIBUwIBADANBgkqhkiG9w0BAQEFAASCAT0wggE5AgEAAkEA8qvQOnph0i3M5+Tp
+ruZrsvgEXgud6Uxgq1ugYuuTqKG2oU9kVEs1wmLrwe+e3yy0ys/nS3qOrBZDYSMx
+2SPp+wIDAQABAkA4lSkzSW/fowBBHdYDCwUXsM7L4ueKC14K9o1aI1XFnqMHIHlB
+vuxqWX9CW72wUjRnCuVVwpLSSV157slNiUtZAiEA/dQoR862lOBPW1iZ2FqqPGox
+/EGibRGL6u31qOXOzq8CIQD0vzkHz8advunoB/v/CmZp8vbvs5XhfjEF/MxH5NTM
+dQIgGr5UtCQidpMfqVcvdm0vDIh/1b0wmN9FZ65EuNPlsz8CIEXsrDqTHkfLV8C3
+J0QCkKgMhoiNYnD+QLtZMnQH6NRRAiBXp3A1LKPR95qR4Pz3SCYh36W+X/D/ehRe
+JzOq+X832g==
+-----END PRIVATE KEY-----`,
+        jwk: {
+            "kty": "RSA",
+            "n": "8qvQOnph0i3M5-TpruZrsvgEXgud6Uxgq1ugYuuTqKG2oU9kVEs1wmLrwe-e3yy0ys_nS3qOrBZDYSMx2SPp-w",
+            "e": "AQAB",
+            "d": "OJUpM0lv36MAQR3WAwsFF7DOy-LnigteCvaNWiNVxZ6jByB5Qb7sall_Qlu9sFI0ZwrlVcKS0kldee7JTYlLWQ",
+            "p": "_dQoR862lOBPW1iZ2FqqPGox_EGibRGL6u31qOXOzq8",
+            "q": "9L85B8_Gnb7p6Af7_wpmafL277OV4X4xBfzMR-TUzHU",
+            "dp": "Gr5UtCQidpMfqVcvdm0vDIh_1b0wmN9FZ65EuNPlsz8",
+            "dq": "ReysOpMeR8tXwLcnRAKQqAyGiI1icP5Au1kydAfo1FE",
+            "qi": "V6dwNSyj0feakeD890gmId-lvl_w_3oUXiczqvl_N9o"
+        }
+    },
+    public: {
+        pem1: `-----BEGIN RSA PUBLIC KEY-----
+MEgCQQDyq9A6emHSLczn5Omu5muy+AReC53pTGCrW6Bi65OoobahT2RUSzXCYuvB
+757fLLTKz+dLeo6sFkNhIzHZI+n7AgMBAAE=
+-----END RSA PUBLIC KEY-----`,
+        pem8: `-----BEGIN PUBLIC KEY-----
+MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAPKr0Dp6YdItzOfk6a7ma7L4BF4LnelM
+YKtboGLrk6ihtqFPZFRLNcJi68Hvnt8stMrP50t6jqwWQ2EjMdkj6fsCAwEAAQ==
+-----END PUBLIC KEY-----`,
+        cert: `-----BEGIN CERTIFICATE-----
+MIIBfTCCASegAwIBAgIUeisK5Nwss2DGg5PCs4uSxxXyyNkwDQYJKoZIhvcNAQEL
+BQAwEzERMA8GA1UEAwwIUlNBIHRlc3QwHhcNMjExMTE5MTcyMDI2WhcNMzExMTE3
+MTcyMDI2WjATMREwDwYDVQQDDAhSU0EgdGVzdDBcMA0GCSqGSIb3DQEBAQUAA0sA
+MEgCQQDyq9A6emHSLczn5Omu5muy+AReC53pTGCrW6Bi65OoobahT2RUSzXCYuvB
+757fLLTKz+dLeo6sFkNhIzHZI+n7AgMBAAGjUzBRMB0GA1UdDgQWBBRO+jvkqq5p
+pnQgwMMnRoun6e7eiTAfBgNVHSMEGDAWgBRO+jvkqq5ppnQgwMMnRoun6e7eiTAP
+BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA0EAR/5HAZM5qBhU/ezDUIFx
+gmUGoFbIb5kJD41YCnaSdrgWglh4He4melSs42G/oxBBjuCJ0bUpqWnLl+lJkv1z
+IA==
+-----END CERTIFICATE-----`,
+        jwk: {
+            "kty": "RSA",
+            "n": "8qvQOnph0i3M5-TpruZrsvgEXgud6Uxgq1ugYuuTqKG2oU9kVEs1wmLrwe-e3yy0ys_nS3qOrBZDYSMx2SPp-w",
+            "e": "AQAB"
+        }
+    }
+};
+
+// test data for EC key pair
+const EC_P256 = {
+    private: {
+        pem1: `-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEINtTjwUkgfAiSwqgcGAXWyE0ueIW6n2k395dmQZ3vGr4oAoGCCqGSM49
+AwEHoUQDQgAEDUc8A0EDNKoCYIPWMHz1yUzqE5mJgusgcAE8H6810fkJ8ZmTNiCC
+a6sLgR2vD1VNh2diirWgKPH4PVMKav5e6Q==
+-----END EC PRIVATE KEY-----`,
+        pem8: `-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg21OPBSSB8CJLCqBw
+YBdbITS54hbqfaTf3l2ZBne8avihRANCAAQNRzwDQQM0qgJgg9YwfPXJTOoTmYmC
+6yBwATwfrzXR+QnxmZM2IIJrqwuBHa8PVU2HZ2KKtaAo8fg9Uwpq/l7p
+-----END PRIVATE KEY-----`,
+        jwk: {
+            "kty": "EC",
+            "crv": "P-256",
+            "x": "DUc8A0EDNKoCYIPWMHz1yUzqE5mJgusgcAE8H6810fk",
+            "y": "CfGZkzYggmurC4Edrw9VTYdnYoq1oCjx-D1TCmr-Xuk",
+            "d": "21OPBSSB8CJLCqBwYBdbITS54hbqfaTf3l2ZBne8avg"
+        }
+    },
+    public: {
+        pem8: `-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDUc8A0EDNKoCYIPWMHz1yUzqE5mJ
+gusgcAE8H6810fkJ8ZmTNiCCa6sLgR2vD1VNh2diirWgKPH4PVMKav5e6Q==
+-----END PUBLIC KEY-----`,
+        cert: `-----BEGIN CERTIFICATE-----
+MIIBfzCCASWgAwIBAgIUK4H8J3Hr7NpRLPrACj8Pje4JJJ0wCgYIKoZIzj0EAwIw
+FTETMBEGA1UEAwwKUC0yNTYgdGVzdDAeFw0yMTExMTkxNzE5NDVaFw0zMTExMTcx
+NzE5NDVaMBUxEzARBgNVBAMMClAtMjU2IHRlc3QwWTATBgcqhkjOPQIBBggqhkjO
+PQMBBwNCAAQNRzwDQQM0qgJgg9YwfPXJTOoTmYmC6yBwATwfrzXR+QnxmZM2IIJr
+qwuBHa8PVU2HZ2KKtaAo8fg9Uwpq/l7po1MwUTAdBgNVHQ4EFgQU/SxodXrpkybM
+gcIgkxnRKd7HMzowHwYDVR0jBBgwFoAU/SxodXrpkybMgcIgkxnRKd7HMzowDwYD
+VR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNIADBFAiBU9PrOa/kXCpTTBInRf/sN
+ac2iDHmbdpWzcXI+xLKNYAIhAIRR1LRSHVwOTLQ/iBXd+8LCkm5aTB27RW46LN80
+ylxt
+-----END CERTIFICATE-----`,
+        jwk: {
+            "kty": "EC",
+            "crv": "P-256",
+            "x": "DUc8A0EDNKoCYIPWMHz1yUzqE5mJgusgcAE8H6810fk",
+            "y": "CfGZkzYggmurC4Edrw9VTYdnYoq1oCjx-D1TCmr-Xuk"
+        }
+    }
+};
+
+const PEM_PRIV_DSA1024 = `-----BEGIN DSA PRIVATE KEY-----
+MIIBuwIBAAKBgQCkFEttBrPHEJRgcvaT8HbZs9h1pVQLHhn2F452izusRox1czMM
+IC8Z7YQiM1pt6bgEmf0h8ldx6UFT0YL9JWSbyBy1U5pHKfnz/xjeg7ZMReL4F0/T
+Gwmu4ercqfM//TmEg9nL3nDxb4WmF2al/SmHN3qlzYmYaIDEFfEuu8vWbwIVAMOq
+7pqQiMGUu6uJY/nQTWW0c3IfAoGARWryStp2AElj538qN9tWRuyobRA93Q1ujrdM
+EqsqVpMZd1a8qtRyMaZVVdB7N3EweNUuFOoSAp10s/SQEH9qhVo6NwvzhB7lEtm4
+5FjWW9+9WCuuFOGZpTy8PSFAvQcfUqunP/DeaDliNmgKci+n0nfIBakuQn10Zmqk
+vGu8NZICgYBUsoQeXSJ19e6XZenk6G8wVI3yXFqnRAwb6s7sAVoPwfDCsOXTxC7W
+Mlfz0HcYMiifFKEd28NnuAZ2e0ngyPHsb9s5phzTgRfO3GFzOjsjwgx3DmQI2Ck2
+yOWHSAtaNhH4DoBZEyNsb1akiB50vx9b09EHN4weqbgAu743NMDHRQIVAIG5uiiO
+OnWUYieHAiVIPkBCrYUd
+-----END DSA PRIVATE KEY-----`;
+
+// https://datatracker.ietf.org/doc/html/rfc8037#appendix-A.2
+const JWK_PUB_ED25591 = {
+    "kty": "OKP",
+    "crv": "Ed25519",
+    "x": "11qYAYKxCrfVS_7TyWQHOg7hcvPapiMlrwIaaPcHURo"
+};
+
+TestRegister.addTests([
+    {
+        name: "PEM to JWK: Missing footer",
+        input: RSA_512.private.pem1.substring(0, RSA_512.private.pem1.length / 2),
+        expectedOutput: "PEM footer '-----END RSA PRIVATE KEY-----' not found",
+        recipeConfig: [
+            {
+                op: "PEM to JWK",
+                args: [],
+            }
+        ],
+    },
+    {
+        name: "PEM to JWK: DSA not supported",
+        input: PEM_PRIV_DSA1024,
+        expectedOutput: "DSA keys are not supported for JWK",
+        recipeConfig: [
+            {
+                op: "PEM to JWK",
+                args: [],
+            }
+        ],
+    },
+
+    // test RSA key convertion
+    {
+        name: "PEM to JWK: RSA Private Key PKCS1",
+        input: RSA_512.private.pem1,
+        expectedOutput: JSON.stringify(RSA_512.private.jwk),
+        recipeConfig: [
+            {
+                op: "PEM to JWK",
+                args: [],
+            }
+        ],
+    },
+    {
+        name: "PEM to JWK: RSA Private Key PKCS8",
+        input: RSA_512.private.pem8,
+        expectedOutput: JSON.stringify(RSA_512.private.jwk),
+        recipeConfig: [
+            {
+                op: "PEM to JWK",
+                args: [],
+            }
+        ],
+    },
+    {
+        name: "PEM to JWK: RSA Public Key PKCS1",
+        input: RSA_512.public.pem1,
+        expectedOutput: "Unsupported RSA public key format. Only PKCS#8 is supported.",
+        recipeConfig: [
+            {
+                op: "PEM to JWK",
+                args: [],
+            }
+        ],
+    },
+    {
+        name: "PEM to JWK: RSA Public Key PKCS8",
+        input: RSA_512.public.pem8,
+        expectedOutput: JSON.stringify(RSA_512.public.jwk),
+        recipeConfig: [
+            {
+                op: "PEM to JWK",
+                args: [],
+            }
+        ],
+    },
+    {
+        name: "PEM to JWK: Certificate with RSA Public Key",
+        input: RSA_512.public.cert,
+        expectedOutput: JSON.stringify(RSA_512.public.jwk),
+        recipeConfig: [
+            {
+                op: "PEM to JWK",
+                args: [],
+            }
+        ],
+    },
+
+    // test EC key conversion
+    {
+        name: "PEM to JWK: EC Private Key PKCS1",
+        input: EC_P256.private.pem1,
+        expectedOutput: JSON.stringify(EC_P256.private.jwk),
+        recipeConfig: [
+            {
+                op: "PEM to JWK",
+                args: [],
+            }
+        ],
+    },
+    {
+        name: "PEM to JWK: EC Private Key PKCS8",
+        input: EC_P256.private.pem8,
+        expectedOutput: JSON.stringify(EC_P256.private.jwk),
+        recipeConfig: [
+            {
+                op: "PEM to JWK",
+                args: [],
+            }
+        ],
+    },
+    {
+        name: "PEM to JWK: EC Public Key",
+        input: EC_P256.public.pem8,
+        expectedOutput: JSON.stringify(EC_P256.public.jwk),
+        recipeConfig: [
+            {
+                op: "PEM to JWK",
+                args: [],
+            }
+        ],
+    },
+    {
+        name: "PEM to JWK: Certificate with EC Public Key",
+        input: EC_P256.public.cert,
+        expectedOutput: JSON.stringify(EC_P256.public.jwk),
+        recipeConfig: [
+            {
+                op: "PEM to JWK",
+                args: [],
+            }
+        ],
+    },
+
+
+    {
+        name: "JWK to PEM: not a JWK",
+        input: "\"foobar\"",
+        expectedOutput: "Input is not a JSON Web Key",
+        recipeConfig: [
+            {
+                op: "JWK to PEM",
+                args: [],
+            }
+        ],
+    },
+    {
+        name: "JWK to PEM: unsupported key type",
+        input: JSON.stringify(JWK_PUB_ED25591),
+        expectedOutput: "Unsupported JWK key type 'OKP'",
+        recipeConfig: [
+            {
+                op: "JWK to PEM",
+                args: [],
+            }
+        ],
+    },
+
+    // test RSA key conversion
+    {
+        name: "JWK to PEM: RSA Private Key",
+        input: JSON.stringify(RSA_512.private.jwk),
+        expectedOutput: RSA_512.private.pem8.replace(/\r/g, "").replace(/\n/g, "\r\n")+"\r\n",
+        recipeConfig: [
+            {
+                op: "JWK to PEM",
+                args: [],
+            }
+        ],
+    },
+    {
+        name: "JWK to PEM: RSA Public Key",
+        input: JSON.stringify(RSA_512.public.jwk),
+        expectedOutput: RSA_512.public.pem8.replace(/\r/g, "").replace(/\n/g, "\r\n")+"\r\n",
+        recipeConfig: [
+            {
+                op: "JWK to PEM",
+                args: [],
+            }
+        ],
+    },
+
+    // test EC key conversion
+    {
+        name: "JWK to PEM: EC Private Key",
+        input: JSON.stringify(EC_P256.private.jwk),
+        expectedOutput: EC_P256.private.pem8.replace(/\r/g, "").replace(/\n/g, "\r\n")+"\r\n",
+        recipeConfig: [
+            {
+                op: "JWK to PEM",
+                args: [],
+            }
+        ],
+    },
+    {
+        name: "JWK to PEM: EC Public Key",
+        input: JSON.stringify(EC_P256.public.jwk),
+        expectedOutput: EC_P256.public.pem8.replace(/\r/g, "").replace(/\n/g, "\r\n")+"\r\n",
+        recipeConfig: [
+            {
+                op: "JWK to PEM",
+                args: [],
+            }
+        ],
+    },
+
+    {
+        name: "JWK to PEM: Array of keys",
+        input: JSON.stringify([RSA_512.public.jwk, EC_P256.public.jwk]),
+        expectedOutput: (RSA_512.public.pem8 + "\n" + EC_P256.public.pem8 + "\n").replace(/\r/g, "").replace(/\n/g, "\r\n"),
+        recipeConfig: [
+            {
+                op: "JWK to PEM",
+                args: [],
+            }
+        ],
+    },
+    {
+        name: "JWK to PEM: JSON Web Key Set",
+        input: JSON.stringify({"keys": [RSA_512.public.jwk, EC_P256.public.jwk]}),
+        expectedOutput: (RSA_512.public.pem8 + "\n" + EC_P256.public.pem8 + "\n").replace(/\r/g, "").replace(/\n/g, "\r\n"),
+        recipeConfig: [
+            {
+                op: "JWK to PEM",
+                args: [],
+            }
+        ],
+    }
+]);

tests/operations/tests/ParseCSR.mjs

@@ -0,0 +1,215 @@
+/**
+ * Parse CSR tests.
+ *
+ * @author jkataja
+ * @copyright Crown Copyright 2023
+ * @license Apache-2.0
+ */
+
+import TestRegister from "../../lib/TestRegister.mjs";
+
+// openssl req -newkey rsa:1024 -keyout test-rsa-1024.key -out test-rsa-1024.csr \
+//    -subj "/C=CH/ST=Zurich/L=Zurich/O=Example RE/OU=IT Department/CN=example.com" \
+//    -addext "subjectAltName = DNS:example.com,DNS:www.example.com" \
+//    -addext "basicConstraints = critical,CA:FALSE" \
+//    -addext "keyUsage = critical,digitalSignature,keyEncipherment" \
+//    -addext "extendedKeyUsage = serverAuth"
+const IN_EXAMPLE_COM_RSA_1024 = `-----BEGIN CERTIFICATE REQUEST-----
+MIICHzCCAYgCAQAwcjELMAkGA1UEBhMCQ0gxDzANBgNVBAgMBlp1cmljaDEPMA0G
+A1UEBwwGWnVyaWNoMRMwEQYDVQQKDApFeGFtcGxlIFJFMRYwFAYDVQQLDA1JVCBE
+ZXBhcnRtZW50MRQwEgYDVQQDDAtleGFtcGxlLmNvbTCBnzANBgkqhkiG9w0BAQEF
+AAOBjQAwgYkCgYEArrTrLI6FkzjX8FZfclt2ox1Dz7KRwt5f6ffZic7twLAKJ4ao
+/H3APjwoFVUXGjiNj/XF2RlId4UxB1b6CgWjujBb9W51rTdvfWLyAHsrLcptpVz+
+V9Y8X9kEFCRGGDyG5+X+Nu6COzTpUPDj4bIIX/uPk3fDYDEqLClVy8/VS48CAwEA
+AaBtMGsGCSqGSIb3DQEJDjFeMFwwJwYDVR0RBCAwHoILZXhhbXBsZS5jb22CD3d3
+dy5leGFtcGxlLmNvbTAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIFoDATBgNV
+HSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOBgQB0mUlPgt6pt/kjD0pz
+OUNk5e9nBFQYQGuGIHGYbPX3mi4Wd9vUCdPixtPSTunHWs2cxX2nM8+MdcNTY+7Q
+NFgFNIvSXhbqMYoHAAApMHJOxiWpBFdYKp3tESnlgh2lUh7lQtmOjD4a1dzfU8PU
+oViyp+UJGasN2WRd+4VtaPw64w==
+-----END CERTIFICATE REQUEST-----`;
+
+const OUT_EXAMPLE_COM_RSA_1024 = `Version:          1 (0x00)
+Subject
+  C = CH
+  ST = Zurich
+  L = Zurich
+  O = Example RE
+  OU = IT Department
+  CN = example.com
+Subject Alternative Names
+  DNS: example.com
+  DNS: www.example.com
+Public Key
+  Algorithm:      RSA
+  Length:         1024 bits
+  Modulus:        ae:b4:eb:2c:8e:85:93:38:d7:f0:56:5f:72:5b:76:a3:
+                  1d:43:cf:b2:91:c2:de:5f:e9:f7:d9:89:ce:ed:c0:b0:
+                  0a:27:86:a8:fc:7d:c0:3e:3c:28:15:55:17:1a:38:8d:
+                  8f:f5:c5:d9:19:48:77:85:31:07:56:fa:0a:05:a3:ba:
+                  30:5b:f5:6e:75:ad:37:6f:7d:62:f2:00:7b:2b:2d:ca:
+                  6d:a5:5c:fe:57:d6:3c:5f:d9:04:14:24:46:18:3c:86:
+                  e7:e5:fe:36:ee:82:3b:34:e9:50:f0:e3:e1:b2:08:5f:
+                  fb:8f:93:77:c3:60:31:2a:2c:29:55:cb:cf:d5:4b:8f
+  Exponent:       65537 (0x10001)
+Signature
+  Algorithm:      sha256WithRSAEncryption
+  Signature:      74:99:49:4f:82:de:a9:b7:f9:23:0f:4a:73:39:43:64:
+                  e5:ef:67:04:54:18:40:6b:86:20:71:98:6c:f5:f7:9a:
+                  2e:16:77:db:d4:09:d3:e2:c6:d3:d2:4e:e9:c7:5a:cd:
+                  9c:c5:7d:a7:33:cf:8c:75:c3:53:63:ee:d0:34:58:05:
+                  34:8b:d2:5e:16:ea:31:8a:07:00:00:29:30:72:4e:c6:
+                  25:a9:04:57:58:2a:9d:ed:11:29:e5:82:1d:a5:52:1e:
+                  e5:42:d9:8e:8c:3e:1a:d5:dc:df:53:c3:d4:a1:58:b2:
+                  a7:e5:09:19:ab:0d:d9:64:5d:fb:85:6d:68:fc:3a:e3
+Extensions
+  basicConstraints CRITICAL:
+    CA = false
+  keyUsage CRITICAL:
+    Digital signature
+    Key encipherment
+  extKeyUsage:
+    TLS Web Server Authentication`;
+
+// openssl req -newkey rsa:2048 -keyout test-rsa-2048.key -out test-rsa-2048.csr \
+//    -subj "/C=CH/ST=Zurich/L=Zurich/O=Example RE/OU=IT Department/CN=example.com" \
+//    -addext "subjectAltName = DNS:example.com,DNS:www.example.com" \
+//    -addext "basicConstraints = critical,CA:FALSE" \
+//    -addext "keyUsage = critical,digitalSignature,keyEncipherment" \
+//    -addext "extendedKeyUsage = serverAuth"
+const IN_EXAMPLE_COM_RSA_2048 = `-----BEGIN CERTIFICATE REQUEST-----
+MIIDJDCCAgwCAQAwcjELMAkGA1UEBhMCQ0gxDzANBgNVBAgMBlp1cmljaDEPMA0G
+A1UEBwwGWnVyaWNoMRMwEQYDVQQKDApFeGFtcGxlIFJFMRYwFAYDVQQLDA1JVCBE
+ZXBhcnRtZW50MRQwEgYDVQQDDAtleGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAKPogLmWPuK/IGdct2v/3MFKVaVeKp2Hl5at/zDFLCAe
+51bwh7BqNVJEci4ApwlXA1WVmQPBFBJlYwQZVjz5UAN2CmNHxud5nV03YmZ2/Iml
+RzpKcZMPqU+liJCC04L+XIbOdx+Vz52dF++Cc+FuSFq803yW+qefK8JsJNO9KuPx
+RLYKSAADa9MIJisru1PzcBAOcimOmNnFWuo+LKsd4lU30OExDdKHwtyt62Mj1c3o
+lO1JjvkjtWWjwHI+0EgTjvkeXlcUYZvvLlysdKERMRozvMTGqqoHWCgWl+Rq9Z6P
+TgNsRO4CKug1Zwmh8y6acZ7sYb/dar8HOeqJnc0pCv8CAwEAAaBtMGsGCSqGSIb3
+DQEJDjFeMFwwJwYDVR0RBCAwHoILZXhhbXBsZS5jb22CD3d3dy5leGFtcGxlLmNv
+bTAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEF
+BQcDATANBgkqhkiG9w0BAQsFAAOCAQEAG0cjfRBY1pBzu+jf7yMQrK5mQrh72air
+VuXHmochmyUxyt0G7ovnNhKEr+X9snShJLi5qlyvnb2roiwlCmuwGIZxErN1svQL
+Z3kQNZgH+Vyu5IRL2DlPs5AAxVmzPpbnbXNhMHyAK/ziLcU031O1PoCpxwfvPsjW
+HWOCjbZUVaJnxdp8AHqImoGAiVhJwc37feFvb2UQlLedUypQkPg/poNWduaRDoj8
+m9cpVxuxGLtONBnohzohnFECytSXWEXPIj8L9SpYK97G02nJYYCAcb5BF11Alfux
+sNxtsr6zgPaLRrvOBT11WxJVKerbhfezAJ3naem1eM3VLxCGWwMwxg==
+-----END CERTIFICATE REQUEST-----`;
+
+const OUT_EXAMPLE_COM_RSA_2048 = `Version:          1 (0x00)
+Subject
+  C = CH
+  ST = Zurich
+  L = Zurich
+  O = Example RE
+  OU = IT Department
+  CN = example.com
+Subject Alternative Names
+  DNS: example.com
+  DNS: www.example.com
+Public Key
+  Algorithm:      RSA
+  Length:         2048 bits
+  Modulus:        a3:e8:80:b9:96:3e:e2:bf:20:67:5c:b7:6b:ff:dc:c1:
+                  4a:55:a5:5e:2a:9d:87:97:96:ad:ff:30:c5:2c:20:1e:
+                  e7:56:f0:87:b0:6a:35:52:44:72:2e:00:a7:09:57:03:
+                  55:95:99:03:c1:14:12:65:63:04:19:56:3c:f9:50:03:
+                  76:0a:63:47:c6:e7:79:9d:5d:37:62:66:76:fc:89:a5:
+                  47:3a:4a:71:93:0f:a9:4f:a5:88:90:82:d3:82:fe:5c:
+                  86:ce:77:1f:95:cf:9d:9d:17:ef:82:73:e1:6e:48:5a:
+                  bc:d3:7c:96:fa:a7:9f:2b:c2:6c:24:d3:bd:2a:e3:f1:
+                  44:b6:0a:48:00:03:6b:d3:08:26:2b:2b:bb:53:f3:70:
+                  10:0e:72:29:8e:98:d9:c5:5a:ea:3e:2c:ab:1d:e2:55:
+                  37:d0:e1:31:0d:d2:87:c2:dc:ad:eb:63:23:d5:cd:e8:
+                  94:ed:49:8e:f9:23:b5:65:a3:c0:72:3e:d0:48:13:8e:
+                  f9:1e:5e:57:14:61:9b:ef:2e:5c:ac:74:a1:11:31:1a:
+                  33:bc:c4:c6:aa:aa:07:58:28:16:97:e4:6a:f5:9e:8f:
+                  4e:03:6c:44:ee:02:2a:e8:35:67:09:a1:f3:2e:9a:71:
+                  9e:ec:61:bf:dd:6a:bf:07:39:ea:89:9d:cd:29:0a:ff
+  Exponent:       65537 (0x10001)
+Signature
+  Algorithm:      sha256WithRSAEncryption
+  Signature:      1b:47:23:7d:10:58:d6:90:73:bb:e8:df:ef:23:10:ac:
+                  ae:66:42:b8:7b:d9:a8:ab:56:e5:c7:9a:87:21:9b:25:
+                  31:ca:dd:06:ee:8b:e7:36:12:84:af:e5:fd:b2:74:a1:
+                  24:b8:b9:aa:5c:af:9d:bd:ab:a2:2c:25:0a:6b:b0:18:
+                  86:71:12:b3:75:b2:f4:0b:67:79:10:35:98:07:f9:5c:
+                  ae:e4:84:4b:d8:39:4f:b3:90:00:c5:59:b3:3e:96:e7:
+                  6d:73:61:30:7c:80:2b:fc:e2:2d:c5:34:df:53:b5:3e:
+                  80:a9:c7:07:ef:3e:c8:d6:1d:63:82:8d:b6:54:55:a2:
+                  67:c5:da:7c:00:7a:88:9a:81:80:89:58:49:c1:cd:fb:
+                  7d:e1:6f:6f:65:10:94:b7:9d:53:2a:50:90:f8:3f:a6:
+                  83:56:76:e6:91:0e:88:fc:9b:d7:29:57:1b:b1:18:bb:
+                  4e:34:19:e8:87:3a:21:9c:51:02:ca:d4:97:58:45:cf:
+                  22:3f:0b:f5:2a:58:2b:de:c6:d3:69:c9:61:80:80:71:
+                  be:41:17:5d:40:95:fb:b1:b0:dc:6d:b2:be:b3:80:f6:
+                  8b:46:bb:ce:05:3d:75:5b:12:55:29:ea:db:85:f7:b3:
+                  00:9d:e7:69:e9:b5:78:cd:d5:2f:10:86:5b:03:30:c6
+Extensions
+  basicConstraints CRITICAL:
+    CA = false
+  keyUsage CRITICAL:
+    Digital signature
+    Key encipherment
+  extKeyUsage:
+    TLS Web Server Authentication`;
+
+// openssl genpkey -genparam -algorithm ec -pkeyopt ec_paramgen_curve:P-256 -out test-ec-param.pem
+// openssl req -newkey ec:test-ec-param.pem -keyout test-ec.key -out test-ec.csr \
+//    -subj "/C=CH/ST=Zurich/L=Zurich/O=Example RE/OU=IT Department/CN=example.com" \
+//    -addext "subjectAltName = DNS:example.com,DNS:www.example.com" \
+//    -addext "basicConstraints = critical,CA:FALSE" \
+//    -addext "keyUsage = critical,digitalSignature,keyEncipherment" \
+//    -addext "extendedKeyUsage = serverAuth"
+const IN_EXAMPLE_COM_EC = `-----BEGIN CERTIFICATE REQUEST-----
+MIIBmzCCAUECAQAwcjELMAkGA1UEBhMCQ0gxDzANBgNVBAgMBlp1cmljaDEPMA0G
+A1UEBwwGWnVyaWNoMRMwEQYDVQQKDApFeGFtcGxlIFJFMRYwFAYDVQQLDA1JVCBE
+ZXBhcnRtZW50MRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqG
+SM49AwEHA0IABAmpYXNh+L9E0Q3sLhrO+MF1XgKCfqJntrOyIkrGwoiQftHbJWTA
+6duxQhU/3d9B+SN/ibeKY+xeiNBrs2eTYZ6gbTBrBgkqhkiG9w0BCQ4xXjBcMCcG
+A1UdEQQgMB6CC2V4YW1wbGUuY29tgg93d3cuZXhhbXBsZS5jb20wDAYDVR0TAQH/
+BAIwADAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCgYIKoZI
+zj0EAwIDSAAwRQIgQkum/qaLzE3QZ3WD00uLpalUn113FObd7rM5Mr3HQwQCIQCr
+7OjzYI9v7qIJp/E9N16XfJN87G2ZVIZ4FuPXVjokCQ==
+-----END CERTIFICATE REQUEST-----`;
+
+const OUT_EXAMPLE_COM_EC = `Parse CSR - Cannot read public key. OID is not RSA.`;
+
+TestRegister.addTests([
+    {
+        name: "Parse CSR: Example Certificate Signing Request (CSR) with RSA 1024",
+        input: IN_EXAMPLE_COM_RSA_1024,
+        expectedOutput: OUT_EXAMPLE_COM_RSA_1024,
+        recipeConfig: [
+            {
+                "op": "Parse CSR",
+                "args": ["PEM", true]
+            }
+        ]
+    },
+    {
+        name: "Parse CSR: Example Certificate Signing Request (CSR) with RSA 2048",
+        input: IN_EXAMPLE_COM_RSA_2048,
+        expectedOutput: OUT_EXAMPLE_COM_RSA_2048,
+        recipeConfig: [
+            {
+                "op": "Parse CSR",
+                "args": ["PEM", true]
+            }
+        ]
+    },
+    // RSA algorithm is the only one supported for CSR in node-forge as of 1.3.1
+    {
+        name: "Parse CSR: Example Certificate Signing Request (CSR) with EC 256",
+        input: IN_EXAMPLE_COM_EC,
+        expectedError: true,
+        expectedOutput: OUT_EXAMPLE_COM_EC,
+        recipeConfig: [
+            {
+                "op": "Parse CSR",
+                "args": ["PEM", true]
+            }
+        ]
+    }
+]);

tests/operations/tests/PubKeyFromCert.mjs

@@ -0,0 +1,215 @@
+/**
+ * Public Key from Certificate
+ *
+ * @author cplussharp
+ * @copyright Crown Copyright 2023
+ * @license Apache-2.0
+ */
+import TestRegister from "../../lib/TestRegister.mjs";
+
+const RSA_CERT = `-----BEGIN CERTIFICATE-----
+MIIBfTCCASegAwIBAgIUeisK5Nwss2DGg5PCs4uSxxXyyNkwDQYJKoZIhvcNAQEL
+BQAwEzERMA8GA1UEAwwIUlNBIHRlc3QwHhcNMjExMTE5MTcyMDI2WhcNMzExMTE3
+MTcyMDI2WjATMREwDwYDVQQDDAhSU0EgdGVzdDBcMA0GCSqGSIb3DQEBAQUAA0sA
+MEgCQQDyq9A6emHSLczn5Omu5muy+AReC53pTGCrW6Bi65OoobahT2RUSzXCYuvB
+757fLLTKz+dLeo6sFkNhIzHZI+n7AgMBAAGjUzBRMB0GA1UdDgQWBBRO+jvkqq5p
+pnQgwMMnRoun6e7eiTAfBgNVHSMEGDAWgBRO+jvkqq5ppnQgwMMnRoun6e7eiTAP
+BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA0EAR/5HAZM5qBhU/ezDUIFx
+gmUGoFbIb5kJD41YCnaSdrgWglh4He4melSs42G/oxBBjuCJ0bUpqWnLl+lJkv1z
+IA==
+-----END CERTIFICATE-----`;
+
+const RSA_PUBKEY = `-----BEGIN PUBLIC KEY-----
+MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAPKr0Dp6YdItzOfk6a7ma7L4BF4LnelM
+YKtboGLrk6ihtqFPZFRLNcJi68Hvnt8stMrP50t6jqwWQ2EjMdkj6fsCAwEAAQ==
+-----END PUBLIC KEY-----`;
+
+const EC_P256_CERT = `-----BEGIN CERTIFICATE-----
+MIIBfzCCASWgAwIBAgIUK4H8J3Hr7NpRLPrACj8Pje4JJJ0wCgYIKoZIzj0EAwIw
+FTETMBEGA1UEAwwKUC0yNTYgdGVzdDAeFw0yMTExMTkxNzE5NDVaFw0zMTExMTcx
+NzE5NDVaMBUxEzARBgNVBAMMClAtMjU2IHRlc3QwWTATBgcqhkjOPQIBBggqhkjO
+PQMBBwNCAAQNRzwDQQM0qgJgg9YwfPXJTOoTmYmC6yBwATwfrzXR+QnxmZM2IIJr
+qwuBHa8PVU2HZ2KKtaAo8fg9Uwpq/l7po1MwUTAdBgNVHQ4EFgQU/SxodXrpkybM
+gcIgkxnRKd7HMzowHwYDVR0jBBgwFoAU/SxodXrpkybMgcIgkxnRKd7HMzowDwYD
+VR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNIADBFAiBU9PrOa/kXCpTTBInRf/sN
+ac2iDHmbdpWzcXI+xLKNYAIhAIRR1LRSHVwOTLQ/iBXd+8LCkm5aTB27RW46LN80
+ylxt
+-----END CERTIFICATE-----`;
+
+const EC_P256_PUBKEY = `-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDUc8A0EDNKoCYIPWMHz1yUzqE5mJ
+gusgcAE8H6810fkJ8ZmTNiCCa6sLgR2vD1VNh2diirWgKPH4PVMKav5e6Q==
+-----END PUBLIC KEY-----`;
+
+const DSA_CERT = `-----BEGIN CERTIFICATE-----
+MIIEXzCCBA2gAwIBAgIUYYcPJB8UQLzUnqkGJvs3J4RI0OgwCwYJYIZIAWUDBAMC
+MBMxETAPBgNVBAMMCERTQSBUZXN0MB4XDTIzMTAxNTAwMjEzNVoXDTMzMTAxMjAw
+MjEzNVowEzERMA8GA1UEAwwIRFNBIFRlc3QwggNCMIICNQYHKoZIzjgEATCCAigC
+ggEBALoLV+uz7vMYZCIuwXNkgZawvDgZAG1T7IiG030WgqesRNncuoUQOmAJCiuN
+zkjVNSY08rabex/RIkWILvxP91SlzhA9t9+dp87p238ecxGa1sD2re+y35RP7IxN
+T33633NtwGItZ3BqqAhoMmuwwwxau0E8zwYodTTlwTRp4QVPpMH1eJCUBeEzcWP5
+ZZ1lRNhR5M2TqzSU3ya5/4c3a9rI86h9VIVgw8yVvw3y6yclzjALm2ntD5riskdM
+Z6mMkfYQwEbIGRTELX6A7LZ0lX1CislenF9ASb2E4g2nGcMQ0uSGzA4W9mf6wwmP
+S6iwX5+Qu/i6jCm5i37fQ1H5HHUCHQDA+UnPHM6PZEgfFen8djZpl/cl05MpWk+d
+nikFAoIBADXOTpBw0WA+UihxDG+6qqM05kxVMYmz6IRZ/06ffZSGVFN6Bx1i0s3v
+kzM5V8GsKpkKkSk7V8fTQnAIIlMmt1Y7ff+ng7+TfYotMrvvEYlolYK06J2WWoUA
+8iKp8+n58vdoky+xZmuGmcvCAojVDbEeU2wEqYE1PzrHCSOoOiKB2P4fOhyuF+qx
+E8nkzURIg2RmSSkqWOkXiWyKyfpUaB+4cEisp4ThENEPmdntE1vLh2r7EOIxpE5D
+0NAy2wFKqe3ljfgE6XsPZKgVAguRDVpzdmL6WDY7DM/BcS726vx+kX55QDkszvec
+raNirnir2QrB/a0JQjF6Y62yGmG7GF8DggEFAAKCAQBpN+w0N0b5IIAspXnlJ9yu
+B6ORk3j/5rZ+DUtTzW1YAJI6xjTcFQvN7FpVLkmLtXKUXF04R+sdGJ7VFwOb0rba
+L5vQzrqNkBrbgSzuzeloiG+7OLA6VeQtNbQh6OurrZFi9gY+qA5ciT9kQXyrHudV
+Xu956NDrooRxmv6JIVFvToaNiwe2vcgdkALw8HUbLFYof4SAE9jgU8EpxTp02e8H
+zvVSVa6yj1nnGhpzLPlEqF8TZvs9pTg2kIk3/zvWojMJoPyTALfbTjbAeiFMMeKN
+K/CKOOJj23AVAZxpMSR6cUbrIcRdKDnhCTVkkxXUecAIUs6Mk10kSfkuiGl9LjKj
+o1MwUTAdBgNVHQ4EFgQUE+xZdvgiDIFWKQskMYnNaZ3iPHAwHwYDVR0jBBgwFoAU
+E+xZdvgiDIFWKQskMYnNaZ3iPHAwDwYDVR0TAQH/BAUwAwEB/zALBglghkgBZQME
+AwIDPwAwPAIcZbtf4+bjXEGQqNs6IglLrOgIjYF46q7qCNfXmQIcMKUtH3S6sDJE
+3ds9eL+oC+HPFlfUNfUiU30aDA==
+-----END CERTIFICATE-----`;
+
+const DSA_PUBKEY = `-----BEGIN PUBLIC KEY-----
+MIIDQjCCAjUGByqGSM44BAEwggIoAoIBAQC6C1frs+7zGGQiLsFzZIGWsLw4GQBt
+U+yIhtN9FoKnrETZ3LqFEDpgCQorjc5I1TUmNPK2m3sf0SJFiC78T/dUpc4QPbff
+nafO6dt/HnMRmtbA9q3vst+UT+yMTU99+t9zbcBiLWdwaqgIaDJrsMMMWrtBPM8G
+KHU05cE0aeEFT6TB9XiQlAXhM3Fj+WWdZUTYUeTNk6s0lN8muf+HN2vayPOofVSF
+YMPMlb8N8usnJc4wC5tp7Q+a4rJHTGepjJH2EMBGyBkUxC1+gOy2dJV9QorJXpxf
+QEm9hOINpxnDENLkhswOFvZn+sMJj0uosF+fkLv4uowpuYt+30NR+Rx1Ah0AwPlJ
+zxzOj2RIHxXp/HY2aZf3JdOTKVpPnZ4pBQKCAQA1zk6QcNFgPlIocQxvuqqjNOZM
+VTGJs+iEWf9On32UhlRTegcdYtLN75MzOVfBrCqZCpEpO1fH00JwCCJTJrdWO33/
+p4O/k32KLTK77xGJaJWCtOidllqFAPIiqfPp+fL3aJMvsWZrhpnLwgKI1Q2xHlNs
+BKmBNT86xwkjqDoigdj+HzocrhfqsRPJ5M1ESINkZkkpKljpF4lsisn6VGgfuHBI
+rKeE4RDRD5nZ7RNby4dq+xDiMaROQ9DQMtsBSqnt5Y34BOl7D2SoFQILkQ1ac3Zi
++lg2OwzPwXEu9ur8fpF+eUA5LM73nK2jYq54q9kKwf2tCUIxemOtshphuxhfA4IB
+BQACggEAaTfsNDdG+SCALKV55SfcrgejkZN4/+a2fg1LU81tWACSOsY03BULzexa
+VS5Ji7VylFxdOEfrHRie1RcDm9K22i+b0M66jZAa24Es7s3paIhvuziwOlXkLTW0
+Iejrq62RYvYGPqgOXIk/ZEF8qx7nVV7veejQ66KEcZr+iSFRb06GjYsHtr3IHZAC
+8PB1GyxWKH+EgBPY4FPBKcU6dNnvB871UlWuso9Z5xoacyz5RKhfE2b7PaU4NpCJ
+N/871qIzCaD8kwC32042wHohTDHijSvwijjiY9twFQGcaTEkenFG6yHEXSg54Qk1
+ZJMV1HnACFLOjJNdJEn5LohpfS4yow==
+-----END PUBLIC KEY-----`;
+
+const ED25519_CERT = `-----BEGIN CERTIFICATE-----
+MIIBQjCB9aADAgECAhRjPJhrdNco5LzpsIs0vSLLaZaZ0DAFBgMrZXAwFzEVMBMG
+A1UEAwwMRWQyNTUxOSBUZXN0MB4XDTIzMTAxNTAwMjMwOFoXDTMzMTAxMjAwMjMw
+OFowFzEVMBMGA1UEAwwMRWQyNTUxOSBUZXN0MCowBQYDK2VwAyEAELP6AflXwsuZ
+5q4NDIO0LP2iCdKRvds4nwsUmRhOw3ijUzBRMB0GA1UdDgQWBBRfxS9q0IemWxkH
+4mwAwzr9dQx2xzAfBgNVHSMEGDAWgBRfxS9q0IemWxkH4mwAwzr9dQx2xzAPBgNV
+HRMBAf8EBTADAQH/MAUGAytlcANBAI/+03iVq4yJ+DaLVs61w41cVX2UxKvquSzv
+lllkpkclM9LH5dLrw4ArdTjS9zAjzY/02WkphHhICHXt3KqZTwI=
+-----END CERTIFICATE-----`;
+
+/*
+const ED25519_PUBKEY = `-----BEGIN PUBLIC KEY-----
+MCowBQYDK2VwAyEAELP6AflXwsuZ5q4NDIO0LP2iCdKRvds4nwsUmRhOw3g=
+-----END PUBLIC KEY-----`;
+*/
+
+const ED448_CERT = `-----BEGIN CERTIFICATE-----
+MIIBijCCAQqgAwIBAgIUZaCS7zEjOnQ7O4KUFym6fJF5vl8wBQYDK2VxMBUxEzAR
+BgNVBAMMCkVkNDQ4IFRlc3QwHhcNMjMxMDE1MDAyMzI1WhcNMzMxMDEyMDAyMzI1
+WjAVMRMwEQYDVQQDDApFZDQ0OCBUZXN0MEMwBQYDK2VxAzoAVN8kG0TMVyGOu/Ov
+BTe8H0Wi4HJrQAlSv4XLwJbkuoi4EeRlEHQwXsNYLZTtY2Jra6AWhbVYYaEAo1Mw
+UTAdBgNVHQ4EFgQUJFrepAf9YXrmDMSAzrMeYQmosd0wHwYDVR0jBBgwFoAUJFre
+pAf9YXrmDMSAzrMeYQmosd0wDwYDVR0TAQH/BAUwAwEB/zAFBgMrZXEDcwA+YiZj
+puFr2aogfV1qg/ixk7qLi25BbKVNR6+7PEUjo7+4yBn9qnLbAHUGnHn7E96pSey9
+VkLqpoDNMRcM3Eb6h3AJpQM0oxGj8q9arjDXqJkXgaO2e0tVn8KKVfy7S8qO72Kd
+rWzZowcOjnWKhXm7JgA=
+-----END CERTIFICATE-----`;
+
+/*
+const ED448_PUBKEY = `-----BEGIN PUBLIC KEY-----
+MEMwBQYDK2VxAzoAVN8kG0TMVyGOu/OvBTe8H0Wi4HJrQAlSv4XLwJbkuoi4EeRl
+EHQwXsNYLZTtY2Jra6AWhbVYYaEA
+-----END PUBLIC KEY-----`
+*/
+
+TestRegister.addTests([
+    {
+        name: "Public Key from Certificate: Missing footer",
+        input: RSA_CERT.substring(0, RSA_CERT.length / 2),
+        expectedOutput: "PEM footer '-----END CERTIFICATE-----' not found",
+        recipeConfig: [
+            {
+                op: "Public Key from Certificate",
+                args: [],
+            }
+        ],
+    },
+
+    // test RSA certificate
+    {
+        name: "Public Key from Certificate: RSA",
+        input: RSA_CERT,
+        expectedOutput: (RSA_PUBKEY + "\n").replace(/\r/g, "").replace(/\n/g, "\r\n"),
+        recipeConfig: [
+            {
+                op: "Public Key from Certificate",
+                args: [],
+            }
+        ],
+    },
+
+    // test EC certificate
+    {
+        name: "Public Key from Certificate: EC",
+        input: EC_P256_CERT,
+        expectedOutput: (EC_P256_PUBKEY + "\n").replace(/\r/g, "").replace(/\n/g, "\r\n"),
+        recipeConfig: [
+            {
+                op: "Public Key from Certificate",
+                args: [],
+            }
+        ],
+    },
+
+    // test DSA certificate
+    {
+        name: "Public Key from Certificate: DSA",
+        input: DSA_CERT,
+        expectedOutput: (DSA_PUBKEY + "\n").replace(/\r/g, "").replace(/\n/g, "\r\n"),
+        recipeConfig: [
+            {
+                op: "Public Key from Certificate",
+                args: [],
+            }
+        ],
+    },
+
+    // test EdDSA certificates
+    {
+        name: "Public Key from Certificate: Ed25519",
+        input: ED25519_CERT,
+        expectedOutput: "Unsupported public key type",
+        recipeConfig: [
+            {
+                op: "Public Key from Certificate",
+                args: [],
+            }
+        ],
+    },
+    {
+        name: "Public Key from Certificate: Ed448",
+        input: ED448_CERT,
+        expectedOutput: "Unsupported public key type",
+        recipeConfig: [
+            {
+                op: "Public Key from Certificate",
+                args: [],
+            }
+        ],
+    },
+
+    // test multi-input
+    {
+        name: "Public Key from Certificate: Multiple certificates",
+        input: RSA_CERT + "\n" + EC_P256_CERT,
+        expectedOutput: (RSA_PUBKEY + "\n" + EC_P256_PUBKEY + "\n").replace(/\r/g, "").replace(/\n/g, "\r\n"),
+        recipeConfig: [
+            {
+                op: "Public Key from Certificate",
+                args: [],
+            }
+        ],
+    }
+]);

tests/operations/tests/PubKeyFromPrivKey.mjs

@@ -0,0 +1,254 @@
+/**
+ * Public Key from Private Key
+ *
+ * @author cplussharp
+ * @copyright Crown Copyright 2023
+ * @license Apache-2.0
+ */
+import TestRegister from "../../lib/TestRegister.mjs";
+
+const RSA_PRIVKEY_PKCS1 = `-----BEGIN RSA PRIVATE KEY-----
+MIIBOQIBAAJBAPKr0Dp6YdItzOfk6a7ma7L4BF4LnelMYKtboGLrk6ihtqFPZFRL
+NcJi68Hvnt8stMrP50t6jqwWQ2EjMdkj6fsCAwEAAQJAOJUpM0lv36MAQR3WAwsF
+F7DOy+LnigteCvaNWiNVxZ6jByB5Qb7sall/Qlu9sFI0ZwrlVcKS0kldee7JTYlL
+WQIhAP3UKEfOtpTgT1tYmdhaqjxqMfxBom0Ri+rt9ajlzs6vAiEA9L85B8/Gnb7p
+6Af7/wpmafL277OV4X4xBfzMR+TUzHUCIBq+VLQkInaTH6lXL3ZtLwyIf9W9MJjf
+RWeuRLjT5bM/AiBF7Kw6kx5Hy1fAtydEApCoDIaIjWJw/kC7WTJ0B+jUUQIgV6dw
+NSyj0feakeD890gmId+lvl/w/3oUXiczqvl/N9o=
+-----END RSA PRIVATE KEY-----`;
+
+const RSA_PRIVKEY_PKCS8 = `-----BEGIN PRIVATE KEY-----
+MIIBUwIBADANBgkqhkiG9w0BAQEFAASCAT0wggE5AgEAAkEA8qvQOnph0i3M5+Tp
+ruZrsvgEXgud6Uxgq1ugYuuTqKG2oU9kVEs1wmLrwe+e3yy0ys/nS3qOrBZDYSMx
+2SPp+wIDAQABAkA4lSkzSW/fowBBHdYDCwUXsM7L4ueKC14K9o1aI1XFnqMHIHlB
+vuxqWX9CW72wUjRnCuVVwpLSSV157slNiUtZAiEA/dQoR862lOBPW1iZ2FqqPGox
+/EGibRGL6u31qOXOzq8CIQD0vzkHz8advunoB/v/CmZp8vbvs5XhfjEF/MxH5NTM
+dQIgGr5UtCQidpMfqVcvdm0vDIh/1b0wmN9FZ65EuNPlsz8CIEXsrDqTHkfLV8C3
+J0QCkKgMhoiNYnD+QLtZMnQH6NRRAiBXp3A1LKPR95qR4Pz3SCYh36W+X/D/ehRe
+JzOq+X832g==
+-----END PRIVATE KEY-----`;
+
+const RSA_PUBKEY = `-----BEGIN PUBLIC KEY-----
+MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAPKr0Dp6YdItzOfk6a7ma7L4BF4LnelM
+YKtboGLrk6ihtqFPZFRLNcJi68Hvnt8stMrP50t6jqwWQ2EjMdkj6fsCAwEAAQ==
+-----END PUBLIC KEY-----`;
+
+const EC_P256_PRIVKEY_SEC1 = `-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEINtTjwUkgfAiSwqgcGAXWyE0ueIW6n2k395dmQZ3vGr4oAoGCCqGSM49
+AwEHoUQDQgAEDUc8A0EDNKoCYIPWMHz1yUzqE5mJgusgcAE8H6810fkJ8ZmTNiCC
+a6sLgR2vD1VNh2diirWgKPH4PVMKav5e6Q==
+-----END EC PRIVATE KEY-----`;
+
+const EC_P256_PRIVKEY_PKCS8 = `-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg21OPBSSB8CJLCqBw
+YBdbITS54hbqfaTf3l2ZBne8avihRANCAAQNRzwDQQM0qgJgg9YwfPXJTOoTmYmC
+6yBwATwfrzXR+QnxmZM2IIJrqwuBHa8PVU2HZ2KKtaAo8fg9Uwpq/l7p
+-----END PRIVATE KEY-----`;
+
+const EC_P256_PUBKEY = `-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDUc8A0EDNKoCYIPWMHz1yUzqE5mJ
+gusgcAE8H6810fkJ8ZmTNiCCa6sLgR2vD1VNh2diirWgKPH4PVMKav5e6Q==
+-----END PUBLIC KEY-----`;
+
+const DSA_PRIVKEY_TRAD = `-----BEGIN DSA PRIVATE KEY-----
+MIIDTQIBAAKCAQEAugtX67Pu8xhkIi7Bc2SBlrC8OBkAbVPsiIbTfRaCp6xE2dy6
+hRA6YAkKK43OSNU1JjTytpt7H9EiRYgu/E/3VKXOED23352nzunbfx5zEZrWwPat
+77LflE/sjE1Pffrfc23AYi1ncGqoCGgya7DDDFq7QTzPBih1NOXBNGnhBU+kwfV4
+kJQF4TNxY/llnWVE2FHkzZOrNJTfJrn/hzdr2sjzqH1UhWDDzJW/DfLrJyXOMAub
+ae0PmuKyR0xnqYyR9hDARsgZFMQtfoDstnSVfUKKyV6cX0BJvYTiDacZwxDS5IbM
+Dhb2Z/rDCY9LqLBfn5C7+LqMKbmLft9DUfkcdQIdAMD5Sc8czo9kSB8V6fx2NmmX
+9yXTkylaT52eKQUCggEANc5OkHDRYD5SKHEMb7qqozTmTFUxibPohFn/Tp99lIZU
+U3oHHWLSze+TMzlXwawqmQqRKTtXx9NCcAgiUya3Vjt9/6eDv5N9ii0yu+8RiWiV
+grTonZZahQDyIqnz6fny92iTL7Fma4aZy8ICiNUNsR5TbASpgTU/OscJI6g6IoHY
+/h86HK4X6rETyeTNREiDZGZJKSpY6ReJbIrJ+lRoH7hwSKynhOEQ0Q+Z2e0TW8uH
+avsQ4jGkTkPQ0DLbAUqp7eWN+ATpew9kqBUCC5ENWnN2YvpYNjsMz8FxLvbq/H6R
+fnlAOSzO95yto2KueKvZCsH9rQlCMXpjrbIaYbsYXwKCAQBpN+w0N0b5IIAspXnl
+J9yuB6ORk3j/5rZ+DUtTzW1YAJI6xjTcFQvN7FpVLkmLtXKUXF04R+sdGJ7VFwOb
+0rbaL5vQzrqNkBrbgSzuzeloiG+7OLA6VeQtNbQh6OurrZFi9gY+qA5ciT9kQXyr
+HudVXu956NDrooRxmv6JIVFvToaNiwe2vcgdkALw8HUbLFYof4SAE9jgU8EpxTp0
+2e8HzvVSVa6yj1nnGhpzLPlEqF8TZvs9pTg2kIk3/zvWojMJoPyTALfbTjbAeiFM
+MeKNK/CKOOJj23AVAZxpMSR6cUbrIcRdKDnhCTVkkxXUecAIUs6Mk10kSfkuiGl9
+LjKjAhwpK4MOpkKEu+y308fZ+yZXypZW2m9Y/wOT0L4g
+-----END DSA PRIVATE KEY-----`;
+
+const DSA_PRIVKEY_PKCS8 = `-----BEGIN PRIVATE KEY-----
+MIICXAIBADCCAjUGByqGSM44BAEwggIoAoIBAQC6C1frs+7zGGQiLsFzZIGWsLw4
+GQBtU+yIhtN9FoKnrETZ3LqFEDpgCQorjc5I1TUmNPK2m3sf0SJFiC78T/dUpc4Q
+PbffnafO6dt/HnMRmtbA9q3vst+UT+yMTU99+t9zbcBiLWdwaqgIaDJrsMMMWrtB
+PM8GKHU05cE0aeEFT6TB9XiQlAXhM3Fj+WWdZUTYUeTNk6s0lN8muf+HN2vayPOo
+fVSFYMPMlb8N8usnJc4wC5tp7Q+a4rJHTGepjJH2EMBGyBkUxC1+gOy2dJV9QorJ
+XpxfQEm9hOINpxnDENLkhswOFvZn+sMJj0uosF+fkLv4uowpuYt+30NR+Rx1Ah0A
+wPlJzxzOj2RIHxXp/HY2aZf3JdOTKVpPnZ4pBQKCAQA1zk6QcNFgPlIocQxvuqqj
+NOZMVTGJs+iEWf9On32UhlRTegcdYtLN75MzOVfBrCqZCpEpO1fH00JwCCJTJrdW
+O33/p4O/k32KLTK77xGJaJWCtOidllqFAPIiqfPp+fL3aJMvsWZrhpnLwgKI1Q2x
+HlNsBKmBNT86xwkjqDoigdj+HzocrhfqsRPJ5M1ESINkZkkpKljpF4lsisn6VGgf
+uHBIrKeE4RDRD5nZ7RNby4dq+xDiMaROQ9DQMtsBSqnt5Y34BOl7D2SoFQILkQ1a
+c3Zi+lg2OwzPwXEu9ur8fpF+eUA5LM73nK2jYq54q9kKwf2tCUIxemOtshphuxhf
+BB4CHCkrgw6mQoS77LfTx9n7JlfKllbab1j/A5PQviA=
+-----END PRIVATE KEY-----`;
+
+const DSA_PUBKEY = `-----BEGIN PUBLIC KEY-----
+MIIDQjCCAjUGByqGSM44BAEwggIoAoIBAQC6C1frs+7zGGQiLsFzZIGWsLw4GQBt
+U+yIhtN9FoKnrETZ3LqFEDpgCQorjc5I1TUmNPK2m3sf0SJFiC78T/dUpc4QPbff
+nafO6dt/HnMRmtbA9q3vst+UT+yMTU99+t9zbcBiLWdwaqgIaDJrsMMMWrtBPM8G
+KHU05cE0aeEFT6TB9XiQlAXhM3Fj+WWdZUTYUeTNk6s0lN8muf+HN2vayPOofVSF
+YMPMlb8N8usnJc4wC5tp7Q+a4rJHTGepjJH2EMBGyBkUxC1+gOy2dJV9QorJXpxf
+QEm9hOINpxnDENLkhswOFvZn+sMJj0uosF+fkLv4uowpuYt+30NR+Rx1Ah0AwPlJ
+zxzOj2RIHxXp/HY2aZf3JdOTKVpPnZ4pBQKCAQA1zk6QcNFgPlIocQxvuqqjNOZM
+VTGJs+iEWf9On32UhlRTegcdYtLN75MzOVfBrCqZCpEpO1fH00JwCCJTJrdWO33/
+p4O/k32KLTK77xGJaJWCtOidllqFAPIiqfPp+fL3aJMvsWZrhpnLwgKI1Q2xHlNs
+BKmBNT86xwkjqDoigdj+HzocrhfqsRPJ5M1ESINkZkkpKljpF4lsisn6VGgfuHBI
+rKeE4RDRD5nZ7RNby4dq+xDiMaROQ9DQMtsBSqnt5Y34BOl7D2SoFQILkQ1ac3Zi
++lg2OwzPwXEu9ur8fpF+eUA5LM73nK2jYq54q9kKwf2tCUIxemOtshphuxhfA4IB
+BQACggEAaTfsNDdG+SCALKV55SfcrgejkZN4/+a2fg1LU81tWACSOsY03BULzexa
+VS5Ji7VylFxdOEfrHRie1RcDm9K22i+b0M66jZAa24Es7s3paIhvuziwOlXkLTW0
+Iejrq62RYvYGPqgOXIk/ZEF8qx7nVV7veejQ66KEcZr+iSFRb06GjYsHtr3IHZAC
+8PB1GyxWKH+EgBPY4FPBKcU6dNnvB871UlWuso9Z5xoacyz5RKhfE2b7PaU4NpCJ
+N/871qIzCaD8kwC32042wHohTDHijSvwijjiY9twFQGcaTEkenFG6yHEXSg54Qk1
+ZJMV1HnACFLOjJNdJEn5LohpfS4yow==
+-----END PUBLIC KEY-----`;
+
+const ED25519_PRIVKEY = `-----BEGIN PRIVATE KEY-----
+MC4CAQAwBQYDK2VwBCIEIC18vtoHINC8Mo9dTIqOrBs3J28ZvHrwzRq57g2kpV98
+-----END PRIVATE KEY-----`;
+
+/*
+const ED25519_PUBKEY = `-----BEGIN PUBLIC KEY-----
+MCowBQYDK2VwAyEAELP6AflXwsuZ5q4NDIO0LP2iCdKRvds4nwsUmRhOw3g=
+-----END PUBLIC KEY-----`;
+*/
+
+const ED448_PRIVKEY = `-----BEGIN PRIVATE KEY-----
+MEcCAQAwBQYDK2VxBDsEOWdGJ06bDcWznJhBoQqPeTfsCe+AvBv1n7KfIGYzR4tv
+1kcwHnbxlemnCMgqvbrRXaLuFUBysUZThA==
+-----END PRIVATE KEY-----`;
+
+/*
+const ED448_PUBKEY = `-----BEGIN PUBLIC KEY-----
+MEMwBQYDK2VxAzoAVN8kG0TMVyGOu/OvBTe8H0Wi4HJrQAlSv4XLwJbkuoi4EeRl
+EHQwXsNYLZTtY2Jra6AWhbVYYaEA
+-----END PUBLIC KEY-----`;
+*/
+
+TestRegister.addTests([
+    {
+        name: "Public Key from Private Key: Missing footer",
+        input: RSA_PRIVKEY_PKCS1.substring(0, RSA_PRIVKEY_PKCS1.length / 2),
+        expectedOutput: "PEM footer '-----END RSA PRIVATE KEY-----' not found",
+        recipeConfig: [
+            {
+                op: "Public Key from Private Key",
+                args: [],
+            }
+        ],
+    },
+
+    // test RSA
+    {
+        name: "Public Key from Private Key: RSA PKCS#1",
+        input: RSA_PRIVKEY_PKCS1,
+        expectedOutput: (RSA_PUBKEY + "\n").replace(/\r/g, "").replace(/\n/g, "\r\n"),
+        recipeConfig: [
+            {
+                op: "Public Key from Private Key",
+                args: [],
+            }
+        ],
+    },
+    {
+        name: "Public Key from Private Key: RSA PKCS#8",
+        input: RSA_PRIVKEY_PKCS8,
+        expectedOutput: (RSA_PUBKEY + "\n").replace(/\r/g, "").replace(/\n/g, "\r\n"),
+        recipeConfig: [
+            {
+                op: "Public Key from Private Key",
+                args: [],
+            }
+        ],
+    },
+
+    // test EC certificate
+    {
+        name: "Public Key from Private Key: EC SEC1",
+        input: EC_P256_PRIVKEY_SEC1,
+        expectedOutput: (EC_P256_PUBKEY + "\n").replace(/\r/g, "").replace(/\n/g, "\r\n"),
+        recipeConfig: [
+            {
+                op: "Public Key from Private Key",
+                args: [],
+            }
+        ],
+    },
+    {
+        name: "Public Key from Private Key: EC PKCS#8",
+        input: EC_P256_PRIVKEY_PKCS8,
+        expectedOutput: (EC_P256_PUBKEY + "\n").replace(/\r/g, "").replace(/\n/g, "\r\n"),
+        recipeConfig: [
+            {
+                op: "Public Key from Private Key",
+                args: [],
+            }
+        ],
+    },
+
+    // test DSA
+    {
+        name: "Public Key from Private Key: DSA Traditional",
+        input: DSA_PRIVKEY_TRAD,
+        expectedOutput: (DSA_PUBKEY + "\n").replace(/\r/g, "").replace(/\n/g, "\r\n"),
+        recipeConfig: [
+            {
+                op: "Public Key from Private Key",
+                args: [],
+            }
+        ],
+    },
+    {
+        name: "Public Key from Private Key: DSA PKCS#8",
+        input: DSA_PRIVKEY_PKCS8,
+        expectedOutput: "DSA Private Key in PKCS#8 is not supported",
+        recipeConfig: [
+            {
+                op: "Public Key from Private Key",
+                args: [],
+            }
+        ],
+    },
+
+    // test EdDSA
+    {
+        name: "Public Key from Private Key: Ed25519",
+        input: ED25519_PRIVKEY,
+        expectedOutput: "Unsupported key type: Error: malformed PKCS8 private key(code:004)",
+        recipeConfig: [
+            {
+                op: "Public Key from Private Key",
+                args: [],
+            }
+        ],
+    },
+    {
+        name: "Public Key from Private Key: Ed448",
+        input: ED448_PRIVKEY,
+        expectedOutput: "Unsupported key type: Error: malformed PKCS8 private key(code:004)",
+        recipeConfig: [
+            {
+                op: "Public Key from Private Key",
+                args: [],
+            }
+        ],
+    },
+
+    // test multi-input
+    {
+        name: "Public Key from Private Key: Multiple keys",
+        input: RSA_PRIVKEY_PKCS8 + "\n" + EC_P256_PRIVKEY_PKCS8,
+        expectedOutput: (RSA_PUBKEY + "\n" + EC_P256_PUBKEY + "\n").replace(/\r/g, "").replace(/\n/g, "\r\n"),
+        recipeConfig: [
+            {
+                op: "Public Key from Private Key",
+                args: [],
+            }
+        ],
+    }
+]);

tests/operations/tests/XXTEA.mjs

@@ -0,0 +1,62 @@
+/**
+ * Base64 tests.
+ *
+ * @author devcydo [devcydo@gmail.com]
+ *
+ * @copyright Crown Copyright 2022
+ * @license Apache-2.0
+ */
+import TestRegister from "../../lib/TestRegister.mjs";
+
+TestRegister.addTests([
+    {
+        name: "XXTEA",
+        input: "Hello World! 你好，中国！",
+        expectedOutput: "QncB1C0rHQoZ1eRiPM4dsZtRi9pNrp7sqvX76cFXvrrIHXL6",
+        reecipeConfig: [
+            {
+                args: "1234567890"
+            },
+        ],
+    },
+    {
+        name: "XXTEA",
+        input: "ნუ პანიკას",
+        expectedOutput: "PbWjnbFmP8Apu2MKOGNbjeW/72IZLlLMS/g82ozLxwE=",
+        reecipeConfig: [
+            {
+                args: "1234567890"
+            },
+        ],
+    },
+    {
+        name: "XXTEA",
+        input: "ნუ პანიკას",
+        expectedOutput: "dHrOJ4ClIx6gH33NPSafYR2GG7UqsazY6Xfb0iekBY4=",
+        reecipeConfig: [
+            {
+                args: "ll3kj209d2"
+            },
+        ],
+    },
+    {
+        name: "XXTEA",
+        input: "",
+        expectedOutput: "Invalid input length (0)",
+        reecipeConfig: [
+            {
+                args: "1234567890"
+            },
+        ],
+    },
+    {
+        name: "XXTEA",
+        input: "",
+        expectedOutput: "Invalid input length (0)",
+        reecipeConfig: [
+            {
+                args: ""
+            },
+        ],
+    },
+]);