node-webcrypto-ossl
Advanced tools
Comparing version 1.0.16 to 1.0.17
@@ -75,6 +75,54 @@ // Core | ||
const alg = algorithm as Algorithm; | ||
const data: { [key: string]: Buffer } = {}; | ||
let key_type = native.KeyType.PUBLIC; | ||
switch (_format) { | ||
case "raw": | ||
if (!Buffer.isBuffer(keyData)) | ||
throw new WebCryptoError("ImportKey: keyData is not a Buffer"); | ||
let keyLength = 0; | ||
let crv = ""; | ||
if (keyData.length === 65) { | ||
// P-256 | ||
crv = "P-256"; | ||
// Key length 32 Byte | ||
keyLength = 32; | ||
} else if (keyData.length === 97) { | ||
// P-384 | ||
crv = "P-384"; | ||
// Key length 48 Byte | ||
keyLength = 48; | ||
} else if (keyData.length === 133) { | ||
// P-521 | ||
crv = "P-521"; | ||
// Key length: 521/= 65,125 => 66 Byte | ||
keyLength = 66; | ||
} | ||
let x = keyData.slice(1, keyLength + 1); | ||
let y = keyData.slice(keyLength + 1, (keyLength * 2) + 1); | ||
data["kty"] = new Buffer("EC", "utf-8"); | ||
data["crv"] = nc2ssl(crv); | ||
data["x"] = b64_decode(Base64Url.encode(buf_pad(x, keyLength))); | ||
data["y"] = b64_decode(Base64Url.encode(buf_pad(y, keyLength))); | ||
native.Key.importJwk(data, key_type, (err, key) => { | ||
try { | ||
if (err) | ||
reject(new WebCryptoError(`ImportKey: Cannot import key from JWK\n${err}`)); | ||
else { | ||
let ec = new CryptoKey(key, alg, key_type ? "private" : "public", extractable, keyUsages); | ||
resolve(ec); | ||
} | ||
} | ||
catch (e) { | ||
reject(e); | ||
} | ||
}); | ||
break; | ||
case "jwk": | ||
const jwk = keyData as JsonWebKey; | ||
const data: { [key: string]: Buffer } = {}; | ||
// prepare data | ||
@@ -85,3 +133,2 @@ data["kty"] = jwk.kty as any; | ||
data["y"] = b64_decode(jwk.y!); | ||
let key_type = native.KeyType.PUBLIC; | ||
if (jwk.d) { | ||
@@ -149,6 +196,8 @@ key_type = native.KeyType.PRIVATE; | ||
switch (jwk.crv) { | ||
// case "P-251": | ||
// break; | ||
// case "P-384": | ||
// break; | ||
case "P-256": | ||
padSize = 32; | ||
break; | ||
case "P-384": | ||
padSize = 48; | ||
break; | ||
case "P-521": | ||
@@ -186,2 +235,35 @@ padSize = 66; | ||
break; | ||
case "raw": | ||
nkey.exportJwk(type, (err, data) => { | ||
if (err) { | ||
reject(err); | ||
} else { | ||
let padSize = 0; | ||
let crv = (key.algorithm as any).namedCurve; | ||
switch (crv) { | ||
case "P-256": | ||
padSize = 32; | ||
break; | ||
case "P-384": | ||
padSize = 48; | ||
break; | ||
case "P-521": | ||
padSize = 66; | ||
break; | ||
} | ||
let x = Base64Url.decode(Base64Url.encode(buf_pad(data.x, padSize))); | ||
let y = Base64Url.decode(Base64Url.encode(buf_pad(data.y, padSize))); | ||
let rawKey = new Uint8Array(1 + x.length + y.length); | ||
rawKey.set([4]); | ||
rawKey.set(x, 1); | ||
rawKey.set(y, 1 + x.length); | ||
resolve(rawKey.buffer); | ||
} | ||
}); | ||
break; | ||
default: | ||
@@ -188,0 +270,0 @@ throw new WebCryptoError(`ExportKey: Unknown export format '${format}'`); |
{ | ||
"name": "node-webcrypto-ossl", | ||
"version": "1.0.16", | ||
"version": "1.0.17", | ||
"repository": { | ||
@@ -5,0 +5,0 @@ "type": "git", |
@@ -10,3 +10,3 @@ # node-webcrypto-ossl | ||
We wanted to be able to write Javascript that used crypto on both the client and the server but we did not want to rely on Javascript implementations of crypto. The only native cryptography availible in browser is [Web Crypto](caniuse.com/#search=cryptography), this resulted in us creating a `node-webcrypto-ossl` a native polyfil for WebCrypto based on Openssl. | ||
We wanted to be able to write Javascript that used crypto on both the client and the server but we did not want to rely on Javascript implementations of crypto. The only native cryptography availible in browser is [Web Crypto](http://caniuse.com/#search=cryptography), this resulted in us creating a `node-webcrypto-ossl` a native polyfil for WebCrypto based on Openssl. | ||
@@ -13,0 +13,0 @@ ## Table Of Contents |
@@ -151,3 +151,3 @@ "use strict"; | ||
// Format | ||
["jwk", "spki", "pkcs8"].forEach(format => { | ||
["jwk", "spki", "pkcs8", "raw"].forEach(format => { | ||
it(`${format}\t${key.name}`, done => { | ||
@@ -157,3 +157,8 @@ var promise = Promise.resolve(); | ||
[key.privateKey, key.publicKey].forEach(_key => { | ||
if ((format === "spki" && _key.type === "public") || (format === "pkcs8" && _key.type === "private") || format === "jwk") | ||
if ( | ||
(format === "raw" && _key.type === "public") || | ||
(format === "spki" && _key.type === "public") || | ||
(format === "pkcs8" && _key.type === "private") || | ||
(format === "jwk") | ||
) | ||
promise = promise.then(() => { | ||
@@ -163,3 +168,5 @@ return webcrypto.subtle.exportKey(format, _key) | ||
assert.equal(!!jwk, true, "Has no jwk value"); | ||
// TODO assert JWK params | ||
if(format === "raw") { | ||
// TODO assert JWK params | ||
} | ||
return webcrypto.subtle.importKey(format, jwk, _key.algorithm, true, _key.usages); | ||
@@ -179,2 +186,36 @@ }) | ||
}); | ||
context("Combined test", () => { | ||
["jwk", "spki", "raw"].forEach(format => { | ||
it(`${format}\tECDH generateKey + exportKey + importKey + deriveBits`, done => { | ||
webcrypto.subtle.generateKey({ name: "ECDH", namedCurve: "P-256"}, false, ["deriveKey", "deriveBits"]) | ||
.then(function(key1){ | ||
webcrypto.subtle.generateKey({ name: "ECDH", namedCurve: "P-256"}, false, ["deriveKey", "deriveBits"]) | ||
.then(function(key2){ | ||
webcrypto.subtle.exportKey(format ,key1.publicKey) | ||
.then(function(keydata1){ | ||
webcrypto.subtle.exportKey(format ,key2.publicKey) | ||
.then(function(keydata2){ | ||
webcrypto.subtle.importKey(format , keydata1, { name: "ECDH", namedCurve: "P-256" }, true, []) | ||
.then(function(pub1){ | ||
webcrypto.subtle.importKey(format , keydata2, { name: "ECDH", namedCurve: "P-256" }, true, []) | ||
.then(function(pub2){ | ||
webcrypto.subtle.deriveBits({ name: "ECDH", namedCurve: "P-256", public: pub1 }, key2.privateKey, 128) | ||
.then(function(bits1){ | ||
webcrypto.subtle.deriveBits({ name: "ECDH", namedCurve: "P-256", public: pub2 }, key1.privateKey, 128) | ||
.then(function(bits2){ | ||
assert.deepEqual(new Uint8Array(bits1), new Uint8Array(bits2), "derive Bits not equal"); | ||
}).then(done, done); | ||
}); | ||
}); | ||
}); | ||
}); | ||
}); | ||
}); | ||
}); | ||
}); | ||
}); | ||
}); | ||
}); |
@@ -19,23 +19,64 @@ "use strict"; | ||
const vectorsKey = [{ "algorithm": { "name": "PBKDF2", "hash": "SHA-1" }, "password": "", "key": { "alg": "A128CBC", "ext": true, "k": "MZjBCKYUvm9T9Ux3_5HgHw", "key_ops": ["encrypt"], "kty": "oct" }, "encrypted": "PZySgqtYaAzTLv+eevqUFQ==" }, { "algorithm": { "name": "PBKDF2", "hash": "SHA-256" }, "password": "", "key": { "alg": "A128CBC", "ext": true, "k": "GlOzGKZYUz1EYCdJtZeRXg", "key_ops": ["encrypt"], "kty": "oct" }, "encrypted": "BOAUIe71oASqkAkEaexcew==" }, { "algorithm": { "name": "PBKDF2", "hash": "SHA-384" }, "password": "", "key": { "alg": "A128CBC", "ext": true, "k": "CdVn_cAjFqdLrCV-dz_LpA", "key_ops": ["encrypt"], "kty": "oct" }, "encrypted": "u1+ZPiMlJ9nsXVxeQ+Aq5w==" }, { "algorithm": { "name": "PBKDF2", "hash": "SHA-512" }, "password": "", "key": { "alg": "A128CBC", "ext": true, "k": "WGqAJBM7TF6Sn-Am3-6RoA", "key_ops": ["encrypt"], "kty": "oct" }, "encrypted": "Nk9mDREG3cxn1SxlsJQUIg==" }, { "algorithm": { "name": "PBKDF2", "hash": "SHA-1" }, "password": "password", "key": { "alg": "A128CBC", "ext": true, "k": "yvcSWNZgau4mEfezNj-rtg", "key_ops": ["encrypt"], "kty": "oct" }, "encrypted": "s9bk3ikb7xRwHFKvkBensA==" }, { "algorithm": { "name": "PBKDF2", "hash": "SHA-256" }, "password": "password", "key": { "alg": "A128CBC", "ext": true, "k": "Sj4bTP75DW4A_IN08TwLDg", "key_ops": ["encrypt"], "kty": "oct" }, "encrypted": "EXGntv99x28t9rI4uuYGoA==" }, { "algorithm": { "name": "PBKDF2", "hash": "SHA-384" }, "password": "password", "key": { "alg": "A128CBC", "ext": true, "k": "n4dQaniQ-UlRohiDSL3dKQ", "key_ops": ["encrypt"], "kty": "oct" }, "encrypted": "9QNeVgy/CmNRZ6rztCX4iQ==" }, { "algorithm": { "name": "PBKDF2", "hash": "SHA-512" }, "password": "password", "key": { "alg": "A128CBC", "ext": true, "k": "jTNIFwT5oHTGb2G2b6gJ8w", "key_ops": ["encrypt"], "kty": "oct" }, "encrypted": "NNQ94K7/yvygm2pQRKM8xw==" }]; | ||
context("PBKDF2", () => { | ||
vectors.forEach(vector => { | ||
it(`password:${vector.password || "empty"} hash:${vector.algorithm.hash}`, done => { | ||
const raw = new Buffer(vector.password); | ||
subtle.importKey("raw", raw, vector.algorithm, false, ["deriveBits"]) | ||
.then((key) => { | ||
return crypto.subtle.deriveBits( | ||
{ name: "PBKDF2", salt: new Uint8Array([1, 2, 3, 4, 5]), iterations: 1000, hash: vector.algorithm.hash }, | ||
key, 128) | ||
}) | ||
.then(dBits => { | ||
assert.equal(!!dBits, true); | ||
assert.equal(dBits instanceof ArrayBuffer, true); | ||
assert.equal(dBits.byteLength, 128 / 8); | ||
assert.equal(new Buffer(dBits).toString("base64"), vector.derivedBits); | ||
}) | ||
.then(done, done); | ||
context("deriveBits", () => { | ||
vectors.forEach(vector => { | ||
it(`password:${vector.password || "empty"} hash:${vector.algorithm.hash}`, done => { | ||
const raw = new Buffer(vector.password); | ||
subtle.importKey("raw", raw, vector.algorithm, false, ["deriveBits"]) | ||
.then((key) => { | ||
return crypto.subtle.deriveBits( | ||
{ name: "PBKDF2", salt: new Uint8Array([1, 2, 3, 4, 5]), iterations: 1000, hash: vector.algorithm.hash }, | ||
key, 128) | ||
}) | ||
.then(dBits => { | ||
assert.equal(!!dBits, true); | ||
assert.equal(dBits instanceof ArrayBuffer, true); | ||
assert.equal(dBits.byteLength, 128 / 8); | ||
assert.equal(new Buffer(dBits).toString("base64"), vector.derivedBits); | ||
}) | ||
.then(done, done); | ||
}); | ||
}); | ||
}); | ||
context("deriveKey", () => { | ||
vectorsKey.forEach(vector => { | ||
it(`AES-CBC password:${vector.password || "empty"} hash:${vector.algorithm.hash}`, done => { | ||
const raw = new Buffer(vector.password); | ||
let aes; | ||
subtle.importKey("raw", raw, vector.algorithm, false, ["deriveKey"]) | ||
.then((key) => { | ||
return crypto.subtle.deriveKey( | ||
{ name: "PBKDF2", salt: new Uint8Array([1, 2, 3, 4, 5]), iterations: 1000, hash: vector.algorithm.hash }, | ||
key, | ||
{ name: "AES-CBC", length: 128 }, | ||
true, | ||
["encrypt"] | ||
) | ||
}) | ||
.then(aesKey => { | ||
aes = aesKey | ||
return crypto.subtle.exportKey("jwk", aesKey); | ||
}) | ||
.then(jwk => { | ||
assert.equal(jwk.k, vector.key.k); | ||
return crypto.subtle.encrypt( | ||
{ name: "AES-CBC", iv: new Uint8Array([1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6]) }, | ||
aes, | ||
new Uint8Array([1, 2, 3, 4, 5, 6, 7, 8, 9, 0]) | ||
) | ||
}) | ||
.then(enc => { | ||
assert.equal(!!enc, true); | ||
assert.equal(enc instanceof ArrayBuffer, true); | ||
assert.equal(new Buffer(enc).toString("base64"), vector.encrypted); | ||
}) | ||
.then(done, done); | ||
}); | ||
}); | ||
}) | ||
}); |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
762386
4418