1 | const { createCipheriv, createDecipheriv, getCiphers } = require('crypto')
|
2 |
|
3 | const { KEYOBJECT } = require('../help/consts')
|
4 | const { asInput } = require('../help/key_object')
|
5 |
|
6 | const checkInput = (data) => {
|
7 | if (data !== undefined && data.length % 8 !== 0) {
|
8 | throw new Error('invalid data length')
|
9 | }
|
10 | }
|
11 |
|
12 | const wrapKey = (alg, { [KEYOBJECT]: keyObject }, payload) => {
|
13 | const key = asInput(keyObject, false)
|
14 | const cipher = createCipheriv(alg, key, Buffer.alloc(8, 'a6', 'hex'))
|
15 |
|
16 | return { wrapped: Buffer.concat([cipher.update(payload), cipher.final()]) }
|
17 | }
|
18 |
|
19 | const unwrapKey = (alg, { [KEYOBJECT]: keyObject }, payload) => {
|
20 | const key = asInput(keyObject, false)
|
21 | checkInput(payload)
|
22 | const cipher = createDecipheriv(alg, key, Buffer.alloc(8, 'a6', 'hex'))
|
23 |
|
24 | return Buffer.concat([cipher.update(payload), cipher.final()])
|
25 | }
|
26 |
|
27 | module.exports = (JWA, JWK) => {
|
28 | ['A128KW', 'A192KW', 'A256KW'].forEach((jwaAlg) => {
|
29 | const size = parseInt(jwaAlg.substr(1, 3), 10)
|
30 | const alg = `aes${size}-wrap`
|
31 | if (getCiphers().includes(alg)) {
|
32 | JWA.keyManagementEncrypt.set(jwaAlg, wrapKey.bind(undefined, alg))
|
33 | JWA.keyManagementDecrypt.set(jwaAlg, unwrapKey.bind(undefined, alg))
|
34 | JWK.oct.wrapKey[jwaAlg] = JWK.oct.unwrapKey[jwaAlg] = key => (key.use === 'enc' || key.use === undefined) && key.length === size
|
35 | }
|
36 | })
|
37 | }
|