1 | const generateIV = require('../help/generate_iv')
|
2 | const base64url = require('../help/base64url')
|
3 |
|
4 | module.exports = (JWA, JWK) => {
|
5 | ['A128GCMKW', 'A192GCMKW', 'A256GCMKW'].forEach((jwaAlg) => {
|
6 | const encAlg = jwaAlg.substr(0, 7)
|
7 | const size = parseInt(jwaAlg.substr(1, 3), 10)
|
8 | const encrypt = JWA.encrypt.get(encAlg)
|
9 | const decrypt = JWA.decrypt.get(encAlg)
|
10 |
|
11 | if (encrypt && decrypt) {
|
12 | JWA.keyManagementEncrypt.set(jwaAlg, (key, payload) => {
|
13 | const iv = generateIV(jwaAlg)
|
14 | const { ciphertext, tag } = encrypt(key, payload, { iv })
|
15 | return {
|
16 | wrapped: ciphertext,
|
17 | header: { tag: base64url.encodeBuffer(tag), iv: base64url.encodeBuffer(iv) }
|
18 | }
|
19 | })
|
20 | JWA.keyManagementDecrypt.set(jwaAlg, decrypt)
|
21 | JWK.oct.wrapKey[jwaAlg] = JWK.oct.unwrapKey[jwaAlg] = key => (key.use === 'enc' || key.use === undefined) && key.length === size
|
22 | }
|
23 | })
|
24 | }
|