		@@ -29,3 +29,4 @@ /**
		InvalidAccessError,
		KeyFormatNotSupportedError
		KeyFormatNotSupportedError,
		CurrentlyNotSupportedError
		} = require('../errors')
		@@ -73,2 +74,3 @@
		sign (key, data) {
		// 1. Ensure key type is 'private' only
		if (key.type !== 'private') {
		@@ -78,6 +80,21 @@ throw new InvalidAccessError('Signing requires a private key')

		// Parametrize hash
		let hashName
		if (key.algorithm.hash.name === 'SHA-1'){
		hashName = 'RSA-SHA1'
		} else if (key.algorithm.hash.name === 'SHA-256'){
		hashName = 'RSA-SHA256'
		} else if (key.algorithm.hash.name === 'SHA-384'){
		hashName = 'RSA-SHA384'
		} else if (key.algorithm.hash.name === 'SHA-512'){
		hashName = 'RSA-SHA512'
		} else {
		throw new OperationError('Algorithm hash is an unknown format.')
		}

		// 2-5. Perform key signing and return result
		try {
		let pem = key.handle
		data = new TextDecoder().decode(data)
		let signer = crypto.createSign('RSA-SHA256') // FIXME Paramaterize
		let signer = crypto.createSign(hashName)
		signer.update(data)
		@@ -102,2 +119,3 @@ return signer.sign(pem).buffer
		verify (key, signature, data) {
		// 1. Ensure key type is 'public' only
		if (key.type !== 'public') {
		@@ -107,2 +125,17 @@ throw new InvalidAccessError('Verifying requires a public key')

		// Parametrize hash
		let hashName
		if (key.algorithm.hash.name === 'SHA-1'){
		hashName = 'RSA-SHA1'
		} else if (key.algorithm.hash.name === 'SHA-256'){
		hashName = 'RSA-SHA256'
		} else if (key.algorithm.hash.name === 'SHA-384'){
		hashName = 'RSA-SHA384'
		} else if (key.algorithm.hash.name === 'SHA-512'){
		hashName = 'RSA-SHA512'
		} else {
		throw new OperationError('Algorithm hash is an unknown format.')
		}

		// 2-4. Perform verification and return result
		try {
		@@ -114,3 +147,3 @@ let pem = key.handle

		let verifier = crypto.createVerify('RSA-SHA256')
		let verifier = crypto.createVerify(hashName)
		verifier.update(data)
		@@ -135,3 +168,3 @@

		// validate usages
		// 1. Verify usages
		usages.forEach(usage => {
		@@ -145,3 +178,3 @@ if (usage !== 'sign' && usage !== 'verify') {

		// Generate RSA keypair
		// 2. Generate RSA keypair
		try {
		@@ -159,8 +192,3 @@ let {modulusLength,publicExponent} = params
		}
		// - what is this bit option, where do we get the value from in this api?
		//let key = new RSA({b:512})
		//let {modulusLength,publicExponent} = params
		//keypair = key.generateKeyPair()//(modulusLength, publicExponent)

		// cast error
		// 3. Throw operation error if anything fails
		} catch (error) {
		@@ -170,6 +198,6 @@ throw new OperationError(error.message)

		// cast params to algorithm
		// 4-9. Create and assign algorithm object
		let algorithm = new RSASSA_PKCS1_v1_5(params)

		// instantiate publicKey
		// 10-13. Instantiate publicKey
		let publicKey = new CryptoKey({
		@@ -183,3 +211,3 @@ type: 'public',

		// instantiate privateKey
		// 14-18. Instantiate privateKey
		let privateKey = new CryptoKey({
		@@ -193,3 +221,3 @@ type: 'private',

		// return a new keypair
		// 19-22. Create and return a new keypair
		return new CryptoKeyPair({publicKey,privateKey})
		@@ -213,14 +241,20 @@ }
		let key, hash, normalizedHash, jwk

		// 1. Performed in function parameters
		// 2.1. "spki" format
		if (format === 'spki') {
		// ...
		} else if (format === 'pkcs8') {

		} else if (format === 'jwk') {
		throw new CurrentlyNotSupportedError(format,'jwk')
		}
		// 2.2. "pkcs8" format
		else if (format === 'pkcs8') {
		throw new CurrentlyNotSupportedError(format,'jwk')
		}
		// 2.3. "jwk" format
		else if (format === 'jwk') {
		// 2.3.1. Cast keyData to JWK object
		jwk = new JsonWebKey(keyData)

		// 2.3.2. Verify 'd' field
		if (jwk.d && keyUsages.some(usage => usage !== 'sign')) {
		throw new SyntaxError('Key usages must include "sign"')
		}

		if (jwk.d === undefined && !keyUsages.some(usage => usage === 'verify')) {
		@@ -230,2 +264,3 @@ throw new SyntaxError('Key usages must include "verify"')

		// 2.3.3. Verify 'kty' field
		if (jwk.kty !== 'RSA') {
		@@ -235,2 +270,3 @@ throw new DataError('Key type must be RSA')

		// 2.3.4. Verify 'use' field
		if (jwk.use !== undefined && jwk.use !== 'sig') {
		@@ -240,11 +276,20 @@ throw new DataError('Key use must be "sig"')

		// FIXME needs "ext" validation, see specification 6 under "jwk"
		// 2.3.5. Validate present 'use' field and allowed string match
		if (jwk.use !== undefined && jwk.use !== 'sig') {
		throw new DataError('Key use must be "sig"')
		}

		// TODO
		//if (jwk.key_ops ...) {
		// throw new DataError()
		//}
		// 2.3.6. Validate present 'key_ops' field
		if (jwk.key_ops !== undefined) {
		jwk.key_ops.forEach(op => {
		if (op !== 'sign'
		&& op !== 'verify') {
		throw new DataError('Key operation can only include "sign", and "verify".')
		}
		})
		}

		// 2.3.7-8. Determine hash name
		if (jwk.alg === undefined) {
		// leave hash undefined
		// keep undefined
		} else if (jwk.alg === 'RS1') {
		@@ -259,5 +304,2 @@ hash = 'SHA-1'
		} else {
		// TODO
		// perform any key import steps defined by other applicable
		// specifications, passing format, jwk, and obtaining hash
		throw new DataError(
		@@ -268,2 +310,3 @@ 'Key alg must be "RS1", "RS256", "RS384", or "RS512"'

		// 2.3.9. Ommited due to redundancy, uncomment if needed
		if (hash !== undefined) {
		@@ -275,8 +318,7 @@ normalizedHash = supportedAlgorithms.normalize('digest', hash)
		//}

		}


		// 2.3.10. Verify 'd' field
		if (jwk.d) {
		// TODO
		// - validate JWK requirements
		key = new CryptoKey({
		@@ -289,4 +331,2 @@ type: 'private',
		} else {
		// TODO
		// - validate JWK requirements
		key = new CryptoKey({
		@@ -302,3 +342,3 @@ type: 'public',
		}

		// 3-7. Setupp RSSASSA object
		let alg = new RSASSA_PKCS1_v1_5({
		@@ -311,7 +351,10 @@ name: 'RSASSA-PKCS1-v1_5',

		// 8. Set algorithm of key to alg
		key.algorithm = alg

		// 9. Return key
		return key
		}


		/**
		@@ -318,0 +361,0 @@ * exportKey

@trust/webcrypto - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics