From 5770d303dd8d00a70d681b9d6e49f7bb5a91c8a9 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Tue, 15 Feb 2022 16:21:11 +0100 Subject: [PATCH] refactor: SHA-2 digests --- src/jwk/thumbprint.ts | 8 ++++++++ src/lib/buffer_utils.ts | 9 ++------- src/runtime/browser/ecdhes.ts | 3 +-- src/runtime/node/ecdhes.ts | 3 +-- 4 files changed, 12 insertions(+), 11 deletions(-) diff --git a/src/jwk/thumbprint.ts b/src/jwk/thumbprint.ts index 7e25ef97..f38a8a4d 100644 --- a/src/jwk/thumbprint.ts +++ b/src/jwk/thumbprint.ts @@ -39,6 +39,14 @@ export async function calculateJwkThumbprint( throw new TypeError('JWK must be an object') } + if ( + digestAlgorithm !== 'sha256' && + digestAlgorithm !== 'sha384' && + digestAlgorithm !== 'sha512' + ) { + throw new TypeError('digestAlgorithm must one of "sha256", "sha384, or "sha512"') + } + let components: JWK switch (jwk.kty) { case 'EC': diff --git a/src/lib/buffer_utils.ts b/src/lib/buffer_utils.ts index ca133169..280d3a10 100644 --- a/src/lib/buffer_utils.ts +++ b/src/lib/buffer_utils.ts @@ -1,4 +1,4 @@ -import type { DigestFunction } from '../runtime/interfaces.d' +import digest from '../runtime/digest.js' export const encoder = new TextEncoder() export const decoder = new TextDecoder() @@ -46,12 +46,7 @@ export function lengthAndInput(input: Uint8Array) { return concat(uint32be(input.length), input) } -export async function concatKdf( - digest: DigestFunction, - secret: Uint8Array, - bits: number, - value: Uint8Array, -) { +export async function concatKdf(secret: Uint8Array, bits: number, value: Uint8Array) { const iterations = Math.ceil((bits >> 3) / 32) let res!: Uint8Array diff --git a/src/runtime/browser/ecdhes.ts b/src/runtime/browser/ecdhes.ts index 19bdfbf7..3d2ac931 100644 --- a/src/runtime/browser/ecdhes.ts +++ b/src/runtime/browser/ecdhes.ts @@ -1,7 +1,6 @@ import { encoder, concat, uint32be, lengthAndInput, concatKdf } from '../../lib/buffer_utils.js' import crypto, { isCryptoKey } from './webcrypto.js' import { checkEncCryptoKey } from '../../lib/crypto_key.js' -import digest from './digest.js' import invalidKeyInput from '../../lib/invalid_key_input.js' import { types } from './is_key_like.js' @@ -44,7 +43,7 @@ export async function deriveKey( ), ) - return concatKdf(digest, sharedSecret, keyLength, value) + return concatKdf(sharedSecret, keyLength, value) } export async function generateEpk(key: unknown) { diff --git a/src/runtime/node/ecdhes.ts b/src/runtime/node/ecdhes.ts index 88a3bb7e..40a076d9 100644 --- a/src/runtime/node/ecdhes.ts +++ b/src/runtime/node/ecdhes.ts @@ -3,7 +3,6 @@ import { promisify } from 'util' import getNamedCurve from './get_named_curve.js' import { encoder, concat, uint32be, lengthAndInput, concatKdf } from '../../lib/buffer_utils.js' -import digest from './digest.js' import { JOSENotSupported } from '../../util/errors.js' import { isCryptoKey } from './webcrypto.js' import { checkEncCryptoKey } from '../../lib/crypto_key.js' @@ -49,7 +48,7 @@ export async function deriveKey( ) const sharedSecret = diffieHellman({ privateKey, publicKey }) - return concatKdf(digest, sharedSecret, keyLength, value) + return concatKdf(sharedSecret, keyLength, value) } export async function generateEpk(kee: unknown) {