jose-node-esm-runtime
Advanced tools
Comparing version 4.0.4 to 4.1.0
@@ -1,2 +0,2 @@ | ||
import invalidKeyInput from '../runtime/invalid_key_input.js'; | ||
import invalidKeyInput from './invalid_key_input.js'; | ||
import isKeyLike, { types } from '../runtime/is_key_like.js'; | ||
@@ -3,0 +3,0 @@ const symmetricTypeCheck = (key) => { |
import { isCloudflareWorkers, isNodeJs } from '../runtime/global.js'; | ||
function unusable(name, prop = 'algorithm.name') { | ||
return new TypeError(`CryptoKey does not support this operation, its ${prop} must be ${name}`); | ||
} | ||
function isAlgorithm(algorithm, name) { | ||
return algorithm.name === name; | ||
} | ||
function getHashLength(hash) { | ||
return parseInt(hash === null || hash === void 0 ? void 0 : hash.name.substr(4), 10); | ||
return parseInt(hash.name.substr(4), 10); | ||
} | ||
@@ -13,2 +19,4 @@ function getNamedCurve(alg) { | ||
return 'P-521'; | ||
default: | ||
throw new Error('unreachable'); | ||
} | ||
@@ -37,10 +45,8 @@ } | ||
case 'HS512': { | ||
if (key.algorithm.name !== 'HMAC') { | ||
throw new TypeError(`CryptoKey does not support this operation, its algorithm.name must be HMAC.`); | ||
} | ||
if (!isAlgorithm(key.algorithm, 'HMAC')) | ||
throw unusable('HMAC'); | ||
const expected = parseInt(alg.substr(2), 10); | ||
const actual = getHashLength(key.algorithm.hash); | ||
if (actual !== expected) { | ||
throw new TypeError(`CryptoKey does not support this operation, its algorithm.hash must be SHA-${expected}.`); | ||
} | ||
if (actual !== expected) | ||
throw unusable(`SHA-${expected}`, 'algorithm.hash'); | ||
break; | ||
@@ -51,10 +57,8 @@ } | ||
case 'RS512': { | ||
if (key.algorithm.name !== 'RSASSA-PKCS1-v1_5') { | ||
throw new TypeError(`CryptoKey does not support this operation, its algorithm.name must be RSASSA-PKCS1-v1_5.`); | ||
} | ||
if (!isAlgorithm(key.algorithm, 'RSASSA-PKCS1-v1_5')) | ||
throw unusable('RSASSA-PKCS1-v1_5'); | ||
const expected = parseInt(alg.substr(2), 10); | ||
const actual = getHashLength(key.algorithm.hash); | ||
if (actual !== expected) { | ||
throw new TypeError(`CryptoKey does not support this operation, its algorithm.hash must be SHA-${expected}.`); | ||
} | ||
if (actual !== expected) | ||
throw unusable(`SHA-${expected}`, 'algorithm.hash'); | ||
break; | ||
@@ -65,22 +69,18 @@ } | ||
case 'PS512': { | ||
if (key.algorithm.name !== 'RSA-PSS') { | ||
throw new TypeError(`CryptoKey does not support this operation, its algorithm.name must be RSA-PSS.`); | ||
} | ||
if (!isAlgorithm(key.algorithm, 'RSA-PSS')) | ||
throw unusable('RSA-PSS'); | ||
const expected = parseInt(alg.substr(2), 10); | ||
const actual = getHashLength(key.algorithm.hash); | ||
if (actual !== expected) { | ||
throw new TypeError(`CryptoKey does not support this operation, its algorithm.hash must be SHA-${expected}.`); | ||
} | ||
if (actual !== expected) | ||
throw unusable(`SHA-${expected}`, 'algorithm.hash'); | ||
break; | ||
} | ||
case isNodeJs() && 'EdDSA': { | ||
if (key.algorithm.name !== 'NODE-ED25519' && key.algorithm.name !== 'NODE-ED448') { | ||
throw new TypeError(`CryptoKey does not support this operation, its algorithm.name must be NODE-ED25519 or NODE-ED448.`); | ||
} | ||
if (key.algorithm.name !== 'NODE-ED25519' && key.algorithm.name !== 'NODE-ED448') | ||
throw unusable('NODE-ED25519 or NODE-ED448'); | ||
break; | ||
} | ||
case isCloudflareWorkers() && 'EdDSA': { | ||
if (key.algorithm.name !== 'NODE-ED25519') { | ||
throw new TypeError(`CryptoKey does not support this operation, its algorithm.name must be NODE-ED25519.`); | ||
} | ||
if (!isAlgorithm(key.algorithm, 'NODE-ED25519')) | ||
throw unusable('NODE-ED25519'); | ||
break; | ||
@@ -91,10 +91,8 @@ } | ||
case 'ES512': { | ||
if (key.algorithm.name !== 'ECDSA') { | ||
throw new TypeError(`CryptoKey does not support this operation, its algorithm.name must be ECDSA.`); | ||
} | ||
if (!isAlgorithm(key.algorithm, 'ECDSA')) | ||
throw unusable('ECDSA'); | ||
const expected = getNamedCurve(alg); | ||
const actual = key.algorithm.namedCurve; | ||
if (actual !== expected) { | ||
throw new TypeError(`CryptoKey does not support this operation, its algorithm.namedCurve must be ${expected}.`); | ||
} | ||
if (actual !== expected) | ||
throw unusable(expected, 'algorithm.namedCurve'); | ||
break; | ||
@@ -112,10 +110,8 @@ } | ||
case 'A256GCM': { | ||
if (key.algorithm.name !== 'AES-GCM') { | ||
throw new TypeError(`CryptoKey does not support this operation, its algorithm.name must be AES-GCM.`); | ||
} | ||
if (!isAlgorithm(key.algorithm, 'AES-GCM')) | ||
throw unusable('AES-GCM'); | ||
const expected = parseInt(alg.substr(1, 3), 10); | ||
const actual = key.algorithm.length; | ||
if (actual !== expected) { | ||
throw new TypeError(`CryptoKey does not support this operation, its algorithm.length must be ${expected}.`); | ||
} | ||
if (actual !== expected) | ||
throw unusable(expected, 'algorithm.length'); | ||
break; | ||
@@ -126,16 +122,13 @@ } | ||
case 'A256KW': { | ||
if (key.algorithm.name !== 'AES-KW') { | ||
throw new TypeError(`CryptoKey does not support this operation, its algorithm.name must be AES-KW.`); | ||
} | ||
if (!isAlgorithm(key.algorithm, 'AES-KW')) | ||
throw unusable('AES-KW'); | ||
const expected = parseInt(alg.substr(1, 3), 10); | ||
const actual = key.algorithm.length; | ||
if (actual !== expected) { | ||
throw new TypeError(`CryptoKey does not support this operation, its algorithm.length must be ${expected}.`); | ||
} | ||
if (actual !== expected) | ||
throw unusable(expected, 'algorithm.length'); | ||
break; | ||
} | ||
case 'ECDH-ES': | ||
if (key.algorithm.name !== 'ECDH') { | ||
throw new TypeError(`CryptoKey does not support this operation, its algorithm.name must be ECDH.`); | ||
} | ||
if (!isAlgorithm(key.algorithm, 'ECDH')) | ||
throw unusable('ECDH'); | ||
break; | ||
@@ -145,5 +138,4 @@ case 'PBES2-HS256+A128KW': | ||
case 'PBES2-HS512+A256KW': | ||
if (key.algorithm.name !== 'PBKDF2') { | ||
throw new TypeError(`CryptoKey does not support this operation, its algorithm.name must be PBKDF2.`); | ||
} | ||
if (!isAlgorithm(key.algorithm, 'PBKDF2')) | ||
throw unusable('PBKDF2'); | ||
break; | ||
@@ -154,10 +146,8 @@ case 'RSA-OAEP': | ||
case 'RSA-OAEP-512': { | ||
if (key.algorithm.name !== 'RSA-OAEP') { | ||
throw new TypeError(`CryptoKey does not support this operation, its algorithm.name must be RSA-OAEP.`); | ||
} | ||
if (!isAlgorithm(key.algorithm, 'RSA-OAEP')) | ||
throw unusable('RSA-OAEP'); | ||
const expected = parseInt(alg.substr(9), 10) || 1; | ||
const actual = getHashLength(key.algorithm.hash); | ||
if (actual !== expected) { | ||
throw new TypeError(`CryptoKey does not support this operation, its algorithm.hash must be SHA-${expected}.`); | ||
} | ||
if (actual !== expected) | ||
throw unusable(`SHA-${expected}`, 'algorithm.hash'); | ||
break; | ||
@@ -164,0 +154,0 @@ } |
@@ -5,3 +5,2 @@ import { unwrap as aesKw } from '../runtime/aeskw.js'; | ||
import { decrypt as rsaEs } from '../runtime/rsaes.js'; | ||
import { unwrap as aesGcmKw } from '../runtime/aesgcmkw.js'; | ||
import { decode as base64url } from '../runtime/base64url.js'; | ||
@@ -13,2 +12,3 @@ import { JOSENotSupported, JWEInvalid } from '../util/errors.js'; | ||
import isObject from './is_object.js'; | ||
import { unwrap as aesGcmKw } from './aesgcmkw.js'; | ||
async function decryptKeyManagement(alg, key, encryptedKey, joseHeader) { | ||
@@ -15,0 +15,0 @@ checkKeyType(alg, key, 'decrypt'); |
@@ -5,3 +5,2 @@ import { wrap as aesKw } from '../runtime/aeskw.js'; | ||
import { encrypt as rsaEs } from '../runtime/rsaes.js'; | ||
import { wrap as aesGcmKw } from '../runtime/aesgcmkw.js'; | ||
import { encode as base64url } from '../runtime/base64url.js'; | ||
@@ -12,2 +11,3 @@ import generateCek, { bitLength as cekLength } from '../lib/cek.js'; | ||
import checkKeyType from './check_key_type.js'; | ||
import { wrap as aesGcmKw } from './aesgcmkw.js'; | ||
async function encryptKeyManagement(alg, enc, key, providedCek, providedParameters = {}) { | ||
@@ -14,0 +14,0 @@ let encryptedKey; |
@@ -9,3 +9,3 @@ import { Buffer } from 'buffer'; | ||
import isKeyObject from './is_key_object.js'; | ||
import invalidKeyInput from './invalid_key_input.js'; | ||
import invalidKeyInput from '../lib/invalid_key_input.js'; | ||
import supported from './ciphers.js'; | ||
@@ -12,0 +12,0 @@ function checkKeySize(key, alg) { |
@@ -5,3 +5,3 @@ import { createPrivateKey, createPublicKey, KeyObject } from 'crypto'; | ||
import isKeyObject from './is_key_object.js'; | ||
import invalidKeyInput from './invalid_key_input.js'; | ||
import invalidKeyInput from '../lib/invalid_key_input.js'; | ||
const genericExport = (keyType, keyFormat, key) => { | ||
@@ -8,0 +8,0 @@ let keyObject; |
@@ -11,3 +11,3 @@ import { createDecipheriv, KeyObject } from 'crypto'; | ||
import isKeyObject from './is_key_object.js'; | ||
import invalidKeyInput from './invalid_key_input.js'; | ||
import invalidKeyInput from '../lib/invalid_key_input.js'; | ||
import supported from './ciphers.js'; | ||
@@ -14,0 +14,0 @@ async function cbcDecrypt(enc, cek, ciphertext, iv, tag, aad) { |
@@ -10,3 +10,3 @@ import { diffieHellman, generateKeyPair as generateKeyPairCb, KeyObject } from 'crypto'; | ||
import isKeyObject from './is_key_object.js'; | ||
import invalidKeyInput from './invalid_key_input.js'; | ||
import invalidKeyInput from '../lib/invalid_key_input.js'; | ||
const generateKeyPair = promisify(generateKeyPairCb); | ||
@@ -13,0 +13,0 @@ export const deriveKey = async (publicKee, privateKee, algorithm, keyLength, apu = new Uint8Array(0), apv = new Uint8Array(0)) => { |
@@ -9,3 +9,3 @@ import { createCipheriv, KeyObject } from 'crypto'; | ||
import isKeyObject from './is_key_object.js'; | ||
import invalidKeyInput from './invalid_key_input.js'; | ||
import invalidKeyInput from '../lib/invalid_key_input.js'; | ||
import { JOSENotSupported } from '../util/errors.js'; | ||
@@ -12,0 +12,0 @@ import supported from './ciphers.js'; |
@@ -6,3 +6,3 @@ import { Buffer } from 'buffer'; | ||
import isKeyObject from './is_key_object.js'; | ||
import invalidKeyInput from './invalid_key_input.js'; | ||
import invalidKeyInput from '../lib/invalid_key_input.js'; | ||
const p256 = Buffer.from([42, 134, 72, 206, 61, 3, 1, 7]); | ||
@@ -9,0 +9,0 @@ const p384 = Buffer.from([43, 129, 4, 0, 34]); |
@@ -5,3 +5,3 @@ import { KeyObject } from 'crypto'; | ||
import getSecretKey from './secret_key.js'; | ||
import invalidKeyInput from './invalid_key_input.js'; | ||
import invalidKeyInput from '../lib/invalid_key_input.js'; | ||
export default function getSignVerifyKey(alg, key, usage) { | ||
@@ -8,0 +8,0 @@ if (key instanceof Uint8Array) { |
@@ -8,3 +8,3 @@ import { KeyObject, createPublicKey } from 'crypto'; | ||
import isKeyObject from './is_key_object.js'; | ||
import invalidKeyInput from './invalid_key_input.js'; | ||
import invalidKeyInput from '../lib/invalid_key_input.js'; | ||
const [major, minor] = process.version | ||
@@ -11,0 +11,0 @@ .substr(1) |
@@ -10,2 +10,6 @@ import { constants } from 'crypto'; | ||
const rsaPssParams = major >= 17 || (major === 16 && minor >= 9); | ||
const PSS = { | ||
padding: constants.RSA_PKCS1_PSS_PADDING, | ||
saltLength: constants.RSA_PSS_SALTLEN_DIGEST, | ||
}; | ||
const ecCurveAlgMap = new Map([ | ||
@@ -50,7 +54,3 @@ ['ES256', 'P-256'], | ||
checkModulusLength(key, alg); | ||
return { | ||
key, | ||
padding: constants.RSA_PKCS1_PSS_PADDING, | ||
saltLength: constants.RSA_PSS_SALTLEN_DIGEST, | ||
}; | ||
return { key, ...PSS }; | ||
case !rsaPssParams && 'PS256': | ||
@@ -63,7 +63,3 @@ case !rsaPssParams && 'PS384': | ||
checkModulusLength(key, alg); | ||
return { | ||
key, | ||
padding: constants.RSA_PKCS1_PSS_PADDING, | ||
saltLength: constants.RSA_PSS_SALTLEN_DIGEST, | ||
}; | ||
return { key, ...PSS }; | ||
case 'ES256': | ||
@@ -70,0 +66,0 @@ case 'ES256K': |
@@ -11,3 +11,3 @@ import { promisify } from 'util'; | ||
import isKeyObject from './is_key_object.js'; | ||
import invalidKeyInput from './invalid_key_input.js'; | ||
import invalidKeyInput from '../lib/invalid_key_input.js'; | ||
const pbkdf2 = promisify(pbkdf2cb); | ||
@@ -14,0 +14,0 @@ function getPassword(key, alg) { |
@@ -6,3 +6,3 @@ import { KeyObject, publicEncrypt, constants, privateDecrypt } from 'crypto'; | ||
import isKeyObject from './is_key_object.js'; | ||
import invalidKeyInput from './invalid_key_input.js'; | ||
import invalidKeyInput from '../lib/invalid_key_input.js'; | ||
const checkKey = (key, alg) => { | ||
@@ -9,0 +9,0 @@ if (key.asymmetricKeyType !== 'rsa') { |
{ | ||
"name": "jose-node-esm-runtime", | ||
"version": "4.0.4", | ||
"version": "4.1.0", | ||
"description": "(Node.JS ESM Runtime) 'JSON Web Almost Everything' - JWA, JWS, JWE, JWT, JWK, JWKS with no dependencies using runtime's native crypto", | ||
@@ -61,2 +61,5 @@ "keywords": [ | ||
"dist/types/**/*.d.ts", | ||
"!dist/**/*.bundle.js", | ||
"!dist/**/*.umd.js", | ||
"!dist/**/*.min.js", | ||
"!dist/node/webcrypto/**/*", | ||
@@ -63,0 +66,0 @@ "!dist/types/runtime/*", |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
167336
4227