UNPKG

@bedrock/web-pouch-edv

Version:

PouchDB EDV Storage

github.com/digitalbazaar/bedrock-pouch-edv

digitalbazaar/bedrock-web-pouch-edv

76 lines (69 loc) 2.43 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
/*! * Copyright (c) 2022-2023 Digital Bazaar, Inc. All rights reserved. */ // eslint-disable-next-line no-undef const {crypto} = globalThis; const EXTRACTABLE = true; export class Kek { constructor({key} = {}) { this.key = key; } /** * Wraps a cryptographic key. * * @param {object} options - The options to use. * @param {Uint8Array|CryptoKey} options.unwrappedKey - The key material as a * `Uint8Array` or CryptoKey. * * @returns {Promise<Uint8Array>} - The wrapped key bytes. */ async wrapKey({unwrappedKey} = {}) { const kek = this.key; if(unwrappedKey instanceof Uint8Array) { // Note: `HMAC` algorithm name doesn't matter; will be exported raw. const extractable = true; unwrappedKey = await crypto.subtle.importKey( 'raw', unwrappedKey, { name: 'HMAC', hash: 'SHA-512', length: unwrappedKey.length * 8 }, // key usage of `sign` refers to the key that is to be wrapped not // the KEK itself; we just treat it like an HMAC key regardless of // what it is extractable, ['sign']); } const wrappedKey = await crypto.subtle.wrapKey( 'raw', unwrappedKey, kek, kek.algorithm); return new Uint8Array(wrappedKey); } /** * Unwraps a cryptographic key. * * @param {object} options - The options to use. * @param {Uint8Array} options.wrappedKey - The wrapped key material. * * @returns {Promise<Uint8Array>} - Resolves to the key bytes or null if * the unwrapping fails because the key does not match. */ async unwrapKey({wrappedKey}) { const kek = this.key; // Note: `HMAC` algorithm name doesn't matter; will be exported raw. try { const key = await crypto.subtle.unwrapKey( 'raw', wrappedKey, kek, kek.algorithm, // key usage of `encrypt` refers to the key that is being unwrapped; // we just treat it like an HMAC key regardless of what it is {name: 'HMAC', hash: 'SHA-512'}, EXTRACTABLE, ['sign']); const keyBytes = await crypto.subtle.exportKey('raw', key); return new Uint8Array(keyBytes); } catch(e) { // unwrapping key failed return null; } } static async import({secret} = {}) { const key = await crypto.subtle.importKey( 'raw', secret, {name: 'AES-KW', length: 256}, EXTRACTABLE, ['wrapKey', 'unwrapKey']); return new Kek({key}); } }