@lindorm/ec 0.2.5 → 0.2.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +6 -0
- package/README.md +37 -355
- package/dist/classes/EcKit.d.ts.map +1 -1
- package/dist/classes/EcKit.js +3 -0
- package/dist/classes/EcKit.js.map +1 -1
- package/dist/utils/private/get-key.js +1 -1
- package/dist/utils/private/get-key.js.map +1 -1
- package/dist/utils/private/map-algorithm.d.ts.map +1 -1
- package/dist/utils/private/map-algorithm.js +10 -9
- package/dist/utils/private/map-algorithm.js.map +1 -1
- package/dist/utils/private/raw.d.ts.map +1 -1
- package/dist/utils/private/raw.js +4 -3
- package/dist/utils/private/raw.js.map +1 -1
- package/package.json +11 -14
package/CHANGELOG.md
CHANGED
|
@@ -3,6 +3,12 @@
|
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
|
4
4
|
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
|
|
5
5
|
|
|
6
|
+
## [0.2.6](https://github.com/lindorm-io/monorepo/compare/@lindorm/ec@0.2.5...@lindorm/ec@0.2.6) (2026-02-17)
|
|
7
|
+
|
|
8
|
+
### Bug Fixes
|
|
9
|
+
|
|
10
|
+
- **ec,oct,okp,rsa:** harden signing kits with validation and security fixes ([910f016](https://github.com/lindorm-io/monorepo/commit/910f01669aefcb4e6eb69c0297291fe2404232f8))
|
|
11
|
+
|
|
6
12
|
## [0.2.5](https://github.com/lindorm-io/monorepo/compare/@lindorm/ec@0.2.4...@lindorm/ec@0.2.5) (2025-09-18)
|
|
7
13
|
|
|
8
14
|
**Note:** Version bump only for package @lindorm/ec
|
package/README.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# @lindorm/ec
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
ECDSA digital signature kit built on Node's `crypto` module and [`@lindorm/kryptos`](../kryptos). Provides an `EcKit` class that implements the `IKeyKit` contract used across the Lindorm cryptography packages.
|
|
4
4
|
|
|
5
5
|
## Installation
|
|
6
6
|
|
|
@@ -8,395 +8,77 @@ Elliptic Curve cryptography utilities for digital signatures using ECDSA algorit
|
|
|
8
8
|
npm install @lindorm/ec
|
|
9
9
|
```
|
|
10
10
|
|
|
11
|
-
## Features
|
|
12
|
-
|
|
13
|
-
- **ECDSA Digital Signatures**: Sign and verify data using elliptic curve algorithms
|
|
14
|
-
- **Multiple Algorithms**: Support for ES256, ES384, and ES512
|
|
15
|
-
- **Flexible Encoding**: Multiple encoding options (base64, base64url, hex)
|
|
16
|
-
- **DSA Format Options**: Support for DER and IEEE-P1363 encoding
|
|
17
|
-
- **Raw Signature Format**: Convert between DER and raw signature formats
|
|
18
|
-
- **Type-Safe**: Full TypeScript support with strict typing
|
|
19
|
-
- **Error Handling**: Comprehensive error messages for debugging
|
|
20
|
-
|
|
21
11
|
## Quick Start
|
|
22
12
|
|
|
23
13
|
```typescript
|
|
24
14
|
import { EcKit } from "@lindorm/ec";
|
|
25
|
-
import {
|
|
15
|
+
import { KryptosKit } from "@lindorm/kryptos";
|
|
26
16
|
|
|
27
|
-
|
|
28
|
-
const
|
|
29
|
-
algorithm: "ES256",
|
|
30
|
-
// ... your key data
|
|
31
|
-
});
|
|
17
|
+
const kryptos = KryptosKit.generate.sig.ec({ algorithm: "ES512" });
|
|
18
|
+
const kit = new EcKit({ kryptos });
|
|
32
19
|
|
|
33
|
-
//
|
|
34
|
-
const
|
|
20
|
+
// Sign
|
|
21
|
+
const signature = kit.sign("hello world");
|
|
35
22
|
|
|
36
|
-
//
|
|
37
|
-
|
|
38
|
-
const signature = ecKit.sign(data);
|
|
23
|
+
// Verify
|
|
24
|
+
kit.verify("hello world", signature); // true
|
|
39
25
|
|
|
40
|
-
//
|
|
41
|
-
|
|
26
|
+
// Assert (throws EcError if invalid)
|
|
27
|
+
kit.assert("hello world", signature);
|
|
42
28
|
|
|
43
|
-
//
|
|
44
|
-
|
|
29
|
+
// Format Buffer to string
|
|
30
|
+
kit.format(signature); // base64 string
|
|
45
31
|
```
|
|
46
32
|
|
|
47
|
-
##
|
|
48
|
-
|
|
49
|
-
### EcKit Class
|
|
50
|
-
|
|
51
|
-
The main class for elliptic curve operations.
|
|
52
|
-
|
|
53
|
-
#### Constructor Options
|
|
33
|
+
## Constructor Options
|
|
54
34
|
|
|
55
35
|
```typescript
|
|
56
|
-
|
|
57
|
-
kryptos
|
|
58
|
-
dsa
|
|
59
|
-
encoding
|
|
60
|
-
raw
|
|
61
|
-
}
|
|
62
|
-
```
|
|
63
|
-
|
|
64
|
-
#### Methods
|
|
65
|
-
|
|
66
|
-
##### `sign(data: KeyData): Buffer`
|
|
67
|
-
Signs the provided data and returns the signature as a Buffer.
|
|
68
|
-
|
|
69
|
-
```typescript
|
|
70
|
-
const signature = ecKit.sign("data to sign");
|
|
71
|
-
const signature2 = ecKit.sign(Buffer.from("data"));
|
|
72
|
-
```
|
|
73
|
-
|
|
74
|
-
##### `verify(data: KeyData, signature: KeyData): boolean`
|
|
75
|
-
Verifies a signature against the provided data.
|
|
76
|
-
|
|
77
|
-
```typescript
|
|
78
|
-
const isValid = ecKit.verify("data", signature);
|
|
79
|
-
console.log(isValid); // true or false
|
|
80
|
-
```
|
|
81
|
-
|
|
82
|
-
##### `assert(data: KeyData, signature: KeyData): void`
|
|
83
|
-
Verifies a signature and throws an error if invalid.
|
|
84
|
-
|
|
85
|
-
```typescript
|
|
86
|
-
try {
|
|
87
|
-
ecKit.assert("data", signature);
|
|
88
|
-
// Signature is valid
|
|
89
|
-
} catch (error) {
|
|
90
|
-
// Signature is invalid
|
|
91
|
-
}
|
|
92
|
-
```
|
|
93
|
-
|
|
94
|
-
##### `format(data: Buffer): string`
|
|
95
|
-
Formats a Buffer to string using the configured encoding.
|
|
96
|
-
|
|
97
|
-
```typescript
|
|
98
|
-
const formatted = ecKit.format(signature);
|
|
99
|
-
// Returns base64/base64url/hex string based on configuration
|
|
100
|
-
```
|
|
101
|
-
|
|
102
|
-
## Supported Algorithms
|
|
103
|
-
|
|
104
|
-
| Algorithm | Curve | Hash Function | Key Size |
|
|
105
|
-
|-----------|-------|---------------|----------|
|
|
106
|
-
| ES256 | P-256 | SHA-256 | 256 bits |
|
|
107
|
-
| ES384 | P-384 | SHA-384 | 384 bits |
|
|
108
|
-
| ES512 | P-521 | SHA-512 | 521 bits |
|
|
109
|
-
|
|
110
|
-
## Encoding Options
|
|
111
|
-
|
|
112
|
-
### DSA Encoding Formats
|
|
113
|
-
|
|
114
|
-
- **DER** (Distinguished Encoding Rules): Standard format used in X.509 certificates
|
|
115
|
-
- **IEEE-P1363**: Alternative format used in some cryptographic protocols
|
|
116
|
-
|
|
117
|
-
```typescript
|
|
118
|
-
// Using DER format (default)
|
|
119
|
-
const ecKit = new EcKit({
|
|
120
|
-
kryptos,
|
|
121
|
-
dsa: "der"
|
|
122
|
-
});
|
|
123
|
-
|
|
124
|
-
// Using IEEE-P1363 format
|
|
125
|
-
const ecKit2 = new EcKit({
|
|
126
|
-
kryptos,
|
|
127
|
-
dsa: "ieee-p1363"
|
|
128
|
-
});
|
|
129
|
-
```
|
|
130
|
-
|
|
131
|
-
### Output Encoding
|
|
132
|
-
|
|
133
|
-
```typescript
|
|
134
|
-
// Base64 encoding (default)
|
|
135
|
-
const ecKit = new EcKit({
|
|
136
|
-
kryptos,
|
|
137
|
-
encoding: "base64"
|
|
138
|
-
});
|
|
139
|
-
|
|
140
|
-
// Base64URL encoding (URL-safe)
|
|
141
|
-
const ecKit2 = new EcKit({
|
|
142
|
-
kryptos,
|
|
143
|
-
encoding: "base64url"
|
|
144
|
-
});
|
|
145
|
-
|
|
146
|
-
// Hexadecimal encoding
|
|
147
|
-
const ecKit3 = new EcKit({
|
|
148
|
-
kryptos,
|
|
149
|
-
encoding: "hex"
|
|
150
|
-
});
|
|
151
|
-
```
|
|
152
|
-
|
|
153
|
-
### Raw Signature Format
|
|
154
|
-
|
|
155
|
-
The raw format concatenates the r and s values directly, which is useful for JWT/JWS compatibility.
|
|
156
|
-
|
|
157
|
-
```typescript
|
|
158
|
-
// Standard DER format
|
|
159
|
-
const ecKit = new EcKit({
|
|
160
|
-
kryptos,
|
|
161
|
-
raw: false // default
|
|
162
|
-
});
|
|
163
|
-
|
|
164
|
-
// Raw format (r || s concatenation)
|
|
165
|
-
const ecKitRaw = new EcKit({
|
|
166
|
-
kryptos,
|
|
167
|
-
raw: true
|
|
36
|
+
new EcKit({
|
|
37
|
+
kryptos, // IKryptos — must be an EC key with a signing algorithm
|
|
38
|
+
dsa: "der", // DsaEncoding — "der" | "ieee-p1363" (default: "der")
|
|
39
|
+
encoding: "base64", // BufferEncoding — output encoding (default: "base64")
|
|
40
|
+
raw: false, // boolean — use raw r||s concatenation (default: false)
|
|
168
41
|
});
|
|
169
42
|
```
|
|
170
43
|
|
|
171
|
-
|
|
44
|
+
The constructor validates that the key is an EC type with a supported signing algorithm (ES256, ES384, ES512). Encryption keys (ECDH-ES etc.) are rejected with an `EcError`.
|
|
172
45
|
|
|
173
|
-
|
|
46
|
+
## API
|
|
174
47
|
|
|
175
48
|
```typescript
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
//
|
|
180
|
-
|
|
181
|
-
const signature2 = ecKit.sign(buffer);
|
|
182
|
-
|
|
183
|
-
// Base64 encoded data
|
|
184
|
-
const base64Data = Buffer.from("Hello World").toString("base64");
|
|
185
|
-
const signature3 = ecKit.sign(base64Data);
|
|
186
|
-
```
|
|
187
|
-
|
|
188
|
-
### JWT/JWS Integration
|
|
189
|
-
|
|
190
|
-
```typescript
|
|
191
|
-
// For JWT/JWS, use raw format with base64url encoding
|
|
192
|
-
const jwtEcKit = new EcKit({
|
|
193
|
-
kryptos,
|
|
194
|
-
encoding: "base64url",
|
|
195
|
-
raw: true
|
|
196
|
-
});
|
|
197
|
-
|
|
198
|
-
// Sign JWT payload
|
|
199
|
-
const payload = Buffer.from(JSON.stringify({ sub: "1234567890" }));
|
|
200
|
-
const signature = jwtEcKit.sign(payload);
|
|
201
|
-
const signatureString = jwtEcKit.format(signature);
|
|
202
|
-
```
|
|
203
|
-
|
|
204
|
-
### Signature Format Conversion
|
|
205
|
-
|
|
206
|
-
```typescript
|
|
207
|
-
// Convert between DER and raw formats
|
|
208
|
-
const derEcKit = new EcKit({ kryptos, raw: false });
|
|
209
|
-
const rawEcKit = new EcKit({ kryptos, raw: true });
|
|
210
|
-
|
|
211
|
-
// Sign with DER format
|
|
212
|
-
const derSignature = derEcKit.sign("data");
|
|
213
|
-
|
|
214
|
-
// Verify with raw format (automatic conversion)
|
|
215
|
-
const isValid = rawEcKit.verify("data", derSignature);
|
|
216
|
-
```
|
|
217
|
-
|
|
218
|
-
### Error Handling
|
|
219
|
-
|
|
220
|
-
```typescript
|
|
221
|
-
import { EcError } from "@lindorm/ec";
|
|
222
|
-
|
|
223
|
-
try {
|
|
224
|
-
// Missing private key for signing
|
|
225
|
-
const verifyOnlyKryptos = KryptosEc.fromB64({
|
|
226
|
-
publicKey: "...",
|
|
227
|
-
algorithm: "ES256"
|
|
228
|
-
});
|
|
229
|
-
const ecKit = new EcKit({ kryptos: verifyOnlyKryptos });
|
|
230
|
-
ecKit.sign("data"); // Throws EcError
|
|
231
|
-
} catch (error) {
|
|
232
|
-
if (error instanceof EcError) {
|
|
233
|
-
console.error("EC operation failed:", error.message);
|
|
234
|
-
}
|
|
235
|
-
}
|
|
236
|
-
```
|
|
237
|
-
|
|
238
|
-
## Examples
|
|
239
|
-
|
|
240
|
-
### Creating a Signing Service
|
|
241
|
-
|
|
242
|
-
```typescript
|
|
243
|
-
import { EcKit } from "@lindorm/ec";
|
|
244
|
-
import { KryptosEc } from "@lindorm/kryptos";
|
|
245
|
-
|
|
246
|
-
class SigningService {
|
|
247
|
-
private ecKit: EcKit;
|
|
248
|
-
|
|
249
|
-
constructor(privateKey: string, algorithm: "ES256" | "ES384" | "ES512") {
|
|
250
|
-
const kryptos = KryptosEc.fromB64({
|
|
251
|
-
privateKey,
|
|
252
|
-
algorithm
|
|
253
|
-
});
|
|
254
|
-
|
|
255
|
-
this.ecKit = new EcKit({
|
|
256
|
-
kryptos,
|
|
257
|
-
encoding: "base64url",
|
|
258
|
-
raw: true // For JWT compatibility
|
|
259
|
-
});
|
|
260
|
-
}
|
|
261
|
-
|
|
262
|
-
signPayload(payload: object): string {
|
|
263
|
-
const data = Buffer.from(JSON.stringify(payload));
|
|
264
|
-
const signature = this.ecKit.sign(data);
|
|
265
|
-
return this.ecKit.format(signature);
|
|
266
|
-
}
|
|
267
|
-
|
|
268
|
-
verifyPayload(payload: object, signature: string): boolean {
|
|
269
|
-
const data = Buffer.from(JSON.stringify(payload));
|
|
270
|
-
return this.ecKit.verify(data, signature);
|
|
271
|
-
}
|
|
272
|
-
}
|
|
273
|
-
```
|
|
274
|
-
|
|
275
|
-
### Verification Service with Public Key
|
|
276
|
-
|
|
277
|
-
```typescript
|
|
278
|
-
class VerificationService {
|
|
279
|
-
private ecKit: EcKit;
|
|
280
|
-
|
|
281
|
-
constructor(publicKey: string, algorithm: "ES256" | "ES384" | "ES512") {
|
|
282
|
-
const kryptos = KryptosEc.fromB64({
|
|
283
|
-
publicKey,
|
|
284
|
-
algorithm
|
|
285
|
-
});
|
|
286
|
-
|
|
287
|
-
this.ecKit = new EcKit({
|
|
288
|
-
kryptos,
|
|
289
|
-
encoding: "base64url",
|
|
290
|
-
raw: true
|
|
291
|
-
});
|
|
292
|
-
}
|
|
293
|
-
|
|
294
|
-
verifySignature(data: string, signature: string): boolean {
|
|
295
|
-
try {
|
|
296
|
-
this.ecKit.assert(data, signature);
|
|
297
|
-
return true;
|
|
298
|
-
} catch {
|
|
299
|
-
return false;
|
|
300
|
-
}
|
|
301
|
-
}
|
|
302
|
-
}
|
|
303
|
-
```
|
|
304
|
-
|
|
305
|
-
### Document Signing System
|
|
306
|
-
|
|
307
|
-
```typescript
|
|
308
|
-
interface SignedDocument {
|
|
309
|
-
content: string;
|
|
310
|
-
signature: string;
|
|
311
|
-
algorithm: string;
|
|
312
|
-
timestamp: number;
|
|
313
|
-
}
|
|
314
|
-
|
|
315
|
-
class DocumentSigner {
|
|
316
|
-
private ecKit: EcKit;
|
|
317
|
-
private algorithm: string;
|
|
318
|
-
|
|
319
|
-
constructor(kryptos: IKryptosEc) {
|
|
320
|
-
this.ecKit = new EcKit({
|
|
321
|
-
kryptos,
|
|
322
|
-
encoding: "base64"
|
|
323
|
-
});
|
|
324
|
-
this.algorithm = kryptos.algorithm;
|
|
325
|
-
}
|
|
326
|
-
|
|
327
|
-
signDocument(content: string): SignedDocument {
|
|
328
|
-
const timestamp = Date.now();
|
|
329
|
-
const dataToSign = `${content}|${timestamp}`;
|
|
330
|
-
const signature = this.ecKit.sign(dataToSign);
|
|
331
|
-
|
|
332
|
-
return {
|
|
333
|
-
content,
|
|
334
|
-
signature: this.ecKit.format(signature),
|
|
335
|
-
algorithm: this.algorithm,
|
|
336
|
-
timestamp
|
|
337
|
-
};
|
|
338
|
-
}
|
|
339
|
-
|
|
340
|
-
verifyDocument(doc: SignedDocument): boolean {
|
|
341
|
-
const dataToVerify = `${doc.content}|${doc.timestamp}`;
|
|
342
|
-
return this.ecKit.verify(dataToVerify, doc.signature);
|
|
343
|
-
}
|
|
49
|
+
class EcKit implements IKeyKit {
|
|
50
|
+
sign(data: KeyData): Buffer;
|
|
51
|
+
verify(data: KeyData, signature: KeyData): boolean;
|
|
52
|
+
assert(data: KeyData, signature: KeyData): void; // throws EcError
|
|
53
|
+
format(data: Buffer): string;
|
|
344
54
|
}
|
|
345
55
|
```
|
|
346
56
|
|
|
347
|
-
|
|
57
|
+
`KeyData` is `Buffer | string`.
|
|
348
58
|
|
|
349
|
-
|
|
59
|
+
## Supported Algorithms
|
|
350
60
|
|
|
351
|
-
|
|
61
|
+
| Algorithm | Curve | Hash |
|
|
62
|
+
| --------- | ----- | ------- |
|
|
63
|
+
| ES256 | P-256 | SHA-256 |
|
|
64
|
+
| ES384 | P-384 | SHA-384 |
|
|
65
|
+
| ES512 | P-521 | SHA-512 |
|
|
352
66
|
|
|
353
|
-
|
|
354
|
-
type KeyData = Buffer | string;
|
|
355
|
-
```
|
|
356
|
-
|
|
357
|
-
### IKryptosEc Interface
|
|
67
|
+
## DSA Encoding
|
|
358
68
|
|
|
359
|
-
|
|
69
|
+
- **DER** (default) -- standard ASN.1 format
|
|
70
|
+
- **IEEE-P1363** -- fixed-length format used in some protocols
|
|
360
71
|
|
|
361
|
-
|
|
362
|
-
interface IKryptosEc {
|
|
363
|
-
algorithm: "ES256" | "ES384" | "ES512";
|
|
364
|
-
privateKey?: string;
|
|
365
|
-
publicKey?: string;
|
|
366
|
-
// ... other properties
|
|
367
|
-
}
|
|
368
|
-
```
|
|
72
|
+
The `raw` option controls whether signatures use raw r||s concatenation, which is useful for JWT/JWS compatibility.
|
|
369
73
|
|
|
370
74
|
## Error Handling
|
|
371
75
|
|
|
372
|
-
|
|
373
|
-
|
|
374
|
-
- Missing private key when attempting to sign
|
|
375
|
-
- Missing public key when attempting to verify
|
|
376
|
-
- Invalid signature during assertion
|
|
377
|
-
- Unsupported EC algorithm
|
|
378
|
-
- Invalid key format
|
|
76
|
+
All errors are `EcError` instances:
|
|
379
77
|
|
|
380
78
|
```typescript
|
|
381
79
|
import { EcError } from "@lindorm/ec";
|
|
382
|
-
|
|
383
|
-
try {
|
|
384
|
-
ecKit.assert(data, invalidSignature);
|
|
385
|
-
} catch (error) {
|
|
386
|
-
if (error instanceof EcError) {
|
|
387
|
-
console.error("Signature verification failed:", error.message);
|
|
388
|
-
}
|
|
389
|
-
}
|
|
390
80
|
```
|
|
391
81
|
|
|
392
|
-
## Security Considerations
|
|
393
|
-
|
|
394
|
-
- Always use secure random number generation for key creation
|
|
395
|
-
- Protect private keys appropriately
|
|
396
|
-
- Use appropriate key sizes (ES256 minimum for most applications)
|
|
397
|
-
- Verify signatures before trusting data
|
|
398
|
-
- Consider using ES384 or ES512 for higher security requirements
|
|
399
|
-
|
|
400
82
|
## License
|
|
401
83
|
|
|
402
84
|
AGPL-3.0-or-later
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"EcKit.d.ts","sourceRoot":"","sources":["../../src/classes/EcKit.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"EcKit.d.ts","sourceRoot":"","sources":["../../src/classes/EcKit.ts"],"names":[],"mappings":"AAMA,OAAO,EAAe,OAAO,EAAE,OAAO,EAAE,MAAM,gBAAgB,CAAC;AAE/D,OAAO,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAOxC,qBAAa,KAAM,YAAW,OAAO;IACnC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAc;IAClC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAiB;IAC1C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAa;IACrC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAU;gBAEX,OAAO,EAAE,YAAY;IAgBjC,IAAI,CAAC,IAAI,EAAE,OAAO,GAAG,MAAM;IAS3B,MAAM,CAAC,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,GAAG,OAAO;IAWlD,MAAM,CAAC,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,GAAG,IAAI;IAW/C,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM;CAGpC"}
|
package/dist/classes/EcKit.js
CHANGED
|
@@ -16,6 +16,9 @@ class EcKit {
|
|
|
16
16
|
if (!kryptos_1.KryptosKit.isEc(options.kryptos)) {
|
|
17
17
|
throw new errors_1.EcError("Invalid Kryptos instance");
|
|
18
18
|
}
|
|
19
|
+
if (!kryptos_1.EC_SIG_ALGORITHMS.includes(options.kryptos.algorithm)) {
|
|
20
|
+
throw new errors_1.EcError("EcKit only supports signing algorithms (ES256, ES384, ES512)");
|
|
21
|
+
}
|
|
19
22
|
this.kryptos = options.kryptos;
|
|
20
23
|
}
|
|
21
24
|
sign(data) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"EcKit.js","sourceRoot":"","sources":["../../src/classes/EcKit.ts"],"names":[],"mappings":";;;AAAA,
|
|
1
|
+
{"version":3,"file":"EcKit.js","sourceRoot":"","sources":["../../src/classes/EcKit.ts"],"names":[],"mappings":";;;AAAA,8CAK0B;AAE1B,sCAAoC;AAEpC,8CAI0B;AAE1B,MAAa,KAAK;IACC,GAAG,CAAc;IACjB,QAAQ,CAAiB;IACzB,OAAO,CAAa;IACpB,GAAG,CAAU;IAE9B,YAAmB,OAAqB;QACtC,IAAI,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,IAAI,KAAK,CAAC;QAChC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,QAAQ,CAAC;QAC7C,IAAI,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,IAAI,KAAK,CAAC;QAEhC,IAAI,CAAC,oBAAU,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YACtC,MAAM,IAAI,gBAAO,CAAC,0BAA0B,CAAC,CAAC;QAChD,CAAC;QAED,IAAI,CAAC,2BAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,SAA2B,CAAC,EAAE,CAAC;YAC7E,MAAM,IAAI,gBAAO,CAAC,8DAA8D,CAAC,CAAC;QACpF,CAAC;QAED,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IACjC,CAAC;IAEM,IAAI,CAAC,IAAa;QACvB,OAAO,IAAA,2BAAiB,EAAC;YACvB,IAAI;YACJ,WAAW,EAAE,IAAI,CAAC,GAAG;YACrB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,GAAG,EAAE,IAAI,CAAC,GAAG;SACd,CAAC,CAAC;IACL,CAAC;IAEM,MAAM,CAAC,IAAa,EAAE,SAAkB;QAC7C,OAAO,IAAA,2BAAiB,EAAC;YACvB,IAAI;YACJ,WAAW,EAAE,IAAI,CAAC,GAAG;YACrB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,SAAS;SACV,CAAC,CAAC;IACL,CAAC;IAEM,MAAM,CAAC,IAAa,EAAE,SAAkB;QAC7C,OAAO,IAAA,2BAAiB,EAAC;YACvB,IAAI;YACJ,WAAW,EAAE,IAAI,CAAC,GAAG;YACrB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,SAAS;SACV,CAAC,CAAC;IACL,CAAC;IAEM,MAAM,CAAC,IAAY;QACxB,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACtC,CAAC;CACF;AAxDD,sBAwDC"}
|
|
@@ -13,7 +13,7 @@ exports.getSignKey = getSignKey;
|
|
|
13
13
|
const getVerifyKey = (kryptos) => {
|
|
14
14
|
const { publicKey } = kryptos.export("pem");
|
|
15
15
|
if (!publicKey) {
|
|
16
|
-
throw new errors_1.EcError("Missing
|
|
16
|
+
throw new errors_1.EcError("Missing public key");
|
|
17
17
|
}
|
|
18
18
|
return publicKey;
|
|
19
19
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"get-key.js","sourceRoot":"","sources":["../../../src/utils/private/get-key.ts"],"names":[],"mappings":";;;AACA,yCAAuC;AAEhC,MAAM,UAAU,GAAG,CAAC,OAAmB,EAAU,EAAE;IACxD,MAAM,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAE7C,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,IAAI,gBAAO,CAAC,qBAAqB,CAAC,CAAC;IAC3C,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC,CAAC;AARW,QAAA,UAAU,cAQrB;AAEK,MAAM,YAAY,GAAG,CAAC,OAAmB,EAAU,EAAE;IAC1D,MAAM,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAE5C,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,IAAI,gBAAO,CAAC,
|
|
1
|
+
{"version":3,"file":"get-key.js","sourceRoot":"","sources":["../../../src/utils/private/get-key.ts"],"names":[],"mappings":";;;AACA,yCAAuC;AAEhC,MAAM,UAAU,GAAG,CAAC,OAAmB,EAAU,EAAE;IACxD,MAAM,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAE7C,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,IAAI,gBAAO,CAAC,qBAAqB,CAAC,CAAC;IAC3C,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC,CAAC;AARW,QAAA,UAAU,cAQrB;AAEK,MAAM,YAAY,GAAG,CAAC,OAAmB,EAAU,EAAE;IAC1D,MAAM,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAE5C,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,IAAI,gBAAO,CAAC,oBAAoB,CAAC,CAAC;IAC1C,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC,CAAC;AARW,QAAA,YAAY,gBAQvB"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"map-algorithm.d.ts","sourceRoot":"","sources":["../../../src/utils/private/map-algorithm.ts"],"names":[],"mappings":"AAAA,OAAO,
|
|
1
|
+
{"version":3,"file":"map-algorithm.d.ts","sourceRoot":"","sources":["../../../src/utils/private/map-algorithm.ts"],"names":[],"mappings":"AAAA,OAAO,EAAqC,UAAU,EAAE,MAAM,kBAAkB,CAAC;AACjF,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAS9C,eAAO,MAAM,cAAc,GAAI,SAAS,UAAU,KAAG,YAQpD,CAAC"}
|
|
@@ -3,17 +3,18 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
exports.mapEcAlgorithm = void 0;
|
|
4
4
|
const kryptos_1 = require("@lindorm/kryptos");
|
|
5
5
|
const errors_1 = require("../../errors");
|
|
6
|
+
const EC_SIG_ALGORITHM_MAP = {
|
|
7
|
+
ES256: "SHA256",
|
|
8
|
+
ES384: "SHA384",
|
|
9
|
+
ES512: "SHA512",
|
|
10
|
+
};
|
|
6
11
|
const mapEcAlgorithm = (kryptos) => {
|
|
7
|
-
if (!kryptos_1.
|
|
8
|
-
throw new errors_1.EcError("
|
|
12
|
+
if (!kryptos_1.EC_SIG_ALGORITHMS.includes(kryptos.algorithm)) {
|
|
13
|
+
throw new errors_1.EcError("Unsupported EC algorithm for signing", {
|
|
14
|
+
debug: { algorithm: kryptos.algorithm },
|
|
15
|
+
});
|
|
9
16
|
}
|
|
10
|
-
|
|
11
|
-
return "SHA256";
|
|
12
|
-
if (kryptos.algorithm.endsWith("384"))
|
|
13
|
-
return "SHA384";
|
|
14
|
-
if (kryptos.algorithm.endsWith("512"))
|
|
15
|
-
return "SHA512";
|
|
16
|
-
throw new errors_1.EcError("Unsupported EC algorithm", { debug: { kryptos } });
|
|
17
|
+
return EC_SIG_ALGORITHM_MAP[kryptos.algorithm];
|
|
17
18
|
};
|
|
18
19
|
exports.mapEcAlgorithm = mapEcAlgorithm;
|
|
19
20
|
//# sourceMappingURL=map-algorithm.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"map-algorithm.js","sourceRoot":"","sources":["../../../src/utils/private/map-algorithm.ts"],"names":[],"mappings":";;;AAAA,
|
|
1
|
+
{"version":3,"file":"map-algorithm.js","sourceRoot":"","sources":["../../../src/utils/private/map-algorithm.ts"],"names":[],"mappings":";;;AAAA,8CAAiF;AAEjF,yCAAuC;AAEvC,MAAM,oBAAoB,GAAyC;IACjE,KAAK,EAAE,QAAQ;IACf,KAAK,EAAE,QAAQ;IACf,KAAK,EAAE,QAAQ;CAChB,CAAC;AAEK,MAAM,cAAc,GAAG,CAAC,OAAmB,EAAgB,EAAE;IAClE,IAAI,CAAC,2BAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,SAA2B,CAAC,EAAE,CAAC;QACrE,MAAM,IAAI,gBAAO,CAAC,sCAAsC,EAAE;YACxD,KAAK,EAAE,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE;SACxC,CAAC,CAAC;IACL,CAAC;IAED,OAAO,oBAAoB,CAAC,OAAO,CAAC,SAA2B,CAAC,CAAC;AACnE,CAAC,CAAC;AARW,QAAA,cAAc,kBAQzB"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"raw.d.ts","sourceRoot":"","sources":["../../../src/utils/private/raw.ts"],"names":[],"mappings":"AAAA,OAAO,
|
|
1
|
+
{"version":3,"file":"raw.d.ts","sourceRoot":"","sources":["../../../src/utils/private/raw.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAS9C,eAAO,MAAM,QAAQ,GAAI,SAAS,UAAU,EAAE,cAAc,MAAM,KAAG,MA2CpE,CAAC;AAEF,eAAO,MAAM,QAAQ,GAAI,SAAS,UAAU,EAAE,cAAc,MAAM,KAAG,MA8BpE,CAAC"}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.rawToDer = exports.derToRaw = void 0;
|
|
4
|
+
const errors_1 = require("../../errors");
|
|
4
5
|
const KEY_SIZES = {
|
|
5
6
|
"P-256": 32,
|
|
6
7
|
"P-384": 48,
|
|
@@ -9,7 +10,7 @@ const KEY_SIZES = {
|
|
|
9
10
|
const derToRaw = (kryptos, derSignature) => {
|
|
10
11
|
const keySize = KEY_SIZES[kryptos.curve];
|
|
11
12
|
if (derSignature[0] !== 0x30) {
|
|
12
|
-
throw new
|
|
13
|
+
throw new errors_1.EcError("Invalid DER format");
|
|
13
14
|
}
|
|
14
15
|
let position = 2;
|
|
15
16
|
const lengthByte = derSignature[1];
|
|
@@ -19,7 +20,7 @@ const derToRaw = (kryptos, derSignature) => {
|
|
|
19
20
|
}
|
|
20
21
|
function getInteger() {
|
|
21
22
|
if (derSignature[position] !== 0x02) {
|
|
22
|
-
throw new
|
|
23
|
+
throw new errors_1.EcError("Expected integer");
|
|
23
24
|
}
|
|
24
25
|
const length = derSignature[position + 1];
|
|
25
26
|
position += 2;
|
|
@@ -45,7 +46,7 @@ exports.derToRaw = derToRaw;
|
|
|
45
46
|
const rawToDer = (kryptos, rawSignature) => {
|
|
46
47
|
const keySize = KEY_SIZES[kryptos.curve];
|
|
47
48
|
if (rawSignature.length !== 2 * keySize) {
|
|
48
|
-
throw new
|
|
49
|
+
throw new errors_1.EcError("Invalid raw signature length");
|
|
49
50
|
}
|
|
50
51
|
const r = rawSignature.subarray(0, keySize);
|
|
51
52
|
const s = rawSignature.subarray(keySize);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"raw.js","sourceRoot":"","sources":["../../../src/utils/private/raw.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"raw.js","sourceRoot":"","sources":["../../../src/utils/private/raw.ts"],"names":[],"mappings":";;;AACA,yCAAuC;AAEvC,MAAM,SAAS,GAAG;IAChB,OAAO,EAAE,EAAE;IACX,OAAO,EAAE,EAAE;IACX,OAAO,EAAE,EAAE;CACZ,CAAC;AAEK,MAAM,QAAQ,GAAG,CAAC,OAAmB,EAAE,YAAoB,EAAU,EAAE;IAC5E,MAAM,OAAO,GAAG,SAAS,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAEzC,IAAI,YAAY,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC7B,MAAM,IAAI,gBAAO,CAAC,oBAAoB,CAAC,CAAC;IAC1C,CAAC;IAED,IAAI,QAAQ,GAAG,CAAC,CAAC;IAGjB,MAAM,UAAU,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;IACnC,IAAI,UAAU,GAAG,IAAI,EAAE,CAAC;QACtB,MAAM,gBAAgB,GAAG,UAAU,GAAG,IAAI,CAAC;QAC3C,QAAQ,IAAI,gBAAgB,CAAC;IAC/B,CAAC;IAED,SAAS,UAAU;QACjB,IAAI,YAAY,CAAC,QAAQ,CAAC,KAAK,IAAI,EAAE,CAAC;YACpC,MAAM,IAAI,gBAAO,CAAC,kBAAkB,CAAC,CAAC;QACxC,CAAC;QACD,MAAM,MAAM,GAAG,YAAY,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC;QAC1C,QAAQ,IAAI,CAAC,CAAC;QACd,MAAM,KAAK,GAAG,YAAY,CAAC,QAAQ,CAAC,QAAQ,EAAE,QAAQ,GAAG,MAAM,CAAC,CAAC;QACjE,QAAQ,IAAI,MAAM,CAAC;QACnB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,CAAC,GAAG,UAAU,EAAE,CAAC;IACvB,MAAM,CAAC,GAAG,UAAU,EAAE,CAAC;IAEvB,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3E,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAE3E,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC;QAC5B,MAAM,CAAC,KAAK,CAAC,OAAO,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;QAC5C,UAAU;KACX,CAAC,CAAC;IACH,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC;QAC5B,MAAM,CAAC,KAAK,CAAC,OAAO,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;QAC5C,UAAU;KACX,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;AAC3C,CAAC,CAAC;AA3CW,QAAA,QAAQ,YA2CnB;AAEK,MAAM,QAAQ,GAAG,CAAC,OAAmB,EAAE,YAAoB,EAAU,EAAE;IAC5E,MAAM,OAAO,GAAG,SAAS,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAEzC,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,GAAG,OAAO,EAAE,CAAC;QACxC,MAAM,IAAI,gBAAO,CAAC,8BAA8B,CAAC,CAAC;IACpD,CAAC;IAED,MAAM,CAAC,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;IAC5C,MAAM,CAAC,GAAG,YAAY,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAEzC,SAAS,WAAW,CAAC,KAAa;QAChC,IAAI,GAAG,GAAG,CAAC,CAAC;QACZ,OAAO,GAAG,GAAG,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YAC9C,GAAG,EAAE,CAAC;QACR,CAAC;QACD,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QACrC,IAAI,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC;YACxB,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;QACnF,CAAC;aAAM,CAAC;YACN,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;QACzE,CAAC;IACH,CAAC;IAED,MAAM,IAAI,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;IAC5B,MAAM,IAAI,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;IAE5B,MAAM,cAAc,GAAG,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;IACjD,MAAM,UAAU,GAAG,cAAc,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;IAEpF,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,GAAG,UAAU,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC;AACzE,CAAC,CAAC;AA9BW,QAAA,QAAQ,YA8BnB"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@lindorm/ec",
|
|
3
|
-
"version": "0.2.
|
|
3
|
+
"version": "0.2.6",
|
|
4
4
|
"license": "AGPL-3.0-or-later",
|
|
5
5
|
"author": "Jonn Nilsson",
|
|
6
6
|
"repository": {
|
|
@@ -16,25 +16,22 @@
|
|
|
16
16
|
"scripts": {
|
|
17
17
|
"build": "rimraf dist && tsc -b ./tsconfig.build.json",
|
|
18
18
|
"example": "ts-node example",
|
|
19
|
-
"integration": "compd --file docker-compose.yml jest --config jest.config.integration.js --watch",
|
|
20
|
-
"integration:focus": "compd --file docker-compose.yml jest --config jest.config.integration.js --watch $1",
|
|
21
19
|
"prettier": "prettier --write ./src/*",
|
|
22
|
-
"test": "jest --
|
|
23
|
-
"test:ci": "
|
|
24
|
-
"test:
|
|
25
|
-
"
|
|
26
|
-
"typecheck": "tsc --watch",
|
|
27
|
-
"typecheck:ci": "tsc",
|
|
20
|
+
"test": "jest --",
|
|
21
|
+
"test:ci": "jest",
|
|
22
|
+
"test:watch": "jest --watch --",
|
|
23
|
+
"typecheck": "tsc",
|
|
24
|
+
"typecheck:watch": "tsc --watch --",
|
|
28
25
|
"update": "ncu -i",
|
|
29
26
|
"update:auto": "ncu -u"
|
|
30
27
|
},
|
|
31
28
|
"dependencies": {
|
|
32
|
-
"@lindorm/errors": "^0.1.
|
|
33
|
-
"@lindorm/is": "^0.1.
|
|
34
|
-
"@lindorm/kryptos": "^0.
|
|
29
|
+
"@lindorm/errors": "^0.1.13",
|
|
30
|
+
"@lindorm/is": "^0.1.12",
|
|
31
|
+
"@lindorm/kryptos": "^0.5.0"
|
|
35
32
|
},
|
|
36
33
|
"devDependencies": {
|
|
37
|
-
"@lindorm/types": "^0.3.
|
|
34
|
+
"@lindorm/types": "^0.3.4"
|
|
38
35
|
},
|
|
39
|
-
"gitHead": "
|
|
36
|
+
"gitHead": "4b8579886ad8a24c22a8bf260dd0bb5dc45afc08"
|
|
40
37
|
}
|