@icure/api 8.0.23 → 8.0.25

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (79) hide show
  1. package/icc-x-api/auth/JwtAuthService.js +11 -0
  2. package/icc-x-api/auth/JwtAuthService.js.map +1 -1
  3. package/icc-x-api/auth/JwtBridgedAuthService.js +17 -0
  4. package/icc-x-api/auth/JwtBridgedAuthService.js.map +1 -1
  5. package/icc-x-api/auth/JwtError.d.ts +7 -0
  6. package/icc-x-api/auth/JwtError.js +14 -0
  7. package/icc-x-api/auth/JwtError.js.map +1 -0
  8. package/icc-x-api/crypto/AES.d.ts +54 -2
  9. package/icc-x-api/crypto/AES.js +5 -5
  10. package/icc-x-api/crypto/AES.js.map +1 -1
  11. package/icc-x-api/crypto/CryptoPrimitives.d.ts +21 -12
  12. package/icc-x-api/crypto/CryptoPrimitives.js +8 -19
  13. package/icc-x-api/crypto/CryptoPrimitives.js.map +1 -1
  14. package/icc-x-api/crypto/DelegationsDeAnonymization.js +1 -1
  15. package/icc-x-api/crypto/DelegationsDeAnonymization.js.map +1 -1
  16. package/icc-x-api/crypto/HMACUtils.d.ts +8 -1
  17. package/icc-x-api/crypto/HMACUtils.js +3 -3
  18. package/icc-x-api/crypto/HMACUtils.js.map +1 -1
  19. package/icc-x-api/crypto/NativeCryptoPrimitivesBridge.d.ts +113 -0
  20. package/icc-x-api/crypto/NativeCryptoPrimitivesBridge.js +477 -0
  21. package/icc-x-api/crypto/NativeCryptoPrimitivesBridge.js.map +1 -0
  22. package/icc-x-api/crypto/RSA.d.ts +107 -4
  23. package/icc-x-api/crypto/RSA.js +4 -4
  24. package/icc-x-api/crypto/RSA.js.map +1 -1
  25. package/icc-x-api/crypto/TransferKeysManager.js +6 -1
  26. package/icc-x-api/crypto/TransferKeysManager.js.map +1 -1
  27. package/icc-x-api/crypto/shamir.d.ts +7 -3
  28. package/icc-x-api/crypto/shamir.js +14 -5
  29. package/icc-x-api/crypto/shamir.js.map +1 -1
  30. package/icc-x-api/index.d.ts +1 -0
  31. package/icc-x-api/index.js +5 -3
  32. package/icc-x-api/index.js.map +1 -1
  33. package/package.json +1 -1
  34. package/test/icc-api/api/IccMedicalLocationApi.js +6 -6
  35. package/test/icc-api/api/IccMedicalLocationApi.js.map +1 -1
  36. package/test/icc-x-api/auth/jwt-provider-test.d.ts +1 -0
  37. package/test/icc-x-api/auth/jwt-provider-test.js +138 -0
  38. package/test/icc-x-api/auth/jwt-provider-test.js.map +1 -0
  39. package/test/icc-x-api/crud/comprehensive-crud-test.js +1 -1
  40. package/test/icc-x-api/crud/comprehensive-crud-test.js.map +1 -1
  41. package/test/icc-x-api/crud/entities-crud-test-interface.js +1 -0
  42. package/test/icc-x-api/crud/entities-crud-test-interface.js.map +1 -1
  43. package/test/icc-x-api/crypto/anonymous-delegations-test.js +1 -2
  44. package/test/icc-x-api/crypto/anonymous-delegations-test.js.map +1 -1
  45. package/test/icc-x-api/crypto/crypto-utils.js +1 -2
  46. package/test/icc-x-api/crypto/crypto-utils.js.map +1 -1
  47. package/test/icc-x-api/crypto/exchange-data-manager-test.js +1 -1
  48. package/test/icc-x-api/crypto/exchange-data-manager-test.js.map +1 -1
  49. package/test/icc-x-api/crypto/full-crypto-test.js +1 -2
  50. package/test/icc-x-api/crypto/full-crypto-test.js.map +1 -1
  51. package/test/icc-x-api/crypto/secure-delegations-manager-test.js +1 -1
  52. package/test/icc-x-api/crypto/secure-delegations-manager-test.js.map +1 -1
  53. package/test/icc-x-api/crypto/secure-delegations-metadata-decryptor-test.js +2 -2
  54. package/test/icc-x-api/crypto/secure-delegations-metadata-decryptor-test.js.map +1 -1
  55. package/test/icc-x-api/crypto/shamir.js +6 -7
  56. package/test/icc-x-api/crypto/shamir.js.map +1 -1
  57. package/test/icc-x-api/crypto/signature-keys-manager-test.js +1 -1
  58. package/test/icc-x-api/crypto/signature-keys-manager-test.js.map +1 -1
  59. package/test/icc-x-api/icc-maintenance-task-x-api-test.js +3 -2
  60. package/test/icc-x-api/icc-maintenance-task-x-api-test.js.map +1 -1
  61. package/test/icc-x-api/icc-user-x-api-test.js +1 -1
  62. package/test/icc-x-api/icc-user-x-api-test.js.map +1 -1
  63. package/test/icc-x-api/patient-user.js +1 -2
  64. package/test/icc-x-api/patient-user.js.map +1 -1
  65. package/test/icc-x-api/test-legacy-data-support.js +2 -3
  66. package/test/icc-x-api/test-legacy-data-support.js.map +1 -1
  67. package/test/utils/FakeDataOwnerApi.js +1 -1
  68. package/test/utils/FakeDataOwnerApi.js.map +1 -1
  69. package/test/utils/FakeGenericApi.js +1 -1
  70. package/test/utils/FakeGenericApi.js.map +1 -1
  71. package/test/utils/TestApi.js +1 -1
  72. package/test/utils/TestApi.js.map +1 -1
  73. package/test/utils/TestCryptoStrategies.js +1 -1
  74. package/test/utils/TestCryptoStrategies.js.map +1 -1
  75. package/test/utils/test_utils.js +6 -6
  76. package/test/utils/test_utils.js.map +1 -1
  77. package/test/icc-api/api/IccArticleApi.d.ts +0 -1
  78. package/test/icc-api/api/IccArticleApi.js +0 -64
  79. package/test/icc-api/api/IccArticleApi.js.map +0 -1
@@ -9,8 +9,8 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
9
9
  });
10
10
  };
11
11
  Object.defineProperty(exports, "__esModule", { value: true });
12
- exports.HMACUtils = void 0;
13
- class HMACUtils {
12
+ exports.HMACUtilsImpl = void 0;
13
+ class HMACUtilsImpl {
14
14
  constructor(crypto) {
15
15
  this.recommendedKeyLengthBytes = 128;
16
16
  this.params = {
@@ -54,5 +54,5 @@ class HMACUtils {
54
54
  });
55
55
  }
56
56
  }
57
- exports.HMACUtils = HMACUtils;
57
+ exports.HMACUtilsImpl = HMACUtilsImpl;
58
58
  //# sourceMappingURL=HMACUtils.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"HMACUtils.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/HMACUtils.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,MAAa,SAAS;IASpB,YAAY,MAAc;QAPT,8BAAyB,GAAG,GAAG,CAAA;QAC/B,WAAM,GAAqB;YAC1C,IAAI,EAAE,MAAM;YACZ,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,IAAI,CAAC,yBAAyB,GAAG,CAAC,EAAE,uFAAuF;SACpI,CAAA;QAGC,IAAI,CAAC,OAAO,GAAG,MAAM,CAAA;IACvB,CAAC;IAEK,WAAW;;YACf,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,WAAW,mBAAM,IAAI,CAAC,MAAM,GAAI,IAAI,EAAE,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAA;YACxG,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,YAAY,CAAC,CAAA;YAC5E,IAAI,WAAW,CAAC,UAAU,KAAK,IAAI,CAAC,yBAAyB,EAAE;gBAC7D,MAAM,IAAI,KAAK,CAAC,kDAAkD,IAAI,CAAC,yBAAyB,eAAe,WAAW,CAAC,UAAU,QAAQ,CAAC,CAAA;aAC/I;YACD,OAAO,YAAY,CAAA;QACrB,CAAC;KAAA;IAEK,SAAS,CAAC,GAAc;;YAC5B,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,GAAG,CAAC,CAAA;QAClD,CAAC;KAAA;IAEK,SAAS,CAAC,GAAgB;;YAC9B,IAAI,GAAG,CAAC,UAAU,KAAK,IAAI,CAAC,yBAAyB,EAAE;gBACrD,MAAM,IAAI,KAAK,CAAC,wCAAwC,IAAI,CAAC,yBAAyB,eAAe,GAAG,CAAC,UAAU,QAAQ,CAAC,CAAA;aAC7H;YACD,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,GAAG,oBAAO,IAAI,CAAC,MAAM,GAAI,IAAI,EAAE,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAA;QAChG,CAAC;KAAA;IAEK,IAAI,CAAC,GAAc,EAAE,IAAiB;;YAC1C,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,mBAAM,IAAI,CAAC,MAAM,GAAI,GAAG,EAAE,IAAI,CAAC,CAAA;QAChE,CAAC;KAAA;IAEK,MAAM,CAAC,GAAc,EAAE,IAAiB,EAAE,SAAsB;;YACpE,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,mBAAM,IAAI,CAAC,MAAM,GAAI,GAAG,EAAE,SAAS,EAAE,IAAI,CAAC,CAAA;QAC7E,CAAC;KAAA;CACF;AAxCD,8BAwCC","sourcesContent":["export class HMACUtils {\n private readonly _crypto: Crypto\n private readonly recommendedKeyLengthBytes = 128\n private readonly params: HmacKeyGenParams = {\n name: 'HMAC',\n hash: 'SHA-512',\n length: this.recommendedKeyLengthBytes * 8, // Recommended length in bits. Adding this because not all implementations behave well.\n }\n\n constructor(crypto: Crypto) {\n this._crypto = crypto\n }\n\n async generateKey(): Promise<CryptoKey> {\n const generatedKey = await this._crypto.subtle.generateKey({ ...this.params }, true, ['sign', 'verify'])\n const exportedKey = await this._crypto.subtle.exportKey('raw', generatedKey)\n if (exportedKey.byteLength !== this.recommendedKeyLengthBytes) {\n throw new Error(`Generated key has unexpected length - expected ${this.recommendedKeyLengthBytes} bytes, got ${exportedKey.byteLength} bytes`)\n }\n return generatedKey\n }\n\n async exportKey(key: CryptoKey): Promise<ArrayBuffer> {\n return this._crypto.subtle.exportKey('raw', key)\n }\n\n async importKey(key: ArrayBuffer): Promise<CryptoKey> {\n if (key.byteLength !== this.recommendedKeyLengthBytes) {\n throw new Error(`Key has unexpected length - expected ${this.recommendedKeyLengthBytes} bytes, got ${key.byteLength} bytes`)\n }\n return this._crypto.subtle.importKey('raw', key, { ...this.params }, true, ['sign', 'verify'])\n }\n\n async sign(key: CryptoKey, data: ArrayBuffer): Promise<ArrayBuffer> {\n return this._crypto.subtle.sign({ ...this.params }, key, data)\n }\n\n async verify(key: CryptoKey, data: ArrayBuffer, signature: ArrayBuffer): Promise<boolean> {\n return this._crypto.subtle.verify({ ...this.params }, key, signature, data)\n }\n}\n"]}
1
+ {"version":3,"file":"HMACUtils.js","sourceRoot":"","sources":["../../../icc-x-api/crypto/HMACUtils.ts"],"names":[],"mappings":";;;;;;;;;;;;AAQA,MAAa,aAAa;IASxB,YAAY,MAAc;QAPT,8BAAyB,GAAG,GAAG,CAAA;QAC/B,WAAM,GAAqB;YAC1C,IAAI,EAAE,MAAM;YACZ,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,IAAI,CAAC,yBAAyB,GAAG,CAAC,EAAE,uFAAuF;SACpI,CAAA;QAGC,IAAI,CAAC,OAAO,GAAG,MAAM,CAAA;IACvB,CAAC;IAEK,WAAW;;YACf,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,WAAW,mBAAM,IAAI,CAAC,MAAM,GAAI,IAAI,EAAE,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAA;YACxG,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,YAAY,CAAC,CAAA;YAC5E,IAAI,WAAW,CAAC,UAAU,KAAK,IAAI,CAAC,yBAAyB,EAAE;gBAC7D,MAAM,IAAI,KAAK,CAAC,kDAAkD,IAAI,CAAC,yBAAyB,eAAe,WAAW,CAAC,UAAU,QAAQ,CAAC,CAAA;aAC/I;YACD,OAAO,YAAY,CAAA;QACrB,CAAC;KAAA;IAEK,SAAS,CAAC,GAAc;;YAC5B,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,GAAG,CAAC,CAAA;QAClD,CAAC;KAAA;IAEK,SAAS,CAAC,GAAgB;;YAC9B,IAAI,GAAG,CAAC,UAAU,KAAK,IAAI,CAAC,yBAAyB,EAAE;gBACrD,MAAM,IAAI,KAAK,CAAC,wCAAwC,IAAI,CAAC,yBAAyB,eAAe,GAAG,CAAC,UAAU,QAAQ,CAAC,CAAA;aAC7H;YACD,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,GAAG,oBAAO,IAAI,CAAC,MAAM,GAAI,IAAI,EAAE,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAA;QAChG,CAAC;KAAA;IAEK,IAAI,CAAC,GAAc,EAAE,IAAiB;;YAC1C,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,mBAAM,IAAI,CAAC,MAAM,GAAI,GAAG,EAAE,IAAI,CAAC,CAAA;QAChE,CAAC;KAAA;IAEK,MAAM,CAAC,GAAc,EAAE,IAAiB,EAAE,SAAsB;;YACpE,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,mBAAM,IAAI,CAAC,MAAM,GAAI,GAAG,EAAE,SAAS,EAAE,IAAI,CAAC,CAAA;QAC7E,CAAC;KAAA;CACF;AAxCD,sCAwCC","sourcesContent":["export interface HMACUtils {\n generateKey(): Promise<CryptoKey>\n exportKey(key: CryptoKey): Promise<ArrayBuffer>\n importKey(key: ArrayBuffer): Promise<CryptoKey>\n sign(key: CryptoKey, data: ArrayBuffer): Promise<ArrayBuffer>\n verify(key: CryptoKey, data: ArrayBuffer, signature: ArrayBuffer): Promise<boolean>\n}\n\nexport class HMACUtilsImpl implements HMACUtils {\n private readonly _crypto: Crypto\n private readonly recommendedKeyLengthBytes = 128\n private readonly params: HmacKeyGenParams = {\n name: 'HMAC',\n hash: 'SHA-512',\n length: this.recommendedKeyLengthBytes * 8, // Recommended length in bits. Adding this because not all implementations behave well.\n }\n\n constructor(crypto: Crypto) {\n this._crypto = crypto\n }\n\n async generateKey(): Promise<CryptoKey> {\n const generatedKey = await this._crypto.subtle.generateKey({ ...this.params }, true, ['sign', 'verify'])\n const exportedKey = await this._crypto.subtle.exportKey('raw', generatedKey)\n if (exportedKey.byteLength !== this.recommendedKeyLengthBytes) {\n throw new Error(`Generated key has unexpected length - expected ${this.recommendedKeyLengthBytes} bytes, got ${exportedKey.byteLength} bytes`)\n }\n return generatedKey\n }\n\n async exportKey(key: CryptoKey): Promise<ArrayBuffer> {\n return this._crypto.subtle.exportKey('raw', key)\n }\n\n async importKey(key: ArrayBuffer): Promise<CryptoKey> {\n if (key.byteLength !== this.recommendedKeyLengthBytes) {\n throw new Error(`Key has unexpected length - expected ${this.recommendedKeyLengthBytes} bytes, got ${key.byteLength} bytes`)\n }\n return this._crypto.subtle.importKey('raw', key, { ...this.params }, true, ['sign', 'verify'])\n }\n\n async sign(key: CryptoKey, data: ArrayBuffer): Promise<ArrayBuffer> {\n return this._crypto.subtle.sign({ ...this.params }, key, data)\n }\n\n async verify(key: CryptoKey, data: ArrayBuffer, signature: ArrayBuffer): Promise<boolean> {\n return this._crypto.subtle.verify({ ...this.params }, key, signature, data)\n }\n}\n"]}
@@ -0,0 +1,113 @@
1
+ import { CryptoPrimitives } from './CryptoPrimitives';
2
+ import { HMACUtils } from './HMACUtils';
3
+ import { ShamirClass } from './shamir';
4
+ import { AESUtils } from './AES';
5
+ import { RSAUtils } from './RSA';
6
+ /**
7
+ * Allows to use the expo-kryptom module as crypto primitives. This is necessary when building expo (react native) apps.
8
+ */
9
+ export declare class NativeCryptoPrimitivesBridge implements CryptoPrimitives {
10
+ constructor(expoKryptomModule: {
11
+ Aes: AesService;
12
+ Rsa: RsaService;
13
+ Hmac: HmacService;
14
+ StrongRandom: StrongRandomService;
15
+ Digest: DigestService;
16
+ });
17
+ readonly AES: AESUtils;
18
+ readonly HMAC: HMACUtils;
19
+ readonly RSA: RSAUtils;
20
+ readonly shamir: ShamirClass;
21
+ private readonly strongRandom;
22
+ private readonly digest;
23
+ randomBytes(n: number): Uint8Array;
24
+ randomUuid(): string;
25
+ sha256(data: ArrayBuffer | Uint8Array): Promise<ArrayBuffer>;
26
+ }
27
+ declare enum AesAlgorithm {
28
+ AesCbcPkcs7 = "AesCbcPkcs7"
29
+ }
30
+ declare enum RsaEncryptionAlgorithm {
31
+ OaepWithSha1 = "OaepWithSha1",
32
+ OaepWithSha256 = "OaepWithSha256"
33
+ }
34
+ declare enum RsaSignatureAlgorithm {
35
+ PssWithSha256 = "PssWithSha256"
36
+ }
37
+ type RsaAlgorithm = RsaEncryptionAlgorithm | RsaSignatureAlgorithm;
38
+ declare enum HmacAlgorithm {
39
+ HmacSha512 = "HmacSha512"
40
+ }
41
+ interface HmacKey {
42
+ algorithmIdentifier: HmacAlgorithm;
43
+ }
44
+ interface AesKey {
45
+ algorithmIdentifier: AesAlgorithm;
46
+ }
47
+ interface RsaKeyPair {
48
+ algorithmIdentifier: RsaAlgorithm;
49
+ }
50
+ interface RsaPrivateKey {
51
+ algorithmIdentifier: RsaAlgorithm;
52
+ }
53
+ interface RsaPublicKey {
54
+ algorithmIdentifier: RsaAlgorithm;
55
+ }
56
+ type PrivateRsaKeyJwk = {
57
+ alg: string;
58
+ d: string;
59
+ dp: string;
60
+ dq: string;
61
+ e: string;
62
+ ext: boolean;
63
+ key_ops: string[];
64
+ n: string;
65
+ p: string;
66
+ q: string;
67
+ qi: string;
68
+ };
69
+ type PublicRsaKeyJwk = {
70
+ alg: string;
71
+ e: string;
72
+ ext: boolean;
73
+ key_ops: string[];
74
+ n: string;
75
+ };
76
+ interface AesService {
77
+ generateKey(algorithmIdentifier: AesAlgorithm, size: number): Promise<AesKey>;
78
+ encrypt(data: Uint8Array, key: AesKey, iv: Uint8Array | null): Promise<Uint8Array>;
79
+ decrypt(ivAndEncryptedData: Uint8Array, key: AesKey): Promise<Uint8Array>;
80
+ exportRawKey(key: AesKey): Promise<Uint8Array>;
81
+ importRawKey(rawKey: Uint8Array, algorithmIdentifier: AesAlgorithm): Promise<AesKey>;
82
+ }
83
+ interface RsaService {
84
+ generateKey(algorithmIdentifier: RsaAlgorithm, size: number): Promise<RsaKeyPair>;
85
+ encrypt(data: Uint8Array, key: RsaPublicKey): Promise<Uint8Array>;
86
+ decrypt(data: Uint8Array, key: RsaPrivateKey): Promise<Uint8Array>;
87
+ signature(data: Uint8Array, key: RsaPrivateKey): Promise<Uint8Array>;
88
+ verify(signature: Uint8Array, data: Uint8Array, key: RsaPublicKey): Promise<boolean>;
89
+ exportPrivateKeyPkcs8(key: RsaPrivateKey): Promise<Uint8Array>;
90
+ exportPrivateKeyJwk(key: RsaPrivateKey): Promise<PrivateRsaKeyJwk>;
91
+ exportPublicKeySpki(key: RsaPublicKey): Promise<Uint8Array>;
92
+ exportPublicKeyJwk(key: RsaPublicKey): Promise<PublicRsaKeyJwk>;
93
+ importPrivateKeyPkcs8(privateKeyPkcs8: Uint8Array, algorithmIdentifier: RsaAlgorithm): Promise<RsaPrivateKey>;
94
+ importPrivateKeyJwk(privateKey: PrivateRsaKeyJwk, algorithmIdentifier: RsaAlgorithm): Promise<RsaPrivateKey>;
95
+ importPublicKeySpki(publicKeySpki: Uint8Array, algorithmIdentifier: RsaAlgorithm): Promise<RsaPublicKey>;
96
+ importPublicKeyJwk(publicKey: PublicRsaKeyJwk, algorithmIdentifier: RsaAlgorithm): Promise<RsaPublicKey>;
97
+ importKeyPair(privateKeyPkcs8: Uint8Array, algorithmIdentifier: RsaAlgorithm): Promise<RsaKeyPair>;
98
+ }
99
+ interface HmacService {
100
+ generateKey(algorithmIdentifier: HmacAlgorithm): Promise<HmacKey>;
101
+ sign(data: Uint8Array, key: HmacKey): Promise<Uint8Array>;
102
+ verify(signature: Uint8Array, data: Uint8Array, key: HmacKey): Promise<boolean>;
103
+ exportRawKey(key: HmacKey): Promise<Uint8Array>;
104
+ importRawKey(rawKey: Uint8Array, algorithmIdentifier: HmacAlgorithm): Promise<HmacKey>;
105
+ }
106
+ interface StrongRandomService {
107
+ randomBytes(length: number): Uint8Array;
108
+ randomUUID(): string;
109
+ }
110
+ interface DigestService {
111
+ sha256(data: Uint8Array): Promise<Uint8Array>;
112
+ }
113
+ export {};
@@ -0,0 +1,477 @@
1
+ "use strict";
2
+ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
3
+ function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
4
+ return new (P || (P = Promise))(function (resolve, reject) {
5
+ function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
6
+ function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
7
+ function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
8
+ step((generator = generator.apply(thisArg, _arguments || [])).next());
9
+ });
10
+ };
11
+ Object.defineProperty(exports, "__esModule", { value: true });
12
+ exports.NativeCryptoPrimitivesBridge = void 0;
13
+ const shamir_1 = require("./shamir");
14
+ const utils_1 = require("../utils");
15
+ const crypto_1 = require("crypto");
16
+ /**
17
+ * Allows to use the expo-kryptom module as crypto primitives. This is necessary when building expo (react native) apps.
18
+ */
19
+ class NativeCryptoPrimitivesBridge {
20
+ constructor(expoKryptomModule) {
21
+ this.strongRandom = expoKryptomModule.StrongRandom;
22
+ this.digest = expoKryptomModule.Digest;
23
+ this.shamir = new StrongRandomShamir(this.strongRandom);
24
+ this.AES = new NativeAesBridge(expoKryptomModule.Aes, this.strongRandom);
25
+ this.HMAC = new NativeHmacBridge(expoKryptomModule.Hmac);
26
+ this.RSA = new NativeRsaBridge(expoKryptomModule.Rsa);
27
+ }
28
+ randomBytes(n) {
29
+ return this.strongRandom.randomBytes(n);
30
+ }
31
+ randomUuid() {
32
+ return this.strongRandom.randomUUID();
33
+ }
34
+ sha256(data) {
35
+ return __awaiter(this, void 0, void 0, function* () {
36
+ return yield this.digest.sha256(data instanceof ArrayBuffer ? new Uint8Array(data) : data);
37
+ });
38
+ }
39
+ }
40
+ exports.NativeCryptoPrimitivesBridge = NativeCryptoPrimitivesBridge;
41
+ class StrongRandomShamir extends shamir_1.ShamirClass {
42
+ constructor(strongRandom) {
43
+ super();
44
+ this.strongRandom = strongRandom;
45
+ }
46
+ fillRandom(arr) {
47
+ const random = this.strongRandom.randomBytes(arr.byteLength);
48
+ // Note that the new Uint32Array does not copy the random array
49
+ arr.set(new Uint32Array(random.buffer));
50
+ }
51
+ }
52
+ class NativeAesBridge {
53
+ constructor(aes, random) {
54
+ this.aes = aes;
55
+ this.random = random;
56
+ }
57
+ decrypt(cryptoKey, encryptedData) {
58
+ return __awaiter(this, void 0, void 0, function* () {
59
+ return yield this.aes.decrypt(new Uint8Array(encryptedData), getKryptomKey(cryptoKey));
60
+ });
61
+ }
62
+ decryptSome(cryptoKeys, uint8Array) {
63
+ try {
64
+ return this.decrypt(cryptoKeys[0], uint8Array);
65
+ }
66
+ catch (e) {
67
+ if (cryptoKeys.length > 1) {
68
+ return this.decryptSome(cryptoKeys.slice(1), uint8Array);
69
+ }
70
+ else {
71
+ throw e;
72
+ }
73
+ }
74
+ }
75
+ decryptWithRawKey(rawKey, plainData) {
76
+ return __awaiter(this, void 0, void 0, function* () {
77
+ const imported = yield this.importKey('raw', (0, utils_1.hex2ua)(rawKey));
78
+ return this.decrypt(imported, plainData);
79
+ });
80
+ }
81
+ encrypt(cryptoKey, plainData) {
82
+ return __awaiter(this, void 0, void 0, function* () {
83
+ return yield this.aes.encrypt(new Uint8Array(plainData), getKryptomKey(cryptoKey), null);
84
+ });
85
+ }
86
+ encryptWithRawKey(rawKey, plainData) {
87
+ return __awaiter(this, void 0, void 0, function* () {
88
+ const imported = yield this.importKey('raw', (0, utils_1.hex2ua)(rawKey));
89
+ return this.encrypt(imported, plainData);
90
+ });
91
+ }
92
+ exportKey(cryptoKey, format) {
93
+ return __awaiter(this, void 0, void 0, function* () {
94
+ const rawKey = yield this.aes.exportRawKey(getKryptomKey(cryptoKey));
95
+ if (format == 'raw')
96
+ return rawKey;
97
+ return {
98
+ kty: 'oct',
99
+ alg: rawKey.byteLength == 32 ? 'A256CBC' : 'A128CBC',
100
+ ext: true,
101
+ key_ops: ['encrypt', 'decrypt'],
102
+ k: (0, utils_1.ua2b64)(rawKey).replace(/=/g, '').replace(/\+/g, '-').replace(/\//g, '_'),
103
+ };
104
+ });
105
+ }
106
+ generateCryptoKey(toHex) {
107
+ return __awaiter(this, void 0, void 0, function* () {
108
+ if (toHex) {
109
+ return Promise.resolve((0, utils_1.ua2hex)(this.random.randomBytes(32)));
110
+ }
111
+ else {
112
+ const aesKey = yield this.aes.generateKey(AesAlgorithm.AesCbcPkcs7, 256);
113
+ return new AesCryptoKey(aesKey, 256);
114
+ }
115
+ });
116
+ }
117
+ generateIV(ivByteLength) {
118
+ return (0, crypto_1.randomBytes)(ivByteLength);
119
+ }
120
+ importKey(format, aesKey) {
121
+ var _a, _b;
122
+ return __awaiter(this, void 0, void 0, function* () {
123
+ let keyBytes;
124
+ if (format === 'jwk') {
125
+ if (aesKey.kty !== 'oct' ||
126
+ (aesKey.alg !== 'A256CBC' && aesKey.alg !== 'A128CBC') ||
127
+ !aesKey.ext ||
128
+ !((_a = aesKey.key_ops) === null || _a === void 0 ? void 0 : _a.includes('encrypt')) ||
129
+ !((_b = aesKey.key_ops) === null || _b === void 0 ? void 0 : _b.includes('decrypt')) ||
130
+ !aesKey.k) {
131
+ throw new Error('Invalid JWK - must have kty=oct, alg=(A256CBC||A128CBC), ext=true, key_ops=[encrypt, decrypt], and must have non-empty k field');
132
+ }
133
+ // b64_2ua works also with url-safe base64
134
+ keyBytes = new Uint8Array((0, utils_1.b64_2ua)(aesKey.k));
135
+ }
136
+ else if (format === 'raw') {
137
+ if (aesKey instanceof ArrayBuffer && !ArrayBuffer.isView(aesKey))
138
+ throw new Error("aesKey must be an ArrayBuffer or an ArrayBufferView when format is 'raw'");
139
+ keyBytes = new Uint8Array(aesKey);
140
+ }
141
+ else
142
+ throw new Error(`Invalid format ${format}`);
143
+ const imported = yield this.aes.importRawKey(keyBytes, AesAlgorithm.AesCbcPkcs7);
144
+ return new AesCryptoKey(imported, keyBytes.length);
145
+ });
146
+ }
147
+ }
148
+ function getKryptomKey(cryptoKey) {
149
+ if ('kryptomKey' in cryptoKey) {
150
+ return cryptoKey.kryptomKey;
151
+ }
152
+ else
153
+ throw new Error('Invalid crypto key: only crypto keys generated or loaded with this implementation of crypto primitives are supported');
154
+ }
155
+ class AesCryptoKey {
156
+ constructor(kryptomKey, size) {
157
+ this.kryptomKey = kryptomKey;
158
+ this.size = size;
159
+ }
160
+ get algorithm() {
161
+ return { name: 'AES-CBC', length: this.size };
162
+ }
163
+ get extractable() {
164
+ return true;
165
+ }
166
+ get type() {
167
+ return 'secret';
168
+ }
169
+ get usages() {
170
+ return ['encrypt', 'decrypt'];
171
+ }
172
+ toJSON() {
173
+ return {};
174
+ }
175
+ }
176
+ class NativeHmacBridge {
177
+ constructor(hmac) {
178
+ this.hmac = hmac;
179
+ }
180
+ exportKey(key) {
181
+ return __awaiter(this, void 0, void 0, function* () {
182
+ return yield this.hmac.exportRawKey(getKryptomKey(key));
183
+ });
184
+ }
185
+ generateKey() {
186
+ return __awaiter(this, void 0, void 0, function* () {
187
+ const kryptomKey = yield this.hmac.generateKey(HmacAlgorithm.HmacSha512);
188
+ return new HmacCryptoKey(kryptomKey);
189
+ });
190
+ }
191
+ importKey(key) {
192
+ return __awaiter(this, void 0, void 0, function* () {
193
+ const kryptomKey = yield this.hmac.importRawKey(new Uint8Array(key), HmacAlgorithm.HmacSha512);
194
+ return new HmacCryptoKey(kryptomKey);
195
+ });
196
+ }
197
+ sign(key, data) {
198
+ return __awaiter(this, void 0, void 0, function* () {
199
+ return yield this.hmac.sign(new Uint8Array(data), getKryptomKey(key));
200
+ });
201
+ }
202
+ verify(key, data, signature) {
203
+ return __awaiter(this, void 0, void 0, function* () {
204
+ return yield this.hmac.verify(new Uint8Array(signature), new Uint8Array(data), getKryptomKey(key));
205
+ });
206
+ }
207
+ }
208
+ class HmacCryptoKey {
209
+ constructor(kryptomKey) {
210
+ this.kryptomKey = kryptomKey;
211
+ }
212
+ get algorithm() {
213
+ return { name: 'HMAC', hash: { name: 'SHA-512' }, length: 1024 };
214
+ }
215
+ get extractable() {
216
+ return true;
217
+ }
218
+ get type() {
219
+ return 'secret';
220
+ }
221
+ get usages() {
222
+ return ['sign', 'verify'];
223
+ }
224
+ toJSON() {
225
+ return {};
226
+ }
227
+ }
228
+ class NativeRsaBridge {
229
+ constructor(rsa) {
230
+ this.rsa = rsa;
231
+ }
232
+ checkKeyPairValidity(keyPair) {
233
+ return __awaiter(this, void 0, void 0, function* () {
234
+ try {
235
+ const text = 'shibboleth';
236
+ const encryptedText = yield this.encrypt(keyPair.publicKey, (0, utils_1.utf8_2ua)(text));
237
+ const decryptedText = (0, utils_1.ua2utf8)(yield this.decrypt(keyPair.privateKey, new Uint8Array(encryptedText)));
238
+ return decryptedText === text;
239
+ }
240
+ catch (e) {
241
+ return false;
242
+ }
243
+ });
244
+ }
245
+ decrypt(privateKey, encryptedData) {
246
+ return __awaiter(this, void 0, void 0, function* () {
247
+ return yield this.rsa.decrypt(encryptedData, getKryptomKey(privateKey));
248
+ });
249
+ }
250
+ encrypt(publicKey, plainData) {
251
+ return __awaiter(this, void 0, void 0, function* () {
252
+ return yield this.rsa.encrypt(plainData, getKryptomKey(publicKey));
253
+ });
254
+ }
255
+ exportKey(cryptoKey, format) {
256
+ return __awaiter(this, void 0, void 0, function* () {
257
+ if (format === 'jwk') {
258
+ if (cryptoKey.type === 'private') {
259
+ return yield this.rsa.exportPrivateKeyJwk(getKryptomKey(cryptoKey));
260
+ }
261
+ else {
262
+ return yield this.rsa.exportPublicKeyJwk(getKryptomKey(cryptoKey));
263
+ }
264
+ }
265
+ else if (format === 'spki') {
266
+ return yield this.rsa.exportPrivateKeyPkcs8(getKryptomKey(cryptoKey));
267
+ }
268
+ else if (format === 'pkcs8') {
269
+ return yield this.rsa.exportPublicKeySpki(getKryptomKey(cryptoKey));
270
+ }
271
+ else
272
+ throw new Error(`Invalid format ${format}`);
273
+ });
274
+ }
275
+ exportKeys(keyPair, privKeyFormat, pubKeyFormat) {
276
+ return __awaiter(this, void 0, void 0, function* () {
277
+ let privateKey;
278
+ if (privKeyFormat === 'jwk') {
279
+ privateKey = yield this.rsa.exportPrivateKeyJwk(getKryptomKey(keyPair.privateKey));
280
+ }
281
+ else {
282
+ privateKey = yield this.rsa.exportPrivateKeyPkcs8(getKryptomKey(keyPair.privateKey));
283
+ }
284
+ let publicKey;
285
+ if (pubKeyFormat === 'jwk') {
286
+ publicKey = yield this.rsa.exportPublicKeyJwk(getKryptomKey(keyPair.publicKey));
287
+ }
288
+ else {
289
+ publicKey = yield this.rsa.exportPublicKeySpki(getKryptomKey(keyPair.publicKey));
290
+ }
291
+ return { privateKey, publicKey };
292
+ });
293
+ }
294
+ generateKeyPair(shaVersion) {
295
+ return __awaiter(this, void 0, void 0, function* () {
296
+ const generated = yield this.rsa.generateKey(this.kryptomAlgorithm(shaVersion), 2048);
297
+ // In expo-kryptom a private keys and public keys are supertypes of keypair.
298
+ return {
299
+ privateKey: new PrivateRsaCryptoKey(generated, this.encryptionKeysAlgorithm(shaVersion)),
300
+ publicKey: new PublicRsaCryptoKey(generated, this.encryptionKeysAlgorithm(shaVersion)),
301
+ };
302
+ });
303
+ }
304
+ generateSignatureKeyPair() {
305
+ return __awaiter(this, void 0, void 0, function* () {
306
+ const generated = yield this.rsa.generateKey(RsaSignatureAlgorithm.PssWithSha256, 2048);
307
+ return {
308
+ privateKey: new PrivateRsaCryptoKey(generated, this.signatureKeysAlgorithm()),
309
+ publicKey: new PublicRsaCryptoKey(generated, this.signatureKeysAlgorithm()),
310
+ };
311
+ });
312
+ }
313
+ importKey(format, keydata, keyUsages, hashAlgorithm) {
314
+ if (keyUsages[0] == 'encrypt' && (format == 'jwk' || format == 'spki')) {
315
+ return this.importPublicKey(format, keydata, hashAlgorithm);
316
+ }
317
+ else if (keyUsages[0] == 'decrypt' && (format == 'jwk' || format == 'pkcs8')) {
318
+ return this.importPrivateKey(format, keydata, hashAlgorithm);
319
+ }
320
+ else
321
+ throw new Error(`Combination of key usages and key format not supported: ${keyUsages} ${format}`);
322
+ }
323
+ importKeyPair(privateKeyFormat, privateKeydata, publicKeyFormat, publicKeyData, hashAlgorithm) {
324
+ return __awaiter(this, void 0, void 0, function* () {
325
+ let importedPrivate;
326
+ let importedPublic;
327
+ const algorithm = this.kryptomAlgorithm(hashAlgorithm);
328
+ if (privateKeyFormat == 'jwk') {
329
+ importedPrivate = yield this.rsa.importPrivateKeyJwk(privateKeydata, algorithm);
330
+ }
331
+ else {
332
+ importedPrivate = yield this.rsa.importPrivateKeyPkcs8(new Uint8Array(privateKeydata), algorithm);
333
+ }
334
+ if (publicKeyFormat == 'jwk') {
335
+ importedPublic = yield this.rsa.importPublicKeyJwk(publicKeyData, algorithm);
336
+ }
337
+ else {
338
+ importedPublic = yield this.rsa.importPublicKeySpki(new Uint8Array(publicKeyData), algorithm);
339
+ }
340
+ return {
341
+ privateKey: new PrivateRsaCryptoKey(importedPrivate, this.encryptionKeysAlgorithm(hashAlgorithm)),
342
+ publicKey: new PublicRsaCryptoKey(importedPublic, this.encryptionKeysAlgorithm(hashAlgorithm)),
343
+ };
344
+ });
345
+ }
346
+ importPrivateKey(format, keydata, hashAlgorithm) {
347
+ return __awaiter(this, void 0, void 0, function* () {
348
+ let imported;
349
+ if (format == 'jwk') {
350
+ imported = yield this.rsa.importPrivateKeyJwk(keydata, this.kryptomAlgorithm(hashAlgorithm));
351
+ }
352
+ else {
353
+ imported = yield this.rsa.importPrivateKeyPkcs8(new Uint8Array(keydata), this.kryptomAlgorithm(hashAlgorithm));
354
+ }
355
+ return new PrivateRsaCryptoKey(imported, this.encryptionKeysAlgorithm(hashAlgorithm));
356
+ });
357
+ }
358
+ importPublicKey(format, keydata, hashAlgorithm) {
359
+ return __awaiter(this, void 0, void 0, function* () {
360
+ let imported;
361
+ if (format == 'jwk') {
362
+ imported = yield this.rsa.importPublicKeyJwk(keydata, this.kryptomAlgorithm(hashAlgorithm));
363
+ }
364
+ else {
365
+ imported = yield this.rsa.importPublicKeySpki(new Uint8Array(keydata), this.kryptomAlgorithm(hashAlgorithm));
366
+ }
367
+ return new PublicRsaCryptoKey(imported, this.encryptionKeysAlgorithm(hashAlgorithm));
368
+ });
369
+ }
370
+ importSignatureKey(format, keydata) {
371
+ return __awaiter(this, void 0, void 0, function* () {
372
+ let importedKey;
373
+ if (format == 'jwk') {
374
+ importedKey = yield this.rsa.importPrivateKeyJwk(keydata, RsaSignatureAlgorithm.PssWithSha256);
375
+ }
376
+ else {
377
+ importedKey = yield this.rsa.importPrivateKeyPkcs8(new Uint8Array(keydata), RsaSignatureAlgorithm.PssWithSha256);
378
+ }
379
+ return new PrivateRsaCryptoKey(importedKey, this.signatureKeysAlgorithm());
380
+ });
381
+ }
382
+ importVerificationKey(format, keydata) {
383
+ return __awaiter(this, void 0, void 0, function* () {
384
+ let importedKey;
385
+ if (format == 'jwk') {
386
+ importedKey = yield this.rsa.importPublicKeyJwk(keydata, RsaSignatureAlgorithm.PssWithSha256);
387
+ }
388
+ else {
389
+ importedKey = yield this.rsa.importPublicKeySpki(new Uint8Array(keydata), RsaSignatureAlgorithm.PssWithSha256);
390
+ }
391
+ return new PublicRsaCryptoKey(importedKey, this.signatureKeysAlgorithm());
392
+ });
393
+ }
394
+ sign(privateKey, data) {
395
+ return __awaiter(this, void 0, void 0, function* () {
396
+ return yield this.rsa.signature(new Uint8Array(data), getKryptomKey(privateKey));
397
+ });
398
+ }
399
+ verifySignature(publicKey, signature, data) {
400
+ return __awaiter(this, void 0, void 0, function* () {
401
+ return yield this.rsa.verify(new Uint8Array(signature), new Uint8Array(data), getKryptomKey(publicKey));
402
+ });
403
+ }
404
+ kryptomAlgorithm(shaVersion) {
405
+ return shaVersion == 'sha-256' ? RsaEncryptionAlgorithm.OaepWithSha256 : RsaEncryptionAlgorithm.OaepWithSha1;
406
+ }
407
+ encryptionKeysAlgorithm(shaVersion) {
408
+ return {
409
+ name: 'RSA-OAEP',
410
+ modulusLength: 2048,
411
+ publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
412
+ hash: { name: shaVersion == 'sha-256' ? 'SHA-256' : 'SHA-1' },
413
+ };
414
+ }
415
+ signatureKeysAlgorithm() {
416
+ return {
417
+ name: 'RSA-PSS',
418
+ modulusLength: 2048,
419
+ publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
420
+ hash: { name: 'SHA-256' },
421
+ };
422
+ }
423
+ }
424
+ class PrivateRsaCryptoKey {
425
+ constructor(kryptomKey, algorithm) {
426
+ this.kryptomKey = kryptomKey;
427
+ this.algorithm = algorithm;
428
+ }
429
+ get extractable() {
430
+ return true;
431
+ }
432
+ get type() {
433
+ return 'private';
434
+ }
435
+ get usages() {
436
+ return this.algorithm.name != 'RSA-PSS' ? ['decrypt'] : ['sign'];
437
+ }
438
+ toJSON() {
439
+ return {};
440
+ }
441
+ }
442
+ class PublicRsaCryptoKey {
443
+ constructor(kryptomKey, algorithm) {
444
+ this.kryptomKey = kryptomKey;
445
+ this.algorithm = algorithm;
446
+ }
447
+ get extractable() {
448
+ return true;
449
+ }
450
+ get type() {
451
+ return 'public';
452
+ }
453
+ get usages() {
454
+ return this.algorithm.name != 'RSA-PSS' ? ['encrypt'] : ['verify'];
455
+ }
456
+ toJSON() {
457
+ return {};
458
+ }
459
+ }
460
+ var AesAlgorithm;
461
+ (function (AesAlgorithm) {
462
+ AesAlgorithm["AesCbcPkcs7"] = "AesCbcPkcs7";
463
+ })(AesAlgorithm || (AesAlgorithm = {}));
464
+ var RsaEncryptionAlgorithm;
465
+ (function (RsaEncryptionAlgorithm) {
466
+ RsaEncryptionAlgorithm["OaepWithSha1"] = "OaepWithSha1";
467
+ RsaEncryptionAlgorithm["OaepWithSha256"] = "OaepWithSha256";
468
+ })(RsaEncryptionAlgorithm || (RsaEncryptionAlgorithm = {}));
469
+ var RsaSignatureAlgorithm;
470
+ (function (RsaSignatureAlgorithm) {
471
+ RsaSignatureAlgorithm["PssWithSha256"] = "PssWithSha256";
472
+ })(RsaSignatureAlgorithm || (RsaSignatureAlgorithm = {}));
473
+ var HmacAlgorithm;
474
+ (function (HmacAlgorithm) {
475
+ HmacAlgorithm["HmacSha512"] = "HmacSha512";
476
+ })(HmacAlgorithm || (HmacAlgorithm = {}));
477
+ //# sourceMappingURL=NativeCryptoPrimitivesBridge.js.map