@lindorm/oct 0.2.5 → 0.2.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +10 -0
- package/README.md +78 -0
- package/dist/classes/OctKit.d.ts.map +1 -1
- package/dist/classes/OctKit.js +3 -0
- package/dist/classes/OctKit.js.map +1 -1
- package/dist/utils/private/map-algorithm.d.ts.map +1 -1
- package/dist/utils/private/map-algorithm.js +12 -7
- package/dist/utils/private/map-algorithm.js.map +1 -1
- package/dist/utils/private/oct-signature.d.ts.map +1 -1
- package/dist/utils/private/oct-signature.js +7 -1
- package/dist/utils/private/oct-signature.js.map +1 -1
- package/package.json +13 -15
package/CHANGELOG.md
CHANGED
|
@@ -3,6 +3,16 @@
|
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
|
4
4
|
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
|
|
5
5
|
|
|
6
|
+
## [0.2.7](https://github.com/lindorm-io/monorepo/compare/@lindorm/oct@0.2.6...@lindorm/oct@0.2.7) (2026-03-13)
|
|
7
|
+
|
|
8
|
+
**Note:** Version bump only for package @lindorm/oct
|
|
9
|
+
|
|
10
|
+
## [0.2.6](https://github.com/lindorm-io/monorepo/compare/@lindorm/oct@0.2.5...@lindorm/oct@0.2.6) (2026-02-17)
|
|
11
|
+
|
|
12
|
+
### Bug Fixes
|
|
13
|
+
|
|
14
|
+
- **ec,oct,okp,rsa:** harden signing kits with validation and security fixes ([910f016](https://github.com/lindorm-io/monorepo/commit/910f01669aefcb4e6eb69c0297291fe2404232f8))
|
|
15
|
+
|
|
6
16
|
## [0.2.5](https://github.com/lindorm-io/monorepo/compare/@lindorm/oct@0.2.4...@lindorm/oct@0.2.5) (2025-09-18)
|
|
7
17
|
|
|
8
18
|
**Note:** Version bump only for package @lindorm/oct
|
package/README.md
CHANGED
|
@@ -1 +1,79 @@
|
|
|
1
1
|
# @lindorm/oct
|
|
2
|
+
|
|
3
|
+
HMAC signature kit built on Node's `crypto` module and [`@lindorm/kryptos`](../kryptos). Provides an `OctKit` class that implements the `IKeyKit` contract used across the Lindorm cryptography packages.
|
|
4
|
+
|
|
5
|
+
## Installation
|
|
6
|
+
|
|
7
|
+
```bash
|
|
8
|
+
npm install @lindorm/oct
|
|
9
|
+
```
|
|
10
|
+
|
|
11
|
+
## Quick Start
|
|
12
|
+
|
|
13
|
+
```typescript
|
|
14
|
+
import { OctKit } from "@lindorm/oct";
|
|
15
|
+
import { KryptosKit } from "@lindorm/kryptos";
|
|
16
|
+
|
|
17
|
+
const kryptos = KryptosKit.generate.sig.oct({ algorithm: "HS256" });
|
|
18
|
+
const kit = new OctKit({ kryptos });
|
|
19
|
+
|
|
20
|
+
// Sign
|
|
21
|
+
const signature = kit.sign("hello world");
|
|
22
|
+
|
|
23
|
+
// Verify (timing-safe comparison)
|
|
24
|
+
kit.verify("hello world", signature); // true
|
|
25
|
+
|
|
26
|
+
// Assert (throws OctError if invalid)
|
|
27
|
+
kit.assert("hello world", signature);
|
|
28
|
+
|
|
29
|
+
// Format Buffer to string
|
|
30
|
+
kit.format(signature); // base64 string
|
|
31
|
+
```
|
|
32
|
+
|
|
33
|
+
## Constructor Options
|
|
34
|
+
|
|
35
|
+
```typescript
|
|
36
|
+
new OctKit({
|
|
37
|
+
kryptos, // IKryptos — must be an oct key with a signing algorithm
|
|
38
|
+
encoding: "base64", // BufferEncoding — output encoding (default: "base64")
|
|
39
|
+
});
|
|
40
|
+
```
|
|
41
|
+
|
|
42
|
+
The constructor validates that the key is an oct type with a supported signing algorithm (HS256, HS384, HS512). Encryption keys (A128KW, dir, etc.) are rejected with an `OctError`.
|
|
43
|
+
|
|
44
|
+
## API
|
|
45
|
+
|
|
46
|
+
```typescript
|
|
47
|
+
class OctKit implements IKeyKit {
|
|
48
|
+
sign(data: KeyData): Buffer;
|
|
49
|
+
verify(data: KeyData, signature: KeyData): boolean;
|
|
50
|
+
assert(data: KeyData, signature: KeyData): void; // throws OctError
|
|
51
|
+
format(data: Buffer): string;
|
|
52
|
+
}
|
|
53
|
+
```
|
|
54
|
+
|
|
55
|
+
`KeyData` is `Buffer | string`.
|
|
56
|
+
|
|
57
|
+
## Supported Algorithms
|
|
58
|
+
|
|
59
|
+
| Algorithm | Hash |
|
|
60
|
+
| --------- | ------- |
|
|
61
|
+
| HS256 | SHA-256 |
|
|
62
|
+
| HS384 | SHA-384 |
|
|
63
|
+
| HS512 | SHA-512 |
|
|
64
|
+
|
|
65
|
+
## Security
|
|
66
|
+
|
|
67
|
+
Signature verification uses `crypto.timingSafeEqual` to prevent timing attacks.
|
|
68
|
+
|
|
69
|
+
## Error Handling
|
|
70
|
+
|
|
71
|
+
All errors are `OctError` instances:
|
|
72
|
+
|
|
73
|
+
```typescript
|
|
74
|
+
import { OctError } from "@lindorm/oct";
|
|
75
|
+
```
|
|
76
|
+
|
|
77
|
+
## License
|
|
78
|
+
|
|
79
|
+
AGPL-3.0-or-later
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"OctKit.d.ts","sourceRoot":"","sources":["../../src/classes/OctKit.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"OctKit.d.ts","sourceRoot":"","sources":["../../src/classes/OctKit.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,gBAAgB,CAAC;AAElD,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAOzC,qBAAa,MAAO,YAAW,OAAO;IACpC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAiB;IAC1C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAc;gBAEnB,OAAO,EAAE,aAAa;IAclC,IAAI,CAAC,IAAI,EAAE,OAAO,GAAG,MAAM;IAO3B,MAAM,CAAC,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,GAAG,OAAO;IASlD,MAAM,CAAC,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,GAAG,IAAI;IAS/C,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM;CAGpC"}
|
package/dist/classes/OctKit.js
CHANGED
|
@@ -12,6 +12,9 @@ class OctKit {
|
|
|
12
12
|
if (!kryptos_1.KryptosKit.isOct(options.kryptos)) {
|
|
13
13
|
throw new errors_1.OctError("Invalid Kryptos instance");
|
|
14
14
|
}
|
|
15
|
+
if (!kryptos_1.OCT_SIG_ALGORITHMS.includes(options.kryptos.algorithm)) {
|
|
16
|
+
throw new errors_1.OctError("OctKit only supports signing algorithms (HS256, HS384, HS512)");
|
|
17
|
+
}
|
|
15
18
|
this.kryptos = options.kryptos;
|
|
16
19
|
}
|
|
17
20
|
sign(data) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"OctKit.js","sourceRoot":"","sources":["../../src/classes/OctKit.ts"],"names":[],"mappings":";;;AAAA,
|
|
1
|
+
{"version":3,"file":"OctKit.js","sourceRoot":"","sources":["../../src/classes/OctKit.ts"],"names":[],"mappings":";;;AAAA,8CAK0B;AAE1B,sCAAqC;AAErC,8CAI0B;AAE1B,MAAa,MAAM;IACA,QAAQ,CAAiB;IACzB,OAAO,CAAc;IAEtC,YAAmB,OAAsB;QACvC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,QAAQ,CAAC;QAE7C,IAAI,CAAC,oBAAU,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YACvC,MAAM,IAAI,iBAAQ,CAAC,0BAA0B,CAAC,CAAC;QACjD,CAAC;QAED,IAAI,CAAC,4BAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,SAA4B,CAAC,EAAE,CAAC;YAC/E,MAAM,IAAI,iBAAQ,CAAC,+DAA+D,CAAC,CAAC;QACtF,CAAC;QAED,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IACjC,CAAC;IAEM,IAAI,CAAC,IAAa;QACvB,OAAO,IAAA,4BAAkB,EAAC;YACxB,IAAI;YACJ,OAAO,EAAE,IAAI,CAAC,OAAO;SACtB,CAAC,CAAC;IACL,CAAC;IAEM,MAAM,CAAC,IAAa,EAAE,SAAkB;QAC7C,OAAO,IAAA,4BAAkB,EAAC;YACxB,IAAI;YACJ,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,SAAS;SACV,CAAC,CAAC;IACL,CAAC;IAEM,MAAM,CAAC,IAAa,EAAE,SAAkB;QAC7C,OAAO,IAAA,4BAAkB,EAAC;YACxB,IAAI;YACJ,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,SAAS;SACV,CAAC,CAAC;IACL,CAAC;IAEM,MAAM,CAAC,IAAY;QACxB,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACtC,CAAC;CACF;AA9CD,wBA8CC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"map-algorithm.d.ts","sourceRoot":"","sources":["../../../src/utils/private/map-algorithm.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,
|
|
1
|
+
{"version":3,"file":"map-algorithm.d.ts","sourceRoot":"","sources":["../../../src/utils/private/map-algorithm.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAuC,MAAM,kBAAkB,CAAC;AACpF,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAS9C,eAAO,MAAM,eAAe,GAAI,SAAS,WAAW,KAAG,YAQtD,CAAC"}
|
|
@@ -1,15 +1,20 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.mapOctAlgorithm = void 0;
|
|
4
|
+
const kryptos_1 = require("@lindorm/kryptos");
|
|
4
5
|
const errors_1 = require("../../errors");
|
|
6
|
+
const OCT_SIG_ALGORITHM_MAP = {
|
|
7
|
+
HS256: "SHA256",
|
|
8
|
+
HS384: "SHA384",
|
|
9
|
+
HS512: "SHA512",
|
|
10
|
+
};
|
|
5
11
|
const mapOctAlgorithm = (kryptos) => {
|
|
6
|
-
if (kryptos.algorithm
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
throw new errors_1.OctError("Unsupported OCT algorithm", { debug: { kryptos } });
|
|
12
|
+
if (!kryptos_1.OCT_SIG_ALGORITHMS.includes(kryptos.algorithm)) {
|
|
13
|
+
throw new errors_1.OctError("Unsupported OCT algorithm for signing", {
|
|
14
|
+
debug: { algorithm: kryptos.algorithm },
|
|
15
|
+
});
|
|
16
|
+
}
|
|
17
|
+
return OCT_SIG_ALGORITHM_MAP[kryptos.algorithm];
|
|
13
18
|
};
|
|
14
19
|
exports.mapOctAlgorithm = mapOctAlgorithm;
|
|
15
20
|
//# sourceMappingURL=map-algorithm.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"map-algorithm.js","sourceRoot":"","sources":["../../../src/utils/private/map-algorithm.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"map-algorithm.js","sourceRoot":"","sources":["../../../src/utils/private/map-algorithm.ts"],"names":[],"mappings":";;;AAAA,8CAAoF;AAEpF,yCAAwC;AAExC,MAAM,qBAAqB,GAA0C;IACnE,KAAK,EAAE,QAAQ;IACf,KAAK,EAAE,QAAQ;IACf,KAAK,EAAE,QAAQ;CAChB,CAAC;AAEK,MAAM,eAAe,GAAG,CAAC,OAAoB,EAAgB,EAAE;IACpE,IAAI,CAAC,4BAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,SAA4B,CAAC,EAAE,CAAC;QACvE,MAAM,IAAI,iBAAQ,CAAC,uCAAuC,EAAE;YAC1D,KAAK,EAAE,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE;SACxC,CAAC,CAAC;IACL,CAAC;IAED,OAAO,qBAAqB,CAAC,OAAO,CAAC,SAA4B,CAAC,CAAC;AACrE,CAAC,CAAC;AARW,QAAA,eAAe,mBAQ1B"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oct-signature.d.ts","sourceRoot":"","sources":["../../../src/utils/private/oct-signature.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,yBAAyB,EAAE,yBAAyB,EAAE,MAAM,aAAa,CAAC;AAKnF,eAAO,MAAM,kBAAkB,GAAI,oBAGhC,yBAAyB,KAAG,MAO9B,CAAC;AAEF,eAAO,MAAM,kBAAkB,GAAI,yCAKhC,yBAAyB,KAAG,
|
|
1
|
+
{"version":3,"file":"oct-signature.d.ts","sourceRoot":"","sources":["../../../src/utils/private/oct-signature.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,yBAAyB,EAAE,yBAAyB,EAAE,MAAM,aAAa,CAAC;AAKnF,eAAO,MAAM,kBAAkB,GAAI,oBAGhC,yBAAyB,KAAG,MAO9B,CAAC;AAEF,eAAO,MAAM,kBAAkB,GAAI,yCAKhC,yBAAyB,KAAG,OAO9B,CAAC;AAEF,eAAO,MAAM,kBAAkB,GAAI,SAAS,yBAAyB,KAAG,IAGvE,CAAC"}
|
|
@@ -14,7 +14,13 @@ const createOctSignature = ({ data, kryptos, }) => {
|
|
|
14
14
|
return (0, crypto_1.createHmac)(algorithm, privateKey).update(data).digest();
|
|
15
15
|
};
|
|
16
16
|
exports.createOctSignature = createOctSignature;
|
|
17
|
-
const verifyOctSignature = ({ data, encoding, kryptos, signature, }) =>
|
|
17
|
+
const verifyOctSignature = ({ data, encoding, kryptos, signature, }) => {
|
|
18
|
+
const expected = (0, exports.createOctSignature)({ data, kryptos });
|
|
19
|
+
const actual = (0, is_1.isString)(signature) ? Buffer.from(signature, encoding) : signature;
|
|
20
|
+
if (expected.length !== actual.length)
|
|
21
|
+
return false;
|
|
22
|
+
return (0, crypto_1.timingSafeEqual)(expected, actual);
|
|
23
|
+
};
|
|
18
24
|
exports.verifyOctSignature = verifyOctSignature;
|
|
19
25
|
const assertOctSignature = (options) => {
|
|
20
26
|
if ((0, exports.verifyOctSignature)(options))
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oct-signature.js","sourceRoot":"","sources":["../../../src/utils/private/oct-signature.ts"],"names":[],"mappings":";;;AAAA,oCAAuC;AACvC,
|
|
1
|
+
{"version":3,"file":"oct-signature.js","sourceRoot":"","sources":["../../../src/utils/private/oct-signature.ts"],"names":[],"mappings":";;;AAAA,oCAAuC;AACvC,mCAAqD;AACrD,yCAAwC;AAExC,uDAAkD;AAClD,uCAA0C;AAC1C,mDAAkD;AAE3C,MAAM,kBAAkB,GAAG,CAAC,EACjC,IAAI,EACJ,OAAO,GACmB,EAAU,EAAE;IACtC,MAAM,SAAS,GAAG,IAAA,+BAAe,EAAC,OAAO,CAAC,CAAC;IAC3C,MAAM,UAAU,GAAG,IAAA,uBAAa,EAAC,OAAO,CAAC,CAAC;IAE1C,IAAA,+BAAa,EAAC,SAAS,EAAE,UAAU,CAAC,CAAC;IAErC,OAAO,IAAA,mBAAU,EAAC,SAAS,EAAE,UAAU,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC;AACjE,CAAC,CAAC;AAVW,QAAA,kBAAkB,sBAU7B;AAEK,MAAM,kBAAkB,GAAG,CAAC,EACjC,IAAI,EACJ,QAAQ,EACR,OAAO,EACP,SAAS,GACiB,EAAW,EAAE;IACvC,MAAM,QAAQ,GAAG,IAAA,0BAAkB,EAAC,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;IACvD,MAAM,MAAM,GAAG,IAAA,aAAQ,EAAC,SAAS,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAElF,IAAI,QAAQ,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAEpD,OAAO,IAAA,wBAAe,EAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;AAC3C,CAAC,CAAC;AAZW,QAAA,kBAAkB,sBAY7B;AAEK,MAAM,kBAAkB,GAAG,CAAC,OAAkC,EAAQ,EAAE;IAC7E,IAAI,IAAA,0BAAkB,EAAC,OAAO,CAAC;QAAE,OAAO;IACxC,MAAM,IAAI,iBAAQ,CAAC,6BAA6B,CAAC,CAAC;AACpD,CAAC,CAAC;AAHW,QAAA,kBAAkB,sBAG7B"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@lindorm/oct",
|
|
3
|
-
"version": "0.2.
|
|
3
|
+
"version": "0.2.7",
|
|
4
4
|
"license": "AGPL-3.0-or-later",
|
|
5
5
|
"author": "Jonn Nilsson",
|
|
6
6
|
"repository": {
|
|
@@ -16,25 +16,23 @@
|
|
|
16
16
|
"scripts": {
|
|
17
17
|
"build": "rimraf dist && tsc -b ./tsconfig.build.json",
|
|
18
18
|
"example": "ts-node example",
|
|
19
|
-
"integration": "compd --file docker-compose.yml jest --config jest.config.integration.js --watch",
|
|
20
|
-
"integration:focus": "compd --file docker-compose.yml jest --config jest.config.integration.js --watch $1",
|
|
21
19
|
"prettier": "prettier --write ./src/*",
|
|
22
|
-
"test": "jest --
|
|
23
|
-
"test:ci": "
|
|
24
|
-
"test:
|
|
25
|
-
"
|
|
26
|
-
"typecheck": "tsc --watch",
|
|
27
|
-
"typecheck:ci": "tsc",
|
|
20
|
+
"test": "jest --",
|
|
21
|
+
"test:ci": "jest",
|
|
22
|
+
"test:watch": "jest --watch --",
|
|
23
|
+
"typecheck": "tsc",
|
|
24
|
+
"typecheck:watch": "tsc --watch",
|
|
28
25
|
"update": "ncu -i",
|
|
29
|
-
"update:auto": "ncu -u"
|
|
26
|
+
"update:auto": "ncu -u",
|
|
27
|
+
"verify": "npm run typecheck; npm run build; npm test"
|
|
30
28
|
},
|
|
31
29
|
"dependencies": {
|
|
32
|
-
"@lindorm/errors": "^0.1.
|
|
33
|
-
"@lindorm/is": "^0.1.
|
|
34
|
-
"@lindorm/kryptos": "^0.
|
|
30
|
+
"@lindorm/errors": "^0.1.14",
|
|
31
|
+
"@lindorm/is": "^0.1.13",
|
|
32
|
+
"@lindorm/kryptos": "^0.5.1"
|
|
35
33
|
},
|
|
36
34
|
"devDependencies": {
|
|
37
|
-
"@lindorm/types": "^0.
|
|
35
|
+
"@lindorm/types": "^0.4.0"
|
|
38
36
|
},
|
|
39
|
-
"gitHead": "
|
|
37
|
+
"gitHead": "e9f119d722596c1980328d88e588db4ab49dd04b"
|
|
40
38
|
}
|