jose - npm Package Compare versions

Comparing version 1.22.2 to 1.23.0

CHANGELOG.md

		@@ -5,2 +5,17 @@ # Change Log

		# [1.23.0](https://github.com/panva/jose/compare/v1.22.2...v1.23.0) (2020-02-18)


		### Bug Fixes

		* typescript: add optional JWK.Key props and make them readonly ([b92079c](https://github.com/panva/jose/commit/b92079cb64216b8ea91082adc07ac03972dbbb0e)), closes [#67](https://github.com/panva/jose/issues/67)


		### Features

		* add ECDH-ES with X25519 and X448 OKP keys ([38369ea](https://github.com/panva/jose/commit/38369ea3d72812abe7ecebd6dc7da164b0a2e29d))
		* add RSA-OAEP-384 and RSA-OAEP-512 JWE Key Management Algorithms ([7477f08](https://github.com/panva/jose/commit/7477f0831b38765a9a916b35b1d40aaf11f0e6b8))



		## [1.22.2](https://github.com/panva/jose/compare/v1.22.1...v1.22.2) (2020-02-06)
		@@ -7,0 +22,0 @@

lib/help/asn1/index.js

		@@ -1,2 +0,2 @@
		const asn1 = require('asn1.js')
		const asn1 = require('@panva/asn1.js')

		@@ -35,2 +35,1 @@ const types = new Map()
		module.exports = types
		module.exports.bignum = asn1.bignum

lib/help/base64url.js

		@@ -0,1 +1,3 @@
		/* global BigInt */

		const fromBase64 = (base64) => {
		@@ -38,4 +40,24 @@ return base64.replace(/=/g, '').replace(/\+/g, '-').replace(/\//g, '_')

		const encodeBN = (bn) => encodeBuffer(bn.toBuffer())
		const bnToBuf = (bn) => {
		let hex = BigInt(bn).toString(16)
		if (hex.length % 2) {
		hex = `0${hex}`
		}

		const len = hex.length / 2
		const u8 = new Uint8Array(len)

		let i = 0
		let j = 0
		while (i < len) {
		u8[i] = parseInt(hex.slice(j, j + 2), 16)
		i += 1
		j += 2
		}

		return u8
		}

		const encodeBigInt = (bn) => encodeBuffer(Buffer.from(bnToBuf(bn)))

		module.exports.decode = decode
		@@ -46,2 +68,2 @@ module.exports.decodeToBuffer = decodeToBuffer
		module.exports.JSON = b64uJSON
		module.exports.encodeBN = encodeBN
		module.exports.encodeBigInt = encodeBigInt

lib/help/key_object.js

		@@ -1,8 +0,13 @@
		let { createPublicKey, createPrivateKey, createSecretKey, KeyObject } = require('crypto')

		const { keyObjectSupported } = require('./runtime_support')

		let createPublicKey
		let createPrivateKey
		let createSecretKey
		let KeyObject
		let asInput

		if (!keyObjectSupported) {
		if (keyObjectSupported) {
		({ createPublicKey, createPrivateKey, createSecretKey, KeyObject } = require('crypto'))
		asInput = (input) => input
		} else {
		const { EOL } = require('os')
		@@ -55,6 +60,2 @@
		if (this._type === 'public') {
		if (format !== 'pem' && format !== 'der') {
		throw new TypeError('format must be one of "pem" or "der"')
		}

		if (this.asymmetricKeyType === 'rsa') {
		@@ -84,3 +85,3 @@ switch (type) {
		default:
		throw new TypeError('type must be one of "pkcs1" or "spki"')
		throw new TypeError(`The value ${type} is invalid for option "type"`)
		}
		@@ -91,3 +92,3 @@ }
		if (type !== 'spki') {
		throw new TypeError('type must be "spki"')
		throw new TypeError(`The value ${type} is invalid for option "type"`)
		}
		@@ -104,6 +105,2 @@
		if (this._type === 'private') {
		if (format !== 'pem' && format !== 'der') {
		throw new TypeError('format must be one of "pem" or "der"')
		}

		if (passphrase !== undefined \|\| cipher !== undefined) {
		@@ -183,3 +180,3 @@ throw new errors.JOSENotSupported('encrypted private keys are not supported in your Node.js runtime version')
		} else {
		throw new TypeError(`type must be one of "spki" or "${this.asymmetricKeyType === 'rsa' ? 'pkcs1' : 'sec1'}"`)
		throw new TypeError(`The value ${type} is invalid for option "type"`)
		}
		@@ -237,3 +234,3 @@ }
		if (input.type !== 'private') {
		throw new TypeError('expected a private key')
		throw new TypeError(`Invalid key object type ${input.type}, expected private.`)
		}
		@@ -271,3 +268,3 @@

		const { format } = input
		const { format, passphrase } = input
		let { key, type } = input
		@@ -297,2 +294,6 @@
		throw new errors.JOSENotSupported('X.509 certificates are not supported in your Node.js runtime version')
		case '-----BEGIN PRIVATE KEY-----':
		case '-----BEGIN EC PRIVATE KEY-----':
		case '-----BEGIN RSA PRIVATE KEY-----':
		return createPublicKey(createPrivateKey(key))
		default:
		@@ -335,2 +336,7 @@ throw new TypeError('unknown/unsupported PEM type')

		// special case when private pkcs1 PEM / DER is used with createPublicKey
		if (parsed.n === 0n) {
		return createPublicKey(createPrivateKey({ key, format, type, passphrase }))
		}

		const keyObject = new KeyObject()
		@@ -344,4 +350,7 @@ keyObject._asn1 = parsed
		}
		case 'pkcs8':
		case 'sec1':
		return createPublicKey(createPrivateKey({ format, key, type, passphrase }))
		default:
		throw new TypeError('type must be one of "pkcs1" or "spki"')
		throw new TypeError(`The value ${type} is invalid for option "type"`)
		}
		@@ -452,9 +461,7 @@ }
		default:
		throw new TypeError('type must be one of "pkcs8", "pkcs1" or "sec1"')
		throw new TypeError(`The value ${type} is invalid for option "type"`)
		}
		}
		} else {
		asInput = (input) => input
		}

		module.exports = { createPublicKey, createPrivateKey, createSecretKey, KeyObject, asInput }

lib/help/key_utils.js

		@@ -0,1 +1,2 @@
		/* global BigInt */
		const { EOL } = require('os')
		@@ -12,3 +13,2 @@

		const BN = asn1.bignum
		const oidHexToCurve = new Map([
		@@ -79,10 +79,10 @@ ['06082a8648ce3d030107', 'P-256'],
		kty: 'RSA',
		n: base64url.encodeBN(n),
		e: base64url.encodeBN(e),
		d: base64url.encodeBN(d),
		p: base64url.encodeBN(p),
		q: base64url.encodeBN(q),
		dp: base64url.encodeBN(dp),
		dq: base64url.encodeBN(dq),
		qi: base64url.encodeBN(qi)
		n: base64url.encodeBigInt(n),
		e: base64url.encodeBigInt(e),
		d: base64url.encodeBigInt(d),
		p: base64url.encodeBigInt(p),
		q: base64url.encodeBigInt(q),
		dp: base64url.encodeBigInt(dp),
		dq: base64url.encodeBigInt(dq),
		qi: base64url.encodeBigInt(qi)
		}
		@@ -101,4 +101,4 @@ },
		kty: 'RSA',
		n: base64url.encodeBN(n),
		e: base64url.encodeBN(e)
		n: base64url.encodeBigInt(n),
		e: base64url.encodeBigInt(e)
		}
		@@ -233,10 +233,10 @@ }
		version: 0,
		n: new BN(base64url.decodeToBuffer(jwk.n)),
		e: new BN(base64url.decodeToBuffer(jwk.e)),
		d: new BN(base64url.decodeToBuffer(jwk.d)),
		p: new BN(base64url.decodeToBuffer(jwk.p)),
		q: new BN(base64url.decodeToBuffer(jwk.q)),
		dp: new BN(base64url.decodeToBuffer(jwk.dp)),
		dq: new BN(base64url.decodeToBuffer(jwk.dq)),
		qi: new BN(base64url.decodeToBuffer(jwk.qi))
		n: BigInt(`0x${base64url.decodeToBuffer(jwk.n).toString('hex')}`),
		e: BigInt(`0x${base64url.decodeToBuffer(jwk.e).toString('hex')}`),
		d: BigInt(`0x${base64url.decodeToBuffer(jwk.d).toString('hex')}`),
		p: BigInt(`0x${base64url.decodeToBuffer(jwk.p).toString('hex')}`),
		q: BigInt(`0x${base64url.decodeToBuffer(jwk.q).toString('hex')}`),
		dp: BigInt(`0x${base64url.decodeToBuffer(jwk.dp).toString('hex')}`),
		dq: BigInt(`0x${base64url.decodeToBuffer(jwk.dq).toString('hex')}`),
		qi: BigInt(`0x${base64url.decodeToBuffer(jwk.qi).toString('hex')}`)
		}, 'pem', { label: 'RSA PRIVATE KEY' })
		@@ -249,4 +249,4 @@ },
		version: 0,
		n: new BN(base64url.decodeToBuffer(jwk.n)),
		e: new BN(base64url.decodeToBuffer(jwk.e))
		n: BigInt(`0x${base64url.decodeToBuffer(jwk.n).toString('hex')}`),
		e: BigInt(`0x${base64url.decodeToBuffer(jwk.e).toString('hex')}`)
		}, 'pem', { label: 'RSA PUBLIC KEY' })
		@@ -253,0 +253,0 @@ }

lib/help/rsa_primes.js

		@@ -14,3 +14,3 @@ /* global BigInt */
		const hex = n.toString(16)
		return base64url.encodeBuffer(Buffer.from(hex.length % 2 === 1 ? `0${hex}` : hex, 'hex'))
		return base64url.encodeBuffer(Buffer.from(hex.length % 2 ? `0${hex}` : hex, 'hex'))
		}
		@@ -17,0 +17,0 @@ const fromBuffer = buf => BigInt(`0x${buf.toString('hex')}`)

lib/help/runtime_support.js

		@@ -1,2 +0,2 @@
		const { KeyObject, sign, verify } = require('crypto')
		const { diffieHellman, KeyObject, sign, verify } = require('crypto')

		@@ -9,3 +9,4 @@ const [major, minor] = process.version.substr(1).split('.').map(x => parseInt(x, 10))
		edDSASupported: !!sign && !!verify,
		dsaEncodingSupported: major > 13 \|\| (major === 13 && minor >= 2)
		dsaEncodingSupported: major > 13 \|\| (major === 13 && minor >= 2) \|\| (major === 12 && minor >= 16),
		improvedDH: !!diffieHellman
		}

lib/jwa/ecdh/compute_secret.js

		@@ -1,33 +0,43 @@
		const { createECDH, constants: { POINT_CONVERSION_UNCOMPRESSED } } = require('crypto')
		const { improvedDH } = require('../../help/runtime_support')

		const base64url = require('../../help/base64url')
		const { name: secp256k1 } = require('../../jwk/key/secp256k1_crv')
		if (improvedDH) {
		const { diffieHellman } = require('crypto')

		const crvToCurve = (crv) => {
		switch (crv) {
		case 'P-256':
		return 'prime256v1'
		case 'P-384':
		return 'secp384r1'
		case 'P-521':
		return 'secp521r1'
		case 'secp256k1':
		case 'X448':
		case 'X25519':
		return crv
		case secp256k1:
		return 'secp256k1'
		const { KeyObject } = require('../../help/key_object')
		const importKey = require('../../jwk/import')

		module.exports = ({ keyObject: privateKey }, publicKey) => {
		if (!(publicKey instanceof KeyObject)) {
		({ keyObject: publicKey } = importKey(publicKey))
		}

		return diffieHellman({ privateKey, publicKey })
		}
		}
		} else {
		const { createECDH, constants: { POINT_CONVERSION_UNCOMPRESSED } } = require('crypto')

		const UNCOMPRESSED = Buffer.alloc(1, POINT_CONVERSION_UNCOMPRESSED)
		const pubToBuffer = (x, y) => Buffer.concat([UNCOMPRESSED, base64url.decodeToBuffer(x), base64url.decodeToBuffer(y)])
		const base64url = require('../../help/base64url')

		module.exports = ({ crv, d }, { x, y = '' }) => {
		const curve = crvToCurve(crv)
		const exchange = createECDH(curve)
		const crvToCurve = (crv) => {
		switch (crv) {
		case 'P-256':
		return 'prime256v1'
		case 'P-384':
		return 'secp384r1'
		case 'P-521':
		return 'secp521r1'
		}
		}

		exchange.setPrivateKey(base64url.decodeToBuffer(d))
		const UNCOMPRESSED = Buffer.alloc(1, POINT_CONVERSION_UNCOMPRESSED)
		const pubToBuffer = (x, y) => Buffer.concat([UNCOMPRESSED, base64url.decodeToBuffer(x), base64url.decodeToBuffer(y)])

		return exchange.computeSecret(pubToBuffer(x, y))
		module.exports = ({ crv, d }, { x, y }) => {
		const curve = crvToCurve(crv)
		const exchange = createECDH(curve)

		exchange.setPrivateKey(base64url.decodeToBuffer(d))

		return exchange.computeSecret(pubToBuffer(x, y))
		}
		}

lib/jwa/ecdh/dir.js

		@@ -0,1 +1,2 @@
		const { improvedDH } = require('../../help/runtime_support')
		const { KEYLENGTHS } = require('../../registry')
		@@ -27,2 +28,6 @@ const { generateSync } = require('../../jwk/generate')
		JWK.EC.deriveKey['ECDH-ES'] = key => (key.use === 'enc' \|\| key.use === undefined) && key.crv !== secp256k1

		if (improvedDH) {
		JWK.OKP.deriveKey['ECDH-ES'] = key => (key.use === 'enc' \|\| key.use === undefined) && key.keyObject.asymmetricKeyType.startsWith('x')
		}
		}

lib/jwa/ecdh/kw.js

		@@ -0,1 +1,2 @@
		const { improvedDH } = require('../../help/runtime_support')
		const { KEYOBJECT } = require('../../help/consts')
		@@ -39,2 +40,6 @@ const { generateSync } = require('../../jwk/generate')
		JWK.EC.deriveKey[jwaAlg] = key => (key.use === 'enc' \|\| key.use === undefined) && key.crv !== secp256k1

		if (improvedDH) {
		JWK.OKP.deriveKey[jwaAlg] = key => (key.use === 'enc' \|\| key.use === undefined) && key.keyObject.asymmetricKeyType.startsWith('x')
		}
		}
		@@ -41,0 +46,0 @@ })

lib/jwa/rsaes.js

		@@ -9,4 +9,6 @@ const { publicEncrypt, privateDecrypt, constants } = require('crypto')
		switch (alg) {
		case 'RSA-OAEP':
		case 'RSA-OAEP-256':
		case 'RSA-OAEP':
		case 'RSA-OAEP-384':
		case 'RSA-OAEP-512':
		return constants.RSA_PKCS1_OAEP_PADDING
		@@ -20,6 +22,10 @@ case 'RSA1_5':
		switch (alg) {
		case 'RSA-OAEP':
		return 'sha1'
		case 'RSA-OAEP-256':
		return 'sha256'
		case 'RSA-OAEP':
		return 'sha1'
		case 'RSA-OAEP-384':
		return 'sha384'
		case 'RSA-OAEP-512':
		return 'sha512'
		default:
		@@ -43,3 +49,5 @@ return undefined
		'RSA-OAEP': 592,
		'RSA-OAEP-256': 784
		'RSA-OAEP-256': 784,
		'RSA-OAEP-384': 1040,
		'RSA-OAEP-512': 1296
		}
		@@ -51,3 +59,3 @@
		if (oaepHashSupported) {
		algs.splice(1, 0, 'RSA-OAEP-256')
		algs.splice(1, 0, 'RSA-OAEP-256', 'RSA-OAEP-384', 'RSA-OAEP-512')
		}
		@@ -54,0 +62,0 @@

package.json

		{
		"name": "jose",
		"version": "1.22.2",
		"version": "1.23.0",
		"description": "JSON Web Almost Everything - JWA, JWS, JWE, JWK, JWT, JWKS for Node.js with minimal dependencies",
		@@ -79,3 +79,3 @@ "keywords": [
		"dependencies": {
		"asn1.js": "^5.3.0"
		"@panva/asn1.js": "^1.0.0"
		},
		@@ -82,0 +82,0 @@ "devDependencies": {

README.md

		@@ -303,8 +303,6 @@ # jose
		\| Direct Key Agreement \| ✓ \| dir \|
		\| RSAES OAEP \| ✓ \| RSA-OAEP, RSA-OAEP-256<sup>[3]</sup> \|
		\| RSAES OAEP \| ✓ \| RSA-OAEP, RSA-OAEP-256<sup>[3]</sup>, RSA-OAEP-384<sup>[3]</sup>, RSA-OAEP-512<sup>[3]</sup> \|
		\| RSAES-PKCS1-v1_5 \| ✓ \| RSA1_5 \|
		\| PBES2 \| ✓ \| PBES2-HS256+A128KW<sup>[1]</sup>, PBES2-HS384+A192KW<sup>[1]</sup>, PBES2-HS512+A256KW<sup>[1]</sup> \|
		\| ECDH-ES (for all EC keys) \| ✓ \| ECDH-ES, ECDH-ES+A128KW<sup>[1]</sup>, ECDH-ES+A192KW<sup>[1]</sup>, ECDH-ES+A256KW<sup>[1]</sup> \|
		\| ECDH-ES (for OKP X25519) \| ✓ <sup>via [plugin][plugin-x25519]</sup> \| ECDH-ES, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW \|
		\| ECDH-ES (for OKP X448) \| ✕ \|\|
		\| ECDH-ES \| ✓<sup>[4]</sup> \| ECDH-ES, ECDH-ES+A128KW<sup>[1]</sup>, ECDH-ES+A192KW<sup>[1]</sup>, ECDH-ES+A256KW<sup>[1]</sup> \|
		\| (X)ChaCha \| ✓ <sup>via [plugin][plugin-chacha]</sup> \| C20PKW, XC20PKW, ECDH-ES+C20PKW, ECDH-ES+XC20PKW \|
		@@ -334,3 +332,4 @@
		use of a special `JWK.Key`-like object that cannot be instantiated through the key import API
		<sup>3</sup> RSA-OAEP-256 is only supported when Node.js >= 12.9.0 runtime is detected
		<sup>3</sup> RSAES OAEP using SHA-2 and MGF1 with SHA-2 is only supported when Node.js >= 12.9.0 runtime is detected
		<sup>4</sup> ECDH-ES with X25519 and X448 keys is only supported when Node.js >= 13.9.0 runtime is detected

		@@ -414,3 +413,2 @@ ## FAQ
		[sponsor-auth0]: https://auth0.com/overview?utm_source=GHsponsor&utm_medium=GHsponsor&utm_campaign=panva-jose&utm_content=auth
		[plugin-x25519]: https://github.com/panva/jose-x25519-ecdh
		[plugin-chacha]: https://github.com/panva/jose-chacha

152

types/index.d.ts

		@@ -84,17 +84,31 @@ /// <reference types="node" />
		interface Key {
		kty: keyType;
		type: keyObjectTypes;
		private: boolean;
		public: boolean;
		secret: boolean;
		alg?: string;
		use?: use;
		key_ops?: keyOperation[];
		kid: string;
		thumbprint: string;
		x5c?: string[];
		x5t?: string;
		'x5t#S256'?: string;
		keyObject: KeyObject;
		readonly private: boolean;
		readonly public: boolean;
		readonly secret: boolean;
		readonly type: keyObjectTypes;

		readonly kty: keyType;
		readonly alg?: string;
		readonly use?: use;
		readonly key_ops?: ReadonlyArray<keyOperation>;
		readonly kid: string;
		readonly thumbprint: string;
		readonly x5c?: ReadonlyArray<string>;
		readonly x5t?: string;
		readonly 'x5t#S256'?: string;
		readonly keyObject: KeyObject;

		readonly crv?: ECCurve \| OKPCurve;
		readonly d?: string;
		readonly dp?: string;
		readonly dq?: string;
		readonly e?: string;
		readonly k?: string;
		readonly n?: string;
		readonly p?: string;
		readonly q?: string;
		readonly qi?: string;
		readonly x?: string;
		readonly y?: string;

		toPEM(private?: boolean, encoding?: pemEncodingOptions): string;
		@@ -106,14 +120,21 @@
		interface RSAKey extends Key {
		kty: 'RSA';
		type: asymmetricKeyObjectTypes;
		secret: false;
		e: string;
		n: string;
		d?: string;
		p?: string;
		q?: string;
		dp?: string;
		dq?: string;
		qi?: string;
		readonly secret: false;
		readonly type: asymmetricKeyObjectTypes;

		readonly kty: 'RSA';

		readonly e: string;
		readonly n: string;
		readonly d?: string;
		readonly p?: string;
		readonly q?: string;
		readonly dp?: string;
		readonly dq?: string;
		readonly qi?: string;

		readonly crv: undefined;
		readonly k: undefined;
		readonly x: undefined;
		readonly y: undefined;

		toJWK(private?: boolean): JWKRSAKey;
		@@ -123,10 +144,21 @@ }
		interface ECKey extends Key {
		kty: 'EC';
		secret: false;
		type: asymmetricKeyObjectTypes;
		crv: ECCurve;
		x: string;
		y: string;
		d?: string;
		readonly secret: false;
		readonly type: asymmetricKeyObjectTypes;

		readonly kty: 'EC';

		readonly crv: ECCurve;
		readonly x: string;
		readonly y: string;
		readonly d?: string;

		readonly dp: undefined;
		readonly dq: undefined;
		readonly e: undefined;
		readonly k: undefined;
		readonly n: undefined;
		readonly p: undefined;
		readonly q: undefined;
		readonly qi: undefined;

		toJWK(private?: boolean): JWKECKey;
		@@ -136,9 +168,21 @@ }
		interface OKPKey extends Key {
		kty: 'OKP';
		secret: false;
		type: asymmetricKeyObjectTypes;
		crv: OKPCurve;
		x: string;
		d?: string;
		readonly secret: false;
		readonly type: asymmetricKeyObjectTypes;

		readonly kty: 'OKP';

		readonly crv: OKPCurve;
		readonly x: string;
		readonly d?: string;

		readonly dp: undefined;
		readonly dq: undefined;
		readonly e: undefined;
		readonly k: undefined;
		readonly n: undefined;
		readonly p: undefined;
		readonly q: undefined;
		readonly qi: undefined;
		readonly y: undefined;

		toJWK(private?: boolean): JWKOKPKey;
		@@ -148,9 +192,23 @@ }
		interface OctKey extends Key {
		kty: 'oct';
		type: 'secret';
		private: false;
		public: false;
		secret: true;
		k?: string;
		readonly private: false;
		readonly public: false;
		readonly secret: true;
		readonly type: 'secret';

		readonly kty: 'oct';

		readonly k?: string;

		readonly crv: undefined;
		readonly d: undefined;
		readonly dp: undefined;
		readonly dq: undefined;
		readonly e: undefined;
		readonly n: undefined;
		readonly p: undefined;
		readonly q: undefined;
		readonly qi: undefined;
		readonly x: undefined;
		readonly y: undefined;

		toJWK(private?: boolean): JWKOctKey;
		@@ -160,4 +218,4 @@ }
		interface NoneKey {
		type: 'unsecured';
		alg: 'none';
		readonly type: 'unsecured';
		readonly alg: 'none';
		algorithms(operation?: keyOperation): Set<string>;
		@@ -208,3 +266,3 @@ }

		size: number;
		readonly size: number;

		@@ -211,0 +269,0 @@ add(key: JWK.Key): void;

jose - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics

Dependency changes