js-crypto-utils
Version:
JavaScript cryptographic utilities for OpenSSL-WebCrypto compatibility including PEM/X509-JWK converter.
301 lines • 15.5 kB
JavaScript
"use strict";
/**
* pkc.js
*/
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
__setModuleDefault(result, mod);
return result;
};
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
var __generator = (this && this.__generator) || function (thisArg, body) {
var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
function verb(n) { return function (v) { return step([n, v]); }; }
function step(op) {
if (f) throw new TypeError("Generator is already executing.");
while (g && (g = 0, op[0] && (_ = 0)), _) try {
if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
if (y = 0, t) op = [op[0] & 2, t.value];
switch (op[0]) {
case 0: case 1: t = op; break;
case 4: _.label++; return { value: op[1], done: false };
case 5: _.label++; y = op[1]; op = [0]; continue;
case 7: op = _.ops.pop(); _.trys.pop(); continue;
default:
if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
if (t[2]) _.ops.pop();
_.trys.pop(); continue;
}
op = body.call(thisArg, _);
} catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
}
};
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.decrypt = exports.encrypt = exports.verify = exports.sign = exports.generateKey = void 0;
var js_crypto_ec_1 = __importDefault(require("js-crypto-ec"));
var js_crypto_rsa_1 = __importDefault(require("js-crypto-rsa"));
var js_crypto_key_utils_1 = require("js-crypto-key-utils");
var pkcec = __importStar(require("./pkcec"));
var params = __importStar(require("./params"));
var cloneDeep = require('lodash.clonedeep'); // work around
// import cloneDeep from 'lodash.clonedeep';
/**
* Generate key pair in JWK format
* @param {'EC'|'RSA'} [keyType='EC'] - Type of public/private key.
* @param {ECKeyGenerationOption|RSAKeyGenerationOption} [options={}] - Key generation options.
* @return {Promise<{publicKey: JsonWebKey, privateKey: JsonWebKey}>} - Generated key pair in JWK format.
*/
var generateKey = function (keyType, options) {
if (keyType === void 0) { keyType = 'EC'; }
return __awaiter(void 0, void 0, void 0, function () {
var localOpt, kp;
return __generator(this, function (_a) {
switch (_a.label) {
case 0:
localOpt = cloneDeep(options);
if (!(keyType === 'EC')) return [3 /*break*/, 2];
return [4 /*yield*/, js_crypto_ec_1.default.generateKey(localOpt.namedCurve)];
case 1:
kp = _a.sent();
return [3 /*break*/, 5];
case 2:
if (!(keyType === 'RSA')) return [3 /*break*/, 4];
if (typeof localOpt.publicExponent === 'undefined') {
localOpt.publicExponent = new Uint8Array([0x01, 0x00, 0x01]);
}
return [4 /*yield*/, js_crypto_rsa_1.default.generateKey(localOpt.modulusLength, localOpt.publicExponent)];
case 3:
kp = _a.sent();
return [3 /*break*/, 5];
case 4: throw new Error('UnsupportedKeyType');
case 5: return [2 /*return*/, {
publicKey: new js_crypto_key_utils_1.Key('jwk', kp.publicKey),
privateKey: new js_crypto_key_utils_1.Key('jwk', kp.privateKey)
}];
}
});
});
};
exports.generateKey = generateKey;
/**
* Sign message with given private key in jwk
* @param {Uint8Array} msg - Message byte array to be signed.
* @param {Key} privateKey - Private key object for signing.
* @param {String} [hash='SHA-256'] - Name of hash algorithm like 'SHA-256'.
* @param {RSASigningOption|ECSigningOption} [options={}] - Signing options.
* @return {Promise<Uint8Array>} - Signature byte array.
* @throws {Error} - Throws if NonKeyObject or UnsupportedKeyType.
*/
var sign = function (msg, privateKey, hash, options) {
if (hash === void 0) { hash = 'SHA-256'; }
if (options === void 0) { options = undefined; }
return __awaiter(void 0, void 0, void 0, function () {
var privateJwk, signature, localOpt, localOpt;
return __generator(this, function (_a) {
switch (_a.label) {
case 0:
if (!(privateKey instanceof js_crypto_key_utils_1.Key))
throw new Error('NonKeyObject');
return [4 /*yield*/, privateKey.export('jwk')];
case 1:
privateJwk = _a.sent();
if (!(privateJwk.kty === 'EC')) return [3 /*break*/, 3];
localOpt = (typeof options === 'undefined') ? { format: 'raw' } : cloneDeep(options);
return [4 /*yield*/, js_crypto_ec_1.default.sign(msg, privateJwk, hash, localOpt.format)];
case 2:
signature = _a.sent();
return [3 /*break*/, 6];
case 3:
if (!(privateJwk.kty === 'RSA')) return [3 /*break*/, 5];
localOpt = (typeof options === 'undefined') ? { name: 'RSA-PSS', saltLength: params.hashes[hash].hashSize } : cloneDeep(options);
return [4 /*yield*/, js_crypto_rsa_1.default.sign(msg, privateJwk, hash, localOpt)];
case 4:
signature = _a.sent();
return [3 /*break*/, 6];
case 5: throw new Error('UnsupportedKeyType');
case 6: return [2 /*return*/, signature];
}
});
});
};
exports.sign = sign;
/**
* Verify message with given public key
* @param {Uint8Array} msg - A plaintext message to be verified.
* @param {Uint8Array} sig - Signature byte array.
* @param {Key} publicKey - Public key object for verification.
* @param {String} [hash='SHA-256'] - Name of hash algorithm like 'SHA-256'.
* @param {RSASigningOption|ECSigningOption} [options={}] - Signing options.
* @return {Promise<boolean>} - Result of verification.
* @throws {Error} - Throws if NonKeyObject or UnsupportedKeyType.
*/
var verify = function (msg, sig, publicKey, // TODO
hash, options) {
if (hash === void 0) { hash = 'SHA-256'; }
if (options === void 0) { options = undefined; }
return __awaiter(void 0, void 0, void 0, function () {
var publicJwk, valid, localOpt, localOpt;
return __generator(this, function (_a) {
switch (_a.label) {
case 0:
if (!(publicKey instanceof js_crypto_key_utils_1.Key))
throw new Error('NonKeyObject');
return [4 /*yield*/, publicKey.export('jwk')];
case 1:
publicJwk = _a.sent();
if (!(publicJwk.kty === 'EC')) return [3 /*break*/, 3];
localOpt = (typeof options === 'undefined') ? { format: 'raw' } : cloneDeep(options);
return [4 /*yield*/, js_crypto_ec_1.default.verify(msg, sig, publicJwk, hash, localOpt.format)];
case 2:
valid = _a.sent();
return [3 /*break*/, 6];
case 3:
if (!(publicJwk.kty === 'RSA')) return [3 /*break*/, 5];
localOpt = (typeof options === 'undefined') ? { name: 'RSA-PSS', saltLength: params.hashes[hash].hashSize } : cloneDeep(options);
return [4 /*yield*/, js_crypto_rsa_1.default.verify(msg, sig, publicJwk, hash, localOpt)];
case 4:
valid = _a.sent();
return [3 /*break*/, 6];
case 5: throw new Error('UnsupportedKeyType');
case 6: return [2 /*return*/, valid];
}
});
});
};
exports.verify = verify;
/**
* Encryption with public key algorithm. in case of ECDH.
* Session key is derived from HKDF and the data itself will be encrypted by symmetric cipher.
* @param {Uint8Array} msg - Plaintext message to be encrypted.
* @param {Key} publicKey - Public key object.
* @param {RSAEncryptionOption|ECEncryptionOptions} [options={}] - Encryption options.
* @return {Promise<PKCCiphertextObject>} - Encrypted message object.
* @throws {Error} - Throws if NonKeyObject, MissingOrInvalidPrivateKeyForECDH, or UnsupportedKeyType.
*/
var encrypt = function (msg, publicKey, options) {
if (options === void 0) { options = undefined; }
return __awaiter(void 0, void 0, void 0, function () {
var publicJwk, ciphertext, localOpt, _a, localOpt;
var _b;
return __generator(this, function (_c) {
switch (_c.label) {
case 0:
if (!(publicKey instanceof js_crypto_key_utils_1.Key))
throw new Error('NonKeyObject');
return [4 /*yield*/, publicKey.export('jwk')];
case 1:
publicJwk = _c.sent();
if (!(publicJwk.kty === 'EC')) return [3 /*break*/, 4];
localOpt = cloneDeep(options);
if (!localOpt.privateKey || !(localOpt.privateKey instanceof js_crypto_key_utils_1.Key))
throw new Error('MissingOrInvalidPrivateKeyForECDH');
_a = localOpt;
return [4 /*yield*/, localOpt.privateKey.export('jwk')];
case 2:
_a.privateKey = (_c.sent());
return [4 /*yield*/, pkcec.encryptEc(msg, publicJwk, localOpt)];
case 3:
ciphertext = _c.sent();
return [3 /*break*/, 7];
case 4:
if (!(publicJwk.kty === 'RSA')) return [3 /*break*/, 6];
localOpt = cloneDeep(options);
if (typeof localOpt.hash !== 'undefined')
localOpt.hash = 'SHA-256';
if (typeof localOpt.label !== 'undefined')
localOpt.label = new Uint8Array([]);
_b = {};
return [4 /*yield*/, js_crypto_rsa_1.default.encrypt(msg, publicJwk, localOpt.hash, localOpt.label)];
case 5:
ciphertext = (_b.data = _c.sent(), _b);
return [3 /*break*/, 7];
case 6: throw new Error('UnsupportedKeyType');
case 7: return [2 /*return*/, ciphertext];
}
});
});
};
exports.encrypt = encrypt;
/**
* Decryption with public key algorithm. in case of ECDH
* Session key is derived from HKDF and the data itself will be decrypted by symmetric cipher.
* @param {Uint8Array} data - Encrypted message body, i.e., PKCCiphertextObject.data.
* @param {Key} privateKey - Private key object
* @param {RSAEncryptionOption|ECDecryptionOptions} [options={}] - Decryption Options.
* @return {Promise<Uint8Array>} - Decrypted message byte array.
* @throws {Error} - Throws if NonKeyObject, MissingPublicKeyForECDH, or UnsupportedKeyType.
*/
var decrypt = function (data, privateKey, options) { return __awaiter(void 0, void 0, void 0, function () {
var privateJwk, msg, localOpt, _a, localOpt;
return __generator(this, function (_b) {
switch (_b.label) {
case 0:
if (!(privateKey instanceof js_crypto_key_utils_1.Key))
throw new Error('NonKeyObject');
return [4 /*yield*/, privateKey.export('jwk')];
case 1:
privateJwk = _b.sent();
if (!(privateJwk.kty === 'EC')) return [3 /*break*/, 4];
localOpt = cloneDeep(options);
if (!localOpt.publicKey)
throw new Error('MissingPublicKeyForECDH');
_a = localOpt;
return [4 /*yield*/, localOpt.publicKey.export('jwk')];
case 2:
_a.publicKey = (_b.sent());
return [4 /*yield*/, pkcec.decryptEc(data, privateJwk, localOpt)];
case 3:
msg = _b.sent();
return [3 /*break*/, 7];
case 4:
if (!(privateJwk.kty === 'RSA')) return [3 /*break*/, 6];
localOpt = cloneDeep(options);
if (typeof localOpt.hash !== 'undefined')
localOpt.hash = 'SHA-256';
if (typeof localOpt.label !== 'undefined')
localOpt.label = new Uint8Array([]);
return [4 /*yield*/, js_crypto_rsa_1.default.decrypt(data, privateJwk, localOpt.hash, localOpt.label)];
case 5:
msg = _b.sent();
return [3 /*break*/, 7];
case 6: throw new Error('UnsupportedKeyType');
case 7: return [2 /*return*/, msg];
}
});
}); };
exports.decrypt = decrypt;
//# sourceMappingURL=pkc.js.map