UNPKG

@guarani/jose

Version:

Implementation of the RFCs of the JOSE Working Group.

github.com/guaranijs/guarani/tree/master/packages/jose

guaranijs/guarani

77 lines (76 loc) 3.58 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.RSA_OAEP_512 = exports.RSA_OAEP_384 = exports.RSA_OAEP_256 = exports.RSA_OAEP = exports.RSA1_5 = void 0; const crypto_1 = require("crypto"); const invalid_json_web_key_exception_1 = require("../../../exceptions/invalid-json-web-key.exception"); const rsa_padding_1 = require("../../../jwk/algorithms/rsa/types/rsa-padding"); const jsonwebencryption_keywrap_algorithm_1 = require("./jsonwebencryption-keywrap.algorithm"); /** * Implementation of the RSA JSON Web Encryption Key Wrap Algorithm. */ class RSAKeyWrapAlgorithm extends jsonwebencryption_keywrap_algorithm_1.JsonWebEncryptionKeyWrapAlgorithm { /** * Instantiates a new JSON Web Encryption RSA Key Wrap Algorithm to Wrap and Unwrap Content Encryption Keys. * * @param algorithm Name of the JSON Web Encryption Key Wrap Algorithm. * @param padding RSA Encryption Padding used by the JSON Web Encryption Key Wrap Algorithm. * @param hashAlgorithm Name of the Hash Algorithm. */ constructor(algorithm, padding, hashAlgorithm) { super(algorithm, 'RSA'); this.padding = padding; this.hashAlgorithm = hashAlgorithm; } /** * Wraps the provided Content Encryption Key using the provide JSON Web Key. * * @param enc JSON Web Encryption Content Encryption Algorithm. * @param key JSON Web Key used to Wrap the provided Content Encryption Key. * @returns Wrapped Content Encryption Key and optional additional JSON Web Encryption Header Parameters. */ async wrap(enc, key) { this.validateJsonWebKey(key); const cryptoKey = Reflect.get(key, 'cryptoKey'); const cek = await enc.generateContentEncryptionKey(); const ek = (0, crypto_1.publicEncrypt)({ key: cryptoKey, oaepHash: this.hashAlgorithm, padding: this.padding }, cek); return { cek, ek }; } /** * Unwraps the provided Encrypted Key using the provided JSON Web Key. * * @param enc JSON Web Encryption Content Encryption Algorithm. * @param key JSON Web Key used to Unwrap the Wrapped Content Encryption Key. * @param ek Wrapped Content Encryption Key. * @returns Unwrapped Content Encryption Key. */ async unwrap(enc, key, ek) { this.validateJsonWebKey(key); if (key.d === undefined) { throw new invalid_json_web_key_exception_1.InvalidJsonWebKeyException('An RSA Private JSON Web Key is needed to Unwrap the provided Wrapped Content Encryption Key.'); } const cryptoKey = Reflect.get(key, 'cryptoKey'); const cek = (0, crypto_1.privateDecrypt)({ key: cryptoKey, oaepHash: this.hashAlgorithm, padding: this.padding }, ek); enc.validateContentEncryptionKey(cek); return cek; } } /** * RSAES-PKCS1-v1_5. */ exports.RSA1_5 = new RSAKeyWrapAlgorithm('RSA1_5', rsa_padding_1.RsaPadding.PKCS1); /** * RSAES OAEP using default parameters. */ exports.RSA_OAEP = new RSAKeyWrapAlgorithm('RSA-OAEP', rsa_padding_1.RsaPadding.OAEP, 'SHA1'); /** * RSAES OAEP using SHA-256 and MGF1 with SHA-256. */ exports.RSA_OAEP_256 = new RSAKeyWrapAlgorithm('RSA-OAEP-256', rsa_padding_1.RsaPadding.OAEP, 'SHA256'); /** * RSAES OAEP using SHA-384 and MGF1 with SHA-384. */ exports.RSA_OAEP_384 = new RSAKeyWrapAlgorithm('RSA-OAEP-384', rsa_padding_1.RsaPadding.OAEP, 'SHA384'); /** * RSAES OAEP using SHA-512 and MGF1 with SHA-512. */ exports.RSA_OAEP_512 = new RSAKeyWrapAlgorithm('RSA-OAEP-512', rsa_padding_1.RsaPadding.OAEP, 'SHA512');