Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
jose - npm Package Compare versions
Comparing version 3.5.4 to 3.6.0
@@ -5,2 +5,9 @@ # Changelog | ||
| ## [3.6.0](https://github.com/panva/jose/compare/v3.5.4...v3.6.0) (2021-02-04) | ||
| ### Features | ||
| * allow CryptoKey instances in a regular non-webcrypto node runtime ([e8d41a9](https://github.com/panva/jose/commit/e8d41a933582495c9a9b02d6ec38b46bef8795e1)) | ||
| ## [3.5.4](https://github.com/panva/jose/compare/v3.5.3...v3.5.4) (2021-01-26) | ||
@@ -7,0 +14,0 @@ |
@@ -10,3 +10,3 @@ import encrypt from './encrypt.js'; | ||
| iv || (iv = generateIv(jweAlgorithm)); | ||
| const { ciphertext: encryptedKey, tag } = await encrypt(jweAlgorithm, cek, key, iv, new Uint8Array()); | ||
| const { ciphertext: encryptedKey, tag } = await encrypt(jweAlgorithm, cek, key, iv, new Uint8Array(0)); | ||
| return { encryptedKey, iv: base64url(iv), tag: base64url(tag) }; | ||
@@ -16,3 +16,3 @@ }; | ||
| const jweAlgorithm = alg.substr(0, 7); | ||
| return decrypt(jweAlgorithm, key, encryptedKey, iv, tag, new Uint8Array()); | ||
| return decrypt(jweAlgorithm, key, encryptedKey, iv, tag, new Uint8Array(0)); | ||
| }; |
| import bogusWebCrypto from './bogus.js'; | ||
| import crypto, { ensureSecureContext } from './webcrypto.js'; | ||
| import crypto from './webcrypto.js'; | ||
| function checkKeySize(key, alg) { | ||
@@ -9,3 +9,2 @@ if (key.algorithm.length !== parseInt(alg.substr(1, 3), 10)) { | ||
| export const wrap = async (alg, key, cek) => { | ||
| ensureSecureContext(); | ||
| let cryptoKey; | ||
@@ -23,3 +22,2 @@ if (key instanceof Uint8Array) { | ||
| export const unwrap = async (alg, key, encryptedKey) => { | ||
| ensureSecureContext(); | ||
| let cryptoKey; | ||
@@ -26,0 +24,0 @@ if (key instanceof Uint8Array) { |
| const bogusWebCrypto = [ | ||
| { hash: 'SHA-256', name: 'HMAC' }, | ||
| { hash: { name: 'SHA-256' }, name: 'HMAC' }, | ||
| true, | ||
@@ -4,0 +4,0 @@ ['sign'], |
@@ -6,3 +6,3 @@ import { concat, uint64be } from '../lib/buffer_utils.js'; | ||
| import { JWEDecryptionFailed } from '../util/errors.js'; | ||
| import crypto, { ensureSecureContext } from './webcrypto.js'; | ||
| import crypto from './webcrypto.js'; | ||
| async function cbcDecrypt(enc, cek, ciphertext, iv, tag, aad) { | ||
@@ -12,3 +12,3 @@ const keySize = parseInt(enc.substr(1, 3), 10); | ||
| const macKey = await crypto.subtle.importKey('raw', cek.subarray(0, keySize >> 3), { | ||
| hash: `SHA-${keySize << 1}`, | ||
| hash: { name: `SHA-${keySize << 1}` }, | ||
| name: 'HMAC', | ||
@@ -52,3 +52,2 @@ }, false, ['sign']); | ||
| const decrypt = async (enc, cek, ciphertext, iv, tag, aad) => { | ||
| ensureSecureContext(); | ||
| checkCekLength(enc, cek); | ||
@@ -55,0 +54,0 @@ checkIvLength(enc, iv); |
@@ -1,4 +0,3 @@ | ||
| import crypto, { ensureSecureContext } from './webcrypto.js'; | ||
| import crypto from './webcrypto.js'; | ||
| const digest = async (algorithm, data) => { | ||
| ensureSecureContext(); | ||
| const subtleDigest = `SHA-${algorithm.substr(-3)}`; | ||
@@ -5,0 +4,0 @@ return new Uint8Array(await crypto.subtle.digest(subtleDigest, data)); |
| import { encoder, concat, uint32be, lengthAndInput, concatKdf as KDF, } from '../lib/buffer_utils.js'; | ||
| import crypto, { ensureSecureContext } from './webcrypto.js'; | ||
| import crypto from './webcrypto.js'; | ||
| import digest from './digest.js'; | ||
| const concatKdf = KDF.bind(undefined, digest.bind(undefined, 'sha256')); | ||
| export const deriveKey = async (publicKey, privateKey, algorithm, keyLength, apu = new Uint8Array(), apv = new Uint8Array()) => { | ||
| ensureSecureContext(); | ||
| export const deriveKey = async (publicKey, privateKey, algorithm, keyLength, apu = new Uint8Array(0), apv = new Uint8Array(0)) => { | ||
| const value = concat(lengthAndInput(encoder.encode(algorithm)), lengthAndInput(apu), lengthAndInput(apv), uint32be(keyLength)); | ||
@@ -19,15 +18,8 @@ if (!privateKey.usages.includes('deriveBits')) { | ||
| export const ephemeralKeyToPublicJWK = async function ephemeralKeyToPublicJWK(key) { | ||
| ensureSecureContext(); | ||
| const { crv, kty, x, y } = await crypto.subtle.exportKey('jwk', key); | ||
| return { crv, kty, x, y }; | ||
| }; | ||
| export const generateEpk = async (key) => { | ||
| ensureSecureContext(); | ||
| return (await crypto.subtle.generateKey({ name: 'ECDH', namedCurve: key.algorithm.namedCurve }, true, ['deriveBits'])).privateKey; | ||
| }; | ||
| export const publicJwkToEphemeralKey = async (jwk) => { | ||
| ensureSecureContext(); | ||
| return crypto.subtle.importKey('jwk', jwk, { name: 'ECDH', namedCurve: jwk.crv }, true, []); | ||
| }; | ||
| export const generateEpk = async (key) => (await crypto.subtle.generateKey({ name: 'ECDH', namedCurve: key.algorithm.namedCurve }, true, ['deriveBits'])).privateKey; | ||
| export const publicJwkToEphemeralKey = (jwk) => crypto.subtle.importKey('jwk', jwk, { name: 'ECDH', namedCurve: jwk.crv }, true, []); | ||
| const curves = ['P-256', 'P-384', 'P-521']; | ||
| export const ecdhAllowed = (key) => curves.includes(key.algorithm.namedCurve); |
| import { concat, uint64be } from '../lib/buffer_utils.js'; | ||
| import checkIvLength from '../lib/check_iv_length.js'; | ||
| import checkCekLength from './check_cek_length.js'; | ||
| import crypto, { ensureSecureContext } from './webcrypto.js'; | ||
| import crypto from './webcrypto.js'; | ||
| async function cbcEncrypt(enc, plaintext, cek, iv, aad) { | ||
@@ -9,3 +9,3 @@ const keySize = parseInt(enc.substr(1, 3), 10); | ||
| const macKey = await crypto.subtle.importKey('raw', cek.subarray(0, keySize >> 3), { | ||
| hash: `SHA-${keySize << 1}`, | ||
| hash: { name: `SHA-${keySize << 1}` }, | ||
| name: 'HMAC', | ||
@@ -36,3 +36,2 @@ }, false, ['sign']); | ||
| const encrypt = async (enc, plaintext, cek, iv, aad) => { | ||
| ensureSecureContext(); | ||
| checkCekLength(enc, cek); | ||
@@ -39,0 +38,0 @@ checkIvLength(enc, iv); |
@@ -1,2 +0,2 @@ | ||
| import crypto, { ensureSecureContext } from './webcrypto.js'; | ||
| import crypto from './webcrypto.js'; | ||
| import { JOSENotSupported } from '../util/errors.js'; | ||
@@ -13,3 +13,3 @@ import random from './random.js'; | ||
| length = parseInt(alg.substr(-3), 10); | ||
| algorithm = { name: 'HMAC', hash: `SHA-${alg.substr(-3)}`, length }; | ||
| algorithm = { name: 'HMAC', hash: { name: `SHA-${alg.substr(-3)}` }, length }; | ||
| keyUsages = ['sign', 'verify']; | ||
@@ -61,3 +61,3 @@ break; | ||
| name: 'RSA-PSS', | ||
| hash: `SHA-${alg.substr(-3)}`, | ||
| hash: { name: `SHA-${alg.substr(-3)}` }, | ||
| publicExponent: new Uint8Array([0x01, 0x00, 0x01]), | ||
@@ -73,3 +73,3 @@ modulusLength: getModulusLengthOption(options), | ||
| name: 'RSASSA-PKCS1-v1_5', | ||
| hash: `SHA-${alg.substr(-3)}`, | ||
| hash: { name: `SHA-${alg.substr(-3)}` }, | ||
| publicExponent: new Uint8Array([0x01, 0x00, 0x01]), | ||
@@ -86,3 +86,3 @@ modulusLength: getModulusLengthOption(options), | ||
| name: 'RSA-OAEP', | ||
| hash: `SHA-${parseInt(alg.substr(-3), 10) || 1}`, | ||
| hash: { name: `SHA-${parseInt(alg.substr(-3), 10) || 1}` }, | ||
| publicExponent: new Uint8Array([0x01, 0x00, 0x01]), | ||
@@ -115,4 +115,3 @@ modulusLength: getModulusLengthOption(options), | ||
| } | ||
| ensureSecureContext(); | ||
| return crypto.subtle.generateKey(algorithm, false, keyUsages); | ||
| } |
@@ -1,2 +0,2 @@ | ||
| import crypto, { ensureSecureContext } from './webcrypto.js'; | ||
| import crypto from './webcrypto.js'; | ||
| import { JOSENotSupported } from '../util/errors.js'; | ||
@@ -13,3 +13,3 @@ import { decode as base64url } from './base64url.js'; | ||
| case 'HS512': | ||
| algorithm = { name: 'HMAC', hash: `SHA-${jwk.alg.substr(-3)}` }; | ||
| algorithm = { name: 'HMAC', hash: { name: `SHA-${jwk.alg.substr(-3)}` } }; | ||
| keyUsages = ['sign', 'verify']; | ||
@@ -52,3 +52,3 @@ break; | ||
| case 'PS512': | ||
| algorithm = { name: 'RSA-PSS', hash: `SHA-${jwk.alg.substr(-3)}` }; | ||
| algorithm = { name: 'RSA-PSS', hash: { name: `SHA-${jwk.alg.substr(-3)}` } }; | ||
| keyUsages = jwk.d ? ['sign'] : ['verify']; | ||
@@ -59,3 +59,3 @@ break; | ||
| case 'RS512': | ||
| algorithm = { name: 'RSASSA-PKCS1-v1_5', hash: `SHA-${jwk.alg.substr(-3)}` }; | ||
| algorithm = { name: 'RSASSA-PKCS1-v1_5', hash: { name: `SHA-${jwk.alg.substr(-3)}` } }; | ||
| keyUsages = jwk.d ? ['sign'] : ['verify']; | ||
@@ -67,3 +67,6 @@ break; | ||
| case 'RSA-OAEP-512': | ||
| algorithm = { name: 'RSA-OAEP', hash: `SHA-${parseInt(jwk.alg.substr(-3), 10) || 1}` }; | ||
| algorithm = { | ||
| name: 'RSA-OAEP', | ||
| hash: { name: `SHA-${parseInt(jwk.alg.substr(-3), 10) || 1}` }, | ||
| }; | ||
| keyUsages = jwk.d ? ['decrypt', 'unwrapKey'] : ['encrypt', 'wrapKey']; | ||
@@ -111,5 +114,4 @@ break; | ||
| } | ||
| ensureSecureContext(); | ||
| return crypto.subtle.importKey(format, keyData, algorithm, (_a = jwk.ext) !== null && _a !== void 0 ? _a : false, (_b = jwk.key_ops) !== null && _b !== void 0 ? _b : keyUsages); | ||
| }; | ||
| export default parse; |
@@ -1,2 +0,2 @@ | ||
| import crypto, { ensureSecureContext } from './webcrypto.js'; | ||
| import crypto from './webcrypto.js'; | ||
| const keyToJWK = async (key) => { | ||
@@ -6,3 +6,2 @@ if (!key.extractable) { | ||
| } | ||
| ensureSecureContext(); | ||
| const { ext, key_ops, alg, use, ...jwk } = await crypto.subtle.exportKey('jwk', key); | ||
@@ -9,0 +8,0 @@ return jwk; |
@@ -6,5 +6,4 @@ import random from './random.js'; | ||
| import checkP2s from '../lib/check_p2s.js'; | ||
| import crypto, { ensureSecureContext } from './webcrypto.js'; | ||
| import crypto from './webcrypto.js'; | ||
| export const encrypt = async (alg, key, cek, p2c = Math.floor(Math.random() * 2049) + 2048, p2s = random(new Uint8Array(16))) => { | ||
| ensureSecureContext(); | ||
| checkP2s(p2s); | ||
@@ -14,3 +13,3 @@ const salt = concatSalt(alg, p2s); | ||
| const subtleAlg = { | ||
| hash: `SHA-${alg.substr(8, 3)}`, | ||
| hash: { name: `SHA-${alg.substr(8, 3)}` }, | ||
| iterations: p2c, | ||
@@ -45,3 +44,2 @@ name: 'PBKDF2', | ||
| export const decrypt = async (alg, key, encryptedKey, p2c, p2s) => { | ||
| ensureSecureContext(); | ||
| checkP2s(p2s); | ||
@@ -51,3 +49,3 @@ const salt = concatSalt(alg, p2s); | ||
| const subtleAlg = { | ||
| hash: `SHA-${alg.substr(8, 3)}`, | ||
| hash: { name: `SHA-${alg.substr(8, 3)}` }, | ||
| iterations: p2c, | ||
@@ -54,0 +52,0 @@ name: 'PBKDF2', |
| import subtleAlgorithm from './subtle_rsaes.js'; | ||
| import bogusWebCrypto from './bogus.js'; | ||
| import crypto, { ensureSecureContext } from './webcrypto.js'; | ||
| import crypto from './webcrypto.js'; | ||
| import checkKeyLength from './check_key_length.js'; | ||
| export const encrypt = async (alg, key, cek) => { | ||
| ensureSecureContext(); | ||
| checkKeyLength(alg, key); | ||
@@ -18,3 +17,2 @@ if (key.usages.includes('encrypt')) { | ||
| export const decrypt = async (alg, key, encryptedKey) => { | ||
| ensureSecureContext(); | ||
| checkKeyLength(alg, key); | ||
@@ -21,0 +19,0 @@ if (key.usages.includes('decrypt')) { |
| import subtleAlgorithm from './subtle_dsa.js'; | ||
| import crypto, { ensureSecureContext } from './webcrypto.js'; | ||
| import crypto from './webcrypto.js'; | ||
| import checkKeyLength from './check_key_length.js'; | ||
| const sign = async (alg, key, data) => { | ||
| ensureSecureContext(); | ||
| let cryptoKey; | ||
@@ -11,3 +10,3 @@ if (key instanceof Uint8Array) { | ||
| } | ||
| cryptoKey = await crypto.subtle.importKey('raw', key, { hash: `SHA-${alg.substr(-3)}`, name: 'HMAC' }, false, ['sign']); | ||
| cryptoKey = await crypto.subtle.importKey('raw', key, { hash: { name: `SHA-${alg.substr(-3)}` }, name: 'HMAC' }, false, ['sign']); | ||
| } | ||
@@ -14,0 +13,0 @@ else { |
@@ -5,10 +5,10 @@ import { JOSENotSupported } from '../util/errors.js'; | ||
| case 'HS256': | ||
| return { hash: 'SHA-256', name: 'HMAC' }; | ||
| return { hash: { name: 'SHA-256' }, name: 'HMAC' }; | ||
| case 'HS384': | ||
| return { hash: 'SHA-384', name: 'HMAC' }; | ||
| return { hash: { name: 'SHA-384' }, name: 'HMAC' }; | ||
| case 'HS512': | ||
| return { hash: 'SHA-512', name: 'HMAC' }; | ||
| return { hash: { name: 'SHA-512' }, name: 'HMAC' }; | ||
| case 'PS256': | ||
| return { | ||
| hash: 'SHA-256', | ||
| hash: { name: 'SHA-256' }, | ||
| name: 'RSA-PSS', | ||
@@ -19,3 +19,3 @@ saltLength: 256 >> 3, | ||
| return { | ||
| hash: 'SHA-384', | ||
| hash: { name: 'SHA-384' }, | ||
| name: 'RSA-PSS', | ||
@@ -26,3 +26,3 @@ saltLength: 384 >> 3, | ||
| return { | ||
| hash: 'SHA-512', | ||
| hash: { name: 'SHA-512' }, | ||
| name: 'RSA-PSS', | ||
@@ -32,13 +32,13 @@ saltLength: 512 >> 3, | ||
| case 'RS256': | ||
| return { hash: 'SHA-256', name: 'RSASSA-PKCS1-v1_5' }; | ||
| return { hash: { name: 'SHA-256' }, name: 'RSASSA-PKCS1-v1_5' }; | ||
| case 'RS384': | ||
| return { hash: 'SHA-384', name: 'RSASSA-PKCS1-v1_5' }; | ||
| return { hash: { name: 'SHA-384' }, name: 'RSASSA-PKCS1-v1_5' }; | ||
| case 'RS512': | ||
| return { hash: 'SHA-512', name: 'RSASSA-PKCS1-v1_5' }; | ||
| return { hash: { name: 'SHA-512' }, name: 'RSASSA-PKCS1-v1_5' }; | ||
| case 'ES256': | ||
| return { hash: 'SHA-256', name: 'ECDSA', namedCurve: 'P-256' }; | ||
| return { hash: { name: 'SHA-256' }, name: 'ECDSA', namedCurve: 'P-256' }; | ||
| case 'ES384': | ||
| return { hash: 'SHA-384', name: 'ECDSA', namedCurve: 'P-384' }; | ||
| return { hash: { name: 'SHA-384' }, name: 'ECDSA', namedCurve: 'P-384' }; | ||
| case 'ES512': | ||
| return { hash: 'SHA-512', name: 'ECDSA', namedCurve: 'P-521' }; | ||
| return { hash: { name: 'SHA-512' }, name: 'ECDSA', namedCurve: 'P-521' }; | ||
| default: | ||
@@ -45,0 +45,0 @@ throw new JOSENotSupported(`alg ${alg} is unsupported either by JOSE or your javascript runtime`); |
| import subtleAlgorithm from './subtle_dsa.js'; | ||
| import crypto, { ensureSecureContext } from './webcrypto.js'; | ||
| import crypto from './webcrypto.js'; | ||
| import checkKeyLength from './check_key_length.js'; | ||
| const verify = async (alg, key, signature, data) => { | ||
| ensureSecureContext(); | ||
| let cryptoKey; | ||
@@ -11,3 +10,3 @@ if (key instanceof Uint8Array) { | ||
| } | ||
| cryptoKey = await crypto.subtle.importKey('raw', key, { hash: `SHA-${alg.substr(-3)}`, name: 'HMAC' }, false, ['verify']); | ||
| cryptoKey = await crypto.subtle.importKey('raw', key, { hash: { name: `SHA-${alg.substr(-3)}` }, name: 'HMAC' }, false, ['verify']); | ||
| } | ||
@@ -14,0 +13,0 @@ else { |
@@ -1,8 +0,2 @@ | ||
| import { JOSEError } from '../util/errors.js'; | ||
| import globalThis from './global.js'; | ||
| export default globalThis.crypto; | ||
| export function ensureSecureContext() { | ||
| if (!globalThis.isSecureContext && !globalThis.crypto.subtle) { | ||
| throw new JOSEError('Web Cryptography API is available only in Secure Contexts. See: https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts'); | ||
| } | ||
| } |
@@ -9,2 +9,3 @@ "use strict"; | ||
| const base64url_js_1 = require("./base64url.js"); | ||
| const webcrypto_js_1 = require("./webcrypto.js"); | ||
| const generateIv = iv_js_1.default(random_js_1.default); | ||
@@ -14,3 +15,6 @@ exports.wrap = async (alg, key, cek, iv) => { | ||
| iv || (iv = generateIv(jweAlgorithm)); | ||
| const { ciphertext: encryptedKey, tag } = await encrypt_js_1.default(jweAlgorithm, cek, key instanceof Uint8Array ? key : key.export(), iv, new Uint8Array()); | ||
| if (webcrypto_js_1.isCryptoKey(key)) { | ||
| key = webcrypto_js_1.getKeyObject(key); | ||
| } | ||
| const { ciphertext: encryptedKey, tag } = await encrypt_js_1.default(jweAlgorithm, cek, key instanceof Uint8Array ? key : key.export(), iv, new Uint8Array(0)); | ||
| return { encryptedKey, iv: base64url_js_1.encode(iv), tag: base64url_js_1.encode(tag) }; | ||
@@ -20,3 +24,6 @@ }; | ||
| const jweAlgorithm = alg.substr(0, 7); | ||
| return decrypt_js_1.default(jweAlgorithm, key instanceof Uint8Array ? key : key.export(), encryptedKey, iv, tag, new Uint8Array()); | ||
| if (webcrypto_js_1.isCryptoKey(key)) { | ||
| key = webcrypto_js_1.getKeyObject(key); | ||
| } | ||
| return decrypt_js_1.default(jweAlgorithm, key instanceof Uint8Array ? key : key.export(), encryptedKey, iv, tag, new Uint8Array(0)); | ||
| }; |
@@ -8,2 +8,3 @@ "use strict"; | ||
| const secret_key_js_1 = require("./secret_key.js"); | ||
| const webcrypto_js_1 = require("./webcrypto.js"); | ||
| function checkKeySize(key, alg) { | ||
@@ -20,3 +21,12 @@ if (key.symmetricKeySize << 3 !== parseInt(alg.substr(1, 3), 10)) { | ||
| } | ||
| const keyObject = secret_key_js_1.default(key); | ||
| let keyObject; | ||
| if (key instanceof Uint8Array) { | ||
| keyObject = secret_key_js_1.default(key); | ||
| } | ||
| else if (webcrypto_js_1.isCryptoKey(key)) { | ||
| keyObject = webcrypto_js_1.getKeyObject(key); | ||
| } | ||
| else { | ||
| keyObject = key; | ||
| } | ||
| checkKeySize(keyObject, alg); | ||
@@ -32,3 +42,12 @@ const cipher = crypto_1.createCipheriv(algorithm, keyObject, Buffer.alloc(8, 0xa6)); | ||
| } | ||
| const keyObject = secret_key_js_1.default(key); | ||
| let keyObject; | ||
| if (key instanceof Uint8Array) { | ||
| keyObject = secret_key_js_1.default(key); | ||
| } | ||
| else if (webcrypto_js_1.isCryptoKey(key)) { | ||
| keyObject = webcrypto_js_1.getKeyObject(key); | ||
| } | ||
| else { | ||
| keyObject = key; | ||
| } | ||
| checkKeySize(keyObject, alg); | ||
@@ -35,0 +54,0 @@ const cipher = crypto_1.createDecipheriv(algorithm, keyObject, Buffer.alloc(8, 0xa6)); |
@@ -10,2 +10,3 @@ "use strict"; | ||
| const cbc_tag_js_1 = require("./cbc_tag.js"); | ||
| const webcrypto_js_1 = require("./webcrypto.js"); | ||
| async function cbcDecrypt(enc, cek, ciphertext, iv, tag, aad) { | ||
@@ -59,2 +60,5 @@ const keySize = parseInt(enc.substr(1, 3), 10); | ||
| const decrypt = async (enc, cek, ciphertext, iv, tag, aad) => { | ||
| if (webcrypto_js_1.isCryptoKey(cek)) { | ||
| cek = webcrypto_js_1.getKeyObject(cek); | ||
| } | ||
| check_cek_length_js_1.default(enc, cek); | ||
@@ -61,0 +65,0 @@ check_iv_length_js_1.default(enc, iv); |
@@ -11,6 +11,13 @@ "use strict"; | ||
| const errors_js_1 = require("../util/errors.js"); | ||
| const webcrypto_js_1 = require("./webcrypto.js"); | ||
| const generateKeyPair = util_1.promisify(crypto_1.generateKeyPair); | ||
| const concatKdf = buffer_utils_js_1.concatKdf.bind(undefined, digest_js_1.default.bind(undefined, 'sha256')); | ||
| exports.deriveKey = async (publicKey, privateKey, algorithm, keyLength, apu = new Uint8Array(), apv = new Uint8Array()) => { | ||
| exports.deriveKey = async (publicKey, privateKey, algorithm, keyLength, apu = new Uint8Array(0), apv = new Uint8Array(0)) => { | ||
| const value = buffer_utils_js_1.concat(buffer_utils_js_1.lengthAndInput(buffer_utils_js_1.encoder.encode(algorithm)), buffer_utils_js_1.lengthAndInput(apu), buffer_utils_js_1.lengthAndInput(apv), buffer_utils_js_1.uint32be(keyLength)); | ||
| if (webcrypto_js_1.isCryptoKey(publicKey)) { | ||
| publicKey = webcrypto_js_1.getKeyObject(publicKey); | ||
| } | ||
| if (webcrypto_js_1.isCryptoKey(privateKey)) { | ||
| privateKey = webcrypto_js_1.getKeyObject(privateKey); | ||
| } | ||
| const sharedSecret = crypto_1.diffieHellman({ privateKey, publicKey }); | ||
@@ -20,2 +27,5 @@ return concatKdf(sharedSecret, keyLength, value); | ||
| exports.ephemeralKeyToPublicJWK = function ephemeralKeyToPublicJWK(key) { | ||
| if (webcrypto_js_1.isCryptoKey(key)) { | ||
| key = webcrypto_js_1.getKeyObject(key); | ||
| } | ||
| switch (key.asymmetricKeyType) { | ||
@@ -44,2 +54,5 @@ case 'x25519': | ||
| exports.generateEpk = async (key) => { | ||
| if (webcrypto_js_1.isCryptoKey(key)) { | ||
| key = webcrypto_js_1.getKeyObject(key); | ||
| } | ||
| switch (key.asymmetricKeyType) { | ||
@@ -46,0 +59,0 @@ case 'x25519': |
@@ -8,2 +8,3 @@ "use strict"; | ||
| const cbc_tag_js_1 = require("./cbc_tag.js"); | ||
| const webcrypto_js_1 = require("./webcrypto.js"); | ||
| async function cbcEncrypt(enc, plaintext, cek, iv, aad) { | ||
@@ -33,2 +34,5 @@ const keySize = parseInt(enc.substr(1, 3), 10); | ||
| const encrypt = async (enc, plaintext, cek, iv, aad) => { | ||
| if (webcrypto_js_1.isCryptoKey(cek)) { | ||
| cek = webcrypto_js_1.getKeyObject(cek); | ||
| } | ||
| check_cek_length_js_1.default(enc, cek); | ||
@@ -35,0 +39,0 @@ check_iv_length_js_1.default(enc, iv); |
@@ -6,2 +6,3 @@ "use strict"; | ||
| const errors_js_1 = require("../util/errors.js"); | ||
| const webcrypto_js_1 = require("./webcrypto.js"); | ||
| const p256 = Buffer.from([42, 134, 72, 206, 61, 3, 1, 7]); | ||
@@ -31,2 +32,5 @@ const p384 = Buffer.from([43, 129, 4, 0, 34]); | ||
| } | ||
| if (webcrypto_js_1.isCryptoKey(key)) { | ||
| key = webcrypto_js_1.getKeyObject(key); | ||
| } | ||
| switch (key.asymmetricKeyType) { | ||
@@ -33,0 +37,0 @@ case 'ed25519': |
@@ -8,3 +8,7 @@ "use strict"; | ||
| const get_named_curve_js_1 = require("./get_named_curve.js"); | ||
| const webcrypto_js_1 = require("./webcrypto.js"); | ||
| const keyToJWK = (key) => { | ||
| if (webcrypto_js_1.isCryptoKey(key)) { | ||
| key = webcrypto_js_1.getKeyObject(key); | ||
| } | ||
| if (!(key instanceof crypto_1.KeyObject)) { | ||
@@ -11,0 +15,0 @@ throw new TypeError('invalid key argument type'); |
@@ -11,2 +11,3 @@ "use strict"; | ||
| const check_p2s_js_1 = require("../lib/check_p2s.js"); | ||
| const webcrypto_js_1 = require("./webcrypto.js"); | ||
| const pbkdf2 = util_1.promisify(crypto_1.pbkdf2); | ||
@@ -17,3 +18,12 @@ exports.encrypt = async (alg, key, cek, p2c = Math.floor(Math.random() * 2049) + 2048, p2s = random_js_1.default(new Uint8Array(16))) => { | ||
| const keylen = parseInt(alg.substr(13, 3), 10) >> 3; | ||
| const password = key instanceof Uint8Array ? key : key.export(); | ||
| let password; | ||
| if (webcrypto_js_1.isCryptoKey(key)) { | ||
| password = webcrypto_js_1.getKeyObject(key).export(); | ||
| } | ||
| else if (key instanceof crypto_1.KeyObject) { | ||
| password = key.export(); | ||
| } | ||
| else { | ||
| password = key; | ||
| } | ||
| const derivedKey = await pbkdf2(password, salt, p2c, keylen, `sha${alg.substr(8, 3)}`); | ||
@@ -27,5 +37,14 @@ const encryptedKey = await aeskw_js_1.wrap(alg.substr(-6), derivedKey, cek); | ||
| const keylen = parseInt(alg.substr(13, 3), 10) >> 3; | ||
| const password = key instanceof Uint8Array ? key : key.export(); | ||
| let password; | ||
| if (webcrypto_js_1.isCryptoKey(key)) { | ||
| password = webcrypto_js_1.getKeyObject(key).export(); | ||
| } | ||
| else if (key instanceof crypto_1.KeyObject) { | ||
| password = key.export(); | ||
| } | ||
| else { | ||
| password = key; | ||
| } | ||
| const derivedKey = await pbkdf2(password, salt, p2c, keylen, `sha${alg.substr(8, 3)}`); | ||
| return aeskw_js_1.unwrap(alg.substr(-6), derivedKey, encryptedKey); | ||
| }; |
@@ -6,2 +6,3 @@ "use strict"; | ||
| const check_modulus_length_js_1 = require("./check_modulus_length.js"); | ||
| const webcrypto_js_1 = require("./webcrypto.js"); | ||
| const checkKey = (key, alg) => { | ||
@@ -43,2 +44,5 @@ if (key.type === 'secret' || key.asymmetricKeyType !== 'rsa') { | ||
| const oaepHash = resolveOaepHash(alg); | ||
| if (webcrypto_js_1.isCryptoKey(key)) { | ||
| key = webcrypto_js_1.getKeyObject(key); | ||
| } | ||
| checkKey(key, alg); | ||
@@ -50,4 +54,7 @@ return crypto_1.publicEncrypt({ key, oaepHash, padding }, cek); | ||
| const oaepHash = resolveOaepHash(alg); | ||
| if (webcrypto_js_1.isCryptoKey(key)) { | ||
| key = webcrypto_js_1.getKeyObject(key); | ||
| } | ||
| checkKey(key, alg); | ||
| return crypto_1.privateDecrypt({ key, oaepHash, padding }, encryptedKey); | ||
| }; |
@@ -8,2 +8,3 @@ "use strict"; | ||
| const secret_key_js_1 = require("./secret_key.js"); | ||
| const webcrypto_js_1 = require("./webcrypto.js"); | ||
| const sign = async (alg, key, data) => { | ||
@@ -17,2 +18,5 @@ let keyObject; | ||
| } | ||
| else if (webcrypto_js_1.isCryptoKey(key)) { | ||
| keyObject = webcrypto_js_1.getKeyObject(key); | ||
| } | ||
| else { | ||
@@ -19,0 +23,0 @@ keyObject = key; |
@@ -7,2 +7,3 @@ "use strict"; | ||
| const sign_js_1 = require("./sign.js"); | ||
| const webcrypto_js_1 = require("./webcrypto.js"); | ||
| const verify = async (alg, key, signature, data) => { | ||
@@ -20,3 +21,6 @@ if (alg.startsWith('HS')) { | ||
| const algorithm = dsa_digest_js_1.default(alg); | ||
| if (!(key instanceof crypto_1.KeyObject)) { | ||
| if (webcrypto_js_1.isCryptoKey(key)) { | ||
| key = webcrypto_js_1.getKeyObject(key); | ||
| } | ||
| else if (!(key instanceof crypto_1.KeyObject)) { | ||
| throw new TypeError('invalid key object type provided'); | ||
@@ -23,0 +27,0 @@ } |
@@ -6,2 +6,3 @@ import encrypt from './encrypt.js'; | ||
| import { encode as base64url } from './base64url.js'; | ||
| import { isCryptoKey, getKeyObject } from './webcrypto.js'; | ||
| const generateIv = ivFactory(random); | ||
@@ -11,3 +12,6 @@ export const wrap = async (alg, key, cek, iv) => { | ||
| iv || (iv = generateIv(jweAlgorithm)); | ||
| const { ciphertext: encryptedKey, tag } = await encrypt(jweAlgorithm, cek, key instanceof Uint8Array ? key : key.export(), iv, new Uint8Array()); | ||
| if (isCryptoKey(key)) { | ||
| key = getKeyObject(key); | ||
| } | ||
| const { ciphertext: encryptedKey, tag } = await encrypt(jweAlgorithm, cek, key instanceof Uint8Array ? key : key.export(), iv, new Uint8Array(0)); | ||
| return { encryptedKey, iv: base64url(iv), tag: base64url(tag) }; | ||
@@ -17,3 +21,6 @@ }; | ||
| const jweAlgorithm = alg.substr(0, 7); | ||
| return decrypt(jweAlgorithm, key instanceof Uint8Array ? key : key.export(), encryptedKey, iv, tag, new Uint8Array()); | ||
| if (isCryptoKey(key)) { | ||
| key = getKeyObject(key); | ||
| } | ||
| return decrypt(jweAlgorithm, key instanceof Uint8Array ? key : key.export(), encryptedKey, iv, tag, new Uint8Array(0)); | ||
| }; |
@@ -5,2 +5,3 @@ import { createDecipheriv, createCipheriv, getCiphers } from 'crypto'; | ||
| import getSecretKey from './secret_key.js'; | ||
| import { isCryptoKey, getKeyObject } from './webcrypto.js'; | ||
| function checkKeySize(key, alg) { | ||
@@ -17,3 +18,12 @@ if (key.symmetricKeySize << 3 !== parseInt(alg.substr(1, 3), 10)) { | ||
| } | ||
| const keyObject = getSecretKey(key); | ||
| let keyObject; | ||
| if (key instanceof Uint8Array) { | ||
| keyObject = getSecretKey(key); | ||
| } | ||
| else if (isCryptoKey(key)) { | ||
| keyObject = getKeyObject(key); | ||
| } | ||
| else { | ||
| keyObject = key; | ||
| } | ||
| checkKeySize(keyObject, alg); | ||
@@ -29,3 +39,12 @@ const cipher = createCipheriv(algorithm, keyObject, Buffer.alloc(8, 0xa6)); | ||
| } | ||
| const keyObject = getSecretKey(key); | ||
| let keyObject; | ||
| if (key instanceof Uint8Array) { | ||
| keyObject = getSecretKey(key); | ||
| } | ||
| else if (isCryptoKey(key)) { | ||
| keyObject = getKeyObject(key); | ||
| } | ||
| else { | ||
| keyObject = key; | ||
| } | ||
| checkKeySize(keyObject, alg); | ||
@@ -32,0 +51,0 @@ const cipher = createDecipheriv(algorithm, keyObject, Buffer.alloc(8, 0xa6)); |
@@ -8,2 +8,3 @@ import { getCiphers, KeyObject, createDecipheriv } from 'crypto'; | ||
| import cbcTag from './cbc_tag.js'; | ||
| import { isCryptoKey, getKeyObject } from './webcrypto.js'; | ||
| async function cbcDecrypt(enc, cek, ciphertext, iv, tag, aad) { | ||
@@ -57,2 +58,5 @@ const keySize = parseInt(enc.substr(1, 3), 10); | ||
| const decrypt = async (enc, cek, ciphertext, iv, tag, aad) => { | ||
| if (isCryptoKey(cek)) { | ||
| cek = getKeyObject(cek); | ||
| } | ||
| checkCekLength(enc, cek); | ||
@@ -59,0 +63,0 @@ checkIvLength(enc, iv); |
@@ -8,6 +8,13 @@ import { diffieHellman, generateKeyPair as generateKeyPairCb, createPublicKey } from 'crypto'; | ||
| import { JOSENotSupported } from '../util/errors.js'; | ||
| import { isCryptoKey, getKeyObject } from './webcrypto.js'; | ||
| const generateKeyPair = promisify(generateKeyPairCb); | ||
| const concatKdf = KDF.bind(undefined, digest.bind(undefined, 'sha256')); | ||
| export const deriveKey = async (publicKey, privateKey, algorithm, keyLength, apu = new Uint8Array(), apv = new Uint8Array()) => { | ||
| export const deriveKey = async (publicKey, privateKey, algorithm, keyLength, apu = new Uint8Array(0), apv = new Uint8Array(0)) => { | ||
| const value = concat(lengthAndInput(encoder.encode(algorithm)), lengthAndInput(apu), lengthAndInput(apv), uint32be(keyLength)); | ||
| if (isCryptoKey(publicKey)) { | ||
| publicKey = getKeyObject(publicKey); | ||
| } | ||
| if (isCryptoKey(privateKey)) { | ||
| privateKey = getKeyObject(privateKey); | ||
| } | ||
| const sharedSecret = diffieHellman({ privateKey, publicKey }); | ||
@@ -17,2 +24,5 @@ return concatKdf(sharedSecret, keyLength, value); | ||
| export const ephemeralKeyToPublicJWK = function ephemeralKeyToPublicJWK(key) { | ||
| if (isCryptoKey(key)) { | ||
| key = getKeyObject(key); | ||
| } | ||
| switch (key.asymmetricKeyType) { | ||
@@ -41,2 +51,5 @@ case 'x25519': | ||
| export const generateEpk = async (key) => { | ||
| if (isCryptoKey(key)) { | ||
| key = getKeyObject(key); | ||
| } | ||
| switch (key.asymmetricKeyType) { | ||
@@ -43,0 +56,0 @@ case 'x25519': |
@@ -6,2 +6,3 @@ import { KeyObject, createCipheriv } from 'crypto'; | ||
| import cbcTag from './cbc_tag.js'; | ||
| import { isCryptoKey, getKeyObject } from './webcrypto.js'; | ||
| async function cbcEncrypt(enc, plaintext, cek, iv, aad) { | ||
@@ -31,2 +32,5 @@ const keySize = parseInt(enc.substr(1, 3), 10); | ||
| const encrypt = async (enc, plaintext, cek, iv, aad) => { | ||
| if (isCryptoKey(cek)) { | ||
| cek = getKeyObject(cek); | ||
| } | ||
| checkCekLength(enc, cek); | ||
@@ -33,0 +37,0 @@ checkIvLength(enc, iv); |
| import { createPublicKey } from 'crypto'; | ||
| import { JOSENotSupported } from '../util/errors.js'; | ||
| import { isCryptoKey, getKeyObject } from './webcrypto.js'; | ||
| const p256 = Buffer.from([42, 134, 72, 206, 61, 3, 1, 7]); | ||
@@ -27,2 +28,5 @@ const p384 = Buffer.from([43, 129, 4, 0, 34]); | ||
| } | ||
| if (isCryptoKey(key)) { | ||
| key = getKeyObject(key); | ||
| } | ||
| switch (key.asymmetricKeyType) { | ||
@@ -29,0 +33,0 @@ case 'ed25519': |
@@ -6,3 +6,7 @@ import { KeyObject, createPublicKey } from 'crypto'; | ||
| import getNamedCurve from './get_named_curve.js'; | ||
| import { isCryptoKey, getKeyObject } from './webcrypto.js'; | ||
| const keyToJWK = (key) => { | ||
| if (isCryptoKey(key)) { | ||
| key = getKeyObject(key); | ||
| } | ||
| if (!(key instanceof KeyObject)) { | ||
@@ -9,0 +13,0 @@ throw new TypeError('invalid key argument type'); |
| import { promisify } from 'util'; | ||
| import { pbkdf2 as pbkdf2cb } from 'crypto'; | ||
| import { KeyObject, pbkdf2 as pbkdf2cb } from 'crypto'; | ||
| import random from './random.js'; | ||
@@ -8,2 +8,3 @@ import { p2s as concatSalt } from '../lib/buffer_utils.js'; | ||
| import checkP2s from '../lib/check_p2s.js'; | ||
| import { isCryptoKey, getKeyObject } from './webcrypto.js'; | ||
| const pbkdf2 = promisify(pbkdf2cb); | ||
@@ -14,3 +15,12 @@ export const encrypt = async (alg, key, cek, p2c = Math.floor(Math.random() * 2049) + 2048, p2s = random(new Uint8Array(16))) => { | ||
| const keylen = parseInt(alg.substr(13, 3), 10) >> 3; | ||
| const password = key instanceof Uint8Array ? key : key.export(); | ||
| let password; | ||
| if (isCryptoKey(key)) { | ||
| password = getKeyObject(key).export(); | ||
| } | ||
| else if (key instanceof KeyObject) { | ||
| password = key.export(); | ||
| } | ||
| else { | ||
| password = key; | ||
| } | ||
| const derivedKey = await pbkdf2(password, salt, p2c, keylen, `sha${alg.substr(8, 3)}`); | ||
@@ -24,5 +34,14 @@ const encryptedKey = await wrap(alg.substr(-6), derivedKey, cek); | ||
| const keylen = parseInt(alg.substr(13, 3), 10) >> 3; | ||
| const password = key instanceof Uint8Array ? key : key.export(); | ||
| let password; | ||
| if (isCryptoKey(key)) { | ||
| password = getKeyObject(key).export(); | ||
| } | ||
| else if (key instanceof KeyObject) { | ||
| password = key.export(); | ||
| } | ||
| else { | ||
| password = key; | ||
| } | ||
| const derivedKey = await pbkdf2(password, salt, p2c, keylen, `sha${alg.substr(8, 3)}`); | ||
| return unwrap(alg.substr(-6), derivedKey, encryptedKey); | ||
| }; |
| import { publicEncrypt, constants, privateDecrypt } from 'crypto'; | ||
| import checkModulusLength from './check_modulus_length.js'; | ||
| import { isCryptoKey, getKeyObject } from './webcrypto.js'; | ||
| const checkKey = (key, alg) => { | ||
@@ -39,2 +40,5 @@ if (key.type === 'secret' || key.asymmetricKeyType !== 'rsa') { | ||
| const oaepHash = resolveOaepHash(alg); | ||
| if (isCryptoKey(key)) { | ||
| key = getKeyObject(key); | ||
| } | ||
| checkKey(key, alg); | ||
@@ -46,4 +50,7 @@ return publicEncrypt({ key, oaepHash, padding }, cek); | ||
| const oaepHash = resolveOaepHash(alg); | ||
| if (isCryptoKey(key)) { | ||
| key = getKeyObject(key); | ||
| } | ||
| checkKey(key, alg); | ||
| return privateDecrypt({ key, oaepHash, padding }, encryptedKey); | ||
| }; |
@@ -6,2 +6,3 @@ import { sign as oneShotSign, createHmac } from 'crypto'; | ||
| import getSecretKey from './secret_key.js'; | ||
| import { isCryptoKey, getKeyObject } from './webcrypto.js'; | ||
| const sign = async (alg, key, data) => { | ||
@@ -15,2 +16,5 @@ let keyObject; | ||
| } | ||
| else if (isCryptoKey(key)) { | ||
| keyObject = getKeyObject(key); | ||
| } | ||
| else { | ||
@@ -17,0 +21,0 @@ keyObject = key; |
@@ -5,2 +5,3 @@ import { verify as oneShotVerify, timingSafeEqual, KeyObject } from 'crypto'; | ||
| import sign from './sign.js'; | ||
| import { isCryptoKey, getKeyObject } from './webcrypto.js'; | ||
| const verify = async (alg, key, signature, data) => { | ||
@@ -18,3 +19,6 @@ if (alg.startsWith('HS')) { | ||
| const algorithm = nodeDigest(alg); | ||
| if (!(key instanceof KeyObject)) { | ||
| if (isCryptoKey(key)) { | ||
| key = getKeyObject(key); | ||
| } | ||
| else if (!(key instanceof KeyObject)) { | ||
| throw new TypeError('invalid key object type provided'); | ||
@@ -21,0 +25,0 @@ } |
@@ -13,3 +13,3 @@ "use strict"; | ||
| iv ||= generateIv(jweAlgorithm); | ||
| const { ciphertext: encryptedKey, tag } = await encrypt_js_1.default(jweAlgorithm, cek, key, iv, new Uint8Array()); | ||
| const { ciphertext: encryptedKey, tag } = await encrypt_js_1.default(jweAlgorithm, cek, key, iv, new Uint8Array(0)); | ||
| return { encryptedKey, iv: base64url_js_1.encode(iv), tag: base64url_js_1.encode(tag) }; | ||
@@ -19,3 +19,3 @@ }; | ||
| const jweAlgorithm = alg.substr(0, 7); | ||
| return decrypt_js_1.default(jweAlgorithm, key, encryptedKey, iv, tag, new Uint8Array()); | ||
| return decrypt_js_1.default(jweAlgorithm, key, encryptedKey, iv, tag, new Uint8Array(0)); | ||
| }; |
@@ -12,3 +12,2 @@ "use strict"; | ||
| exports.wrap = async (alg, key, cek) => { | ||
| webcrypto_js_1.ensureSecureContext(); | ||
| let cryptoKey; | ||
@@ -26,3 +25,2 @@ if (key instanceof Uint8Array) { | ||
| exports.unwrap = async (alg, key, encryptedKey) => { | ||
| webcrypto_js_1.ensureSecureContext(); | ||
| let cryptoKey; | ||
@@ -29,0 +27,0 @@ if (key instanceof Uint8Array) { |
| "use strict"; | ||
| Object.defineProperty(exports, "__esModule", { value: true }); | ||
| const bogusWebCrypto = [ | ||
| { hash: 'SHA-256', name: 'HMAC' }, | ||
| { hash: { name: 'SHA-256' }, name: 'HMAC' }, | ||
| true, | ||
@@ -6,0 +6,0 @@ ['sign'], |
@@ -13,3 +13,3 @@ "use strict"; | ||
| const macKey = await webcrypto_js_1.default.subtle.importKey('raw', cek.subarray(0, keySize >> 3), { | ||
| hash: `SHA-${keySize << 1}`, | ||
| hash: { name: `SHA-${keySize << 1}` }, | ||
| name: 'HMAC', | ||
@@ -53,3 +53,2 @@ }, false, ['sign']); | ||
| const decrypt = async (enc, cek, ciphertext, iv, tag, aad) => { | ||
| webcrypto_js_1.ensureSecureContext(); | ||
| check_cek_length_js_1.default(enc, cek); | ||
@@ -56,0 +55,0 @@ check_iv_length_js_1.default(enc, iv); |
@@ -5,3 +5,2 @@ "use strict"; | ||
| const digest = async (algorithm, data) => { | ||
| webcrypto_js_1.ensureSecureContext(); | ||
| const subtleDigest = `SHA-${algorithm.substr(-3)}`; | ||
@@ -8,0 +7,0 @@ return new Uint8Array(await webcrypto_js_1.default.subtle.digest(subtleDigest, data)); |
@@ -8,4 +8,3 @@ "use strict"; | ||
| const concatKdf = buffer_utils_js_1.concatKdf.bind(undefined, digest_js_1.default.bind(undefined, 'sha256')); | ||
| exports.deriveKey = async (publicKey, privateKey, algorithm, keyLength, apu = new Uint8Array(), apv = new Uint8Array()) => { | ||
| webcrypto_js_1.ensureSecureContext(); | ||
| exports.deriveKey = async (publicKey, privateKey, algorithm, keyLength, apu = new Uint8Array(0), apv = new Uint8Array(0)) => { | ||
| const value = buffer_utils_js_1.concat(buffer_utils_js_1.lengthAndInput(buffer_utils_js_1.encoder.encode(algorithm)), buffer_utils_js_1.lengthAndInput(apu), buffer_utils_js_1.lengthAndInput(apv), buffer_utils_js_1.uint32be(keyLength)); | ||
@@ -23,15 +22,8 @@ if (!privateKey.usages.includes('deriveBits')) { | ||
| exports.ephemeralKeyToPublicJWK = async function ephemeralKeyToPublicJWK(key) { | ||
| webcrypto_js_1.ensureSecureContext(); | ||
| const { crv, kty, x, y } = await webcrypto_js_1.default.subtle.exportKey('jwk', key); | ||
| return { crv, kty, x, y }; | ||
| }; | ||
| exports.generateEpk = async (key) => { | ||
| webcrypto_js_1.ensureSecureContext(); | ||
| return (await webcrypto_js_1.default.subtle.generateKey({ name: 'ECDH', namedCurve: key.algorithm.namedCurve }, true, ['deriveBits'])).privateKey; | ||
| }; | ||
| exports.publicJwkToEphemeralKey = async (jwk) => { | ||
| webcrypto_js_1.ensureSecureContext(); | ||
| return webcrypto_js_1.default.subtle.importKey('jwk', jwk, { name: 'ECDH', namedCurve: jwk.crv }, true, []); | ||
| }; | ||
| exports.generateEpk = async (key) => (await webcrypto_js_1.default.subtle.generateKey({ name: 'ECDH', namedCurve: key.algorithm.namedCurve }, true, ['deriveBits'])).privateKey; | ||
| exports.publicJwkToEphemeralKey = (jwk) => webcrypto_js_1.default.subtle.importKey('jwk', jwk, { name: 'ECDH', namedCurve: jwk.crv }, true, []); | ||
| const curves = ['P-256', 'P-384', 'P-521']; | ||
| exports.ecdhAllowed = (key) => curves.includes(key.algorithm.namedCurve); |
@@ -11,3 +11,3 @@ "use strict"; | ||
| const macKey = await webcrypto_js_1.default.subtle.importKey('raw', cek.subarray(0, keySize >> 3), { | ||
| hash: `SHA-${keySize << 1}`, | ||
| hash: { name: `SHA-${keySize << 1}` }, | ||
| name: 'HMAC', | ||
@@ -38,3 +38,2 @@ }, false, ['sign']); | ||
| const encrypt = async (enc, plaintext, cek, iv, aad) => { | ||
| webcrypto_js_1.ensureSecureContext(); | ||
| check_cek_length_js_1.default(enc, cek); | ||
@@ -41,0 +40,0 @@ check_iv_length_js_1.default(enc, iv); |
@@ -16,3 +16,3 @@ "use strict"; | ||
| length = parseInt(alg.substr(-3), 10); | ||
| algorithm = { name: 'HMAC', hash: `SHA-${alg.substr(-3)}`, length }; | ||
| algorithm = { name: 'HMAC', hash: { name: `SHA-${alg.substr(-3)}` }, length }; | ||
| keyUsages = ['sign', 'verify']; | ||
@@ -64,3 +64,3 @@ break; | ||
| name: 'RSA-PSS', | ||
| hash: `SHA-${alg.substr(-3)}`, | ||
| hash: { name: `SHA-${alg.substr(-3)}` }, | ||
| publicExponent: new Uint8Array([0x01, 0x00, 0x01]), | ||
@@ -76,3 +76,3 @@ modulusLength: getModulusLengthOption(options), | ||
| name: 'RSASSA-PKCS1-v1_5', | ||
| hash: `SHA-${alg.substr(-3)}`, | ||
| hash: { name: `SHA-${alg.substr(-3)}` }, | ||
| publicExponent: new Uint8Array([0x01, 0x00, 0x01]), | ||
@@ -89,3 +89,3 @@ modulusLength: getModulusLengthOption(options), | ||
| name: 'RSA-OAEP', | ||
| hash: `SHA-${parseInt(alg.substr(-3), 10) || 1}`, | ||
| hash: { name: `SHA-${parseInt(alg.substr(-3), 10) || 1}` }, | ||
| publicExponent: new Uint8Array([0x01, 0x00, 0x01]), | ||
@@ -118,5 +118,4 @@ modulusLength: getModulusLengthOption(options), | ||
| } | ||
| webcrypto_js_1.ensureSecureContext(); | ||
| return webcrypto_js_1.default.subtle.generateKey(algorithm, false, keyUsages); | ||
| } | ||
| exports.generateKeyPair = generateKeyPair; |
@@ -15,3 +15,3 @@ "use strict"; | ||
| case 'HS512': | ||
| algorithm = { name: 'HMAC', hash: `SHA-${jwk.alg.substr(-3)}` }; | ||
| algorithm = { name: 'HMAC', hash: { name: `SHA-${jwk.alg.substr(-3)}` } }; | ||
| keyUsages = ['sign', 'verify']; | ||
@@ -54,3 +54,3 @@ break; | ||
| case 'PS512': | ||
| algorithm = { name: 'RSA-PSS', hash: `SHA-${jwk.alg.substr(-3)}` }; | ||
| algorithm = { name: 'RSA-PSS', hash: { name: `SHA-${jwk.alg.substr(-3)}` } }; | ||
| keyUsages = jwk.d ? ['sign'] : ['verify']; | ||
@@ -61,3 +61,3 @@ break; | ||
| case 'RS512': | ||
| algorithm = { name: 'RSASSA-PKCS1-v1_5', hash: `SHA-${jwk.alg.substr(-3)}` }; | ||
| algorithm = { name: 'RSASSA-PKCS1-v1_5', hash: { name: `SHA-${jwk.alg.substr(-3)}` } }; | ||
| keyUsages = jwk.d ? ['sign'] : ['verify']; | ||
@@ -69,3 +69,6 @@ break; | ||
| case 'RSA-OAEP-512': | ||
| algorithm = { name: 'RSA-OAEP', hash: `SHA-${parseInt(jwk.alg.substr(-3), 10) || 1}` }; | ||
| algorithm = { | ||
| name: 'RSA-OAEP', | ||
| hash: { name: `SHA-${parseInt(jwk.alg.substr(-3), 10) || 1}` }, | ||
| }; | ||
| keyUsages = jwk.d ? ['decrypt', 'unwrapKey'] : ['encrypt', 'wrapKey']; | ||
@@ -112,5 +115,4 @@ break; | ||
| } | ||
| webcrypto_js_1.ensureSecureContext(); | ||
| return webcrypto_js_1.default.subtle.importKey(format, keyData, algorithm, jwk.ext ?? false, jwk.key_ops ?? keyUsages); | ||
| }; | ||
| exports.default = parse; |
@@ -8,3 +8,2 @@ "use strict"; | ||
| } | ||
| webcrypto_js_1.ensureSecureContext(); | ||
| const { ext, key_ops, alg, use, ...jwk } = await webcrypto_js_1.default.subtle.exportKey('jwk', key); | ||
@@ -11,0 +10,0 @@ return jwk; |
@@ -11,3 +11,2 @@ "use strict"; | ||
| exports.encrypt = async (alg, key, cek, p2c = Math.floor(Math.random() * 2049) + 2048, p2s = random_js_1.default(new Uint8Array(16))) => { | ||
| webcrypto_js_1.ensureSecureContext(); | ||
| check_p2s_js_1.default(p2s); | ||
@@ -17,3 +16,3 @@ const salt = buffer_utils_js_1.p2s(alg, p2s); | ||
| const subtleAlg = { | ||
| hash: `SHA-${alg.substr(8, 3)}`, | ||
| hash: { name: `SHA-${alg.substr(8, 3)}` }, | ||
| iterations: p2c, | ||
@@ -48,3 +47,2 @@ name: 'PBKDF2', | ||
| exports.decrypt = async (alg, key, encryptedKey, p2c, p2s) => { | ||
| webcrypto_js_1.ensureSecureContext(); | ||
| check_p2s_js_1.default(p2s); | ||
@@ -54,3 +52,3 @@ const salt = buffer_utils_js_1.p2s(alg, p2s); | ||
| const subtleAlg = { | ||
| hash: `SHA-${alg.substr(8, 3)}`, | ||
| hash: { name: `SHA-${alg.substr(8, 3)}` }, | ||
| iterations: p2c, | ||
@@ -57,0 +55,0 @@ name: 'PBKDF2', |
@@ -9,3 +9,2 @@ "use strict"; | ||
| exports.encrypt = async (alg, key, cek) => { | ||
| webcrypto_js_1.ensureSecureContext(); | ||
| check_key_length_js_1.default(alg, key); | ||
@@ -22,3 +21,2 @@ if (key.usages.includes('encrypt')) { | ||
| exports.decrypt = async (alg, key, encryptedKey) => { | ||
| webcrypto_js_1.ensureSecureContext(); | ||
| check_key_length_js_1.default(alg, key); | ||
@@ -25,0 +23,0 @@ if (key.usages.includes('decrypt')) { |
@@ -7,3 +7,2 @@ "use strict"; | ||
| const sign = async (alg, key, data) => { | ||
| webcrypto_js_1.ensureSecureContext(); | ||
| let cryptoKey; | ||
@@ -14,3 +13,3 @@ if (key instanceof Uint8Array) { | ||
| } | ||
| cryptoKey = await webcrypto_js_1.default.subtle.importKey('raw', key, { hash: `SHA-${alg.substr(-3)}`, name: 'HMAC' }, false, ['sign']); | ||
| cryptoKey = await webcrypto_js_1.default.subtle.importKey('raw', key, { hash: { name: `SHA-${alg.substr(-3)}` }, name: 'HMAC' }, false, ['sign']); | ||
| } | ||
@@ -17,0 +16,0 @@ else { |
@@ -7,10 +7,10 @@ "use strict"; | ||
| case 'HS256': | ||
| return { hash: 'SHA-256', name: 'HMAC' }; | ||
| return { hash: { name: 'SHA-256' }, name: 'HMAC' }; | ||
| case 'HS384': | ||
| return { hash: 'SHA-384', name: 'HMAC' }; | ||
| return { hash: { name: 'SHA-384' }, name: 'HMAC' }; | ||
| case 'HS512': | ||
| return { hash: 'SHA-512', name: 'HMAC' }; | ||
| return { hash: { name: 'SHA-512' }, name: 'HMAC' }; | ||
| case 'PS256': | ||
| return { | ||
| hash: 'SHA-256', | ||
| hash: { name: 'SHA-256' }, | ||
| name: 'RSA-PSS', | ||
@@ -21,3 +21,3 @@ saltLength: 256 >> 3, | ||
| return { | ||
| hash: 'SHA-384', | ||
| hash: { name: 'SHA-384' }, | ||
| name: 'RSA-PSS', | ||
@@ -28,3 +28,3 @@ saltLength: 384 >> 3, | ||
| return { | ||
| hash: 'SHA-512', | ||
| hash: { name: 'SHA-512' }, | ||
| name: 'RSA-PSS', | ||
@@ -34,13 +34,13 @@ saltLength: 512 >> 3, | ||
| case 'RS256': | ||
| return { hash: 'SHA-256', name: 'RSASSA-PKCS1-v1_5' }; | ||
| return { hash: { name: 'SHA-256' }, name: 'RSASSA-PKCS1-v1_5' }; | ||
| case 'RS384': | ||
| return { hash: 'SHA-384', name: 'RSASSA-PKCS1-v1_5' }; | ||
| return { hash: { name: 'SHA-384' }, name: 'RSASSA-PKCS1-v1_5' }; | ||
| case 'RS512': | ||
| return { hash: 'SHA-512', name: 'RSASSA-PKCS1-v1_5' }; | ||
| return { hash: { name: 'SHA-512' }, name: 'RSASSA-PKCS1-v1_5' }; | ||
| case 'ES256': | ||
| return { hash: 'SHA-256', name: 'ECDSA', namedCurve: 'P-256' }; | ||
| return { hash: { name: 'SHA-256' }, name: 'ECDSA', namedCurve: 'P-256' }; | ||
| case 'ES384': | ||
| return { hash: 'SHA-384', name: 'ECDSA', namedCurve: 'P-384' }; | ||
| return { hash: { name: 'SHA-384' }, name: 'ECDSA', namedCurve: 'P-384' }; | ||
| case 'ES512': | ||
| return { hash: 'SHA-512', name: 'ECDSA', namedCurve: 'P-521' }; | ||
| return { hash: { name: 'SHA-512' }, name: 'ECDSA', namedCurve: 'P-521' }; | ||
| default: | ||
@@ -47,0 +47,0 @@ throw new errors_js_1.JOSENotSupported(`alg ${alg} is unsupported either by JOSE or your javascript runtime`); |
@@ -7,3 +7,2 @@ "use strict"; | ||
| const verify = async (alg, key, signature, data) => { | ||
| webcrypto_js_1.ensureSecureContext(); | ||
| let cryptoKey; | ||
@@ -14,3 +13,3 @@ if (key instanceof Uint8Array) { | ||
| } | ||
| cryptoKey = await webcrypto_js_1.default.subtle.importKey('raw', key, { hash: `SHA-${alg.substr(-3)}`, name: 'HMAC' }, false, ['verify']); | ||
| cryptoKey = await webcrypto_js_1.default.subtle.importKey('raw', key, { hash: { name: `SHA-${alg.substr(-3)}` }, name: 'HMAC' }, false, ['verify']); | ||
| } | ||
@@ -17,0 +16,0 @@ else { |
| "use strict"; | ||
| Object.defineProperty(exports, "__esModule", { value: true }); | ||
| exports.ensureSecureContext = void 0; | ||
| exports.getKeyObject = exports.isCryptoKey = void 0; | ||
| const crypto = require("crypto"); | ||
| if (crypto.webcrypto === undefined) { | ||
| throw new Error('Node.js crypto.webcrypto is not available in your runtime'); | ||
| const webcrypto = crypto.webcrypto; | ||
| exports.default = webcrypto; | ||
| function isCryptoKey(key) { | ||
| if (webcrypto !== undefined) { | ||
| return key instanceof webcrypto.CryptoKey; | ||
| } | ||
| return false; | ||
| } | ||
| process.emitWarning('The implementation of Web Cryptography API in Node.js is experimental.', 'ExperimentalWarning'); | ||
| exports.default = crypto.webcrypto; | ||
| function ensureSecureContext() { } | ||
| exports.ensureSecureContext = ensureSecureContext; | ||
| exports.isCryptoKey = isCryptoKey; | ||
| function getKeyObject(key) { | ||
| return crypto.KeyObject.from(key); | ||
| } | ||
| exports.getKeyObject = getKeyObject; |
@@ -10,3 +10,3 @@ import encrypt from './encrypt.js'; | ||
| iv ||= generateIv(jweAlgorithm); | ||
| const { ciphertext: encryptedKey, tag } = await encrypt(jweAlgorithm, cek, key, iv, new Uint8Array()); | ||
| const { ciphertext: encryptedKey, tag } = await encrypt(jweAlgorithm, cek, key, iv, new Uint8Array(0)); | ||
| return { encryptedKey, iv: base64url(iv), tag: base64url(tag) }; | ||
@@ -16,3 +16,3 @@ }; | ||
| const jweAlgorithm = alg.substr(0, 7); | ||
| return decrypt(jweAlgorithm, key, encryptedKey, iv, tag, new Uint8Array()); | ||
| return decrypt(jweAlgorithm, key, encryptedKey, iv, tag, new Uint8Array(0)); | ||
| }; |
| import bogusWebCrypto from './bogus.js'; | ||
| import crypto, { ensureSecureContext } from './webcrypto.js'; | ||
| import crypto from './webcrypto.js'; | ||
| function checkKeySize(key, alg) { | ||
@@ -9,3 +9,2 @@ if (key.algorithm.length !== parseInt(alg.substr(1, 3), 10)) { | ||
| export const wrap = async (alg, key, cek) => { | ||
| ensureSecureContext(); | ||
| let cryptoKey; | ||
@@ -23,3 +22,2 @@ if (key instanceof Uint8Array) { | ||
| export const unwrap = async (alg, key, encryptedKey) => { | ||
| ensureSecureContext(); | ||
| let cryptoKey; | ||
@@ -26,0 +24,0 @@ if (key instanceof Uint8Array) { |
| const bogusWebCrypto = [ | ||
| { hash: 'SHA-256', name: 'HMAC' }, | ||
| { hash: { name: 'SHA-256' }, name: 'HMAC' }, | ||
| true, | ||
@@ -4,0 +4,0 @@ ['sign'], |
@@ -6,3 +6,3 @@ import { concat, uint64be } from '../lib/buffer_utils.js'; | ||
| import { JWEDecryptionFailed } from '../util/errors.js'; | ||
| import crypto, { ensureSecureContext } from './webcrypto.js'; | ||
| import crypto from './webcrypto.js'; | ||
| async function cbcDecrypt(enc, cek, ciphertext, iv, tag, aad) { | ||
@@ -12,3 +12,3 @@ const keySize = parseInt(enc.substr(1, 3), 10); | ||
| const macKey = await crypto.subtle.importKey('raw', cek.subarray(0, keySize >> 3), { | ||
| hash: `SHA-${keySize << 1}`, | ||
| hash: { name: `SHA-${keySize << 1}` }, | ||
| name: 'HMAC', | ||
@@ -52,3 +52,2 @@ }, false, ['sign']); | ||
| const decrypt = async (enc, cek, ciphertext, iv, tag, aad) => { | ||
| ensureSecureContext(); | ||
| checkCekLength(enc, cek); | ||
@@ -55,0 +54,0 @@ checkIvLength(enc, iv); |
@@ -1,4 +0,3 @@ | ||
| import crypto, { ensureSecureContext } from './webcrypto.js'; | ||
| import crypto from './webcrypto.js'; | ||
| const digest = async (algorithm, data) => { | ||
| ensureSecureContext(); | ||
| const subtleDigest = `SHA-${algorithm.substr(-3)}`; | ||
@@ -5,0 +4,0 @@ return new Uint8Array(await crypto.subtle.digest(subtleDigest, data)); |
| import { encoder, concat, uint32be, lengthAndInput, concatKdf as KDF, } from '../lib/buffer_utils.js'; | ||
| import crypto, { ensureSecureContext } from './webcrypto.js'; | ||
| import crypto from './webcrypto.js'; | ||
| import digest from './digest.js'; | ||
| const concatKdf = KDF.bind(undefined, digest.bind(undefined, 'sha256')); | ||
| export const deriveKey = async (publicKey, privateKey, algorithm, keyLength, apu = new Uint8Array(), apv = new Uint8Array()) => { | ||
| ensureSecureContext(); | ||
| export const deriveKey = async (publicKey, privateKey, algorithm, keyLength, apu = new Uint8Array(0), apv = new Uint8Array(0)) => { | ||
| const value = concat(lengthAndInput(encoder.encode(algorithm)), lengthAndInput(apu), lengthAndInput(apv), uint32be(keyLength)); | ||
@@ -19,15 +18,8 @@ if (!privateKey.usages.includes('deriveBits')) { | ||
| export const ephemeralKeyToPublicJWK = async function ephemeralKeyToPublicJWK(key) { | ||
| ensureSecureContext(); | ||
| const { crv, kty, x, y } = await crypto.subtle.exportKey('jwk', key); | ||
| return { crv, kty, x, y }; | ||
| }; | ||
| export const generateEpk = async (key) => { | ||
| ensureSecureContext(); | ||
| return (await crypto.subtle.generateKey({ name: 'ECDH', namedCurve: key.algorithm.namedCurve }, true, ['deriveBits'])).privateKey; | ||
| }; | ||
| export const publicJwkToEphemeralKey = async (jwk) => { | ||
| ensureSecureContext(); | ||
| return crypto.subtle.importKey('jwk', jwk, { name: 'ECDH', namedCurve: jwk.crv }, true, []); | ||
| }; | ||
| export const generateEpk = async (key) => (await crypto.subtle.generateKey({ name: 'ECDH', namedCurve: key.algorithm.namedCurve }, true, ['deriveBits'])).privateKey; | ||
| export const publicJwkToEphemeralKey = (jwk) => crypto.subtle.importKey('jwk', jwk, { name: 'ECDH', namedCurve: jwk.crv }, true, []); | ||
| const curves = ['P-256', 'P-384', 'P-521']; | ||
| export const ecdhAllowed = (key) => curves.includes(key.algorithm.namedCurve); |
| import { concat, uint64be } from '../lib/buffer_utils.js'; | ||
| import checkIvLength from '../lib/check_iv_length.js'; | ||
| import checkCekLength from './check_cek_length.js'; | ||
| import crypto, { ensureSecureContext } from './webcrypto.js'; | ||
| import crypto from './webcrypto.js'; | ||
| async function cbcEncrypt(enc, plaintext, cek, iv, aad) { | ||
@@ -9,3 +9,3 @@ const keySize = parseInt(enc.substr(1, 3), 10); | ||
| const macKey = await crypto.subtle.importKey('raw', cek.subarray(0, keySize >> 3), { | ||
| hash: `SHA-${keySize << 1}`, | ||
| hash: { name: `SHA-${keySize << 1}` }, | ||
| name: 'HMAC', | ||
@@ -36,3 +36,2 @@ }, false, ['sign']); | ||
| const encrypt = async (enc, plaintext, cek, iv, aad) => { | ||
| ensureSecureContext(); | ||
| checkCekLength(enc, cek); | ||
@@ -39,0 +38,0 @@ checkIvLength(enc, iv); |
@@ -1,2 +0,2 @@ | ||
| import crypto, { ensureSecureContext } from './webcrypto.js'; | ||
| import crypto from './webcrypto.js'; | ||
| import { JOSENotSupported } from '../util/errors.js'; | ||
@@ -13,3 +13,3 @@ import random from './random.js'; | ||
| length = parseInt(alg.substr(-3), 10); | ||
| algorithm = { name: 'HMAC', hash: `SHA-${alg.substr(-3)}`, length }; | ||
| algorithm = { name: 'HMAC', hash: { name: `SHA-${alg.substr(-3)}` }, length }; | ||
| keyUsages = ['sign', 'verify']; | ||
@@ -60,3 +60,3 @@ break; | ||
| name: 'RSA-PSS', | ||
| hash: `SHA-${alg.substr(-3)}`, | ||
| hash: { name: `SHA-${alg.substr(-3)}` }, | ||
| publicExponent: new Uint8Array([0x01, 0x00, 0x01]), | ||
@@ -72,3 +72,3 @@ modulusLength: getModulusLengthOption(options), | ||
| name: 'RSASSA-PKCS1-v1_5', | ||
| hash: `SHA-${alg.substr(-3)}`, | ||
| hash: { name: `SHA-${alg.substr(-3)}` }, | ||
| publicExponent: new Uint8Array([0x01, 0x00, 0x01]), | ||
@@ -85,3 +85,3 @@ modulusLength: getModulusLengthOption(options), | ||
| name: 'RSA-OAEP', | ||
| hash: `SHA-${parseInt(alg.substr(-3), 10) || 1}`, | ||
| hash: { name: `SHA-${parseInt(alg.substr(-3), 10) || 1}` }, | ||
| publicExponent: new Uint8Array([0x01, 0x00, 0x01]), | ||
@@ -114,4 +114,3 @@ modulusLength: getModulusLengthOption(options), | ||
| } | ||
| ensureSecureContext(); | ||
| return crypto.subtle.generateKey(algorithm, false, keyUsages); | ||
| } |
@@ -1,2 +0,2 @@ | ||
| import crypto, { ensureSecureContext } from './webcrypto.js'; | ||
| import crypto from './webcrypto.js'; | ||
| import { JOSENotSupported } from '../util/errors.js'; | ||
@@ -13,3 +13,3 @@ import { decode as base64url } from './base64url.js'; | ||
| case 'HS512': | ||
| algorithm = { name: 'HMAC', hash: `SHA-${jwk.alg.substr(-3)}` }; | ||
| algorithm = { name: 'HMAC', hash: { name: `SHA-${jwk.alg.substr(-3)}` } }; | ||
| keyUsages = ['sign', 'verify']; | ||
@@ -52,3 +52,3 @@ break; | ||
| case 'PS512': | ||
| algorithm = { name: 'RSA-PSS', hash: `SHA-${jwk.alg.substr(-3)}` }; | ||
| algorithm = { name: 'RSA-PSS', hash: { name: `SHA-${jwk.alg.substr(-3)}` } }; | ||
| keyUsages = jwk.d ? ['sign'] : ['verify']; | ||
@@ -59,3 +59,3 @@ break; | ||
| case 'RS512': | ||
| algorithm = { name: 'RSASSA-PKCS1-v1_5', hash: `SHA-${jwk.alg.substr(-3)}` }; | ||
| algorithm = { name: 'RSASSA-PKCS1-v1_5', hash: { name: `SHA-${jwk.alg.substr(-3)}` } }; | ||
| keyUsages = jwk.d ? ['sign'] : ['verify']; | ||
@@ -67,3 +67,6 @@ break; | ||
| case 'RSA-OAEP-512': | ||
| algorithm = { name: 'RSA-OAEP', hash: `SHA-${parseInt(jwk.alg.substr(-3), 10) || 1}` }; | ||
| algorithm = { | ||
| name: 'RSA-OAEP', | ||
| hash: { name: `SHA-${parseInt(jwk.alg.substr(-3), 10) || 1}` }, | ||
| }; | ||
| keyUsages = jwk.d ? ['decrypt', 'unwrapKey'] : ['encrypt', 'wrapKey']; | ||
@@ -110,5 +113,4 @@ break; | ||
| } | ||
| ensureSecureContext(); | ||
| return crypto.subtle.importKey(format, keyData, algorithm, jwk.ext ?? false, jwk.key_ops ?? keyUsages); | ||
| }; | ||
| export default parse; |
@@ -1,2 +0,2 @@ | ||
| import crypto, { ensureSecureContext } from './webcrypto.js'; | ||
| import crypto from './webcrypto.js'; | ||
| const keyToJWK = async (key) => { | ||
@@ -6,3 +6,2 @@ if (!key.extractable) { | ||
| } | ||
| ensureSecureContext(); | ||
| const { ext, key_ops, alg, use, ...jwk } = await crypto.subtle.exportKey('jwk', key); | ||
@@ -9,0 +8,0 @@ return jwk; |
@@ -6,5 +6,4 @@ import random from './random.js'; | ||
| import checkP2s from '../lib/check_p2s.js'; | ||
| import crypto, { ensureSecureContext } from './webcrypto.js'; | ||
| import crypto from './webcrypto.js'; | ||
| export const encrypt = async (alg, key, cek, p2c = Math.floor(Math.random() * 2049) + 2048, p2s = random(new Uint8Array(16))) => { | ||
| ensureSecureContext(); | ||
| checkP2s(p2s); | ||
@@ -14,3 +13,3 @@ const salt = concatSalt(alg, p2s); | ||
| const subtleAlg = { | ||
| hash: `SHA-${alg.substr(8, 3)}`, | ||
| hash: { name: `SHA-${alg.substr(8, 3)}` }, | ||
| iterations: p2c, | ||
@@ -45,3 +44,2 @@ name: 'PBKDF2', | ||
| export const decrypt = async (alg, key, encryptedKey, p2c, p2s) => { | ||
| ensureSecureContext(); | ||
| checkP2s(p2s); | ||
@@ -51,3 +49,3 @@ const salt = concatSalt(alg, p2s); | ||
| const subtleAlg = { | ||
| hash: `SHA-${alg.substr(8, 3)}`, | ||
| hash: { name: `SHA-${alg.substr(8, 3)}` }, | ||
| iterations: p2c, | ||
@@ -54,0 +52,0 @@ name: 'PBKDF2', |
| import subtleAlgorithm from './subtle_rsaes.js'; | ||
| import bogusWebCrypto from './bogus.js'; | ||
| import crypto, { ensureSecureContext } from './webcrypto.js'; | ||
| import crypto from './webcrypto.js'; | ||
| import checkKeyLength from './check_key_length.js'; | ||
| export const encrypt = async (alg, key, cek) => { | ||
| ensureSecureContext(); | ||
| checkKeyLength(alg, key); | ||
@@ -18,3 +17,2 @@ if (key.usages.includes('encrypt')) { | ||
| export const decrypt = async (alg, key, encryptedKey) => { | ||
| ensureSecureContext(); | ||
| checkKeyLength(alg, key); | ||
@@ -21,0 +19,0 @@ if (key.usages.includes('decrypt')) { |
| import subtleAlgorithm from './subtle_dsa.js'; | ||
| import crypto, { ensureSecureContext } from './webcrypto.js'; | ||
| import crypto from './webcrypto.js'; | ||
| import checkKeyLength from './check_key_length.js'; | ||
| const sign = async (alg, key, data) => { | ||
| ensureSecureContext(); | ||
| let cryptoKey; | ||
@@ -11,3 +10,3 @@ if (key instanceof Uint8Array) { | ||
| } | ||
| cryptoKey = await crypto.subtle.importKey('raw', key, { hash: `SHA-${alg.substr(-3)}`, name: 'HMAC' }, false, ['sign']); | ||
| cryptoKey = await crypto.subtle.importKey('raw', key, { hash: { name: `SHA-${alg.substr(-3)}` }, name: 'HMAC' }, false, ['sign']); | ||
| } | ||
@@ -14,0 +13,0 @@ else { |
@@ -5,10 +5,10 @@ import { JOSENotSupported } from '../util/errors.js'; | ||
| case 'HS256': | ||
| return { hash: 'SHA-256', name: 'HMAC' }; | ||
| return { hash: { name: 'SHA-256' }, name: 'HMAC' }; | ||
| case 'HS384': | ||
| return { hash: 'SHA-384', name: 'HMAC' }; | ||
| return { hash: { name: 'SHA-384' }, name: 'HMAC' }; | ||
| case 'HS512': | ||
| return { hash: 'SHA-512', name: 'HMAC' }; | ||
| return { hash: { name: 'SHA-512' }, name: 'HMAC' }; | ||
| case 'PS256': | ||
| return { | ||
| hash: 'SHA-256', | ||
| hash: { name: 'SHA-256' }, | ||
| name: 'RSA-PSS', | ||
@@ -19,3 +19,3 @@ saltLength: 256 >> 3, | ||
| return { | ||
| hash: 'SHA-384', | ||
| hash: { name: 'SHA-384' }, | ||
| name: 'RSA-PSS', | ||
@@ -26,3 +26,3 @@ saltLength: 384 >> 3, | ||
| return { | ||
| hash: 'SHA-512', | ||
| hash: { name: 'SHA-512' }, | ||
| name: 'RSA-PSS', | ||
@@ -32,13 +32,13 @@ saltLength: 512 >> 3, | ||
| case 'RS256': | ||
| return { hash: 'SHA-256', name: 'RSASSA-PKCS1-v1_5' }; | ||
| return { hash: { name: 'SHA-256' }, name: 'RSASSA-PKCS1-v1_5' }; | ||
| case 'RS384': | ||
| return { hash: 'SHA-384', name: 'RSASSA-PKCS1-v1_5' }; | ||
| return { hash: { name: 'SHA-384' }, name: 'RSASSA-PKCS1-v1_5' }; | ||
| case 'RS512': | ||
| return { hash: 'SHA-512', name: 'RSASSA-PKCS1-v1_5' }; | ||
| return { hash: { name: 'SHA-512' }, name: 'RSASSA-PKCS1-v1_5' }; | ||
| case 'ES256': | ||
| return { hash: 'SHA-256', name: 'ECDSA', namedCurve: 'P-256' }; | ||
| return { hash: { name: 'SHA-256' }, name: 'ECDSA', namedCurve: 'P-256' }; | ||
| case 'ES384': | ||
| return { hash: 'SHA-384', name: 'ECDSA', namedCurve: 'P-384' }; | ||
| return { hash: { name: 'SHA-384' }, name: 'ECDSA', namedCurve: 'P-384' }; | ||
| case 'ES512': | ||
| return { hash: 'SHA-512', name: 'ECDSA', namedCurve: 'P-521' }; | ||
| return { hash: { name: 'SHA-512' }, name: 'ECDSA', namedCurve: 'P-521' }; | ||
| default: | ||
@@ -45,0 +45,0 @@ throw new JOSENotSupported(`alg ${alg} is unsupported either by JOSE or your javascript runtime`); |
| import subtleAlgorithm from './subtle_dsa.js'; | ||
| import crypto, { ensureSecureContext } from './webcrypto.js'; | ||
| import crypto from './webcrypto.js'; | ||
| import checkKeyLength from './check_key_length.js'; | ||
| const verify = async (alg, key, signature, data) => { | ||
| ensureSecureContext(); | ||
| let cryptoKey; | ||
@@ -11,3 +10,3 @@ if (key instanceof Uint8Array) { | ||
| } | ||
| cryptoKey = await crypto.subtle.importKey('raw', key, { hash: `SHA-${alg.substr(-3)}`, name: 'HMAC' }, false, ['verify']); | ||
| cryptoKey = await crypto.subtle.importKey('raw', key, { hash: { name: `SHA-${alg.substr(-3)}` }, name: 'HMAC' }, false, ['verify']); | ||
| } | ||
@@ -14,0 +13,0 @@ else { |
| import * as crypto from 'crypto'; | ||
| if (crypto.webcrypto === undefined) { | ||
| throw new Error('Node.js crypto.webcrypto is not available in your runtime'); | ||
| const webcrypto = crypto.webcrypto; | ||
| export default webcrypto; | ||
| export function isCryptoKey(key) { | ||
| if (webcrypto !== undefined) { | ||
| return key instanceof webcrypto.CryptoKey; | ||
| } | ||
| return false; | ||
| } | ||
| process.emitWarning('The implementation of Web Cryptography API in Node.js is experimental.', 'ExperimentalWarning'); | ||
| export default crypto.webcrypto; | ||
| export function ensureSecureContext() { } | ||
| export function getKeyObject(key) { | ||
| return crypto.KeyObject.from(key); | ||
| } |
| { | ||
| "name": "jose", | ||
| "version": "3.5.4", | ||
| "version": "3.6.0", | ||
| "description": "Universal 'JSON Web Almost Everything' - JWA, JWS, JWE, JWT, JWK with no dependencies", | ||
@@ -330,2 +330,3 @@ "keywords": [ | ||
| "coverage": "npm run-script runtime-node && c8 npm run-script test", | ||
| "coverage-cryptokey": "npm run-script runtime-node && c8 npm run-script test-cryptokey", | ||
| "coverage-webcrypto": "npm run-script runtime-node-webcrypto && c8 npm run-script test-webcrypto", | ||
@@ -347,2 +348,3 @@ "docs": "run-s docs:*", | ||
| "test-cjs": "rm -rf test/cjs && find test -type f -name '*.mjs' -print0 | xargs -0 npx esbuild --target=esnext --outdir=test/cjs --format=cjs", | ||
| "test-cryptokey": "CRYPTOKEY=true npm test", | ||
| "test-webcrypto": "WEBCRYPTO=true npm test" | ||
@@ -349,0 +351,0 @@ }, |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.67%
684593
- Number of package files
- increased by0.53%
382
- Lines of code
- increased by0.97%
16132
No dependency changes