Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

node-webcrypto-ossl

Package Overview
Dependencies
Maintainers
2
Versions
60
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

node-webcrypto-ossl - npm Package Compare versions

Comparing version 1.0.16 to 1.0.17

94

lib/crypto/ec.ts

@@ -75,6 +75,54 @@ // Core

const alg = algorithm as Algorithm;
const data: { [key: string]: Buffer } = {};
let key_type = native.KeyType.PUBLIC;
switch (_format) {
case "raw":
if (!Buffer.isBuffer(keyData))
throw new WebCryptoError("ImportKey: keyData is not a Buffer");
let keyLength = 0;
let crv = "";
if (keyData.length === 65) {
// P-256
crv = "P-256";
// Key length 32 Byte
keyLength = 32;
} else if (keyData.length === 97) {
// P-384
crv = "P-384";
// Key length 48 Byte
keyLength = 48;
} else if (keyData.length === 133) {
// P-521
crv = "P-521";
// Key length: 521/= 65,125 => 66 Byte
keyLength = 66;
}
let x = keyData.slice(1, keyLength + 1);
let y = keyData.slice(keyLength + 1, (keyLength * 2) + 1);
data["kty"] = new Buffer("EC", "utf-8");
data["crv"] = nc2ssl(crv);
data["x"] = b64_decode(Base64Url.encode(buf_pad(x, keyLength)));
data["y"] = b64_decode(Base64Url.encode(buf_pad(y, keyLength)));
native.Key.importJwk(data, key_type, (err, key) => {
try {
if (err)
reject(new WebCryptoError(`ImportKey: Cannot import key from JWK\n${err}`));
else {
let ec = new CryptoKey(key, alg, key_type ? "private" : "public", extractable, keyUsages);
resolve(ec);
}
}
catch (e) {
reject(e);
}
});
break;
case "jwk":
const jwk = keyData as JsonWebKey;
const data: { [key: string]: Buffer } = {};
// prepare data

@@ -85,3 +133,2 @@ data["kty"] = jwk.kty as any;

data["y"] = b64_decode(jwk.y!);
let key_type = native.KeyType.PUBLIC;
if (jwk.d) {

@@ -149,6 +196,8 @@ key_type = native.KeyType.PRIVATE;

switch (jwk.crv) {
// case "P-251":
// break;
// case "P-384":
// break;
case "P-256":
padSize = 32;
break;
case "P-384":
padSize = 48;
break;
case "P-521":

@@ -186,2 +235,35 @@ padSize = 66;

break;
case "raw":
nkey.exportJwk(type, (err, data) => {
if (err) {
reject(err);
} else {
let padSize = 0;
let crv = (key.algorithm as any).namedCurve;
switch (crv) {
case "P-256":
padSize = 32;
break;
case "P-384":
padSize = 48;
break;
case "P-521":
padSize = 66;
break;
}
let x = Base64Url.decode(Base64Url.encode(buf_pad(data.x, padSize)));
let y = Base64Url.decode(Base64Url.encode(buf_pad(data.y, padSize)));
let rawKey = new Uint8Array(1 + x.length + y.length);
rawKey.set([4]);
rawKey.set(x, 1);
rawKey.set(y, 1 + x.length);
resolve(rawKey.buffer);
}
});
break;
default:

@@ -188,0 +270,0 @@ throw new WebCryptoError(`ExportKey: Unknown export format '${format}'`);

2

package.json
{
"name": "node-webcrypto-ossl",
"version": "1.0.16",
"version": "1.0.17",
"repository": {

@@ -5,0 +5,0 @@ "type": "git",

@@ -10,3 +10,3 @@ # node-webcrypto-ossl

We wanted to be able to write Javascript that used crypto on both the client and the server but we did not want to rely on Javascript implementations of crypto. The only native cryptography availible in browser is [Web Crypto](caniuse.com/#search=cryptography), this resulted in us creating a `node-webcrypto-ossl` a native polyfil for WebCrypto based on Openssl.
We wanted to be able to write Javascript that used crypto on both the client and the server but we did not want to rely on Javascript implementations of crypto. The only native cryptography availible in browser is [Web Crypto](http://caniuse.com/#search=cryptography), this resulted in us creating a `node-webcrypto-ossl` a native polyfil for WebCrypto based on Openssl.

@@ -13,0 +13,0 @@ ## Table Of Contents

@@ -151,3 +151,3 @@ "use strict";

// Format
["jwk", "spki", "pkcs8"].forEach(format => {
["jwk", "spki", "pkcs8", "raw"].forEach(format => {
it(`${format}\t${key.name}`, done => {

@@ -157,3 +157,8 @@ var promise = Promise.resolve();

[key.privateKey, key.publicKey].forEach(_key => {
if ((format === "spki" && _key.type === "public") || (format === "pkcs8" && _key.type === "private") || format === "jwk")
if (
(format === "raw" && _key.type === "public") ||
(format === "spki" && _key.type === "public") ||
(format === "pkcs8" && _key.type === "private") ||
(format === "jwk")
)
promise = promise.then(() => {

@@ -163,3 +168,5 @@ return webcrypto.subtle.exportKey(format, _key)

assert.equal(!!jwk, true, "Has no jwk value");
// TODO assert JWK params
if(format === "raw") {
// TODO assert JWK params
}
return webcrypto.subtle.importKey(format, jwk, _key.algorithm, true, _key.usages);

@@ -179,2 +186,36 @@ })

});
context("Combined test", () => {
["jwk", "spki", "raw"].forEach(format => {
it(`${format}\tECDH generateKey + exportKey + importKey + deriveBits`, done => {
webcrypto.subtle.generateKey({ name: "ECDH", namedCurve: "P-256"}, false, ["deriveKey", "deriveBits"])
.then(function(key1){
webcrypto.subtle.generateKey({ name: "ECDH", namedCurve: "P-256"}, false, ["deriveKey", "deriveBits"])
.then(function(key2){
webcrypto.subtle.exportKey(format ,key1.publicKey)
.then(function(keydata1){
webcrypto.subtle.exportKey(format ,key2.publicKey)
.then(function(keydata2){
webcrypto.subtle.importKey(format , keydata1, { name: "ECDH", namedCurve: "P-256" }, true, [])
.then(function(pub1){
webcrypto.subtle.importKey(format , keydata2, { name: "ECDH", namedCurve: "P-256" }, true, [])
.then(function(pub2){
webcrypto.subtle.deriveBits({ name: "ECDH", namedCurve: "P-256", public: pub1 }, key2.privateKey, 128)
.then(function(bits1){
webcrypto.subtle.deriveBits({ name: "ECDH", namedCurve: "P-256", public: pub2 }, key1.privateKey, 128)
.then(function(bits2){
assert.deepEqual(new Uint8Array(bits1), new Uint8Array(bits2), "derive Bits not equal");
}).then(done, done);
});
});
});
});
});
});
});
});
});
});
});

@@ -19,23 +19,64 @@ "use strict";

const vectorsKey = [{ "algorithm": { "name": "PBKDF2", "hash": "SHA-1" }, "password": "", "key": { "alg": "A128CBC", "ext": true, "k": "MZjBCKYUvm9T9Ux3_5HgHw", "key_ops": ["encrypt"], "kty": "oct" }, "encrypted": "PZySgqtYaAzTLv+eevqUFQ==" }, { "algorithm": { "name": "PBKDF2", "hash": "SHA-256" }, "password": "", "key": { "alg": "A128CBC", "ext": true, "k": "GlOzGKZYUz1EYCdJtZeRXg", "key_ops": ["encrypt"], "kty": "oct" }, "encrypted": "BOAUIe71oASqkAkEaexcew==" }, { "algorithm": { "name": "PBKDF2", "hash": "SHA-384" }, "password": "", "key": { "alg": "A128CBC", "ext": true, "k": "CdVn_cAjFqdLrCV-dz_LpA", "key_ops": ["encrypt"], "kty": "oct" }, "encrypted": "u1+ZPiMlJ9nsXVxeQ+Aq5w==" }, { "algorithm": { "name": "PBKDF2", "hash": "SHA-512" }, "password": "", "key": { "alg": "A128CBC", "ext": true, "k": "WGqAJBM7TF6Sn-Am3-6RoA", "key_ops": ["encrypt"], "kty": "oct" }, "encrypted": "Nk9mDREG3cxn1SxlsJQUIg==" }, { "algorithm": { "name": "PBKDF2", "hash": "SHA-1" }, "password": "password", "key": { "alg": "A128CBC", "ext": true, "k": "yvcSWNZgau4mEfezNj-rtg", "key_ops": ["encrypt"], "kty": "oct" }, "encrypted": "s9bk3ikb7xRwHFKvkBensA==" }, { "algorithm": { "name": "PBKDF2", "hash": "SHA-256" }, "password": "password", "key": { "alg": "A128CBC", "ext": true, "k": "Sj4bTP75DW4A_IN08TwLDg", "key_ops": ["encrypt"], "kty": "oct" }, "encrypted": "EXGntv99x28t9rI4uuYGoA==" }, { "algorithm": { "name": "PBKDF2", "hash": "SHA-384" }, "password": "password", "key": { "alg": "A128CBC", "ext": true, "k": "n4dQaniQ-UlRohiDSL3dKQ", "key_ops": ["encrypt"], "kty": "oct" }, "encrypted": "9QNeVgy/CmNRZ6rztCX4iQ==" }, { "algorithm": { "name": "PBKDF2", "hash": "SHA-512" }, "password": "password", "key": { "alg": "A128CBC", "ext": true, "k": "jTNIFwT5oHTGb2G2b6gJ8w", "key_ops": ["encrypt"], "kty": "oct" }, "encrypted": "NNQ94K7/yvygm2pQRKM8xw==" }];
context("PBKDF2", () => {
vectors.forEach(vector => {
it(`password:${vector.password || "empty"} hash:${vector.algorithm.hash}`, done => {
const raw = new Buffer(vector.password);
subtle.importKey("raw", raw, vector.algorithm, false, ["deriveBits"])
.then((key) => {
return crypto.subtle.deriveBits(
{ name: "PBKDF2", salt: new Uint8Array([1, 2, 3, 4, 5]), iterations: 1000, hash: vector.algorithm.hash },
key, 128)
})
.then(dBits => {
assert.equal(!!dBits, true);
assert.equal(dBits instanceof ArrayBuffer, true);
assert.equal(dBits.byteLength, 128 / 8);
assert.equal(new Buffer(dBits).toString("base64"), vector.derivedBits);
})
.then(done, done);
context("deriveBits", () => {
vectors.forEach(vector => {
it(`password:${vector.password || "empty"} hash:${vector.algorithm.hash}`, done => {
const raw = new Buffer(vector.password);
subtle.importKey("raw", raw, vector.algorithm, false, ["deriveBits"])
.then((key) => {
return crypto.subtle.deriveBits(
{ name: "PBKDF2", salt: new Uint8Array([1, 2, 3, 4, 5]), iterations: 1000, hash: vector.algorithm.hash },
key, 128)
})
.then(dBits => {
assert.equal(!!dBits, true);
assert.equal(dBits instanceof ArrayBuffer, true);
assert.equal(dBits.byteLength, 128 / 8);
assert.equal(new Buffer(dBits).toString("base64"), vector.derivedBits);
})
.then(done, done);
});
});
});
context("deriveKey", () => {
vectorsKey.forEach(vector => {
it(`AES-CBC password:${vector.password || "empty"} hash:${vector.algorithm.hash}`, done => {
const raw = new Buffer(vector.password);
let aes;
subtle.importKey("raw", raw, vector.algorithm, false, ["deriveKey"])
.then((key) => {
return crypto.subtle.deriveKey(
{ name: "PBKDF2", salt: new Uint8Array([1, 2, 3, 4, 5]), iterations: 1000, hash: vector.algorithm.hash },
key,
{ name: "AES-CBC", length: 128 },
true,
["encrypt"]
)
})
.then(aesKey => {
aes = aesKey
return crypto.subtle.exportKey("jwk", aesKey);
})
.then(jwk => {
assert.equal(jwk.k, vector.key.k);
return crypto.subtle.encrypt(
{ name: "AES-CBC", iv: new Uint8Array([1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6]) },
aes,
new Uint8Array([1, 2, 3, 4, 5, 6, 7, 8, 9, 0])
)
})
.then(enc => {
assert.equal(!!enc, true);
assert.equal(enc instanceof ArrayBuffer, true);
assert.equal(new Buffer(enc).toString("base64"), vector.encrypted);
})
.then(done, done);
});
});
})
});
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc