jose-browser-runtime
Advanced tools
jose-browser-runtime - npm Package Compare versions
Comparing version 4.3.7 to 4.3.8
@@ -6,3 +6,3 @@ import fetchJwks from '../runtime/fetch_jwks.js'; | ||
| function getKtyFromAlg(alg) { | ||
| switch (typeof alg === 'string' && alg.substr(0, 2)) { | ||
| switch (typeof alg === 'string' && alg.slice(0, 2)) { | ||
| case 'RS': | ||
@@ -9,0 +9,0 @@ case 'PS': |
@@ -6,3 +6,3 @@ import encrypt from '../runtime/encrypt.js'; | ||
| export async function wrap(alg, key, cek, iv) { | ||
| const jweAlgorithm = alg.substr(0, 7); | ||
| const jweAlgorithm = alg.slice(0, 7); | ||
| iv || (iv = generateIv(jweAlgorithm)); | ||
@@ -13,4 +13,4 @@ const { ciphertext: encryptedKey, tag } = await encrypt(jweAlgorithm, cek, key, iv, new Uint8Array(0)); | ||
| export async function unwrap(alg, key, encryptedKey, iv, tag) { | ||
| const jweAlgorithm = alg.substr(0, 7); | ||
| const jweAlgorithm = alg.slice(0, 7); | ||
| return decrypt(jweAlgorithm, key, encryptedKey, iv, tag, new Uint8Array(0)); | ||
| } |
@@ -9,3 +9,3 @@ import { isCloudflareWorkers, isNodeJs } from '../runtime/env.js'; | ||
| function getHashLength(hash) { | ||
| return parseInt(hash.name.substr(4), 10); | ||
| return parseInt(hash.name.slice(4), 10); | ||
| } | ||
@@ -47,3 +47,3 @@ function getNamedCurve(alg) { | ||
| throw unusable('HMAC'); | ||
| const expected = parseInt(alg.substr(2), 10); | ||
| const expected = parseInt(alg.slice(2), 10); | ||
| const actual = getHashLength(key.algorithm.hash); | ||
@@ -59,3 +59,3 @@ if (actual !== expected) | ||
| throw unusable('RSASSA-PKCS1-v1_5'); | ||
| const expected = parseInt(alg.substr(2), 10); | ||
| const expected = parseInt(alg.slice(2), 10); | ||
| const actual = getHashLength(key.algorithm.hash); | ||
@@ -71,3 +71,3 @@ if (actual !== expected) | ||
| throw unusable('RSA-PSS'); | ||
| const expected = parseInt(alg.substr(2), 10); | ||
| const expected = parseInt(alg.slice(2), 10); | ||
| const actual = getHashLength(key.algorithm.hash); | ||
@@ -111,3 +111,3 @@ if (actual !== expected) | ||
| throw unusable('AES-GCM'); | ||
| const expected = parseInt(alg.substr(1, 3), 10); | ||
| const expected = parseInt(alg.slice(1, 4), 10); | ||
| const actual = key.algorithm.length; | ||
@@ -123,3 +123,3 @@ if (actual !== expected) | ||
| throw unusable('AES-KW'); | ||
| const expected = parseInt(alg.substr(1, 3), 10); | ||
| const expected = parseInt(alg.slice(1, 4), 10); | ||
| const actual = key.algorithm.length; | ||
@@ -146,3 +146,3 @@ if (actual !== expected) | ||
| throw unusable('RSA-OAEP'); | ||
| const expected = parseInt(alg.substr(9), 10) || 1; | ||
| const expected = parseInt(alg.slice(9), 10) || 1; | ||
| const actual = getHashLength(key.algorithm.hash); | ||
@@ -149,0 +149,0 @@ if (actual !== expected) |
@@ -43,3 +43,3 @@ import { unwrap as aesKw } from '../runtime/aeskw.js'; | ||
| } | ||
| const sharedSecret = await ECDH.deriveKey(epk, key, alg === 'ECDH-ES' ? joseHeader.enc : alg, alg === 'ECDH-ES' ? cekLength(joseHeader.enc) : parseInt(alg.substr(-5, 3), 10), partyUInfo, partyVInfo); | ||
| const sharedSecret = await ECDH.deriveKey(epk, key, alg === 'ECDH-ES' ? joseHeader.enc : alg, alg === 'ECDH-ES' ? cekLength(joseHeader.enc) : parseInt(alg.slice(-5, -2), 10), partyUInfo, partyVInfo); | ||
| if (alg === 'ECDH-ES') | ||
@@ -49,3 +49,3 @@ return sharedSecret; | ||
| throw new JWEInvalid('JWE Encrypted Key missing'); | ||
| return aesKw(alg.substr(-6), sharedSecret, encryptedKey); | ||
| return aesKw(alg.slice(-6), sharedSecret, encryptedKey); | ||
| } | ||
@@ -52,0 +52,0 @@ case 'RSA1_5': |
@@ -30,5 +30,5 @@ import { wrap as aesKw } from '../runtime/aeskw.js'; | ||
| let { epk: ephemeralKey } = providedParameters; | ||
| ephemeralKey || (ephemeralKey = await ECDH.generateEpk(key)); | ||
| ephemeralKey || (ephemeralKey = (await ECDH.generateEpk(key)).privateKey); | ||
| const { x, y, crv, kty } = await exportJWK(ephemeralKey); | ||
| const sharedSecret = await ECDH.deriveKey(key, ephemeralKey, alg === 'ECDH-ES' ? enc : alg, alg === 'ECDH-ES' ? cekLength(enc) : parseInt(alg.substr(-5, 3), 10), apu, apv); | ||
| const sharedSecret = await ECDH.deriveKey(key, ephemeralKey, alg === 'ECDH-ES' ? enc : alg, alg === 'ECDH-ES' ? cekLength(enc) : parseInt(alg.slice(-5, -2), 10), apu, apv); | ||
| parameters = { epk: { x, y, crv, kty } }; | ||
@@ -44,3 +44,3 @@ if (apu) | ||
| cek = providedCek || generateCek(enc); | ||
| const kwAlg = alg.substr(-6); | ||
| const kwAlg = alg.slice(-6); | ||
| encryptedKey = await aesKw(kwAlg, sharedSecret, cek); | ||
@@ -47,0 +47,0 @@ break; |
@@ -7,3 +7,3 @@ import bogusWebCrypto from './bogus.js'; | ||
| function checkKeySize(key, alg) { | ||
| if (key.algorithm.length !== parseInt(alg.substr(1, 3), 10)) { | ||
| if (key.algorithm.length !== parseInt(alg.slice(1, 4), 10)) { | ||
| throw new TypeError(`Invalid key size for alg: ${alg}`); | ||
@@ -10,0 +10,0 @@ } |
@@ -26,25 +26,26 @@ import { isCloudflareWorkers, isNodeJs } from './env.js'; | ||
| }; | ||
| const findOid = (keyData, oid, from = 0) => { | ||
| if (from === 0) { | ||
| oid.unshift(oid.length); | ||
| oid.unshift(0x06); | ||
| } | ||
| let i = keyData.indexOf(oid[0], from); | ||
| if (i === -1) | ||
| return false; | ||
| const sub = keyData.subarray(i, i + oid.length); | ||
| if (sub.length !== oid.length) | ||
| return false; | ||
| return sub.every((value, index) => value === oid[index]) || findOid(keyData, oid, i + 1); | ||
| }; | ||
| const getNamedCurve = (keyData) => { | ||
| const keyDataStr = keyData.toString(); | ||
| switch (true) { | ||
| case keyDataStr.includes(new Uint8Array([ | ||
| 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, | ||
| 0x3d, 0x03, 0x01, 0x07, | ||
| ]).toString()): | ||
| case findOid(keyData, [0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07]): | ||
| return 'P-256'; | ||
| case keyDataStr.includes(new Uint8Array([ | ||
| 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, | ||
| 0x22, | ||
| ]).toString()): | ||
| case findOid(keyData, [0x2b, 0x81, 0x04, 0x00, 0x22]): | ||
| return 'P-384'; | ||
| case keyDataStr.includes(new Uint8Array([ | ||
| 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, | ||
| 0x23, | ||
| ]).toString()): | ||
| case findOid(keyData, [0x2b, 0x81, 0x04, 0x00, 0x23]): | ||
| return 'P-521'; | ||
| case (isCloudflareWorkers() || isNodeJs()) && | ||
| keyDataStr.includes(new Uint8Array([0x06, 0x03, 0x2b, 0x65, 0x70]).toString()): | ||
| case (isCloudflareWorkers() || isNodeJs()) && findOid(keyData, [0x2b, 0x65, 0x70]): | ||
| return 'Ed25519'; | ||
| case isNodeJs() && | ||
| keyDataStr.includes(new Uint8Array([0x06, 0x03, 0x2b, 0x65, 0x71]).toString()): | ||
| case isNodeJs() && findOid(keyData, [0x2b, 0x65, 0x71]): | ||
| return 'Ed448'; | ||
@@ -67,3 +68,3 @@ default: | ||
| case 'PS512': | ||
| algorithm = { name: 'RSA-PSS', hash: `SHA-${alg.substr(-3)}` }; | ||
| algorithm = { name: 'RSA-PSS', hash: `SHA-${alg.slice(-3)}` }; | ||
| keyUsages = isPublic ? ['verify'] : ['sign']; | ||
@@ -74,3 +75,3 @@ break; | ||
| case 'RS512': | ||
| algorithm = { name: 'RSASSA-PKCS1-v1_5', hash: `SHA-${alg.substr(-3)}` }; | ||
| algorithm = { name: 'RSASSA-PKCS1-v1_5', hash: `SHA-${alg.slice(-3)}` }; | ||
| keyUsages = isPublic ? ['verify'] : ['sign']; | ||
@@ -84,3 +85,3 @@ break; | ||
| name: 'RSA-OAEP', | ||
| hash: `SHA-${parseInt(alg.substr(-3), 10) || 1}`, | ||
| hash: `SHA-${parseInt(alg.slice(-3), 10) || 1}`, | ||
| }; | ||
@@ -87,0 +88,0 @@ keyUsages = isPublic ? ['encrypt', 'wrapKey'] : ['decrypt', 'unwrapKey']; |
@@ -14,3 +14,3 @@ import { concat, uint64be } from '../lib/buffer_utils.js'; | ||
| } | ||
| const keySize = parseInt(enc.substr(1, 3), 10); | ||
| const keySize = parseInt(enc.slice(1, 4), 10); | ||
| const encKey = await crypto.subtle.importKey('raw', cek.subarray(keySize >> 3), 'AES-CBC', false, ['decrypt']); | ||
@@ -74,3 +74,3 @@ const macKey = await crypto.subtle.importKey('raw', cek.subarray(0, keySize >> 3), { | ||
| if (cek instanceof Uint8Array) | ||
| checkCekLength(cek, parseInt(enc.substr(-3), 10)); | ||
| checkCekLength(cek, parseInt(enc.slice(-3), 10)); | ||
| return cbcDecrypt(enc, cek, ciphertext, iv, tag, aad); | ||
@@ -81,3 +81,3 @@ case 'A128GCM': | ||
| if (cek instanceof Uint8Array) | ||
| checkCekLength(cek, parseInt(enc.substr(1, 3), 10)); | ||
| checkCekLength(cek, parseInt(enc.slice(1, 4), 10)); | ||
| return gcmDecrypt(enc, cek, ciphertext, iv, tag, aad); | ||
@@ -84,0 +84,0 @@ default: |
| import crypto from './webcrypto.js'; | ||
| const digest = async (algorithm, data) => { | ||
| const subtleDigest = `SHA-${algorithm.substr(-3)}`; | ||
| const subtleDigest = `SHA-${algorithm.slice(-3)}`; | ||
| return new Uint8Array(await crypto.subtle.digest(subtleDigest, data)); | ||
| }; | ||
| export default digest; |
@@ -7,3 +7,3 @@ import { encoder, concat, uint32be, lengthAndInput, concatKdf } from '../lib/buffer_utils.js'; | ||
| import { types } from './is_key_like.js'; | ||
| export const deriveKey = async (publicKey, privateKey, algorithm, keyLength, apu = new Uint8Array(0), apv = new Uint8Array(0)) => { | ||
| export async function deriveKey(publicKey, privateKey, algorithm, keyLength, apu = new Uint8Array(0), apv = new Uint8Array(0)) { | ||
| if (!isCryptoKey(publicKey)) { | ||
@@ -24,13 +24,12 @@ throw new TypeError(invalidKeyInput(publicKey, ...types)); | ||
| public: publicKey, | ||
| }, privateKey, Math.ceil(parseInt(privateKey.algorithm.namedCurve.substr(-3), 10) / 8) << | ||
| 3)); | ||
| }, privateKey, Math.ceil(parseInt(privateKey.algorithm.namedCurve.slice(-3), 10) / 8) << 3)); | ||
| return concatKdf(digest, sharedSecret, keyLength, value); | ||
| }; | ||
| export const generateEpk = async (key) => { | ||
| } | ||
| export async function generateEpk(key) { | ||
| if (!isCryptoKey(key)) { | ||
| throw new TypeError(invalidKeyInput(key, ...types)); | ||
| } | ||
| return (await crypto.subtle.generateKey({ name: 'ECDH', namedCurve: key.algorithm.namedCurve }, true, ['deriveBits'])).privateKey; | ||
| }; | ||
| export const ecdhAllowed = (key) => { | ||
| return crypto.subtle.generateKey(key.algorithm, true, ['deriveBits']); | ||
| } | ||
| export function ecdhAllowed(key) { | ||
| if (!isCryptoKey(key)) { | ||
@@ -40,2 +39,2 @@ throw new TypeError(invalidKeyInput(key, ...types)); | ||
| return ['P-256', 'P-384', 'P-521'].includes(key.algorithm.namedCurve); | ||
| }; | ||
| } |
@@ -13,3 +13,3 @@ import { concat, uint64be } from '../lib/buffer_utils.js'; | ||
| } | ||
| const keySize = parseInt(enc.substr(1, 3), 10); | ||
| const keySize = parseInt(enc.slice(1, 4), 10); | ||
| const encKey = await crypto.subtle.importKey('raw', cek.subarray(keySize >> 3), 'AES-CBC', false, ['encrypt']); | ||
@@ -57,3 +57,3 @@ const macKey = await crypto.subtle.importKey('raw', cek.subarray(0, keySize >> 3), { | ||
| if (cek instanceof Uint8Array) | ||
| checkCekLength(cek, parseInt(enc.substr(-3), 10)); | ||
| checkCekLength(cek, parseInt(enc.slice(-3), 10)); | ||
| return cbcEncrypt(enc, plaintext, cek, iv, aad); | ||
@@ -64,3 +64,3 @@ case 'A128GCM': | ||
| if (cek instanceof Uint8Array) | ||
| checkCekLength(cek, parseInt(enc.substr(1, 3), 10)); | ||
| checkCekLength(cek, parseInt(enc.slice(1, 4), 10)); | ||
| return gcmEncrypt(enc, plaintext, cek, iv, aad); | ||
@@ -67,0 +67,0 @@ default: |
@@ -14,3 +14,3 @@ import { isCloudflareWorkers, isNodeJs } from './env.js'; | ||
| case 'HS512': | ||
| length = parseInt(alg.substr(-3), 10); | ||
| length = parseInt(alg.slice(-3), 10); | ||
| algorithm = { name: 'HMAC', hash: `SHA-${length}`, length }; | ||
@@ -22,3 +22,3 @@ keyUsages = ['sign', 'verify']; | ||
| case 'A256CBC-HS512': | ||
| length = parseInt(alg.substr(-3), 10); | ||
| length = parseInt(alg.slice(-3), 10); | ||
| return random(new Uint8Array(length >> 3)); | ||
@@ -28,3 +28,3 @@ case 'A128KW': | ||
| case 'A256KW': | ||
| length = parseInt(alg.substring(1, 4), 10); | ||
| length = parseInt(alg.slice(1, 4), 10); | ||
| algorithm = { name: 'AES-KW', length }; | ||
@@ -39,3 +39,3 @@ keyUsages = ['wrapKey', 'unwrapKey']; | ||
| case 'A256GCM': | ||
| length = parseInt(alg.substring(1, 4), 10); | ||
| length = parseInt(alg.slice(1, 4), 10); | ||
| algorithm = { name: 'AES-GCM', length }; | ||
@@ -67,3 +67,3 @@ keyUsages = ['encrypt', 'decrypt']; | ||
| name: 'RSA-PSS', | ||
| hash: `SHA-${alg.substr(-3)}`, | ||
| hash: `SHA-${alg.slice(-3)}`, | ||
| publicExponent: new Uint8Array([0x01, 0x00, 0x01]), | ||
@@ -79,3 +79,3 @@ modulusLength: getModulusLengthOption(options), | ||
| name: 'RSASSA-PKCS1-v1_5', | ||
| hash: `SHA-${alg.substr(-3)}`, | ||
| hash: `SHA-${alg.slice(-3)}`, | ||
| publicExponent: new Uint8Array([0x01, 0x00, 0x01]), | ||
@@ -92,3 +92,3 @@ modulusLength: getModulusLengthOption(options), | ||
| name: 'RSA-OAEP', | ||
| hash: `SHA-${parseInt(alg.substr(-3), 10) || 1}`, | ||
| hash: `SHA-${parseInt(alg.slice(-3), 10) || 1}`, | ||
| publicExponent: new Uint8Array([0x01, 0x00, 0x01]), | ||
@@ -95,0 +95,0 @@ modulusLength: getModulusLengthOption(options), |
@@ -14,5 +14,5 @@ import crypto, { isCryptoKey } from './webcrypto.js'; | ||
| } | ||
| return crypto.subtle.importKey('raw', key, { hash: `SHA-${alg.substr(-3)}`, name: 'HMAC' }, false, [usage]); | ||
| return crypto.subtle.importKey('raw', key, { hash: `SHA-${alg.slice(-3)}`, name: 'HMAC' }, false, [usage]); | ||
| } | ||
| throw new TypeError(invalidKeyInput(key, ...types, 'Uint8Array')); | ||
| } |
@@ -14,3 +14,3 @@ import { isCloudflareWorkers, isNodeJs } from './env.js'; | ||
| case 'HS512': | ||
| algorithm = { name: 'HMAC', hash: `SHA-${jwk.alg.substr(-3)}` }; | ||
| algorithm = { name: 'HMAC', hash: `SHA-${jwk.alg.slice(-3)}` }; | ||
| keyUsages = ['sign', 'verify']; | ||
@@ -53,3 +53,3 @@ break; | ||
| case 'PS512': | ||
| algorithm = { name: 'RSA-PSS', hash: `SHA-${jwk.alg.substr(-3)}` }; | ||
| algorithm = { name: 'RSA-PSS', hash: `SHA-${jwk.alg.slice(-3)}` }; | ||
| keyUsages = jwk.d ? ['sign'] : ['verify']; | ||
@@ -60,3 +60,3 @@ break; | ||
| case 'RS512': | ||
| algorithm = { name: 'RSASSA-PKCS1-v1_5', hash: `SHA-${jwk.alg.substr(-3)}` }; | ||
| algorithm = { name: 'RSASSA-PKCS1-v1_5', hash: `SHA-${jwk.alg.slice(-3)}` }; | ||
| keyUsages = jwk.d ? ['sign'] : ['verify']; | ||
@@ -70,3 +70,3 @@ break; | ||
| name: 'RSA-OAEP', | ||
| hash: `SHA-${parseInt(jwk.alg.substr(-3), 10) || 1}`, | ||
| hash: `SHA-${parseInt(jwk.alg.slice(-3), 10) || 1}`, | ||
| }; | ||
@@ -73,0 +73,0 @@ keyUsages = jwk.d ? ['decrypt', 'unwrapKey'] : ['encrypt', 'wrapKey']; |
@@ -23,5 +23,5 @@ import random from './random.js'; | ||
| const salt = concatSalt(alg, p2s); | ||
| const keylen = parseInt(alg.substr(13, 3), 10); | ||
| const keylen = parseInt(alg.slice(13, 16), 10); | ||
| const subtleAlg = { | ||
| hash: `SHA-${alg.substr(8, 3)}`, | ||
| hash: `SHA-${alg.slice(8, 11)}`, | ||
| iterations: p2c, | ||
@@ -46,3 +46,3 @@ name: 'PBKDF2', | ||
| const derived = await deriveKey(p2s, alg, p2c, key); | ||
| const encryptedKey = await wrap(alg.substr(-6), derived, cek); | ||
| const encryptedKey = await wrap(alg.slice(-6), derived, cek); | ||
| return { encryptedKey, p2c, p2s: base64url(p2s) }; | ||
@@ -52,3 +52,3 @@ }; | ||
| const derived = await deriveKey(p2s, alg, p2c, key); | ||
| return unwrap(alg.substr(-6), derived, encryptedKey); | ||
| return unwrap(alg.slice(-6), derived, encryptedKey); | ||
| }; |
@@ -8,5 +8,5 @@ import subtleAlgorithm from './subtle_dsa.js'; | ||
| checkKeyLength(alg, cryptoKey); | ||
| const signature = await crypto.subtle.sign(subtleAlgorithm(alg, cryptoKey.algorithm.namedCurve), cryptoKey, data); | ||
| const signature = await crypto.subtle.sign(subtleAlgorithm(alg, cryptoKey.algorithm), cryptoKey, data); | ||
| return new Uint8Array(signature); | ||
| }; | ||
| export default sign; |
| import { isCloudflareWorkers, isNodeJs } from './env.js'; | ||
| import { JOSENotSupported } from '../util/errors.js'; | ||
| export default function subtleDsa(alg, namedCurve) { | ||
| const length = parseInt(alg.substr(-3), 10); | ||
| export default function subtleDsa(alg, algorithm) { | ||
| const hash = `SHA-${alg.slice(-3)}`; | ||
| switch (alg) { | ||
@@ -9,16 +9,17 @@ case 'HS256': | ||
| case 'HS512': | ||
| return { hash: `SHA-${length}`, name: 'HMAC' }; | ||
| return { hash, name: 'HMAC' }; | ||
| case 'PS256': | ||
| case 'PS384': | ||
| case 'PS512': | ||
| return { hash: `SHA-${length}`, name: 'RSA-PSS', saltLength: length >> 3 }; | ||
| return { hash, name: 'RSA-PSS', saltLength: alg.slice(-3) >> 3 }; | ||
| case 'RS256': | ||
| case 'RS384': | ||
| case 'RS512': | ||
| return { hash: `SHA-${length}`, name: 'RSASSA-PKCS1-v1_5' }; | ||
| return { hash, name: 'RSASSA-PKCS1-v1_5' }; | ||
| case 'ES256': | ||
| case 'ES384': | ||
| case 'ES512': | ||
| return { hash: `SHA-${length}`, name: 'ECDSA', namedCurve }; | ||
| return { hash, name: 'ECDSA', namedCurve: algorithm.namedCurve }; | ||
| case (isCloudflareWorkers() || isNodeJs()) && 'EdDSA': | ||
| const { namedCurve } = algorithm; | ||
| return { name: namedCurve, namedCurve }; | ||
@@ -25,0 +26,0 @@ default: |
@@ -8,3 +8,3 @@ import subtleAlgorithm from './subtle_dsa.js'; | ||
| checkKeyLength(alg, cryptoKey); | ||
| const algorithm = subtleAlgorithm(alg, cryptoKey.algorithm.namedCurve); | ||
| const algorithm = subtleAlgorithm(alg, cryptoKey.algorithm); | ||
| try { | ||
@@ -11,0 +11,0 @@ return await crypto.subtle.verify(algorithm, cryptoKey, signature, data); |
| { | ||
| "name": "jose-browser-runtime", | ||
| "version": "4.3.7", | ||
| "version": "4.3.8", | ||
| "homepage": "https://github.com/panva/jose", | ||
@@ -5,0 +5,0 @@ "repository": "panva/jose", |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Lines of code
- increased by0.03%
3971
Worsened metrics
- Total package byte prevSize
- decreased by-0.16%
159891