mirror of
https://github.com/danbulant/jose
synced 2026-05-19 04:18:52 +00:00
refactor: src/runtime/ecdhes.ts
This commit is contained in:
Filip Skokan
parent
8738325d48
commit
f71e583c5f
4 changed files with 14 additions and 46 deletions
|
|
@ -46,8 +46,8 @@ async function encryptKeyManagement(
|
|||
}
|
||||
const { apu, apv } = providedParameters
|
||||
let { epk: ephemeralKey } = providedParameters
|
||||
ephemeralKey ||= await ECDH.generateEpk(key)
|
||||
const { x, y, crv, kty } = await exportJWK(ephemeralKey)
|
||||
ephemeralKey ||= (await ECDH.generateEpk(key)).privateKey
|
||||
const { x, y, crv, kty } = await exportJWK(ephemeralKey!)
|
||||
const sharedSecret = await ECDH.deriveKey(
|
||||
key,
|
||||
ephemeralKey,
|
||||
|
|
|
|||
|
|
@ -1,8 +1,3 @@
|
|||
import type {
|
||||
EcdhAllowedFunction,
|
||||
EcdhESDeriveKeyFunction,
|
||||
GenerateEpkFunction,
|
||||
} from '../interfaces.d'
|
||||
import { encoder, concat, uint32be, lengthAndInput, concatKdf } from '../../lib/buffer_utils.js'
|
||||
import crypto, { isCryptoKey } from './webcrypto.js'
|
||||
import { checkEncCryptoKey } from '../../lib/crypto_key.js'
|
||||
|
|
@ -10,14 +5,14 @@ import digest from './digest.js'
|
|||
import invalidKeyInput from '../../lib/invalid_key_input.js'
|
||||
import { types } from './is_key_like.js'
|
||||
|
||||
export const deriveKey: EcdhESDeriveKeyFunction = async (
|
||||
export async function deriveKey(
|
||||
publicKey: unknown,
|
||||
privateKey: unknown,
|
||||
algorithm: string,
|
||||
keyLength: number,
|
||||
apu: Uint8Array = new Uint8Array(0),
|
||||
apv: Uint8Array = new Uint8Array(0),
|
||||
) => {
|
||||
) {
|
||||
if (!isCryptoKey(publicKey)) {
|
||||
throw new TypeError(invalidKeyInput(publicKey, ...types))
|
||||
}
|
||||
|
|
@ -53,21 +48,15 @@ export const deriveKey: EcdhESDeriveKeyFunction = async (
|
|||
return concatKdf(digest, sharedSecret, keyLength, value)
|
||||
}
|
||||
|
||||
export const generateEpk: GenerateEpkFunction = async (key: unknown) => {
|
||||
export async function generateEpk(key: unknown) {
|
||||
if (!isCryptoKey(key)) {
|
||||
throw new TypeError(invalidKeyInput(key, ...types))
|
||||
}
|
||||
|
||||
return (<{ publicKey: CryptoKey; privateKey: CryptoKey }>(
|
||||
await crypto.subtle.generateKey(
|
||||
{ name: 'ECDH', namedCurve: (<EcKeyAlgorithm>key.algorithm).namedCurve },
|
||||
true,
|
||||
['deriveBits'],
|
||||
)
|
||||
)).privateKey
|
||||
return crypto.subtle.generateKey(<EcKeyAlgorithm>key.algorithm, true, ['deriveBits'])
|
||||
}
|
||||
|
||||
export const ecdhAllowed: EcdhAllowedFunction = (key: unknown) => {
|
||||
export function ecdhAllowed(key: unknown) {
|
||||
if (!isCryptoKey(key)) {
|
||||
throw new TypeError(invalidKeyInput(key, ...types))
|
||||
}
|
||||
|
|
|
|||
16
src/runtime/interfaces.d.ts
vendored
16
src/runtime/interfaces.d.ts
vendored
|
|
@ -40,22 +40,6 @@ export interface Pbes2KWDecryptFunction {
|
|||
p2s: Uint8Array,
|
||||
): Promise<Uint8Array>
|
||||
}
|
||||
export interface EcdhESDeriveKeyFunction {
|
||||
(
|
||||
publicKey: unknown,
|
||||
privateKey: unknown,
|
||||
enc: string,
|
||||
keyLength: number,
|
||||
apu?: Uint8Array,
|
||||
apv?: Uint8Array,
|
||||
): AsyncOrSync<Uint8Array>
|
||||
}
|
||||
export interface EcdhAllowedFunction {
|
||||
(key: unknown): boolean
|
||||
}
|
||||
export interface GenerateEpkFunction {
|
||||
(key: unknown): Promise<KeyLike>
|
||||
}
|
||||
export interface EncryptFunction {
|
||||
(enc: string, plaintext: Uint8Array, cek: unknown, iv: Uint8Array, aad: Uint8Array): AsyncOrSync<{
|
||||
ciphertext: Uint8Array
|
||||
|
|
|
|||
|
|
@ -1,11 +1,6 @@
|
|||
import { diffieHellman, generateKeyPair as generateKeyPairCb, KeyObject } from 'crypto'
|
||||
import { promisify } from 'util'
|
||||
|
||||
import type {
|
||||
EcdhAllowedFunction,
|
||||
EcdhESDeriveKeyFunction,
|
||||
GenerateEpkFunction,
|
||||
} from '../interfaces.d'
|
||||
import getNamedCurve from './get_named_curve.js'
|
||||
import { encoder, concat, uint32be, lengthAndInput, concatKdf } from '../../lib/buffer_utils.js'
|
||||
import digest from './digest.js'
|
||||
|
|
@ -18,14 +13,14 @@ import { types } from './is_key_like.js'
|
|||
|
||||
const generateKeyPair = promisify(generateKeyPairCb)
|
||||
|
||||
export const deriveKey: EcdhESDeriveKeyFunction = (
|
||||
export async function deriveKey(
|
||||
publicKee: unknown,
|
||||
privateKee: unknown,
|
||||
algorithm: string,
|
||||
keyLength: number,
|
||||
apu: Uint8Array = new Uint8Array(0),
|
||||
apv: Uint8Array = new Uint8Array(0),
|
||||
) => {
|
||||
) {
|
||||
let publicKey: KeyObject
|
||||
if (isCryptoKey(publicKee)) {
|
||||
checkEncCryptoKey(publicKee, 'ECDH-ES')
|
||||
|
|
@ -57,7 +52,7 @@ export const deriveKey: EcdhESDeriveKeyFunction = (
|
|||
return concatKdf(digest, sharedSecret, keyLength, value)
|
||||
}
|
||||
|
||||
export const generateEpk: GenerateEpkFunction = async (kee: unknown) => {
|
||||
export async function generateEpk(kee: unknown) {
|
||||
let key: KeyObject
|
||||
if (isCryptoKey(kee)) {
|
||||
key = KeyObject.from(kee)
|
||||
|
|
@ -69,18 +64,18 @@ export const generateEpk: GenerateEpkFunction = async (kee: unknown) => {
|
|||
|
||||
switch (key.asymmetricKeyType) {
|
||||
case 'x25519':
|
||||
return (await generateKeyPair('x25519')).privateKey
|
||||
return generateKeyPair('x25519')
|
||||
case 'x448': {
|
||||
return (await generateKeyPair('x448')).privateKey
|
||||
return generateKeyPair('x448')
|
||||
}
|
||||
case 'ec': {
|
||||
const namedCurve = getNamedCurve(key)
|
||||
return (await generateKeyPair('ec', { namedCurve })).privateKey
|
||||
return generateKeyPair('ec', { namedCurve })
|
||||
}
|
||||
default:
|
||||
throw new JOSENotSupported('Invalid or unsupported EPK')
|
||||
}
|
||||
}
|
||||
|
||||
export const ecdhAllowed: EcdhAllowedFunction = (key: unknown) =>
|
||||
export const ecdhAllowed = (key: unknown) =>
|
||||
['P-256', 'P-384', 'P-521', 'X25519', 'X448'].includes(getNamedCurve(key))
|
||||
|
|
|
|||
Loading…
Reference in a new issue