@lindorm/aes 0.5.5 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +26 -0
- package/MERMAID.md +155 -0
- package/README.md +365 -199
- package/__tests__/INTEROP-RESULTS.md +66 -0
- package/__tests__/esm-smoke.test.ts +15 -0
- package/__tests__/fixtures/keys.ts +60 -0
- package/__tests__/helpers/buffer-utils.ts +11 -0
- package/__tests__/helpers/index.ts +2 -0
- package/__tests__/helpers/jwe-adapter.ts +117 -0
- package/__tests__/jose-jwe.test.ts +463 -0
- package/__tests__/noble-ciphers.test.ts +208 -0
- package/dist/classes/AesKit.d.ts +10 -8
- package/dist/classes/AesKit.d.ts.map +1 -1
- package/dist/classes/AesKit.js +73 -34
- package/dist/classes/AesKit.js.map +1 -1
- package/dist/constants/private/index.d.ts +0 -1
- package/dist/constants/private/index.d.ts.map +1 -1
- package/dist/constants/private/index.js +0 -1
- package/dist/constants/private/index.js.map +1 -1
- package/dist/constants/private/version.d.ts +3 -1
- package/dist/constants/private/version.d.ts.map +1 -1
- package/dist/constants/private/version.js +4 -2
- package/dist/constants/private/version.js.map +1 -1
- package/dist/interfaces/AesKit.d.ts +12 -7
- package/dist/interfaces/AesKit.d.ts.map +1 -1
- package/dist/mocks/mock-aes-kit.d.ts.map +1 -1
- package/dist/mocks/mock-aes-kit.js +12 -2
- package/dist/mocks/mock-aes-kit.js.map +1 -1
- package/dist/types/aes-decryption-data.d.ts +26 -17
- package/dist/types/aes-decryption-data.d.ts.map +1 -1
- package/dist/types/aes-encryption-data.d.ts +7 -17
- package/dist/types/aes-encryption-data.d.ts.map +1 -1
- package/dist/types/index.d.ts +1 -0
- package/dist/types/index.d.ts.map +1 -1
- package/dist/types/private/aes-data.d.ts.map +1 -1
- package/dist/types/private/aes-key-derivation.d.ts +1 -1
- package/dist/types/private/aes-key-derivation.d.ts.map +1 -1
- package/dist/types/private/auth-tag.d.ts +3 -0
- package/dist/types/private/auth-tag.d.ts.map +1 -1
- package/dist/types/private/content-encryption-key.d.ts +4 -2
- package/dist/types/private/content-encryption-key.d.ts.map +1 -1
- package/dist/types/private/index.d.ts +1 -1
- package/dist/types/private/index.d.ts.map +1 -1
- package/dist/types/private/index.js +1 -1
- package/dist/types/private/index.js.map +1 -1
- package/dist/types/private/prepared-encryption.d.ts +35 -0
- package/dist/types/private/prepared-encryption.d.ts.map +1 -0
- package/dist/types/private/{aes-string.js → prepared-encryption.js} +1 -1
- package/dist/types/private/prepared-encryption.js.map +1 -0
- package/dist/utils/is-aes.d.ts.map +1 -1
- package/dist/utils/is-aes.js +1 -5
- package/dist/utils/is-aes.js.map +1 -1
- package/dist/utils/parse-aes.js +3 -3
- package/dist/utils/parse-aes.js.map +1 -1
- package/dist/utils/private/aes-header.d.ts +42 -0
- package/dist/utils/private/aes-header.d.ts.map +1 -0
- package/dist/utils/private/aes-header.js +75 -0
- package/dist/utils/private/aes-header.js.map +1 -0
- package/dist/utils/private/calculate/calculate-content-encryption-key-size.js +3 -3
- package/dist/utils/private/calculate/calculate-key-wrap-encryption.d.ts.map +1 -1
- package/dist/utils/private/calculate/calculate-key-wrap-encryption.js +2 -1
- package/dist/utils/private/calculate/calculate-key-wrap-encryption.js.map +1 -1
- package/dist/utils/private/data/auth-tag-hmac.d.ts +2 -2
- package/dist/utils/private/data/auth-tag-hmac.d.ts.map +1 -1
- package/dist/utils/private/data/auth-tag-hmac.js +12 -4
- package/dist/utils/private/data/auth-tag-hmac.js.map +1 -1
- package/dist/utils/private/data/auth-tag.d.ts +2 -2
- package/dist/utils/private/data/auth-tag.d.ts.map +1 -1
- package/dist/utils/private/data/auth-tag.js +4 -2
- package/dist/utils/private/data/auth-tag.js.map +1 -1
- package/dist/utils/private/data/split-content-encryption-key.d.ts.map +1 -1
- package/dist/utils/private/data/split-content-encryption-key.js +6 -2
- package/dist/utils/private/data/split-content-encryption-key.js.map +1 -1
- package/dist/utils/private/diffie-hellman/diffie-hellman-key-wrap.d.ts +2 -2
- package/dist/utils/private/diffie-hellman/diffie-hellman-key-wrap.d.ts.map +1 -1
- package/dist/utils/private/diffie-hellman/diffie-hellman-key-wrap.js +12 -8
- package/dist/utils/private/diffie-hellman/diffie-hellman-key-wrap.js.map +1 -1
- package/dist/utils/private/diffie-hellman/diffie-hellman.d.ts +2 -2
- package/dist/utils/private/diffie-hellman/diffie-hellman.d.ts.map +1 -1
- package/dist/utils/private/diffie-hellman/diffie-hellman.js +12 -8
- package/dist/utils/private/diffie-hellman/diffie-hellman.js.map +1 -1
- package/dist/utils/private/diffie-hellman/shared-secret.d.ts.map +1 -1
- package/dist/utils/private/diffie-hellman/shared-secret.js +5 -1
- package/dist/utils/private/diffie-hellman/shared-secret.js.map +1 -1
- package/dist/utils/private/encoded-aes.d.ts +2 -2
- package/dist/utils/private/encoded-aes.d.ts.map +1 -1
- package/dist/utils/private/encoded-aes.js +86 -149
- package/dist/utils/private/encoded-aes.js.map +1 -1
- package/dist/utils/private/encrypt-content.d.ts +3 -0
- package/dist/utils/private/encrypt-content.d.ts.map +1 -0
- package/dist/utils/private/encrypt-content.js +35 -0
- package/dist/utils/private/encrypt-content.js.map +1 -0
- package/dist/utils/private/encrypt-encoded.d.ts +9 -0
- package/dist/utils/private/encrypt-encoded.d.ts.map +1 -0
- package/dist/utils/private/encrypt-encoded.js +53 -0
- package/dist/utils/private/encrypt-encoded.js.map +1 -0
- package/dist/utils/private/encrypt-serialised.d.ts +9 -0
- package/dist/utils/private/encrypt-serialised.d.ts.map +1 -0
- package/dist/utils/private/encrypt-serialised.js +48 -0
- package/dist/utils/private/encrypt-serialised.js.map +1 -0
- package/dist/utils/private/encrypt-tokenised.d.ts +9 -0
- package/dist/utils/private/encrypt-tokenised.d.ts.map +1 -0
- package/dist/utils/private/encrypt-tokenised.js +45 -0
- package/dist/utils/private/encrypt-tokenised.js.map +1 -0
- package/dist/utils/private/encryption.d.ts.map +1 -1
- package/dist/utils/private/encryption.js +27 -27
- package/dist/utils/private/encryption.js.map +1 -1
- package/dist/utils/private/index.d.ts +6 -0
- package/dist/utils/private/index.d.ts.map +1 -1
- package/dist/utils/private/index.js +6 -0
- package/dist/utils/private/index.js.map +1 -1
- package/dist/utils/private/key-derivation/concat-kdf.d.ts +14 -0
- package/dist/utils/private/key-derivation/concat-kdf.d.ts.map +1 -0
- package/dist/utils/private/key-derivation/concat-kdf.js +26 -0
- package/dist/utils/private/key-derivation/concat-kdf.js.map +1 -0
- package/dist/utils/private/key-derivation/index.d.ts +1 -1
- package/dist/utils/private/key-derivation/index.d.ts.map +1 -1
- package/dist/utils/private/key-derivation/index.js +1 -1
- package/dist/utils/private/key-derivation/index.js.map +1 -1
- package/dist/utils/private/key-derivation/pbkdf.d.ts +1 -0
- package/dist/utils/private/key-derivation/pbkdf.d.ts.map +1 -1
- package/dist/utils/private/key-derivation/pbkdf.js +13 -2
- package/dist/utils/private/key-derivation/pbkdf.js.map +1 -1
- package/dist/utils/private/key-wrap/ecb-key-wrap.d.ts.map +1 -1
- package/dist/utils/private/key-wrap/ecb-key-wrap.js +10 -3
- package/dist/utils/private/key-wrap/ecb-key-wrap.js.map +1 -1
- package/dist/utils/private/key-wrap/gcm-key-wrap.d.ts.map +1 -1
- package/dist/utils/private/key-wrap/gcm-key-wrap.js +6 -0
- package/dist/utils/private/key-wrap/gcm-key-wrap.js.map +1 -1
- package/dist/utils/private/oct/get-oct-key-key-wrap.d.ts +1 -1
- package/dist/utils/private/oct/get-oct-key-key-wrap.d.ts.map +1 -1
- package/dist/utils/private/oct/get-oct-key-key-wrap.js +7 -14
- package/dist/utils/private/oct/get-oct-key-key-wrap.js.map +1 -1
- package/dist/utils/private/oct/get-oct-pbkdf-key-wrap-keys.d.ts.map +1 -1
- package/dist/utils/private/oct/get-oct-pbkdf-key-wrap-keys.js +2 -0
- package/dist/utils/private/oct/get-oct-pbkdf-key-wrap-keys.js.map +1 -1
- package/dist/utils/private/prepare-encryption.d.ts +3 -0
- package/dist/utils/private/prepare-encryption.d.ts.map +1 -0
- package/dist/utils/private/prepare-encryption.js +27 -0
- package/dist/utils/private/prepare-encryption.js.map +1 -0
- package/dist/utils/private/serialised-aes.d.ts.map +1 -1
- package/dist/utils/private/serialised-aes.js +38 -46
- package/dist/utils/private/serialised-aes.js.map +1 -1
- package/dist/utils/private/tokenised-aes.d.ts +3 -3
- package/dist/utils/private/tokenised-aes.d.ts.map +1 -1
- package/dist/utils/private/tokenised-aes.js +73 -55
- package/dist/utils/private/tokenised-aes.js.map +1 -1
- package/dist/utils/private/validate-version.d.ts +2 -0
- package/dist/utils/private/validate-version.d.ts.map +1 -0
- package/dist/utils/private/validate-version.js +27 -0
- package/dist/utils/private/validate-version.js.map +1 -0
- package/jest.config.interop.mjs +24 -0
- package/package.json +16 -15
- package/tsconfig.interop.json +9 -0
- package/dist/constants/private/format.d.ts +0 -2
- package/dist/constants/private/format.d.ts.map +0 -1
- package/dist/constants/private/format.js +0 -5
- package/dist/constants/private/format.js.map +0 -1
- package/dist/types/private/aes-string.d.ts +0 -21
- package/dist/types/private/aes-string.d.ts.map +0 -1
- package/dist/types/private/aes-string.js.map +0 -1
- package/dist/utils/private/key-derivation/hkdf.d.ts +0 -13
- package/dist/utils/private/key-derivation/hkdf.d.ts.map +0 -1
- package/dist/utils/private/key-derivation/hkdf.js +0 -12
- package/dist/utils/private/key-derivation/hkdf.js.map +0 -1
|
@@ -3,29 +3,20 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
exports.decryptAes = exports.encryptAes = void 0;
|
|
4
4
|
const crypto_1 = require("crypto");
|
|
5
5
|
const private_1 = require("../../constants/private");
|
|
6
|
+
const errors_1 = require("../../errors");
|
|
6
7
|
const calculate_1 = require("./calculate");
|
|
7
8
|
const content_1 = require("./content");
|
|
8
9
|
const data_1 = require("./data");
|
|
9
10
|
const get_key_1 = require("./get-key");
|
|
11
|
+
const encrypt_content_1 = require("./encrypt-content");
|
|
10
12
|
const encryptAes = (options) => {
|
|
11
|
-
const { data, encryption = "A256GCM", kryptos } = options;
|
|
12
|
-
const
|
|
13
|
+
const { aad, data, encryption = "A256GCM", kryptos } = options;
|
|
14
|
+
const keyResult = (0, get_key_1.getEncryptionKey)({ encryption, kryptos });
|
|
15
|
+
const { authTag, content, contentType, initialisationVector } = (0, encrypt_content_1.encryptAesContent)({
|
|
16
|
+
aad,
|
|
17
|
+
contentEncryptionKey: keyResult.contentEncryptionKey,
|
|
18
|
+
data,
|
|
13
19
|
encryption,
|
|
14
|
-
kryptos,
|
|
15
|
-
});
|
|
16
|
-
const { encryptionKey, hashKey } = (0, data_1.splitContentEncryptionKey)(encryption, contentEncryptionKey);
|
|
17
|
-
const aesEncryption = (0, calculate_1.calculateAesEncryption)(encryption);
|
|
18
|
-
const initialisationVector = (0, data_1.getInitialisationVector)(encryption);
|
|
19
|
-
const cipher = (0, crypto_1.createCipheriv)(aesEncryption, encryptionKey, initialisationVector);
|
|
20
|
-
const contentType = (0, content_1.calculateContentType)(data);
|
|
21
|
-
const buffer = (0, content_1.contentToBuffer)(data, contentType);
|
|
22
|
-
const content = Buffer.concat([cipher.update(buffer), cipher.final()]);
|
|
23
|
-
const authTag = (0, data_1.createAuthTag)({
|
|
24
|
-
cipher,
|
|
25
|
-
content,
|
|
26
|
-
hashKey,
|
|
27
|
-
encryption,
|
|
28
|
-
initialisationVector,
|
|
29
20
|
});
|
|
30
21
|
return {
|
|
31
22
|
algorithm: kryptos.algorithm,
|
|
@@ -33,24 +24,22 @@ const encryptAes = (options) => {
|
|
|
33
24
|
content,
|
|
34
25
|
contentType,
|
|
35
26
|
encryption,
|
|
36
|
-
hkdfSalt,
|
|
37
27
|
initialisationVector,
|
|
38
28
|
keyId: kryptos.id,
|
|
39
|
-
pbkdfIterations,
|
|
40
|
-
pbkdfSalt,
|
|
41
|
-
publicEncryptionIv,
|
|
42
|
-
publicEncryptionJwk,
|
|
43
|
-
publicEncryptionKey,
|
|
44
|
-
publicEncryptionTag,
|
|
29
|
+
pbkdfIterations: keyResult.pbkdfIterations,
|
|
30
|
+
pbkdfSalt: keyResult.pbkdfSalt,
|
|
31
|
+
publicEncryptionIv: keyResult.publicEncryptionIv,
|
|
32
|
+
publicEncryptionJwk: keyResult.publicEncryptionJwk,
|
|
33
|
+
publicEncryptionKey: keyResult.publicEncryptionKey,
|
|
34
|
+
publicEncryptionTag: keyResult.publicEncryptionTag,
|
|
45
35
|
version: private_1.LATEST_AES_VERSION,
|
|
46
36
|
};
|
|
47
37
|
};
|
|
48
38
|
exports.encryptAes = encryptAes;
|
|
49
39
|
const decryptAes = (options) => {
|
|
50
|
-
const { authTag, content, contentType, encryption,
|
|
40
|
+
const { aad, authTag, content, contentType, encryption, initialisationVector, kryptos, pbkdfIterations, pbkdfSalt, publicEncryptionIv, publicEncryptionJwk, publicEncryptionKey, publicEncryptionTag, } = options;
|
|
51
41
|
const { contentEncryptionKey } = (0, get_key_1.getDecryptionKey)({
|
|
52
42
|
encryption,
|
|
53
|
-
hkdfSalt,
|
|
54
43
|
kryptos,
|
|
55
44
|
pbkdfIterations,
|
|
56
45
|
pbkdfSalt,
|
|
@@ -61,8 +50,19 @@ const decryptAes = (options) => {
|
|
|
61
50
|
});
|
|
62
51
|
const { encryptionKey, hashKey } = (0, data_1.splitContentEncryptionKey)(encryption, contentEncryptionKey);
|
|
63
52
|
const aesEncryption = (0, calculate_1.calculateAesEncryption)(encryption);
|
|
64
|
-
const
|
|
53
|
+
const isGcm = encryption.includes("GCM");
|
|
54
|
+
const decipherOptions = isGcm
|
|
55
|
+
? { authTagLength: 16 }
|
|
56
|
+
: undefined;
|
|
57
|
+
const decipher = (0, crypto_1.createDecipheriv)(aesEncryption, encryptionKey, initialisationVector, decipherOptions);
|
|
58
|
+
if (isGcm && authTag && authTag.length !== 16) {
|
|
59
|
+
throw new errors_1.AesError("Invalid GCM auth tag length");
|
|
60
|
+
}
|
|
61
|
+
if (isGcm && aad) {
|
|
62
|
+
decipher.setAAD(aad);
|
|
63
|
+
}
|
|
65
64
|
(0, data_1.assertAuthTag)({
|
|
65
|
+
aad,
|
|
66
66
|
authTag,
|
|
67
67
|
content,
|
|
68
68
|
hashKey,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"encryption.js","sourceRoot":"","sources":["../../../src/utils/private/encryption.ts"],"names":[],"mappings":";;;AAAA,
|
|
1
|
+
{"version":3,"file":"encryption.js","sourceRoot":"","sources":["../../../src/utils/private/encryption.ts"],"names":[],"mappings":";;;AAAA,mCAAyE;AACzE,qDAA6D;AAC7D,yCAAwC;AAMxC,2CAAqD;AACrD,uCAAyC;AACzC,iCAAkE;AAClE,uCAA+D;AAC/D,uDAAsD;AAE/C,MAAM,UAAU,GAAG,CAAC,OAAoC,EAAuB,EAAE;IACtF,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,UAAU,GAAG,SAAS,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;IAE/D,MAAM,SAAS,GAAG,IAAA,0BAAgB,EAAC,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC,CAAC;IAE5D,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,oBAAoB,EAAE,GAAG,IAAA,mCAAiB,EAAC;QAChF,GAAG;QACH,oBAAoB,EAAE,SAAS,CAAC,oBAAoB;QACpD,IAAI;QACJ,UAAU;KACX,CAAC,CAAC;IAEH,OAAO;QACL,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,OAAO;QACP,OAAO;QACP,WAAW;QACX,UAAU;QACV,oBAAoB;QACpB,KAAK,EAAE,OAAO,CAAC,EAAE;QACjB,eAAe,EAAE,SAAS,CAAC,eAAe;QAC1C,SAAS,EAAE,SAAS,CAAC,SAAS;QAC9B,kBAAkB,EAAE,SAAS,CAAC,kBAAkB;QAChD,mBAAmB,EAAE,SAAS,CAAC,mBAAmB;QAClD,mBAAmB,EAAE,SAAS,CAAC,mBAAmB;QAClD,mBAAmB,EAAE,SAAS,CAAC,mBAAmB;QAClD,OAAO,EAAE,4BAAkB;KAC5B,CAAC;AACJ,CAAC,CAAC;AA5BW,QAAA,UAAU,cA4BrB;AAEK,MAAM,UAAU,GAAG,CACxB,OAAoC,EACjC,EAAE;IACL,MAAM,EACJ,GAAG,EACH,OAAO,EACP,OAAO,EACP,WAAW,EACX,UAAU,EACV,oBAAoB,EACpB,OAAO,EACP,eAAe,EACf,SAAS,EACT,kBAAkB,EAClB,mBAAmB,EACnB,mBAAmB,EACnB,mBAAmB,GACpB,GAAG,OAAO,CAAC;IAEZ,MAAM,EAAE,oBAAoB,EAAE,GAAG,IAAA,0BAAgB,EAAC;QAChD,UAAU;QACV,OAAO;QACP,eAAe;QACf,SAAS;QACT,kBAAkB;QAClB,mBAAmB;QACnB,mBAAmB;QACnB,mBAAmB;KACpB,CAAC,CAAC;IAEH,MAAM,EAAE,aAAa,EAAE,OAAO,EAAE,GAAG,IAAA,gCAAyB,EAC1D,UAAU,EACV,oBAAoB,CACrB,CAAC;IAEF,MAAM,aAAa,GAAG,IAAA,kCAAsB,EAAC,UAAU,CAAC,CAAC;IACzD,MAAM,KAAK,GAAG,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACzC,MAAM,eAAe,GAAiC,KAAK;QACzD,CAAC,CAAC,EAAE,aAAa,EAAE,EAAE,EAAE;QACvB,CAAC,CAAC,SAAS,CAAC;IACd,MAAM,QAAQ,GAAG,IAAA,yBAAgB,EAC/B,aAAa,EACb,aAAa,EACb,oBAAoB,EACpB,eAAmC,CACpC,CAAC;IAEF,IAAI,KAAK,IAAI,OAAO,IAAI,OAAO,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QAC9C,MAAM,IAAI,iBAAQ,CAAC,6BAA6B,CAAC,CAAC;IACpD,CAAC;IAED,IAAI,KAAK,IAAI,GAAG,EAAE,CAAC;QAChB,QAAwB,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACxC,CAAC;IAED,IAAA,oBAAa,EAAC;QACZ,GAAG;QACH,OAAO;QACP,OAAO;QACP,OAAO;QACP,QAAQ;QACR,UAAU;QACV,oBAAoB;KACrB,CAAC,CAAC;IAEH,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAE1E,OAAO,IAAA,sBAAY,EAAI,KAAK,EAAE,WAAW,CAAC,CAAC;AAC7C,CAAC,CAAC;AApEW,QAAA,UAAU,cAoErB"}
|
|
@@ -6,8 +6,14 @@ export * from "./key-derivation";
|
|
|
6
6
|
export * from "./key-types";
|
|
7
7
|
export * from "./key-wrap";
|
|
8
8
|
export * from "./oct";
|
|
9
|
+
export * from "./aes-header";
|
|
9
10
|
export * from "./encoded-aes";
|
|
11
|
+
export * from "./encrypt-content";
|
|
12
|
+
export * from "./encrypt-encoded";
|
|
13
|
+
export * from "./encrypt-serialised";
|
|
14
|
+
export * from "./encrypt-tokenised";
|
|
10
15
|
export * from "./encryption";
|
|
16
|
+
export * from "./prepare-encryption";
|
|
11
17
|
export * from "./serialised-aes";
|
|
12
18
|
export * from "./tokenised-aes";
|
|
13
19
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/utils/private/index.ts"],"names":[],"mappings":"AAAA,cAAc,aAAa,CAAC;AAC5B,cAAc,QAAQ,CAAC;AACvB,cAAc,kBAAkB,CAAC;AACjC,cAAc,WAAW,CAAC;AAC1B,cAAc,kBAAkB,CAAC;AACjC,cAAc,aAAa,CAAC;AAC5B,cAAc,YAAY,CAAC;AAC3B,cAAc,OAAO,CAAC;AAEtB,cAAc,eAAe,CAAC;AAC9B,cAAc,cAAc,CAAC;AAC7B,cAAc,kBAAkB,CAAC;AACjC,cAAc,iBAAiB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/utils/private/index.ts"],"names":[],"mappings":"AAAA,cAAc,aAAa,CAAC;AAC5B,cAAc,QAAQ,CAAC;AACvB,cAAc,kBAAkB,CAAC;AACjC,cAAc,WAAW,CAAC;AAC1B,cAAc,kBAAkB,CAAC;AACjC,cAAc,aAAa,CAAC;AAC5B,cAAc,YAAY,CAAC;AAC3B,cAAc,OAAO,CAAC;AAEtB,cAAc,cAAc,CAAC;AAC7B,cAAc,eAAe,CAAC;AAC9B,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC;AAClC,cAAc,sBAAsB,CAAC;AACrC,cAAc,qBAAqB,CAAC;AACpC,cAAc,cAAc,CAAC;AAC7B,cAAc,sBAAsB,CAAC;AACrC,cAAc,kBAAkB,CAAC;AACjC,cAAc,iBAAiB,CAAC"}
|
|
@@ -22,8 +22,14 @@ __exportStar(require("./key-derivation"), exports);
|
|
|
22
22
|
__exportStar(require("./key-types"), exports);
|
|
23
23
|
__exportStar(require("./key-wrap"), exports);
|
|
24
24
|
__exportStar(require("./oct"), exports);
|
|
25
|
+
__exportStar(require("./aes-header"), exports);
|
|
25
26
|
__exportStar(require("./encoded-aes"), exports);
|
|
27
|
+
__exportStar(require("./encrypt-content"), exports);
|
|
28
|
+
__exportStar(require("./encrypt-encoded"), exports);
|
|
29
|
+
__exportStar(require("./encrypt-serialised"), exports);
|
|
30
|
+
__exportStar(require("./encrypt-tokenised"), exports);
|
|
26
31
|
__exportStar(require("./encryption"), exports);
|
|
32
|
+
__exportStar(require("./prepare-encryption"), exports);
|
|
27
33
|
__exportStar(require("./serialised-aes"), exports);
|
|
28
34
|
__exportStar(require("./tokenised-aes"), exports);
|
|
29
35
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/utils/private/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,8CAA4B;AAC5B,yCAAuB;AACvB,mDAAiC;AACjC,4CAA0B;AAC1B,mDAAiC;AACjC,8CAA4B;AAC5B,6CAA2B;AAC3B,wCAAsB;AAEtB,gDAA8B;AAC9B,+CAA6B;AAC7B,mDAAiC;AACjC,kDAAgC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/utils/private/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,8CAA4B;AAC5B,yCAAuB;AACvB,mDAAiC;AACjC,4CAA0B;AAC1B,mDAAiC;AACjC,8CAA4B;AAC5B,6CAA2B;AAC3B,wCAAsB;AAEtB,+CAA6B;AAC7B,gDAA8B;AAC9B,oDAAkC;AAClC,oDAAkC;AAClC,uDAAqC;AACrC,sDAAoC;AACpC,+CAA6B;AAC7B,uDAAqC;AACrC,mDAAiC;AACjC,kDAAgC"}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
import { AesKeyLength } from "@lindorm/types";
|
|
2
|
+
type Options = {
|
|
3
|
+
algorithm: string;
|
|
4
|
+
apu?: Buffer;
|
|
5
|
+
apv?: Buffer;
|
|
6
|
+
keyLength: AesKeyLength;
|
|
7
|
+
sharedSecret: Buffer;
|
|
8
|
+
};
|
|
9
|
+
type Result = {
|
|
10
|
+
derivedKey: Buffer;
|
|
11
|
+
};
|
|
12
|
+
export declare const concatKdf: (options: Options) => Result;
|
|
13
|
+
export {};
|
|
14
|
+
//# sourceMappingURL=concat-kdf.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"concat-kdf.d.ts","sourceRoot":"","sources":["../../../../src/utils/private/key-derivation/concat-kdf.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAE9C,KAAK,OAAO,GAAG;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,YAAY,CAAC;IACxB,YAAY,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF,KAAK,MAAM,GAAG;IACZ,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC;AAQF,eAAO,MAAM,SAAS,GAAI,SAAS,OAAO,KAAG,MAiB5C,CAAC"}
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.concatKdf = void 0;
|
|
4
|
+
const crypto_1 = require("crypto");
|
|
5
|
+
const lengthPrefixed = (data) => {
|
|
6
|
+
const len = Buffer.alloc(4);
|
|
7
|
+
len.writeUInt32BE(data.length);
|
|
8
|
+
return Buffer.concat([len, data]);
|
|
9
|
+
};
|
|
10
|
+
const concatKdf = (options) => {
|
|
11
|
+
const algId = lengthPrefixed(Buffer.from(options.algorithm, "utf8"));
|
|
12
|
+
const partyU = lengthPrefixed(options.apu ?? Buffer.alloc(0));
|
|
13
|
+
const partyV = lengthPrefixed(options.apv ?? Buffer.alloc(0));
|
|
14
|
+
const suppPub = Buffer.alloc(4);
|
|
15
|
+
suppPub.writeUInt32BE(options.keyLength * 8);
|
|
16
|
+
const otherInfo = Buffer.concat([algId, partyU, partyV, suppPub]);
|
|
17
|
+
const round = Buffer.alloc(4);
|
|
18
|
+
round.writeUInt32BE(1);
|
|
19
|
+
const hash = (0, crypto_1.createHash)("sha256");
|
|
20
|
+
hash.update(round);
|
|
21
|
+
hash.update(options.sharedSecret);
|
|
22
|
+
hash.update(otherInfo);
|
|
23
|
+
return { derivedKey: hash.digest().subarray(0, options.keyLength) };
|
|
24
|
+
};
|
|
25
|
+
exports.concatKdf = concatKdf;
|
|
26
|
+
//# sourceMappingURL=concat-kdf.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"concat-kdf.js","sourceRoot":"","sources":["../../../../src/utils/private/key-derivation/concat-kdf.ts"],"names":[],"mappings":";;;AAAA,mCAAoC;AAepC,MAAM,cAAc,GAAG,CAAC,IAAY,EAAU,EAAE;IAC9C,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC5B,GAAG,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC/B,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC;AACpC,CAAC,CAAC;AAEK,MAAM,SAAS,GAAG,CAAC,OAAgB,EAAU,EAAE;IACpD,MAAM,KAAK,GAAG,cAAc,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC;IACrE,MAAM,MAAM,GAAG,cAAc,CAAC,OAAO,CAAC,GAAG,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9D,MAAM,MAAM,GAAG,cAAc,CAAC,OAAO,CAAC,GAAG,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9D,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAChC,OAAO,CAAC,aAAa,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC;IAE7C,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IAClE,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC9B,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;IAEvB,MAAM,IAAI,GAAG,IAAA,mBAAU,EAAC,QAAQ,CAAC,CAAC;IAClC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACnB,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;IAClC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAEvB,OAAO,EAAE,UAAU,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;AACtE,CAAC,CAAC;AAjBW,QAAA,SAAS,aAiBpB"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/utils/private/key-derivation/index.ts"],"names":[],"mappings":"AAAA,cAAc,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/utils/private/key-derivation/index.ts"],"names":[],"mappings":"AAAA,cAAc,cAAc,CAAC;AAC7B,cAAc,SAAS,CAAC"}
|
|
@@ -14,6 +14,6 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
|
14
14
|
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
15
|
};
|
|
16
16
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
-
__exportStar(require("./
|
|
17
|
+
__exportStar(require("./concat-kdf"), exports);
|
|
18
18
|
__exportStar(require("./pbkdf"), exports);
|
|
19
19
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/utils/private/key-derivation/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/utils/private/key-derivation/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,+CAA6B;AAC7B,0CAAwB"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"pbkdf.d.ts","sourceRoot":"","sources":["../../../../src/utils/private/key-derivation/pbkdf.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"pbkdf.d.ts","sourceRoot":"","sources":["../../../../src/utils/private/key-derivation/pbkdf.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAI5D,KAAK,OAAO,GAAG;IACb,SAAS,EAAE,YAAY,CAAC;IACxB,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,YAAY,CAAC;IACxB,gBAAgB,EAAE,MAAM,CAAC;IACzB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,KAAK,MAAM,GAAG;IACZ,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAKF,eAAO,MAAM,KAAK,GAAI,SAAS,OAAO,KAAG,MAyBxC,CAAC"}
|
|
@@ -2,11 +2,22 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.pbkdf = void 0;
|
|
4
4
|
const crypto_1 = require("crypto");
|
|
5
|
-
const
|
|
5
|
+
const errors_1 = require("../../../errors");
|
|
6
|
+
const randomIterations = () => (0, crypto_1.randomInt)(90000, 110001);
|
|
6
7
|
const pbkdf = (options) => {
|
|
7
8
|
const pbkdfSalt = options.pbkdfSalt ?? (0, crypto_1.randomBytes)(16);
|
|
8
9
|
const pbkdfIterations = options.pbkdfIterations ?? randomIterations();
|
|
9
|
-
|
|
10
|
+
if (pbkdfIterations < 1000) {
|
|
11
|
+
throw new errors_1.AesError("PBKDF2 iteration count must be at least 1000", {
|
|
12
|
+
debug: { pbkdfIterations },
|
|
13
|
+
});
|
|
14
|
+
}
|
|
15
|
+
const rfcSalt = Buffer.concat([
|
|
16
|
+
Buffer.from(options.kryptosAlgorithm, "utf8"),
|
|
17
|
+
Buffer.from([0x00]),
|
|
18
|
+
pbkdfSalt,
|
|
19
|
+
]);
|
|
20
|
+
const derivedKey = (0, crypto_1.pbkdf2Sync)(options.derivationKey, rfcSalt, pbkdfIterations, options.keyLength, options.algorithm);
|
|
10
21
|
return { derivedKey, pbkdfIterations, pbkdfSalt };
|
|
11
22
|
};
|
|
12
23
|
exports.pbkdf = pbkdf;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"pbkdf.js","sourceRoot":"","sources":["../../../../src/utils/private/key-derivation/pbkdf.ts"],"names":[],"mappings":";;;AACA,
|
|
1
|
+
{"version":3,"file":"pbkdf.js","sourceRoot":"","sources":["../../../../src/utils/private/key-derivation/pbkdf.ts"],"names":[],"mappings":";;;AACA,mCAA4D;AAC5D,4CAA2C;AAkB3C,MAAM,gBAAgB,GAAG,GAAW,EAAE,CAAC,IAAA,kBAAS,EAAC,KAAK,EAAE,MAAM,CAAC,CAAC;AAEzD,MAAM,KAAK,GAAG,CAAC,OAAgB,EAAU,EAAE;IAChD,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,IAAA,oBAAW,EAAC,EAAE,CAAC,CAAC;IACvD,MAAM,eAAe,GAAG,OAAO,CAAC,eAAe,IAAI,gBAAgB,EAAE,CAAC;IAEtE,IAAI,eAAe,GAAG,IAAI,EAAE,CAAC;QAC3B,MAAM,IAAI,iBAAQ,CAAC,8CAA8C,EAAE;YACjE,KAAK,EAAE,EAAE,eAAe,EAAE;SAC3B,CAAC,CAAC;IACL,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC;QAC5B,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,gBAAgB,EAAE,MAAM,CAAC;QAC7C,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC;QACnB,SAAS;KACV,CAAC,CAAC;IAEH,MAAM,UAAU,GAAG,IAAA,mBAAU,EAC3B,OAAO,CAAC,aAAa,EACrB,OAAO,EACP,eAAe,EACf,OAAO,CAAC,SAAS,EACjB,OAAO,CAAC,SAAS,CAClB,CAAC;IAEF,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,SAAS,EAAE,CAAC;AACpD,CAAC,CAAC;AAzBW,QAAA,KAAK,SAyBhB"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ecb-key-wrap.d.ts","sourceRoot":"","sources":["../../../../src/utils/private/key-wrap/ecb-key-wrap.ts"],"names":[],"mappings":"AACA,OAAO,EACL,gBAAgB,EAChB,eAAe,EACf,cAAc,EACd,aAAa,EACd,MAAM,wBAAwB,CAAC;
|
|
1
|
+
{"version":3,"file":"ecb-key-wrap.d.ts","sourceRoot":"","sources":["../../../../src/utils/private/key-wrap/ecb-key-wrap.ts"],"names":[],"mappings":"AACA,OAAO,EACL,gBAAgB,EAChB,eAAe,EACf,cAAc,EACd,aAAa,EACd,MAAM,wBAAwB,CAAC;AAQhC,eAAO,MAAM,UAAU,GAAI,sDAIxB,cAAc,KAAG,aAoCnB,CAAC;AAEF,eAAO,MAAM,YAAY,GAAI,qDAI1B,gBAAgB,KAAG,eAqCrB,CAAC"}
|
|
@@ -2,13 +2,18 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.ecbKeyUnwrap = exports.ecbKeyWrap = void 0;
|
|
4
4
|
const crypto_1 = require("crypto");
|
|
5
|
+
const errors_1 = require("../../../errors");
|
|
5
6
|
const calculate_1 = require("../calculate");
|
|
6
7
|
const AIV = "A6A6A6A6A6A6A6A6";
|
|
8
|
+
const AIV_BUFFER = Buffer.from(AIV, "hex");
|
|
7
9
|
const BLOCK_SIZE = 8;
|
|
8
10
|
const ecbKeyWrap = ({ contentEncryptionKey, keyEncryptionKey, kryptos, }) => {
|
|
9
11
|
const algorithm = (0, calculate_1.calculateKeyWrapEncryption)(kryptos);
|
|
12
|
+
if (contentEncryptionKey.length < 16 || contentEncryptionKey.length % 8 !== 0) {
|
|
13
|
+
throw new errors_1.AesError("Key wrap input must be at least 16 bytes and a multiple of 8");
|
|
14
|
+
}
|
|
10
15
|
const n = contentEncryptionKey.length / BLOCK_SIZE;
|
|
11
|
-
let a = Buffer.from(
|
|
16
|
+
let a = Buffer.from(AIV_BUFFER);
|
|
12
17
|
const r = [];
|
|
13
18
|
for (let i = 0; i < n; i++) {
|
|
14
19
|
r[i] = contentEncryptionKey.subarray(i * BLOCK_SIZE, (i + 1) * BLOCK_SIZE);
|
|
@@ -29,6 +34,7 @@ const ecbKeyWrap = ({ contentEncryptionKey, keyEncryptionKey, kryptos, }) => {
|
|
|
29
34
|
r[i] = encrypted.subarray(BLOCK_SIZE);
|
|
30
35
|
}
|
|
31
36
|
}
|
|
37
|
+
cipher.final();
|
|
32
38
|
return { publicEncryptionKey: Buffer.concat([a, ...r]) };
|
|
33
39
|
};
|
|
34
40
|
exports.ecbKeyWrap = ecbKeyWrap;
|
|
@@ -57,8 +63,9 @@ const ecbKeyUnwrap = ({ keyEncryptionKey, kryptos, publicEncryptionKey, }) => {
|
|
|
57
63
|
r[i] = decrypted.subarray(BLOCK_SIZE);
|
|
58
64
|
}
|
|
59
65
|
}
|
|
60
|
-
|
|
61
|
-
|
|
66
|
+
decipher.final();
|
|
67
|
+
if (!(0, crypto_1.timingSafeEqual)(a, AIV_BUFFER)) {
|
|
68
|
+
throw new errors_1.AesError("Integrity check failed");
|
|
62
69
|
}
|
|
63
70
|
return { contentEncryptionKey: Buffer.concat(r) };
|
|
64
71
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ecb-key-wrap.js","sourceRoot":"","sources":["../../../../src/utils/private/key-wrap/ecb-key-wrap.ts"],"names":[],"mappings":";;;AAAA,
|
|
1
|
+
{"version":3,"file":"ecb-key-wrap.js","sourceRoot":"","sources":["../../../../src/utils/private/key-wrap/ecb-key-wrap.ts"],"names":[],"mappings":";;;AAAA,mCAA2E;AAO3E,4CAA2C;AAC3C,4CAA0D;AAE1D,MAAM,GAAG,GAAG,kBAA2B,CAAC;AACxC,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;AAC3C,MAAM,UAAU,GAAG,CAAU,CAAC;AAEvB,MAAM,UAAU,GAAG,CAAC,EACzB,oBAAoB,EACpB,gBAAgB,EAChB,OAAO,GACQ,EAAiB,EAAE;IAClC,MAAM,SAAS,GAAG,IAAA,sCAA0B,EAAC,OAAO,CAAC,CAAC;IAEtD,IAAI,oBAAoB,CAAC,MAAM,GAAG,EAAE,IAAI,oBAAoB,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QAC9E,MAAM,IAAI,iBAAQ,CAAC,8DAA8D,CAAC,CAAC;IACrF,CAAC;IAED,MAAM,CAAC,GAAG,oBAAoB,CAAC,MAAM,GAAG,UAAU,CAAC;IACnD,IAAI,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAChC,MAAM,CAAC,GAAG,EAAE,CAAC;IAEb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3B,CAAC,CAAC,CAAC,CAAC,GAAG,oBAAoB,CAAC,QAAQ,CAAC,CAAC,GAAG,UAAU,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,UAAU,CAAC,CAAC;IAC7E,CAAC;IAED,MAAM,MAAM,GAAG,IAAA,uBAAc,EAAC,SAAS,EAAE,gBAAgB,EAAE,IAAI,CAAC,CAAC;IACjE,MAAM,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;IAE7B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC3B,MAAM,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACnC,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YACnC,CAAC,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;YACtC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACxB,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;YACzC,OAAO,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;YAC7B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,EAAE,CAAC,EAAE,EAAE,CAAC;gBACpC,CAAC,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,CAAC,CAAC,CAAC;YACrB,CAAC;YACD,CAAC,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;QACxC,CAAC;IACH,CAAC;IAED,MAAM,CAAC,KAAK,EAAE,CAAC;IAEf,OAAO,EAAE,mBAAmB,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;AAC3D,CAAC,CAAC;AAxCW,QAAA,UAAU,cAwCrB;AAEK,MAAM,YAAY,GAAG,CAAC,EAC3B,gBAAgB,EAChB,OAAO,EACP,mBAAmB,GACF,EAAmB,EAAE;IACtC,MAAM,UAAU,GAAG,IAAA,sCAA0B,EAAC,OAAO,CAAC,CAAC;IAEvD,MAAM,CAAC,GAAG,mBAAmB,CAAC,MAAM,GAAG,UAAU,GAAG,CAAC,CAAC;IACtD,IAAI,CAAC,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;IACpD,MAAM,CAAC,GAAG,EAAE,CAAC;IAEb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3B,CAAC,CAAC,CAAC,CAAC,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,UAAU,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,UAAU,CAAC,CAAC;IAClF,CAAC;IAED,MAAM,QAAQ,GAAG,IAAA,yBAAgB,EAAC,UAAU,EAAE,gBAAgB,EAAE,IAAI,CAAC,CAAC;IACtE,QAAQ,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;IAE/B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5B,KAAK,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAChC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACxB,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;YACzC,OAAO,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;YAC7B,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;YACvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,EAAE,CAAC,EAAE,EAAE,CAAC;gBACpC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;YAC/B,CAAC;YACD,MAAM,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACvC,MAAM,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YACrC,CAAC,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;YACtC,CAAC,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;QACxC,CAAC;IACH,CAAC;IAED,QAAQ,CAAC,KAAK,EAAE,CAAC;IAEjB,IAAI,CAAC,IAAA,wBAAe,EAAC,CAAC,EAAE,UAAU,CAAC,EAAE,CAAC;QACpC,MAAM,IAAI,iBAAQ,CAAC,wBAAwB,CAAC,CAAC;IAC/C,CAAC;IAED,OAAO,EAAE,oBAAoB,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;AACpD,CAAC,CAAC;AAzCW,QAAA,YAAY,gBAyCvB"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"gcm-key-wrap.d.ts","sourceRoot":"","sources":["../../../../src/utils/private/key-wrap/gcm-key-wrap.ts"],"names":[],"mappings":"AAQA,OAAO,EACL,gBAAgB,EAChB,eAAe,EACf,cAAc,EACd,aAAa,EACd,MAAM,wBAAwB,CAAC;AAGhC,eAAO,MAAM,UAAU,GAAI,sDAIxB,cAAc,KAAG,aAkBnB,CAAC;AAEF,eAAO,MAAM,YAAY,GAAI,8FAM1B,gBAAgB,KAAG,
|
|
1
|
+
{"version":3,"file":"gcm-key-wrap.d.ts","sourceRoot":"","sources":["../../../../src/utils/private/key-wrap/gcm-key-wrap.ts"],"names":[],"mappings":"AAQA,OAAO,EACL,gBAAgB,EAChB,eAAe,EACf,cAAc,EACd,aAAa,EACd,MAAM,wBAAwB,CAAC;AAGhC,eAAO,MAAM,UAAU,GAAI,sDAIxB,cAAc,KAAG,aAkBnB,CAAC;AAEF,eAAO,MAAM,YAAY,GAAI,8FAM1B,gBAAgB,KAAG,eA8BrB,CAAC"}
|
|
@@ -23,6 +23,12 @@ const gcmKeyUnwrap = ({ keyEncryptionKey, kryptos, publicEncryptionIv, publicEnc
|
|
|
23
23
|
if (!publicEncryptionTag) {
|
|
24
24
|
throw new errors_1.AesError("Invalid public encryption tag");
|
|
25
25
|
}
|
|
26
|
+
if (publicEncryptionIv.length !== 12) {
|
|
27
|
+
throw new errors_1.AesError("Invalid GCM key wrap IV length");
|
|
28
|
+
}
|
|
29
|
+
if (publicEncryptionTag.length !== 16) {
|
|
30
|
+
throw new errors_1.AesError("Invalid GCM key wrap auth tag length");
|
|
31
|
+
}
|
|
26
32
|
const algorithm = (0, calculate_1.calculateKeyWrapEncryption)(kryptos);
|
|
27
33
|
const decipher = (0, crypto_1.createDecipheriv)(algorithm, keyEncryptionKey, publicEncryptionIv);
|
|
28
34
|
decipher.setAuthTag(publicEncryptionTag);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"gcm-key-wrap.js","sourceRoot":"","sources":["../../../../src/utils/private/key-wrap/gcm-key-wrap.ts"],"names":[],"mappings":";;;AAAA,mCAMgB;AAChB,4CAA2C;AAO3C,4CAA0D;AAEnD,MAAM,UAAU,GAAG,CAAC,EACzB,oBAAoB,EACpB,gBAAgB,EAChB,OAAO,GACQ,EAAiB,EAAE;IAClC,MAAM,SAAS,GAAG,IAAA,sCAA0B,EAAC,OAAO,CAAC,CAAC;IAEtD,MAAM,kBAAkB,GAAG,IAAA,oBAAW,EAAC,EAAE,CAAC,CAAC;IAC3C,MAAM,MAAM,GAAG,IAAA,uBAAc,EAC3B,SAAS,EACT,gBAAgB,EAChB,kBAAkB,CACN,CAAC;IAEf,MAAM,mBAAmB,GAAG,MAAM,CAAC,MAAM,CAAC;QACxC,MAAM,CAAC,MAAM,CAAC,oBAAoB,CAAC;QACnC,MAAM,CAAC,KAAK,EAAE;KACf,CAAC,CAAC;IAEH,MAAM,mBAAmB,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IAEhD,OAAO,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,CAAC;AAC1E,CAAC,CAAC;AAtBW,QAAA,UAAU,cAsBrB;AAEK,MAAM,YAAY,GAAG,CAAC,EAC3B,gBAAgB,EAChB,OAAO,EACP,kBAAkB,EAClB,mBAAmB,EACnB,mBAAmB,GACF,EAAmB,EAAE;IACtC,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,MAAM,IAAI,iBAAQ,CAAC,8BAA8B,CAAC,CAAC;IACrD,CAAC;IACD,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACzB,MAAM,IAAI,iBAAQ,CAAC,+BAA+B,CAAC,CAAC;IACtD,CAAC;IAED,MAAM,SAAS,GAAG,IAAA,sCAA0B,EAAC,OAAO,CAAC,CAAC;IAEtD,MAAM,QAAQ,GAAG,IAAA,yBAAgB,EAC/B,SAAS,EACT,gBAAgB,EAChB,kBAAkB,CACJ,CAAC;IAEjB,QAAQ,CAAC,UAAU,CAAC,mBAAmB,CAAC,CAAC;IAEzC,MAAM,oBAAoB,GAAG,MAAM,CAAC,MAAM,CAAC;QACzC,QAAQ,CAAC,MAAM,CAAC,mBAAmB,CAAC;QACpC,QAAQ,CAAC,KAAK,EAAE;KACjB,CAAC,CAAC;IAEH,OAAO,EAAE,oBAAoB,EAAE,CAAC;AAClC,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"gcm-key-wrap.js","sourceRoot":"","sources":["../../../../src/utils/private/key-wrap/gcm-key-wrap.ts"],"names":[],"mappings":";;;AAAA,mCAMgB;AAChB,4CAA2C;AAO3C,4CAA0D;AAEnD,MAAM,UAAU,GAAG,CAAC,EACzB,oBAAoB,EACpB,gBAAgB,EAChB,OAAO,GACQ,EAAiB,EAAE;IAClC,MAAM,SAAS,GAAG,IAAA,sCAA0B,EAAC,OAAO,CAAC,CAAC;IAEtD,MAAM,kBAAkB,GAAG,IAAA,oBAAW,EAAC,EAAE,CAAC,CAAC;IAC3C,MAAM,MAAM,GAAG,IAAA,uBAAc,EAC3B,SAAS,EACT,gBAAgB,EAChB,kBAAkB,CACN,CAAC;IAEf,MAAM,mBAAmB,GAAG,MAAM,CAAC,MAAM,CAAC;QACxC,MAAM,CAAC,MAAM,CAAC,oBAAoB,CAAC;QACnC,MAAM,CAAC,KAAK,EAAE;KACf,CAAC,CAAC;IAEH,MAAM,mBAAmB,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IAEhD,OAAO,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,CAAC;AAC1E,CAAC,CAAC;AAtBW,QAAA,UAAU,cAsBrB;AAEK,MAAM,YAAY,GAAG,CAAC,EAC3B,gBAAgB,EAChB,OAAO,EACP,kBAAkB,EAClB,mBAAmB,EACnB,mBAAmB,GACF,EAAmB,EAAE;IACtC,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,MAAM,IAAI,iBAAQ,CAAC,8BAA8B,CAAC,CAAC;IACrD,CAAC;IACD,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACzB,MAAM,IAAI,iBAAQ,CAAC,+BAA+B,CAAC,CAAC;IACtD,CAAC;IACD,IAAI,kBAAkB,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACrC,MAAM,IAAI,iBAAQ,CAAC,gCAAgC,CAAC,CAAC;IACvD,CAAC;IACD,IAAI,mBAAmB,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,iBAAQ,CAAC,sCAAsC,CAAC,CAAC;IAC7D,CAAC;IAED,MAAM,SAAS,GAAG,IAAA,sCAA0B,EAAC,OAAO,CAAC,CAAC;IAEtD,MAAM,QAAQ,GAAG,IAAA,yBAAgB,EAC/B,SAAS,EACT,gBAAgB,EAChB,kBAAkB,CACJ,CAAC;IAEjB,QAAQ,CAAC,UAAU,CAAC,mBAAmB,CAAC,CAAC;IAEzC,MAAM,oBAAoB,GAAG,MAAM,CAAC,MAAM,CAAC;QACzC,QAAQ,CAAC,MAAM,CAAC,mBAAmB,CAAC;QACpC,QAAQ,CAAC,KAAK,EAAE;KACjB,CAAC,CAAC;IAEH,OAAO,EAAE,oBAAoB,EAAE,CAAC;AAClC,CAAC,CAAC;AApCW,QAAA,YAAY,gBAoCvB"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
1
|
import { CreateCekOptions, CreateCekResult, DecryptCekOptions, DecryptCekResult } from "../../../types/private";
|
|
2
2
|
export declare const getOctKeyWrapEncryptionKey: ({ encryption, kryptos, }: CreateCekOptions) => CreateCekResult;
|
|
3
|
-
export declare const getOctKeyWrapDecryptionKey: ({
|
|
3
|
+
export declare const getOctKeyWrapDecryptionKey: ({ kryptos, publicEncryptionIv, publicEncryptionKey, publicEncryptionTag, }: DecryptCekOptions) => DecryptCekResult;
|
|
4
4
|
//# sourceMappingURL=get-oct-key-key-wrap.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"get-oct-key-key-wrap.d.ts","sourceRoot":"","sources":["../../../../src/utils/private/oct/get-oct-key-key-wrap.ts"],"names":[],"mappings":"AAGA,OAAO,EACL,gBAAgB,EAChB,eAAe,EACf,iBAAiB,EACjB,gBAAgB,EACjB,MAAM,wBAAwB,CAAC;
|
|
1
|
+
{"version":3,"file":"get-oct-key-key-wrap.d.ts","sourceRoot":"","sources":["../../../../src/utils/private/oct/get-oct-key-key-wrap.ts"],"names":[],"mappings":"AAGA,OAAO,EACL,gBAAgB,EAChB,eAAe,EACf,iBAAiB,EACjB,gBAAgB,EACjB,MAAM,wBAAwB,CAAC;AAIhC,eAAO,MAAM,0BAA0B,GAAI,0BAGxC,gBAAgB,KAAG,eAyBrB,CAAC;AAEF,eAAO,MAAM,0BAA0B,GAAI,4EAKxC,iBAAiB,KAAG,gBAoBtB,CAAC"}
|
|
@@ -5,7 +5,6 @@ const kryptos_1 = require("@lindorm/kryptos");
|
|
|
5
5
|
const crypto_1 = require("crypto");
|
|
6
6
|
const errors_1 = require("../../../errors");
|
|
7
7
|
const calculate_1 = require("../calculate");
|
|
8
|
-
const key_derivation_1 = require("../key-derivation");
|
|
9
8
|
const key_wrap_1 = require("../key-wrap");
|
|
10
9
|
const getOctKeyWrapEncryptionKey = ({ encryption, kryptos, }) => {
|
|
11
10
|
if (!kryptos_1.KryptosKit.isOct(kryptos)) {
|
|
@@ -14,25 +13,22 @@ const getOctKeyWrapEncryptionKey = ({ encryption, kryptos, }) => {
|
|
|
14
13
|
const der = kryptos.export("der");
|
|
15
14
|
const cekSize = (0, calculate_1.calculateContentEncryptionKeySize)(encryption);
|
|
16
15
|
const contentEncryptionKey = (0, crypto_1.randomBytes)(cekSize);
|
|
17
|
-
const
|
|
18
|
-
|
|
19
|
-
keyLength: (0, calculate_1.calculateKeyWrapSize)(kryptos.algorithm),
|
|
20
|
-
});
|
|
16
|
+
const keyWrapSize = (0, calculate_1.calculateKeyWrapSize)(kryptos.algorithm);
|
|
17
|
+
const keyEncryptionKey = der.privateKey.subarray(0, keyWrapSize);
|
|
21
18
|
const { publicEncryptionKey, publicEncryptionIv, publicEncryptionTag } = (0, key_wrap_1.keyWrap)({
|
|
22
19
|
contentEncryptionKey,
|
|
23
20
|
kryptos,
|
|
24
|
-
keyEncryptionKey
|
|
21
|
+
keyEncryptionKey,
|
|
25
22
|
});
|
|
26
23
|
return {
|
|
27
24
|
contentEncryptionKey,
|
|
28
|
-
hkdfSalt,
|
|
29
25
|
publicEncryptionKey,
|
|
30
26
|
publicEncryptionIv,
|
|
31
27
|
publicEncryptionTag,
|
|
32
28
|
};
|
|
33
29
|
};
|
|
34
30
|
exports.getOctKeyWrapEncryptionKey = getOctKeyWrapEncryptionKey;
|
|
35
|
-
const getOctKeyWrapDecryptionKey = ({
|
|
31
|
+
const getOctKeyWrapDecryptionKey = ({ kryptos, publicEncryptionIv, publicEncryptionKey, publicEncryptionTag, }) => {
|
|
36
32
|
if (!kryptos_1.KryptosKit.isOct(kryptos)) {
|
|
37
33
|
throw new errors_1.AesError("Invalid Kryptos", { debug: { kryptos: kryptos.toJSON() } });
|
|
38
34
|
}
|
|
@@ -40,13 +36,10 @@ const getOctKeyWrapDecryptionKey = ({ hkdfSalt, kryptos, publicEncryptionIv, pub
|
|
|
40
36
|
throw new errors_1.AesError("Missing publicEncryptionKey");
|
|
41
37
|
}
|
|
42
38
|
const der = kryptos.export("der");
|
|
43
|
-
const
|
|
44
|
-
|
|
45
|
-
hkdfSalt,
|
|
46
|
-
keyLength: (0, calculate_1.calculateKeyWrapSize)(kryptos.algorithm),
|
|
47
|
-
});
|
|
39
|
+
const keyWrapSize = (0, calculate_1.calculateKeyWrapSize)(kryptos.algorithm);
|
|
40
|
+
const keyEncryptionKey = der.privateKey.subarray(0, keyWrapSize);
|
|
48
41
|
return (0, key_wrap_1.keyUnwrap)({
|
|
49
|
-
keyEncryptionKey
|
|
42
|
+
keyEncryptionKey,
|
|
50
43
|
kryptos,
|
|
51
44
|
publicEncryptionIv,
|
|
52
45
|
publicEncryptionKey,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"get-oct-key-key-wrap.js","sourceRoot":"","sources":["../../../../src/utils/private/oct/get-oct-key-key-wrap.ts"],"names":[],"mappings":";;;AAAA,8CAA8C;AAC9C,mCAAqC;AACrC,4CAA2C;AAO3C,4CAAuF;AACvF,
|
|
1
|
+
{"version":3,"file":"get-oct-key-key-wrap.js","sourceRoot":"","sources":["../../../../src/utils/private/oct/get-oct-key-key-wrap.ts"],"names":[],"mappings":";;;AAAA,8CAA8C;AAC9C,mCAAqC;AACrC,4CAA2C;AAO3C,4CAAuF;AACvF,0CAAiD;AAE1C,MAAM,0BAA0B,GAAG,CAAC,EACzC,UAAU,EACV,OAAO,GACU,EAAmB,EAAE;IACtC,IAAI,CAAC,oBAAU,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,iBAAQ,CAAC,iBAAiB,EAAE,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC;IAClF,CAAC;IAED,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAElC,MAAM,OAAO,GAAG,IAAA,6CAAiC,EAAC,UAAU,CAAC,CAAC;IAC9D,MAAM,oBAAoB,GAAG,IAAA,oBAAW,EAAC,OAAO,CAAC,CAAC;IAElD,MAAM,WAAW,GAAG,IAAA,gCAAoB,EAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAC5D,MAAM,gBAAgB,GAAG,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC;IAEjE,MAAM,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,GAAG,IAAA,kBAAO,EAAC;QAC/E,oBAAoB;QACpB,OAAO;QACP,gBAAgB;KACjB,CAAC,CAAC;IAEH,OAAO;QACL,oBAAoB;QACpB,mBAAmB;QACnB,kBAAkB;QAClB,mBAAmB;KACpB,CAAC;AACJ,CAAC,CAAC;AA5BW,QAAA,0BAA0B,8BA4BrC;AAEK,MAAM,0BAA0B,GAAG,CAAC,EACzC,OAAO,EACP,kBAAkB,EAClB,mBAAmB,EACnB,mBAAmB,GACD,EAAoB,EAAE;IACxC,IAAI,CAAC,oBAAU,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,iBAAQ,CAAC,iBAAiB,EAAE,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC;IAClF,CAAC;IACD,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACzB,MAAM,IAAI,iBAAQ,CAAC,6BAA6B,CAAC,CAAC;IACpD,CAAC;IAED,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAElC,MAAM,WAAW,GAAG,IAAA,gCAAoB,EAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAC5D,MAAM,gBAAgB,GAAG,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC;IAEjE,OAAO,IAAA,oBAAS,EAAC;QACf,gBAAgB;QAChB,OAAO;QACP,kBAAkB;QAClB,mBAAmB;QACnB,mBAAmB;KACpB,CAAC,CAAC;AACL,CAAC,CAAC;AAzBW,QAAA,0BAA0B,8BAyBrC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"get-oct-pbkdf-key-wrap-keys.d.ts","sourceRoot":"","sources":["../../../../src/utils/private/oct/get-oct-pbkdf-key-wrap-keys.ts"],"names":[],"mappings":"AAGA,OAAO,EACL,gBAAgB,EAChB,eAAe,EACf,iBAAiB,EACjB,gBAAgB,EACjB,MAAM,wBAAwB,CAAC;AAShC,eAAO,MAAM,+BAA+B,GAAI,0BAG7C,gBAAgB,KAAG,
|
|
1
|
+
{"version":3,"file":"get-oct-pbkdf-key-wrap-keys.d.ts","sourceRoot":"","sources":["../../../../src/utils/private/oct/get-oct-pbkdf-key-wrap-keys.ts"],"names":[],"mappings":"AAGA,OAAO,EACL,gBAAgB,EAChB,eAAe,EACf,iBAAiB,EACjB,gBAAgB,EACjB,MAAM,wBAAwB,CAAC;AAShC,eAAO,MAAM,+BAA+B,GAAI,0BAG7C,gBAAgB,KAAG,eA6BrB,CAAC;AAEF,eAAO,MAAM,+BAA+B,GAAI,+DAK7C,iBAAiB,KAAG,gBAwBtB,CAAC"}
|
|
@@ -18,6 +18,7 @@ const getOctPbkdfKeyWrapEncryptionKey = ({ encryption, kryptos, }) => {
|
|
|
18
18
|
derivationKey: der.privateKey,
|
|
19
19
|
keyLength: (0, calculate_1.calculateKeyWrapSize)(kryptos.algorithm),
|
|
20
20
|
algorithm: (0, calculate_1.calculatePbkdfAlgorithm)(kryptos),
|
|
21
|
+
kryptosAlgorithm: kryptos.algorithm,
|
|
21
22
|
});
|
|
22
23
|
const { publicEncryptionKey } = (0, key_wrap_1.ecbKeyWrap)({
|
|
23
24
|
contentEncryptionKey,
|
|
@@ -44,6 +45,7 @@ const getOctPbkdfKeyWrapDecryptionKey = ({ kryptos, pbkdfIterations, pbkdfSalt,
|
|
|
44
45
|
derivationKey: der.privateKey,
|
|
45
46
|
keyLength: (0, calculate_1.calculateKeyWrapSize)(kryptos.algorithm),
|
|
46
47
|
algorithm: (0, calculate_1.calculatePbkdfAlgorithm)(kryptos),
|
|
48
|
+
kryptosAlgorithm: kryptos.algorithm,
|
|
47
49
|
pbkdfIterations,
|
|
48
50
|
pbkdfSalt,
|
|
49
51
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"get-oct-pbkdf-key-wrap-keys.js","sourceRoot":"","sources":["../../../../src/utils/private/oct/get-oct-pbkdf-key-wrap-keys.ts"],"names":[],"mappings":";;;AAAA,8CAA8C;AAC9C,mCAAqC;AACrC,4CAA2C;AAO3C,4CAIsB;AACtB,sDAA0C;AAC1C,0CAAuD;AAEhD,MAAM,+BAA+B,GAAG,CAAC,EAC9C,UAAU,EACV,OAAO,GACU,EAAmB,EAAE;IACtC,IAAI,CAAC,oBAAU,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,iBAAQ,CAAC,iBAAiB,EAAE,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC;IAClF,CAAC;IAED,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAElC,MAAM,OAAO,GAAG,IAAA,6CAAiC,EAAC,UAAU,CAAC,CAAC;IAC9D,MAAM,oBAAoB,GAAG,IAAA,oBAAW,EAAC,OAAO,CAAC,CAAC;IAElD,MAAM,EAAE,UAAU,EAAE,eAAe,EAAE,SAAS,EAAE,GAAG,IAAA,sBAAK,EAAC;QACvD,aAAa,EAAE,GAAG,CAAC,UAAU;QAC7B,SAAS,EAAE,IAAA,gCAAoB,EAAC,OAAO,CAAC,SAAS,CAAC;QAClD,SAAS,EAAE,IAAA,mCAAuB,EAAC,OAAO,CAAC;
|
|
1
|
+
{"version":3,"file":"get-oct-pbkdf-key-wrap-keys.js","sourceRoot":"","sources":["../../../../src/utils/private/oct/get-oct-pbkdf-key-wrap-keys.ts"],"names":[],"mappings":";;;AAAA,8CAA8C;AAC9C,mCAAqC;AACrC,4CAA2C;AAO3C,4CAIsB;AACtB,sDAA0C;AAC1C,0CAAuD;AAEhD,MAAM,+BAA+B,GAAG,CAAC,EAC9C,UAAU,EACV,OAAO,GACU,EAAmB,EAAE;IACtC,IAAI,CAAC,oBAAU,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,iBAAQ,CAAC,iBAAiB,EAAE,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC;IAClF,CAAC;IAED,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAElC,MAAM,OAAO,GAAG,IAAA,6CAAiC,EAAC,UAAU,CAAC,CAAC;IAC9D,MAAM,oBAAoB,GAAG,IAAA,oBAAW,EAAC,OAAO,CAAC,CAAC;IAElD,MAAM,EAAE,UAAU,EAAE,eAAe,EAAE,SAAS,EAAE,GAAG,IAAA,sBAAK,EAAC;QACvD,aAAa,EAAE,GAAG,CAAC,UAAU;QAC7B,SAAS,EAAE,IAAA,gCAAoB,EAAC,OAAO,CAAC,SAAS,CAAC;QAClD,SAAS,EAAE,IAAA,mCAAuB,EAAC,OAAO,CAAC;QAC3C,gBAAgB,EAAE,OAAO,CAAC,SAAS;KACpC,CAAC,CAAC;IAEH,MAAM,EAAE,mBAAmB,EAAE,GAAG,IAAA,qBAAU,EAAC;QACzC,oBAAoB;QACpB,OAAO;QACP,gBAAgB,EAAE,UAAU;KAC7B,CAAC,CAAC;IAEH,OAAO;QACL,oBAAoB;QACpB,eAAe;QACf,SAAS;QACT,mBAAmB;KACpB,CAAC;AACJ,CAAC,CAAC;AAhCW,QAAA,+BAA+B,mCAgC1C;AAEK,MAAM,+BAA+B,GAAG,CAAC,EAC9C,OAAO,EACP,eAAe,EACf,SAAS,EACT,mBAAmB,GACD,EAAoB,EAAE;IACxC,IAAI,CAAC,oBAAU,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,iBAAQ,CAAC,iBAAiB,EAAE,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC;IAClF,CAAC;IACD,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACzB,MAAM,IAAI,iBAAQ,CAAC,6BAA6B,CAAC,CAAC;IACpD,CAAC;IAED,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAElC,MAAM,EAAE,UAAU,EAAE,GAAG,IAAA,sBAAK,EAAC;QAC3B,aAAa,EAAE,GAAG,CAAC,UAAU;QAC7B,SAAS,EAAE,IAAA,gCAAoB,EAAC,OAAO,CAAC,SAAS,CAAC;QAClD,SAAS,EAAE,IAAA,mCAAuB,EAAC,OAAO,CAAC;QAC3C,gBAAgB,EAAE,OAAO,CAAC,SAAS;QACnC,eAAe;QACf,SAAS;KACV,CAAC,CAAC;IAEH,OAAO,IAAA,uBAAY,EAAC;QAClB,gBAAgB,EAAE,UAAU;QAC5B,OAAO;QACP,mBAAmB;KACpB,CAAC,CAAC;AACL,CAAC,CAAC;AA7BW,QAAA,+BAA+B,mCA6B1C"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"prepare-encryption.d.ts","sourceRoot":"","sources":["../../../src/utils/private/prepare-encryption.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,wBAAwB,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAInF,eAAO,MAAM,oBAAoB,GAC/B,SAAS,wBAAwB,KAChC,kBA8BF,CAAC"}
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.prepareAesEncryption = void 0;
|
|
4
|
+
const encrypt_content_1 = require("./encrypt-content");
|
|
5
|
+
const get_key_1 = require("./get-key");
|
|
6
|
+
const prepareAesEncryption = (options) => {
|
|
7
|
+
const { encryption = "A256GCM", kryptos } = options;
|
|
8
|
+
const { contentEncryptionKey, pbkdfIterations, pbkdfSalt, publicEncryptionIv, publicEncryptionJwk, publicEncryptionKey, publicEncryptionTag, } = (0, get_key_1.getEncryptionKey)({ encryption, kryptos });
|
|
9
|
+
return {
|
|
10
|
+
headerParams: {
|
|
11
|
+
publicEncryptionJwk,
|
|
12
|
+
pbkdfIterations,
|
|
13
|
+
pbkdfSalt,
|
|
14
|
+
publicEncryptionIv,
|
|
15
|
+
publicEncryptionTag,
|
|
16
|
+
},
|
|
17
|
+
publicEncryptionKey,
|
|
18
|
+
encrypt: (data, opts) => (0, encrypt_content_1.encryptAesContent)({
|
|
19
|
+
aad: opts?.aad,
|
|
20
|
+
contentEncryptionKey,
|
|
21
|
+
data,
|
|
22
|
+
encryption,
|
|
23
|
+
}),
|
|
24
|
+
};
|
|
25
|
+
};
|
|
26
|
+
exports.prepareAesEncryption = prepareAesEncryption;
|
|
27
|
+
//# sourceMappingURL=prepare-encryption.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"prepare-encryption.js","sourceRoot":"","sources":["../../../src/utils/private/prepare-encryption.ts"],"names":[],"mappings":";;;AACA,uDAAsD;AACtD,uCAA6C;AAEtC,MAAM,oBAAoB,GAAG,CAClC,OAAiC,EACb,EAAE;IACtB,MAAM,EAAE,UAAU,GAAG,SAAS,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;IAEpD,MAAM,EACJ,oBAAoB,EACpB,eAAe,EACf,SAAS,EACT,kBAAkB,EAClB,mBAAmB,EACnB,mBAAmB,EACnB,mBAAmB,GACpB,GAAG,IAAA,0BAAgB,EAAC,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC,CAAC;IAE9C,OAAO;QACL,YAAY,EAAE;YACZ,mBAAmB;YACnB,eAAe;YACf,SAAS;YACT,kBAAkB;YAClB,mBAAmB;SACpB;QACD,mBAAmB;QACnB,OAAO,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,EAAE,CACtB,IAAA,mCAAiB,EAAC;YAChB,GAAG,EAAE,IAAI,EAAE,GAAG;YACd,oBAAoB;YACpB,IAAI;YACJ,UAAU;SACX,CAAC;KACL,CAAC;AACJ,CAAC,CAAC;AAhCW,QAAA,oBAAoB,wBAgC/B"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"serialised-aes.d.ts","sourceRoot":"","sources":["../../../src/utils/private/serialised-aes.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"serialised-aes.d.ts","sourceRoot":"","sources":["../../../src/utils/private/serialised-aes.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,mBAAmB,EACnB,mBAAmB,EACnB,uBAAuB,EACvB,uBAAuB,EACxB,MAAM,aAAa,CAAC;AAwBrB,eAAO,MAAM,yBAAyB,GACpC,MAAM,mBAAmB,KACxB,uBAuBF,CAAC;AAEF,eAAO,MAAM,wBAAwB,GACnC,SAAS,uBAAuB,KAC/B,mBAaF,CAAC"}
|