@relaycorp/dnssec - npm Package Compare versions

Comparing version 1.1.2 to 1.2.0

build/lib/lib/rdata/DnskeyData.js

		@@ -47,3 +47,3 @@ import { Parser } from 'binary-parser';
		serialise() {
		const publicKeyEncoded = serialisePublicKey(this.publicKey);
		const publicKeyEncoded = serialisePublicKey(this.publicKey, this.algorithm);
		const data = Buffer.alloc(4 + publicKeyEncoded.byteLength);
		@@ -50,0 +50,0 @@ if (this.flags.zoneKey) {

build/lib/lib/signing/keyGen.js

		@@ -10,7 +10,7 @@ import { generateKeyPair as cryptoGenerateKeyPair } from 'node:crypto';
		const KEY_GEN_OPTIONS = {
		[DnssecAlgorithm.ECDSAP256SHA256]: { type: 'ec', options: { namedCurve: 'prime256v1' } },
		[DnssecAlgorithm.ECDSAP384SHA384]: { type: 'ec', options: { namedCurve: 'secp384r1' } },
		[DnssecAlgorithm.RSASHA1]: RSA_OPTIONS,
		[DnssecAlgorithm.RSASHA256]: RSA_OPTIONS,
		[DnssecAlgorithm.RSASHA512]: RSA_OPTIONS,
		[DnssecAlgorithm.ECDSAP256SHA256]: { type: 'ec', options: { namedCurve: 'prime256v1' } },
		[DnssecAlgorithm.ECDSAP384SHA384]: { type: 'ec', options: { namedCurve: 'secp384r1' } },
		[DnssecAlgorithm.ED25519]: { type: 'ed25519' },
		@@ -17,0 +17,0 @@ [DnssecAlgorithm.ED448]: { type: 'ed448' },

build/lib/lib/utils/crypto/keySerialisation.d.ts

		@@ -5,3 +5,3 @@ /// <reference types="node" />
		import { DnssecAlgorithm } from '../../DnssecAlgorithm';
		export declare function serialisePublicKey(publicKey: KeyObject): Buffer;
		export declare function serialisePublicKey(publicKey: KeyObject, dnssecAlgorithm: DnssecAlgorithm): Buffer;
		export declare function deserialisePublicKey(serialisation: Buffer, dnssecAlgorithm: DnssecAlgorithm): KeyObject;

build/lib/lib/utils/crypto/keySerialisation.js

		@@ -5,13 +5,26 @@ import { createPublicKey } from 'node:crypto';
		import { DnssecAlgorithm } from '../../DnssecAlgorithm';
		export function serialisePublicKey(publicKey) {
		export function serialisePublicKey(publicKey, dnssecAlgorithm) {
		switch (dnssecAlgorithm) {
		case DnssecAlgorithm.RSASHA1:
		case DnssecAlgorithm.RSASHA256:
		case DnssecAlgorithm.RSASHA512:
		return serialiseRsaPublicKey(publicKey);
		case DnssecAlgorithm.ECDSAP256SHA256:
		case DnssecAlgorithm.ECDSAP384SHA384:
		return serialiseEcdsaPublicKey(publicKey);
		default:
		throw new Error(`Unsupported DNSSEC algorithm (${dnssecAlgorithm})`);
		}
		}
		function serialiseRsaPublicKey(publicKey) {
		const algorithm = publicKey.asymmetricKeyType;
		if (algorithm.startsWith('rsa')) {
		const exponent = publicKey.asymmetricKeyDetails.publicExponent;
		const exponentBuffer = toBufferBE(exponent, getIntegerByteLength(exponent));
		const exponentLengthPrefix = serialiseRsaExponentPrefix(exponentBuffer);
		const keyJwt = publicKey.export({ format: 'jwk' });
		const modulusBuffer = Buffer.from(keyJwt.n, 'base64');
		return Buffer.concat([exponentLengthPrefix, exponentBuffer, modulusBuffer]);
		if (!algorithm.startsWith('rsa')) {
		throw new Error(`Requested serialisation of RSA key but got ${algorithm} key`);
		}
		throw new Error(`Unsupported algorithm (${algorithm})`);
		const exponent = publicKey.asymmetricKeyDetails.publicExponent;
		const exponentBuffer = toBufferBE(exponent, getIntegerByteLength(exponent));
		const exponentLengthPrefix = serialiseRsaExponentPrefix(exponentBuffer);
		const keyJwt = publicKey.export({ format: 'jwk' });
		const modulusBuffer = Buffer.from(keyJwt.n, 'base64');
		return Buffer.concat([exponentLengthPrefix, exponentBuffer, modulusBuffer]);
		}
		@@ -33,2 +46,12 @@ function serialiseRsaExponentPrefix(exponent) {
		}
		function serialiseEcdsaPublicKey(publicKey) {
		const algorithm = publicKey.asymmetricKeyType;
		if (algorithm !== 'ec') {
		throw new Error(`Requested serialisation of ECDSA key but got ${algorithm} key`);
		}
		const keyJwt = publicKey.export({ format: 'jwk' });
		const xBuffer = Buffer.from(keyJwt.x, 'base64url');
		const yBuffer = Buffer.from(keyJwt.y, 'base64url');
		return Buffer.concat([xBuffer, yBuffer]);
		}
		export function deserialisePublicKey(serialisation, dnssecAlgorithm) {
		@@ -40,4 +63,7 @@ switch (dnssecAlgorithm) {
		return deserialiseRsaPublicKey(serialisation);
		case DnssecAlgorithm.ECDSAP256SHA256:
		case DnssecAlgorithm.ECDSAP384SHA384:
		return deserialiseEcdsaPublicKey(serialisation, dnssecAlgorithm);
		default:
		throw new Error(`Unsupported algorithm (${dnssecAlgorithm})`);
		throw new Error(`Unsupported DNSSEC algorithm (${dnssecAlgorithm})`);
		}
		@@ -67,2 +93,19 @@ }
		}
		function deserialiseEcdsaPublicKey(serialisation, algorithm) {
		const serialisationLength = serialisation.byteLength;
		if (algorithm === DnssecAlgorithm.ECDSAP256SHA256 && serialisationLength !== 64) {
		throw new Error(`P-256 public key should span 64 octets (got ${serialisationLength})`);
		}
		if (algorithm === DnssecAlgorithm.ECDSAP384SHA384 && serialisationLength !== 96) {
		throw new Error(`P-384 public key should span 96 octets (got ${serialisationLength})`);
		}
		const paramsLength = serialisationLength / 2;
		const x = serialisation.subarray(0, paramsLength).toString('base64url');
		const y = serialisation.subarray(paramsLength).toString('base64url');
		const curveName = algorithm === DnssecAlgorithm.ECDSAP256SHA256 ? 'P-256' : 'P-384';
		return createPublicKey({
		key: { kty: 'EC', crv: curveName, x, y },
		format: 'jwk',
		});
		}
		//# sourceMappingURL=keySerialisation.js.map

package.json

		{
		"name": "@relaycorp/dnssec",
		"version": "1.1.2",
		"version": "1.2.0",
		"author": {
		@@ -5,0 +5,0 @@ "email": "no-reply@relaycorp.tech",

build/lib/lib/rdata/DnskeyData.js.map

Sorry, the diff of this file is not supported yet

build/lib/lib/signing/keyGen.js.map

Sorry, the diff of this file is not supported yet

build/lib/lib/utils/crypto/keySerialisation.js.map

Sorry, the diff of this file is not supported yet

@relaycorp/dnssec - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics