jose-node-esm-runtime
Advanced tools
Comparing version 3.14.3 to 3.14.4
@@ -52,3 +52,8 @@ import { JOSEAlgNotAllowed, JOSENotSupported, JWEInvalid } from '../../util/errors.js'; | ||
const protectedHeader = base64url(jwe.protected); | ||
parsedProt = JSON.parse(decoder.decode(protectedHeader)); | ||
try { | ||
parsedProt = JSON.parse(decoder.decode(protectedHeader)); | ||
} | ||
catch { | ||
throw new JWEInvalid('JWE Protected Header is invalid'); | ||
} | ||
} | ||
@@ -55,0 +60,0 @@ if (!isDisjoint(parsedProt, jwe.header, jwe.unprotected)) { |
@@ -35,3 +35,8 @@ import { JOSEAlgNotAllowed, JWSInvalid, JWSSignatureVerificationFailed } from '../../util/errors.js'; | ||
const protectedHeader = base64url(jws.protected); | ||
parsedProt = JSON.parse(decoder.decode(protectedHeader)); | ||
try { | ||
parsedProt = JSON.parse(decoder.decode(protectedHeader)); | ||
} | ||
catch { | ||
throw new JWSInvalid('JWS Protected Header is invalid'); | ||
} | ||
} | ||
@@ -38,0 +43,0 @@ if (!isDisjoint(parsedProt, jws.header)) { |
@@ -1,2 +0,2 @@ | ||
import { createDecipheriv, createCipheriv, getCiphers } from 'crypto'; | ||
import { createDecipheriv, createCipheriv } from 'crypto'; | ||
import { JOSENotSupported } from '../util/errors.js'; | ||
@@ -8,2 +8,3 @@ import { concat } from '../lib/buffer_utils.js'; | ||
import invalidKeyInput from './invalid_key_input.js'; | ||
import supported from './ciphers.js'; | ||
function checkKeySize(key, alg) { | ||
@@ -29,3 +30,3 @@ if (key.symmetricKeySize << 3 !== parseInt(alg.substr(1, 3), 10)) { | ||
const algorithm = `aes${size}-wrap`; | ||
if (!getCiphers().includes(algorithm)) { | ||
if (!supported(algorithm)) { | ||
throw new JOSENotSupported(`alg ${alg} is not supported either by JOSE or your javascript runtime`); | ||
@@ -41,3 +42,3 @@ } | ||
const algorithm = `aes${size}-wrap`; | ||
if (!getCiphers().includes(algorithm)) { | ||
if (!supported(algorithm)) { | ||
throw new JOSENotSupported(`alg ${alg} is not supported either by JOSE or your javascript runtime`); | ||
@@ -44,0 +45,0 @@ } |
@@ -1,2 +0,2 @@ | ||
import { getCiphers, createDecipheriv } from 'crypto'; | ||
import { createDecipheriv } from 'crypto'; | ||
import checkIvLength from '../lib/check_iv_length.js'; | ||
@@ -11,2 +11,3 @@ import checkCekLength from './check_cek_length.js'; | ||
import invalidKeyInput from './invalid_key_input.js'; | ||
import supported from './ciphers.js'; | ||
async function cbcDecrypt(enc, cek, ciphertext, iv, tag, aad) { | ||
@@ -21,3 +22,3 @@ const keySize = parseInt(enc.substr(1, 3), 10); | ||
const algorithm = `aes-${keySize}-cbc`; | ||
if (!getCiphers().includes(algorithm)) { | ||
if (!supported(algorithm)) { | ||
throw new JOSENotSupported(`alg ${enc} is not supported by your javascript runtime`); | ||
@@ -50,3 +51,3 @@ } | ||
const algorithm = `aes-${keySize}-gcm`; | ||
if (!getCiphers().includes(algorithm)) { | ||
if (!supported(algorithm)) { | ||
throw new JOSENotSupported(`alg ${enc} is not supported by your javascript runtime`); | ||
@@ -58,7 +59,7 @@ } | ||
if (aad.byteLength) { | ||
cipher.setAAD(aad); | ||
cipher.setAAD(aad, { plaintextLength: ciphertext.length }); | ||
} | ||
return concat(cipher.update(ciphertext), cipher.final()); | ||
} | ||
catch (err) { | ||
catch { | ||
throw new JWEDecryptionFailed(); | ||
@@ -80,7 +81,15 @@ } | ||
checkIvLength(enc, iv); | ||
if (enc.substr(4, 3) === 'CBC') { | ||
return cbcDecrypt(enc, key, ciphertext, iv, tag, aad); | ||
switch (enc) { | ||
case 'A128CBC-HS256': | ||
case 'A192CBC-HS384': | ||
case 'A256CBC-HS512': | ||
return cbcDecrypt(enc, key, ciphertext, iv, tag, aad); | ||
case 'A128GCM': | ||
case 'A192GCM': | ||
case 'A256GCM': | ||
return gcmDecrypt(enc, key, ciphertext, iv, tag, aad); | ||
default: | ||
throw new JOSENotSupported('unsupported JWE Content Encryption Algorithm'); | ||
} | ||
return gcmDecrypt(enc, key, ciphertext, iv, tag, aad); | ||
}; | ||
export default decrypt; |
@@ -9,2 +9,4 @@ import { createCipheriv } from 'crypto'; | ||
import invalidKeyInput from './invalid_key_input.js'; | ||
import { JOSENotSupported } from '../util/errors.js'; | ||
import supported from './ciphers.js'; | ||
async function cbcEncrypt(enc, plaintext, cek, iv, aad) { | ||
@@ -18,2 +20,5 @@ const keySize = parseInt(enc.substr(1, 3), 10); | ||
const algorithm = `aes-${keySize}-cbc`; | ||
if (!supported(algorithm)) { | ||
throw new JOSENotSupported(`alg ${enc} is not supported by your javascript runtime`); | ||
} | ||
const cipher = createCipheriv(algorithm, encKey, iv); | ||
@@ -28,5 +33,8 @@ const ciphertext = concat(cipher.update(plaintext), cipher.final()); | ||
const algorithm = `aes-${keySize}-gcm`; | ||
if (!supported(algorithm)) { | ||
throw new JOSENotSupported(`alg ${enc} is not supported by your javascript runtime`); | ||
} | ||
const cipher = createCipheriv(algorithm, cek, iv, { authTagLength: 16 }); | ||
if (aad.byteLength) { | ||
cipher.setAAD(aad); | ||
cipher.setAAD(aad, { plaintextLength: plaintext.length }); | ||
} | ||
@@ -50,7 +58,15 @@ const ciphertext = concat(cipher.update(plaintext), cipher.final()); | ||
checkIvLength(enc, iv); | ||
if (enc.substr(4, 3) === 'CBC') { | ||
return cbcEncrypt(enc, plaintext, key, iv, aad); | ||
switch (enc) { | ||
case 'A128CBC-HS256': | ||
case 'A192CBC-HS384': | ||
case 'A256CBC-HS512': | ||
return cbcEncrypt(enc, plaintext, key, iv, aad); | ||
case 'A128GCM': | ||
case 'A192GCM': | ||
case 'A256GCM': | ||
return gcmEncrypt(enc, plaintext, key, iv, aad); | ||
default: | ||
throw new JOSENotSupported('unsupported JWE Content Encryption Algorithm'); | ||
} | ||
return gcmEncrypt(enc, plaintext, key, iv, aad); | ||
}; | ||
export default encrypt; |
@@ -30,3 +30,3 @@ import { get as http } from 'http'; | ||
} | ||
catch (err) { | ||
catch { | ||
throw new JOSEError('Failed to parse the JSON Web Key Set HTTP response as JSON'); | ||
@@ -33,0 +33,0 @@ } |
@@ -20,4 +20,5 @@ import * as crypto from 'crypto'; | ||
const verify = async (alg, key, signature, data) => { | ||
const keyObject = getVerifyKey(alg, key, 'verify'); | ||
if (alg.startsWith('HS')) { | ||
const expected = await sign(alg, getVerifyKey(alg, key, 'verify'), data); | ||
const expected = await sign(alg, keyObject, data); | ||
const actual = signature; | ||
@@ -32,3 +33,2 @@ try { | ||
const algorithm = nodeDigest(alg); | ||
const keyObject = getVerifyKey(alg, key, 'verify'); | ||
const keyInput = nodeKey(alg, keyObject); | ||
@@ -35,0 +35,0 @@ try { |
@@ -31,3 +31,3 @@ import { decode as base64url } from './base64url.js'; | ||
} | ||
catch (err) { | ||
catch { | ||
throw new TypeError('Invalid Token or Protected Header formatting'); | ||
@@ -34,0 +34,0 @@ } |
{ | ||
"name": "jose-node-esm-runtime", | ||
"version": "3.14.3", | ||
"version": "3.14.4", | ||
"description": "(Node.JS ESM Runtime) 'JSON Web Almost Everything' - JWA, JWS, JWE, JWT, JWK with no dependencies", | ||
@@ -5,0 +5,0 @@ "keywords": [ |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
152485
108
3888