@trust/webcrypto
Advanced tools
Comparing version 0.8.1 to 0.8.2
{ | ||
"name": "@trust/webcrypto", | ||
"version": "0.8.1", | ||
"version": "0.8.2", | ||
"description": "WebCrypto API for Node.js", | ||
@@ -5,0 +5,0 @@ "main": "src/index.js", |
@@ -29,3 +29,4 @@ /** | ||
InvalidAccessError, | ||
KeyFormatNotSupportedError | ||
KeyFormatNotSupportedError, | ||
CurrentlyNotSupportedError | ||
} = require('../errors') | ||
@@ -73,2 +74,3 @@ | ||
sign (key, data) { | ||
// 1. Ensure key type is 'private' only | ||
if (key.type !== 'private') { | ||
@@ -78,6 +80,21 @@ throw new InvalidAccessError('Signing requires a private key') | ||
// Parametrize hash | ||
let hashName | ||
if (key.algorithm.hash.name === 'SHA-1'){ | ||
hashName = 'RSA-SHA1' | ||
} else if (key.algorithm.hash.name === 'SHA-256'){ | ||
hashName = 'RSA-SHA256' | ||
} else if (key.algorithm.hash.name === 'SHA-384'){ | ||
hashName = 'RSA-SHA384' | ||
} else if (key.algorithm.hash.name === 'SHA-512'){ | ||
hashName = 'RSA-SHA512' | ||
} else { | ||
throw new OperationError('Algorithm hash is an unknown format.') | ||
} | ||
// 2-5. Perform key signing and return result | ||
try { | ||
let pem = key.handle | ||
data = new TextDecoder().decode(data) | ||
let signer = crypto.createSign('RSA-SHA256') // FIXME Paramaterize | ||
let signer = crypto.createSign(hashName) | ||
signer.update(data) | ||
@@ -102,2 +119,3 @@ return signer.sign(pem).buffer | ||
verify (key, signature, data) { | ||
// 1. Ensure key type is 'public' only | ||
if (key.type !== 'public') { | ||
@@ -107,2 +125,17 @@ throw new InvalidAccessError('Verifying requires a public key') | ||
// Parametrize hash | ||
let hashName | ||
if (key.algorithm.hash.name === 'SHA-1'){ | ||
hashName = 'RSA-SHA1' | ||
} else if (key.algorithm.hash.name === 'SHA-256'){ | ||
hashName = 'RSA-SHA256' | ||
} else if (key.algorithm.hash.name === 'SHA-384'){ | ||
hashName = 'RSA-SHA384' | ||
} else if (key.algorithm.hash.name === 'SHA-512'){ | ||
hashName = 'RSA-SHA512' | ||
} else { | ||
throw new OperationError('Algorithm hash is an unknown format.') | ||
} | ||
// 2-4. Perform verification and return result | ||
try { | ||
@@ -114,3 +147,3 @@ let pem = key.handle | ||
let verifier = crypto.createVerify('RSA-SHA256') | ||
let verifier = crypto.createVerify(hashName) | ||
verifier.update(data) | ||
@@ -135,3 +168,3 @@ | ||
// validate usages | ||
// 1. Verify usages | ||
usages.forEach(usage => { | ||
@@ -145,3 +178,3 @@ if (usage !== 'sign' && usage !== 'verify') { | ||
// Generate RSA keypair | ||
// 2. Generate RSA keypair | ||
try { | ||
@@ -159,8 +192,3 @@ let {modulusLength,publicExponent} = params | ||
} | ||
// - what is this bit option, where do we get the value from in this api? | ||
//let key = new RSA({b:512}) | ||
//let {modulusLength,publicExponent} = params | ||
//keypair = key.generateKeyPair()//(modulusLength, publicExponent) | ||
// cast error | ||
// 3. Throw operation error if anything fails | ||
} catch (error) { | ||
@@ -170,6 +198,6 @@ throw new OperationError(error.message) | ||
// cast params to algorithm | ||
// 4-9. Create and assign algorithm object | ||
let algorithm = new RSASSA_PKCS1_v1_5(params) | ||
// instantiate publicKey | ||
// 10-13. Instantiate publicKey | ||
let publicKey = new CryptoKey({ | ||
@@ -183,3 +211,3 @@ type: 'public', | ||
// instantiate privateKey | ||
// 14-18. Instantiate privateKey | ||
let privateKey = new CryptoKey({ | ||
@@ -193,3 +221,3 @@ type: 'private', | ||
// return a new keypair | ||
// 19-22. Create and return a new keypair | ||
return new CryptoKeyPair({publicKey,privateKey}) | ||
@@ -213,14 +241,20 @@ } | ||
let key, hash, normalizedHash, jwk | ||
// 1. Performed in function parameters | ||
// 2.1. "spki" format | ||
if (format === 'spki') { | ||
// ... | ||
} else if (format === 'pkcs8') { | ||
} else if (format === 'jwk') { | ||
throw new CurrentlyNotSupportedError(format,'jwk') | ||
} | ||
// 2.2. "pkcs8" format | ||
else if (format === 'pkcs8') { | ||
throw new CurrentlyNotSupportedError(format,'jwk') | ||
} | ||
// 2.3. "jwk" format | ||
else if (format === 'jwk') { | ||
// 2.3.1. Cast keyData to JWK object | ||
jwk = new JsonWebKey(keyData) | ||
// 2.3.2. Verify 'd' field | ||
if (jwk.d && keyUsages.some(usage => usage !== 'sign')) { | ||
throw new SyntaxError('Key usages must include "sign"') | ||
} | ||
if (jwk.d === undefined && !keyUsages.some(usage => usage === 'verify')) { | ||
@@ -230,2 +264,3 @@ throw new SyntaxError('Key usages must include "verify"') | ||
// 2.3.3. Verify 'kty' field | ||
if (jwk.kty !== 'RSA') { | ||
@@ -235,2 +270,3 @@ throw new DataError('Key type must be RSA') | ||
// 2.3.4. Verify 'use' field | ||
if (jwk.use !== undefined && jwk.use !== 'sig') { | ||
@@ -240,11 +276,20 @@ throw new DataError('Key use must be "sig"') | ||
// FIXME needs "ext" validation, see specification 6 under "jwk" | ||
// 2.3.5. Validate present 'use' field and allowed string match | ||
if (jwk.use !== undefined && jwk.use !== 'sig') { | ||
throw new DataError('Key use must be "sig"') | ||
} | ||
// TODO | ||
//if (jwk.key_ops ...) { | ||
// throw new DataError() | ||
//} | ||
// 2.3.6. Validate present 'key_ops' field | ||
if (jwk.key_ops !== undefined) { | ||
jwk.key_ops.forEach(op => { | ||
if (op !== 'sign' | ||
&& op !== 'verify') { | ||
throw new DataError('Key operation can only include "sign", and "verify".') | ||
} | ||
}) | ||
} | ||
// 2.3.7-8. Determine hash name | ||
if (jwk.alg === undefined) { | ||
// leave hash undefined | ||
// keep undefined | ||
} else if (jwk.alg === 'RS1') { | ||
@@ -259,5 +304,2 @@ hash = 'SHA-1' | ||
} else { | ||
// TODO | ||
// perform any key import steps defined by other applicable | ||
// specifications, passing format, jwk, and obtaining hash | ||
throw new DataError( | ||
@@ -268,2 +310,3 @@ 'Key alg must be "RS1", "RS256", "RS384", or "RS512"' | ||
// 2.3.9. Ommited due to redundancy, uncomment if needed | ||
if (hash !== undefined) { | ||
@@ -275,8 +318,7 @@ normalizedHash = supportedAlgorithms.normalize('digest', hash) | ||
//} | ||
} | ||
// 2.3.10. Verify 'd' field | ||
if (jwk.d) { | ||
// TODO | ||
// - validate JWK requirements | ||
key = new CryptoKey({ | ||
@@ -289,4 +331,2 @@ type: 'private', | ||
} else { | ||
// TODO | ||
// - validate JWK requirements | ||
key = new CryptoKey({ | ||
@@ -302,3 +342,3 @@ type: 'public', | ||
} | ||
// 3-7. Setupp RSSASSA object | ||
let alg = new RSASSA_PKCS1_v1_5({ | ||
@@ -311,7 +351,10 @@ name: 'RSASSA-PKCS1-v1_5', | ||
// 8. Set algorithm of key to alg | ||
key.algorithm = alg | ||
// 9. Return key | ||
return key | ||
} | ||
/** | ||
@@ -318,0 +361,0 @@ * exportKey |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
155053
5096