261 lines
8.0 KiB
JavaScript
261 lines
8.0 KiB
JavaScript
"use strict";
|
|
|
|
var _interopRequireWildcard = require("@babel/runtime/helpers/interopRequireWildcard");
|
|
|
|
var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
|
|
|
|
Object.defineProperty(exports, "__esModule", {
|
|
value: true
|
|
});
|
|
exports.deriveSecret = exports.verify = exports.sign = exports.generateKey = void 0;
|
|
|
|
var _regenerator = _interopRequireDefault(require("@babel/runtime/regenerator"));
|
|
|
|
var _asyncToGenerator2 = _interopRequireDefault(require("@babel/runtime/helpers/asyncToGenerator"));
|
|
|
|
var _jsEncodingUtils = _interopRequireDefault(require("js-encoding-utils"));
|
|
|
|
var asn1enc = _interopRequireWildcard(require("./asn1enc.js"));
|
|
|
|
/**
|
|
* webapi.js
|
|
*/
|
|
|
|
/**
|
|
* Generate elliptic curve cryptography public/private key pair. Generated keys are in JWK.
|
|
* @param {String} namedCurve - Name of curve like 'P-256'.
|
|
* @param {Object} webCrypto - WebCryptoSubtle object.
|
|
* @return {Promise<{publicKey: JsonWebKey, privateKey: JsonWebKey}>} - The generated keys.
|
|
*/
|
|
var generateKey =
|
|
/*#__PURE__*/
|
|
function () {
|
|
var _ref = (0, _asyncToGenerator2.default)(
|
|
/*#__PURE__*/
|
|
_regenerator.default.mark(function _callee(namedCurve, webCrypto) {
|
|
var keys, publicKey, privateKey;
|
|
return _regenerator.default.wrap(function _callee$(_context) {
|
|
while (1) {
|
|
switch (_context.prev = _context.next) {
|
|
case 0:
|
|
_context.next = 2;
|
|
return webCrypto.generateKey({
|
|
name: 'ECDSA',
|
|
namedCurve: namedCurve,
|
|
hash: {
|
|
name: 'SHA-256'
|
|
}
|
|
}, true, ['sign', 'verify']);
|
|
|
|
case 2:
|
|
keys = _context.sent;
|
|
_context.next = 5;
|
|
return webCrypto.exportKey('jwk', keys.publicKey);
|
|
|
|
case 5:
|
|
publicKey = _context.sent;
|
|
_context.next = 8;
|
|
return webCrypto.exportKey('jwk', keys.privateKey);
|
|
|
|
case 8:
|
|
privateKey = _context.sent;
|
|
// delete optional entries to export as general ecdsa/ecdh key
|
|
['key_ops', 'alg', 'ext'].forEach(function (elem) {
|
|
delete publicKey[elem];
|
|
delete privateKey[elem];
|
|
});
|
|
return _context.abrupt("return", {
|
|
publicKey: publicKey,
|
|
privateKey: privateKey
|
|
});
|
|
|
|
case 11:
|
|
case "end":
|
|
return _context.stop();
|
|
}
|
|
}
|
|
}, _callee);
|
|
}));
|
|
|
|
return function generateKey(_x, _x2) {
|
|
return _ref.apply(this, arguments);
|
|
};
|
|
}();
|
|
/**
|
|
* Sign message with ECDSA.
|
|
* @param {Uint8Array} msg - Byte array of message to be signed.
|
|
* @param {JsonWebKey} privateJwk - Private key object in JWK format.
|
|
* @param {String} hash - Name of hash algorithm used in singing, like 'SHA-256'.
|
|
* @param {String} signatureFormat - Signature format, 'raw' or 'der'
|
|
* @param {Object} webCrypto - WebCryptoSubtle object.
|
|
* @return {Promise<Uint8Array>} - Output signature byte array in raw or der format.
|
|
*/
|
|
|
|
|
|
exports.generateKey = generateKey;
|
|
|
|
var sign =
|
|
/*#__PURE__*/
|
|
function () {
|
|
var _ref2 = (0, _asyncToGenerator2.default)(
|
|
/*#__PURE__*/
|
|
_regenerator.default.mark(function _callee2(msg, privateJwk, hash, signatureFormat, webCrypto) {
|
|
var algo, key, signature;
|
|
return _regenerator.default.wrap(function _callee2$(_context2) {
|
|
while (1) {
|
|
switch (_context2.prev = _context2.next) {
|
|
case 0:
|
|
algo = {
|
|
name: 'ECDSA',
|
|
namedCurve: privateJwk.crv,
|
|
hash: {
|
|
name: hash
|
|
}
|
|
};
|
|
_context2.next = 3;
|
|
return webCrypto.importKey('jwk', privateJwk, algo, false, ['sign']);
|
|
|
|
case 3:
|
|
key = _context2.sent;
|
|
_context2.next = 6;
|
|
return webCrypto.sign(algo, key, msg);
|
|
|
|
case 6:
|
|
signature = _context2.sent;
|
|
return _context2.abrupt("return", signatureFormat === 'raw' ? new Uint8Array(signature) : asn1enc.encodeAsn1Signature(new Uint8Array(signature), privateJwk.crv));
|
|
|
|
case 8:
|
|
case "end":
|
|
return _context2.stop();
|
|
}
|
|
}
|
|
}, _callee2);
|
|
}));
|
|
|
|
return function sign(_x3, _x4, _x5, _x6, _x7) {
|
|
return _ref2.apply(this, arguments);
|
|
};
|
|
}();
|
|
/**
|
|
* Verify signature with ECDSA.
|
|
* @param {Uint8Array} msg - Byte array of message that have been signed.
|
|
* @param {Uint8Array} signature - Byte array of signature for the given message.
|
|
* @param {JsonWebKey} publicJwk - Public key object in JWK format.
|
|
* @param {String} hash - Name of hash algorithm used in singing, like 'SHA-256'.
|
|
* @param {String} signatureFormat - Signature format,'raw' or 'der'.
|
|
* @param {Object} webCrypto - WebCryptoSubtle object.
|
|
* @return {Promise<boolean>} - The result of verification.
|
|
*/
|
|
|
|
|
|
exports.sign = sign;
|
|
|
|
var verify =
|
|
/*#__PURE__*/
|
|
function () {
|
|
var _ref3 = (0, _asyncToGenerator2.default)(
|
|
/*#__PURE__*/
|
|
_regenerator.default.mark(function _callee3(msg, signature, publicJwk, hash, signatureFormat, webCrypto) {
|
|
var algo, key, rawSignature;
|
|
return _regenerator.default.wrap(function _callee3$(_context3) {
|
|
while (1) {
|
|
switch (_context3.prev = _context3.next) {
|
|
case 0:
|
|
algo = {
|
|
name: 'ECDSA',
|
|
namedCurve: publicJwk.crv,
|
|
hash: {
|
|
name: hash
|
|
}
|
|
};
|
|
_context3.next = 3;
|
|
return webCrypto.importKey('jwk', publicJwk, algo, false, ['verify']);
|
|
|
|
case 3:
|
|
key = _context3.sent;
|
|
rawSignature = signatureFormat === 'raw' ? signature : asn1enc.decodeAsn1Signature(signature, publicJwk.crv);
|
|
_context3.next = 7;
|
|
return webCrypto.verify(algo, key, rawSignature, msg);
|
|
|
|
case 7:
|
|
return _context3.abrupt("return", _context3.sent);
|
|
|
|
case 8:
|
|
case "end":
|
|
return _context3.stop();
|
|
}
|
|
}
|
|
}, _callee3);
|
|
}));
|
|
|
|
return function verify(_x8, _x9, _x10, _x11, _x12, _x13) {
|
|
return _ref3.apply(this, arguments);
|
|
};
|
|
}();
|
|
/**
|
|
* Key Derivation for ECDH, Elliptic Curve Diffie-Hellman Key Exchange.
|
|
* @param {JsonWebKey} publicJwk - Remote public key object in JWK format.
|
|
* @param {JsonWebKey} privateJwk - Local (my) private key object in JWK format.
|
|
* @param {Object} webCrypto - WebCryptoSubtle object.
|
|
* @return {Promise<Uint8Array>} - The derived master secret via ECDH.
|
|
*/
|
|
|
|
|
|
exports.verify = verify;
|
|
|
|
var deriveSecret =
|
|
/*#__PURE__*/
|
|
function () {
|
|
var _ref4 = (0, _asyncToGenerator2.default)(
|
|
/*#__PURE__*/
|
|
_regenerator.default.mark(function _callee4(publicJwk, privateJwk, webCrypto) {
|
|
var algo, privateKey, publicKey, bitLen;
|
|
return _regenerator.default.wrap(function _callee4$(_context4) {
|
|
while (1) {
|
|
switch (_context4.prev = _context4.next) {
|
|
case 0:
|
|
algo = {
|
|
name: 'ECDH',
|
|
namedCurve: privateJwk.crv
|
|
};
|
|
_context4.next = 3;
|
|
return webCrypto.importKey('jwk', privateJwk, algo, false, ['deriveBits']);
|
|
|
|
case 3:
|
|
privateKey = _context4.sent;
|
|
_context4.next = 6;
|
|
return webCrypto.importKey('jwk', publicJwk, algo, false, []);
|
|
|
|
case 6:
|
|
publicKey = _context4.sent;
|
|
|
|
bitLen = function bitLen() {
|
|
var arr = _jsEncodingUtils.default.encoder.decodeBase64Url(privateJwk.x);
|
|
|
|
return 8 * arr.length;
|
|
};
|
|
|
|
_context4.t0 = Uint8Array;
|
|
_context4.next = 11;
|
|
return webCrypto.deriveBits(Object.assign(algo, {
|
|
public: publicKey
|
|
}), privateKey, bitLen());
|
|
|
|
case 11:
|
|
_context4.t1 = _context4.sent;
|
|
return _context4.abrupt("return", new _context4.t0(_context4.t1));
|
|
|
|
case 13:
|
|
case "end":
|
|
return _context4.stop();
|
|
}
|
|
}
|
|
}, _callee4);
|
|
}));
|
|
|
|
return function deriveSecret(_x14, _x15, _x16) {
|
|
return _ref4.apply(this, arguments);
|
|
};
|
|
}();
|
|
|
|
exports.deriveSecret = deriveSecret; |