49 lines
2.2 KiB
JavaScript
49 lines
2.2 KiB
JavaScript
|
"use strict";
|
||
|
Object.defineProperty(exports, "__esModule", { value: true });
|
||
|
exports.decrypt = exports.encrypt = void 0;
|
||
|
const util_1 = require("util");
|
||
|
const crypto_1 = require("crypto");
|
||
|
const random_js_1 = require("./random.js");
|
||
|
const buffer_utils_js_1 = require("../lib/buffer_utils.js");
|
||
|
const base64url_js_1 = require("./base64url.js");
|
||
|
const aeskw_js_1 = require("./aeskw.js");
|
||
|
const check_p2s_js_1 = require("../lib/check_p2s.js");
|
||
|
const webcrypto_js_1 = require("./webcrypto.js");
|
||
|
const crypto_key_js_1 = require("../lib/crypto_key.js");
|
||
|
const is_key_object_js_1 = require("./is_key_object.js");
|
||
|
const invalid_key_input_js_1 = require("../lib/invalid_key_input.js");
|
||
|
const is_key_like_js_1 = require("./is_key_like.js");
|
||
|
const pbkdf2 = (0, util_1.promisify)(crypto_1.pbkdf2);
|
||
|
function getPassword(key, alg) {
|
||
|
if ((0, is_key_object_js_1.default)(key)) {
|
||
|
return key.export();
|
||
|
}
|
||
|
if (key instanceof Uint8Array) {
|
||
|
return key;
|
||
|
}
|
||
|
if ((0, webcrypto_js_1.isCryptoKey)(key)) {
|
||
|
(0, crypto_key_js_1.checkEncCryptoKey)(key, alg, 'deriveBits', 'deriveKey');
|
||
|
return crypto_1.KeyObject.from(key).export();
|
||
|
}
|
||
|
throw new TypeError((0, invalid_key_input_js_1.default)(key, ...is_key_like_js_1.types, 'Uint8Array'));
|
||
|
}
|
||
|
const encrypt = async (alg, key, cek, p2c = 2048, p2s = (0, random_js_1.default)(new Uint8Array(16))) => {
|
||
|
(0, check_p2s_js_1.default)(p2s);
|
||
|
const salt = (0, buffer_utils_js_1.p2s)(alg, p2s);
|
||
|
const keylen = parseInt(alg.slice(13, 16), 10) >> 3;
|
||
|
const password = getPassword(key, alg);
|
||
|
const derivedKey = await pbkdf2(password, salt, p2c, keylen, `sha${alg.slice(8, 11)}`);
|
||
|
const encryptedKey = await (0, aeskw_js_1.wrap)(alg.slice(-6), derivedKey, cek);
|
||
|
return { encryptedKey, p2c, p2s: (0, base64url_js_1.encode)(p2s) };
|
||
|
};
|
||
|
exports.encrypt = encrypt;
|
||
|
const decrypt = async (alg, key, encryptedKey, p2c, p2s) => {
|
||
|
(0, check_p2s_js_1.default)(p2s);
|
||
|
const salt = (0, buffer_utils_js_1.p2s)(alg, p2s);
|
||
|
const keylen = parseInt(alg.slice(13, 16), 10) >> 3;
|
||
|
const password = getPassword(key, alg);
|
||
|
const derivedKey = await pbkdf2(password, salt, p2c, keylen, `sha${alg.slice(8, 11)}`);
|
||
|
return (0, aeskw_js_1.unwrap)(alg.slice(-6), derivedKey, encryptedKey);
|
||
|
};
|
||
|
exports.decrypt = decrypt;
|