werift 0.15.6 → 0.15.7

package/lib/dtls/src/context/cipher.js

@@ -32,7 +32,7 @@ const x509_1 = require("@fidm/x509");
 const webcrypto_1 = require("@peculiar/webcrypto");
 const x509 = __importStar(require("@peculiar/x509"));
 const binary_data_1 = require("binary-data");
-const crypto_1 = require("crypto");
+const crypto_1 = __importStar(require("crypto"));
 const addYears_1 = __importDefault(require("date-fns/addYears"));
 const const_1 = require("../cipher/const");
 const prf_1 = require("../cipher/prf");
@@ -165,7 +165,7 @@ CipherContext.createSelfSignedCertificateWithKey = async (signatureHash, namedCu
     })();
     const keys = await crypto.subtle.generateKey(alg, true, ["sign", "verify"]);
     const cert = await x509.X509CertificateGenerator.createSelfSigned({
-        serialNumber: "01",
+        serialNumber: crypto_1.default.randomBytes(8).toString("hex"),
         name: "C=AU, ST=Some-State, O=Internet Widgits Pty Ltd",
         notBefore: new Date(),
         notAfter: (0, addYears_1.default)(Date.now(), 10),

package/lib/dtls/src/context/cipher.js.map

@@ -1 +1 @@
-{"version":3,"file":"cipher.js","sourceRoot":"","sources":["../../../../../dtls/src/context/cipher.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,qCAAqD;AACrD,mDAA6C;AAC7C,qDAAuC;AACvC,6CAAoD;AACpD,mCAAoC;AACpC,iEAAyC;AAEzC,2CAQyB;AAEzB,uCAAyE;AACzE,wDAAsE;AAEtE,gDAAsD;AAItD,MAAM,MAAM,GAAG,IAAI,kBAAM,EAAE,CAAC;AAC5B,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,MAAa,CAAC,CAAC;AAEvC,MAAa,aAAa;IAcxB,YACS,WAAyB,EACzB,OAAgB,EAChB,MAAe,EACtB,sBAAsC;QAH/B,gBAAW,GAAX,WAAW,CAAc;QACzB,YAAO,GAAP,OAAO,CAAS;QAChB,WAAM,GAAN,MAAM,CAAS;QAGtB,IAAI,OAAO,IAAI,MAAM,IAAI,sBAAsB,EAAE;YAC/C,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,MAAM,EAAE,sBAAsB,CAAC,CAAC;SACzD;IACH,CAAC;IA2ED,aAAa,CAAC,GAAkB;QAC9B,MAAM,MAAM,GAAG,GAAG,CAAC,iBAAiB,CAAC;QACrC,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,CAAC,QAAQ,EAAE;YAC9D,IAAI,EAAE,MAAM,CAAC,WAAW;YACxB,OAAO,EAAE,IAAA,oBAAM,EACb,MAAM,CAAC,IAAI,CAAC,IAAA,oBAAM,EAAC,MAAM,CAAC,eAAe,EAAE,wBAAe,CAAC,CAAC,KAAK,EAAE,CAAC,EACpE,EAAE,OAAO,EAAE,mBAAK,CAAC,QAAQ,EAAE,CAC5B,CAAC,OAAO;YACT,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,cAAc,EAAE,MAAM,CAAC,cAAc;SACtC,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,GAAG,GAAG,CAAC;QACnB,GAAG,CAAC,iBAAiB,CAAC,UAAU,GAAG,GAAG,CAAC,MAAM,CAAC;QAC9C,OAAO,GAAG,CAAC;IACb,CAAC;IAED,aAAa,CAAC,GAAkB;QAC9B,MAAM,MAAM,GAAG,GAAG,CAAC,iBAAiB,CAAC;QACrC,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,CAAC,QAAQ,EAAE;YAC9D,IAAI,EAAE,MAAM,CAAC,WAAW;YACxB,OAAO,EAAE,IAAA,oBAAM,EACb,MAAM,CAAC,IAAI,CAAC,IAAA,oBAAM,EAAC,MAAM,CAAC,eAAe,EAAE,wBAAe,CAAC,CAAC,KAAK,EAAE,CAAC,EACpE,EAAE,OAAO,EAAE,mBAAK,CAAC,QAAQ,EAAE,CAC5B,CAAC,OAAO;YACT,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,cAAc,EAAE,MAAM,CAAC,cAAc;SACtC,CAAC,CAAC;QACH,OAAO,GAAG,CAAC;IACb,CAAC;IAED,UAAU,CAAC,GAAW;QACpB,IAAI,IAAI,CAAC,WAAW,KAAK,sBAAW,CAAC,MAAM;YACzC,OAAO,IAAA,yBAAmB,EAAC,IAAI,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;;YAChD,OAAO,IAAA,yBAAmB,EAAC,IAAI,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;IAC1D,CAAC;IAED,aAAa,CAAC,IAAY,EAAE,IAAY;QACtC,MAAM,SAAS,GAAG,IAAA,mBAAU,EAAC,IAAI,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAChD,MAAM,GAAG,GAAG,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE,CAAC;QACpD,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACnC,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,oBAAoB,CAAC,aAAqB;QACxC,MAAM,YAAY,GAChB,IAAI,CAAC,WAAW,KAAK,sBAAW,CAAC,MAAM;YACrC,CAAC,CAAC,IAAI,CAAC,WAAW;YAClB,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC;QACxB,MAAM,YAAY,GAChB,IAAI,CAAC,WAAW,KAAK,sBAAW,CAAC,MAAM;YACrC,CAAC,CAAC,IAAI,CAAC,WAAW;YAClB,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC;QAExB,MAAM,GAAG,GAAG,IAAI,CAAC,iBAAiB,CAChC,YAAY,CAAC,SAAS,EAAE,EACxB,YAAY,CAAC,SAAS,EAAE,EACxB,IAAI,CAAC,YAAY,CAAC,SAAS,EAC3B,IAAI,CAAC,UAAU,CAChB,CAAC;QAEF,MAAM,GAAG,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,GAAG,EAAE,aAAa,CAAC,CAAC;QAC1D,OAAO,GAAG,CAAC;IACb,CAAC;IAED,SAAS,CAAC,OAAe,EAAE,MAAc,EAAE,aAA4B;QACrE,MAAM,IAAI,GAAG,kBAAW,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;QACvD,MAAM,GAAG,GAAG,iBAAU,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;QACpD,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC;QAC1B,IAAI,CAAC,eAAe,GAAG,GAAG,CAAC;QAC3B,IAAI,CAAC,sBAAsB,GAAG,aAAa,CAAC;IAC9C,CAAC;IAEO,iBAAiB,CACvB,YAAoB,EACpB,YAAoB,EACpB,SAAiB,EACjB,UAAkB;QAElB,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAC9B,IAAA,oBAAM,EACJ;YACE,IAAI,EAAE,iBAAS,CAAC,aAAa;YAC7B,KAAK,EAAE,UAAU;YACjB,GAAG,EAAE,SAAS,CAAC,MAAM;SACtB,EACD,EAAE,IAAI,EAAE,mBAAK,CAAC,KAAK,EAAE,KAAK,EAAE,mBAAK,CAAC,QAAQ,EAAE,GAAG,EAAE,mBAAK,CAAC,KAAK,EAAE,CAC/D,CAAC,KAAK,EAAE,CACV,CAAC;QACF,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,YAAY,EAAE,YAAY,EAAE,YAAY,EAAE,SAAS,CAAC,CAAC,CAAC;IAC9E,CAAC;;AA3LH,sCA4LC;;AAnKC;;;;GAIG;AACI,gDAAkC,GAAG,KAAK,EAC/C,aAA4B,EAC5B,mBAA0C,EAC1C,EAAE;IACF,MAAM,sBAAsB,GAAG,CAAC,GAAG,EAAE;QACnC,QAAQ,aAAa,CAAC,SAAS,EAAE;YAC/B,KAAK,0BAAkB,CAAC,KAAK;gBAC3B,OAAO,mBAAmB,CAAC;YAC7B,KAAK,0BAAkB,CAAC,OAAO;gBAC7B,OAAO,OAAO,CAAC;SAClB;IACH,CAAC,CAAC,EAAE,CAAC;IACL,MAAM,IAAI,GAAG,CAAC,GAAG,EAAE;QACjB,QAAQ,aAAa,CAAC,IAAI,EAAE;YAC1B,KAAK,qBAAa,CAAC,QAAQ;gBACzB,OAAO,SAAS,CAAC;SACpB;IACH,CAAC,CAAC,EAAE,CAAC;IACL,MAAM,UAAU,GAAG,CAAC,GAAG,EAAE;QACvB,QAAQ,mBAAmB,EAAE;YAC3B,KAAK,2BAAmB,CAAC,YAAY;gBACnC,OAAO,OAAO,CAAC;YACjB,KAAK,2BAAmB,CAAC,SAAS;gBAChC,6CAA6C;gBAC7C,IAAI,sBAAsB,KAAK,OAAO,EAAE;oBACtC,OAAO,OAAO,CAAC;iBAChB;gBACD,OAAO,QAAQ,CAAC;YAClB,OAAO,CAAC,CAAC;gBACP,IAAI,sBAAsB,KAAK,OAAO;oBAAE,OAAO,OAAO,CAAC;gBACvD,IAAI,sBAAsB,KAAK,mBAAmB;oBAAE,OAAO,QAAQ,CAAC;aACrE;SACF;IACH,CAAC,CAAC,EAAE,CAAC;IACL,MAAM,GAAG,GAAG,CAAC,GAAG,EAAE;QAChB,QAAQ,sBAAsB,EAAE;YAC9B,KAAK,OAAO;gBACV,OAAO,EAAE,IAAI,EAAE,sBAAsB,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;YAC5D,KAAK,mBAAmB;gBACtB,OAAO;oBACL,IAAI,EAAE,sBAAsB;oBAC5B,IAAI;oBACJ,cAAc,EAAE,IAAI,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;oBACzC,aAAa,EAAE,IAAI;iBACpB,CAAC;SACL;IACH,CAAC,CAAC,EAAE,CAAC;IAEL,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;IAE5E,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,gBAAgB,CAAC;QAChE,YAAY,EAAE,IAAI;QAClB,IAAI,EAAE,iDAAiD;QACvD,SAAS,EAAE,IAAI,IAAI,EAAE;QACrB,QAAQ,EAAE,IAAA,kBAAQ,EAAC,IAAI,CAAC,GAAG,EAAE,EAAE,EAAE,CAAC;QAClC,gBAAgB,EAAE,GAAG;QACrB,IAAI;KACL,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACrC,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,MAAM,CACrC,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,CAAC,UAAiB,CAAC,EAC9D,aAAa,CACd,CAAC;IAEF,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;AAC5C,CAAE,CAAA","sourcesContent":["import { Certificate, PrivateKey } from \"@fidm/x509\";\nimport { Crypto } from \"@peculiar/webcrypto\";\nimport * as x509 from \"@peculiar/x509\";\nimport { decode, encode, types } from \"binary-data\";\nimport { createSign } from \"crypto\";\nimport addYears from \"date-fns/addYears\";\n\nimport {\n  CipherSuites,\n  CurveType,\n  HashAlgorithm,\n  NamedCurveAlgorithm,\n  NamedCurveAlgorithms,\n  SignatureAlgorithm,\n  SignatureHash,\n} from \"../cipher/const\";\nimport { NamedCurveKeyPair } from \"../cipher/namedCurve\";\nimport { prfVerifyDataClient, prfVerifyDataServer } from \"../cipher/prf\";\nimport { SessionType, SessionTypes } from \"../cipher/suites/abstract\";\nimport AEADCipher from \"../cipher/suites/aead\";\nimport { ProtocolVersion } from \"../handshake/binary\";\nimport { DtlsRandom } from \"../handshake/random\";\nimport { DtlsPlaintext } from \"../record/message/plaintext\";\n\nconst crypto = new Crypto();\nx509.cryptoProvider.set(crypto as any);\n\nexport class CipherContext {\n  localRandom!: DtlsRandom;\n  remoteRandom!: DtlsRandom;\n  cipherSuite!: CipherSuites;\n  remoteCertificate?: Buffer;\n  remoteKeyPair!: Partial<NamedCurveKeyPair>;\n  localKeyPair!: NamedCurveKeyPair;\n  masterSecret!: Buffer;\n  cipher!: AEADCipher;\n  namedCurve!: NamedCurveAlgorithms;\n  signatureHashAlgorithm?: SignatureHash;\n  localCert!: Buffer;\n  localPrivateKey!: PrivateKey;\n\n  constructor(\n    public sessionType: SessionTypes,\n    public certPem?: string,\n    public keyPem?: string,\n    signatureHashAlgorithm?: SignatureHash\n  ) {\n    if (certPem && keyPem && signatureHashAlgorithm) {\n      this.parseX509(certPem, keyPem, signatureHashAlgorithm);\n    }\n  }\n\n  /**\n   *\n   * @param signatureHash\n   * @param namedCurveAlgorithm necessary when use ecdsa\n   */\n  static createSelfSignedCertificateWithKey = async (\n    signatureHash: SignatureHash,\n    namedCurveAlgorithm?: NamedCurveAlgorithms\n  ) => {\n    const signatureAlgorithmName = (() => {\n      switch (signatureHash.signature) {\n        case SignatureAlgorithm.rsa_1:\n          return \"RSASSA-PKCS1-v1_5\";\n        case SignatureAlgorithm.ecdsa_3:\n          return \"ECDSA\";\n      }\n    })();\n    const hash = (() => {\n      switch (signatureHash.hash) {\n        case HashAlgorithm.sha256_4:\n          return \"SHA-256\";\n      }\n    })();\n    const namedCurve = (() => {\n      switch (namedCurveAlgorithm) {\n        case NamedCurveAlgorithm.secp256r1_23:\n          return \"P-256\";\n        case NamedCurveAlgorithm.x25519_29:\n          // todo fix (X25519 not supported with ECDSA)\n          if (signatureAlgorithmName === \"ECDSA\") {\n            return \"P-256\";\n          }\n          return \"X25519\";\n        default: {\n          if (signatureAlgorithmName === \"ECDSA\") return \"P-256\";\n          if (signatureAlgorithmName === \"RSASSA-PKCS1-v1_5\") return \"X25519\";\n        }\n      }\n    })();\n    const alg = (() => {\n      switch (signatureAlgorithmName) {\n        case \"ECDSA\":\n          return { name: signatureAlgorithmName, hash, namedCurve };\n        case \"RSASSA-PKCS1-v1_5\":\n          return {\n            name: signatureAlgorithmName,\n            hash,\n            publicExponent: new Uint8Array([1, 0, 1]),\n            modulusLength: 2048,\n          };\n      }\n    })();\n\n    const keys = await crypto.subtle.generateKey(alg, true, [\"sign\", \"verify\"]);\n\n    const cert = await x509.X509CertificateGenerator.createSelfSigned({\n      serialNumber: \"01\",\n      name: \"C=AU, ST=Some-State, O=Internet Widgits Pty Ltd\",\n      notBefore: new Date(),\n      notAfter: addYears(Date.now(), 10),\n      signingAlgorithm: alg,\n      keys,\n    });\n\n    const certPem = cert.toString(\"pem\");\n    const keyPem = x509.PemConverter.encode(\n      await crypto.subtle.exportKey(\"pkcs8\", keys.privateKey as any),\n      \"private key\"\n    );\n\n    return { certPem, keyPem, signatureHash };\n  };\n\n  encryptPacket(pkt: DtlsPlaintext) {\n    const header = pkt.recordLayerHeader;\n    const enc = this.cipher.encrypt(this.sessionType, pkt.fragment, {\n      type: header.contentType,\n      version: decode(\n        Buffer.from(encode(header.protocolVersion, ProtocolVersion).slice()),\n        { version: types.uint16be }\n      ).version,\n      epoch: header.epoch,\n      sequenceNumber: header.sequenceNumber,\n    });\n    pkt.fragment = enc;\n    pkt.recordLayerHeader.contentLen = enc.length;\n    return pkt;\n  }\n\n  decryptPacket(pkt: DtlsPlaintext) {\n    const header = pkt.recordLayerHeader;\n    const dec = this.cipher.decrypt(this.sessionType, pkt.fragment, {\n      type: header.contentType,\n      version: decode(\n        Buffer.from(encode(header.protocolVersion, ProtocolVersion).slice()),\n        { version: types.uint16be }\n      ).version,\n      epoch: header.epoch,\n      sequenceNumber: header.sequenceNumber,\n    });\n    return dec;\n  }\n\n  verifyData(buf: Buffer) {\n    if (this.sessionType === SessionType.CLIENT)\n      return prfVerifyDataClient(this.masterSecret, buf);\n    else return prfVerifyDataServer(this.masterSecret, buf);\n  }\n\n  signatureData(data: Buffer, hash: string) {\n    const signature = createSign(hash).update(data);\n    const key = this.localPrivateKey.toPEM().toString();\n    const signed = signature.sign(key);\n    return signed;\n  }\n\n  generateKeySignature(hashAlgorithm: string) {\n    const clientRandom =\n      this.sessionType === SessionType.CLIENT\n        ? this.localRandom\n        : this.remoteRandom;\n    const serverRandom =\n      this.sessionType === SessionType.SERVER\n        ? this.localRandom\n        : this.remoteRandom;\n\n    const sig = this.valueKeySignature(\n      clientRandom.serialize(),\n      serverRandom.serialize(),\n      this.localKeyPair.publicKey,\n      this.namedCurve\n    );\n\n    const enc = this.localPrivateKey.sign(sig, hashAlgorithm);\n    return enc;\n  }\n\n  parseX509(certPem: string, keyPem: string, signatureHash: SignatureHash) {\n    const cert = Certificate.fromPEM(Buffer.from(certPem));\n    const sec = PrivateKey.fromPEM(Buffer.from(keyPem));\n    this.localCert = cert.raw;\n    this.localPrivateKey = sec;\n    this.signatureHashAlgorithm = signatureHash;\n  }\n\n  private valueKeySignature(\n    clientRandom: Buffer,\n    serverRandom: Buffer,\n    publicKey: Buffer,\n    namedCurve: number\n  ) {\n    const serverParams = Buffer.from(\n      encode(\n        {\n          type: CurveType.named_curve_3,\n          curve: namedCurve,\n          len: publicKey.length,\n        },\n        { type: types.uint8, curve: types.uint16be, len: types.uint8 }\n      ).slice()\n    );\n    return Buffer.concat([clientRandom, serverRandom, serverParams, publicKey]);\n  }\n}\n"]}
+{"version":3,"file":"cipher.js","sourceRoot":"","sources":["../../../../../dtls/src/context/cipher.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,qCAAqD;AACrD,mDAA6C;AAC7C,qDAAuC;AACvC,6CAAoD;AACpD,iDAAgD;AAChD,iEAAyC;AAEzC,2CAQyB;AAEzB,uCAAyE;AACzE,wDAAsE;AAEtE,gDAAsD;AAItD,MAAM,MAAM,GAAG,IAAI,kBAAM,EAAE,CAAC;AAC5B,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,MAAa,CAAC,CAAC;AAEvC,MAAa,aAAa;IAcxB,YACS,WAAyB,EACzB,OAAgB,EAChB,MAAe,EACtB,sBAAsC;QAH/B,gBAAW,GAAX,WAAW,CAAc;QACzB,YAAO,GAAP,OAAO,CAAS;QAChB,WAAM,GAAN,MAAM,CAAS;QAGtB,IAAI,OAAO,IAAI,MAAM,IAAI,sBAAsB,EAAE;YAC/C,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,MAAM,EAAE,sBAAsB,CAAC,CAAC;SACzD;IACH,CAAC;IA2ED,aAAa,CAAC,GAAkB;QAC9B,MAAM,MAAM,GAAG,GAAG,CAAC,iBAAiB,CAAC;QACrC,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,CAAC,QAAQ,EAAE;YAC9D,IAAI,EAAE,MAAM,CAAC,WAAW;YACxB,OAAO,EAAE,IAAA,oBAAM,EACb,MAAM,CAAC,IAAI,CAAC,IAAA,oBAAM,EAAC,MAAM,CAAC,eAAe,EAAE,wBAAe,CAAC,CAAC,KAAK,EAAE,CAAC,EACpE,EAAE,OAAO,EAAE,mBAAK,CAAC,QAAQ,EAAE,CAC5B,CAAC,OAAO;YACT,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,cAAc,EAAE,MAAM,CAAC,cAAc;SACtC,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,GAAG,GAAG,CAAC;QACnB,GAAG,CAAC,iBAAiB,CAAC,UAAU,GAAG,GAAG,CAAC,MAAM,CAAC;QAC9C,OAAO,GAAG,CAAC;IACb,CAAC;IAED,aAAa,CAAC,GAAkB;QAC9B,MAAM,MAAM,GAAG,GAAG,CAAC,iBAAiB,CAAC;QACrC,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,CAAC,QAAQ,EAAE;YAC9D,IAAI,EAAE,MAAM,CAAC,WAAW;YACxB,OAAO,EAAE,IAAA,oBAAM,EACb,MAAM,CAAC,IAAI,CAAC,IAAA,oBAAM,EAAC,MAAM,CAAC,eAAe,EAAE,wBAAe,CAAC,CAAC,KAAK,EAAE,CAAC,EACpE,EAAE,OAAO,EAAE,mBAAK,CAAC,QAAQ,EAAE,CAC5B,CAAC,OAAO;YACT,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,cAAc,EAAE,MAAM,CAAC,cAAc;SACtC,CAAC,CAAC;QACH,OAAO,GAAG,CAAC;IACb,CAAC;IAED,UAAU,CAAC,GAAW;QACpB,IAAI,IAAI,CAAC,WAAW,KAAK,sBAAW,CAAC,MAAM;YACzC,OAAO,IAAA,yBAAmB,EAAC,IAAI,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;;YAChD,OAAO,IAAA,yBAAmB,EAAC,IAAI,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;IAC1D,CAAC;IAED,aAAa,CAAC,IAAY,EAAE,IAAY;QACtC,MAAM,SAAS,GAAG,IAAA,mBAAU,EAAC,IAAI,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAChD,MAAM,GAAG,GAAG,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE,CAAC;QACpD,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACnC,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,oBAAoB,CAAC,aAAqB;QACxC,MAAM,YAAY,GAChB,IAAI,CAAC,WAAW,KAAK,sBAAW,CAAC,MAAM;YACrC,CAAC,CAAC,IAAI,CAAC,WAAW;YAClB,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC;QACxB,MAAM,YAAY,GAChB,IAAI,CAAC,WAAW,KAAK,sBAAW,CAAC,MAAM;YACrC,CAAC,CAAC,IAAI,CAAC,WAAW;YAClB,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC;QAExB,MAAM,GAAG,GAAG,IAAI,CAAC,iBAAiB,CAChC,YAAY,CAAC,SAAS,EAAE,EACxB,YAAY,CAAC,SAAS,EAAE,EACxB,IAAI,CAAC,YAAY,CAAC,SAAS,EAC3B,IAAI,CAAC,UAAU,CAChB,CAAC;QAEF,MAAM,GAAG,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,GAAG,EAAE,aAAa,CAAC,CAAC;QAC1D,OAAO,GAAG,CAAC;IACb,CAAC;IAED,SAAS,CAAC,OAAe,EAAE,MAAc,EAAE,aAA4B;QACrE,MAAM,IAAI,GAAG,kBAAW,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;QACvD,MAAM,GAAG,GAAG,iBAAU,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;QACpD,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC;QAC1B,IAAI,CAAC,eAAe,GAAG,GAAG,CAAC;QAC3B,IAAI,CAAC,sBAAsB,GAAG,aAAa,CAAC;IAC9C,CAAC;IAEO,iBAAiB,CACvB,YAAoB,EACpB,YAAoB,EACpB,SAAiB,EACjB,UAAkB;QAElB,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAC9B,IAAA,oBAAM,EACJ;YACE,IAAI,EAAE,iBAAS,CAAC,aAAa;YAC7B,KAAK,EAAE,UAAU;YACjB,GAAG,EAAE,SAAS,CAAC,MAAM;SACtB,EACD,EAAE,IAAI,EAAE,mBAAK,CAAC,KAAK,EAAE,KAAK,EAAE,mBAAK,CAAC,QAAQ,EAAE,GAAG,EAAE,mBAAK,CAAC,KAAK,EAAE,CAC/D,CAAC,KAAK,EAAE,CACV,CAAC;QACF,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,YAAY,EAAE,YAAY,EAAE,YAAY,EAAE,SAAS,CAAC,CAAC,CAAC;IAC9E,CAAC;;AA3LH,sCA4LC;;AAnKC;;;;GAIG;AACI,gDAAkC,GAAG,KAAK,EAC/C,aAA4B,EAC5B,mBAA0C,EAC1C,EAAE;IACF,MAAM,sBAAsB,GAAG,CAAC,GAAG,EAAE;QACnC,QAAQ,aAAa,CAAC,SAAS,EAAE;YAC/B,KAAK,0BAAkB,CAAC,KAAK;gBAC3B,OAAO,mBAAmB,CAAC;YAC7B,KAAK,0BAAkB,CAAC,OAAO;gBAC7B,OAAO,OAAO,CAAC;SAClB;IACH,CAAC,CAAC,EAAE,CAAC;IACL,MAAM,IAAI,GAAG,CAAC,GAAG,EAAE;QACjB,QAAQ,aAAa,CAAC,IAAI,EAAE;YAC1B,KAAK,qBAAa,CAAC,QAAQ;gBACzB,OAAO,SAAS,CAAC;SACpB;IACH,CAAC,CAAC,EAAE,CAAC;IACL,MAAM,UAAU,GAAG,CAAC,GAAG,EAAE;QACvB,QAAQ,mBAAmB,EAAE;YAC3B,KAAK,2BAAmB,CAAC,YAAY;gBACnC,OAAO,OAAO,CAAC;YACjB,KAAK,2BAAmB,CAAC,SAAS;gBAChC,6CAA6C;gBAC7C,IAAI,sBAAsB,KAAK,OAAO,EAAE;oBACtC,OAAO,OAAO,CAAC;iBAChB;gBACD,OAAO,QAAQ,CAAC;YAClB,OAAO,CAAC,CAAC;gBACP,IAAI,sBAAsB,KAAK,OAAO;oBAAE,OAAO,OAAO,CAAC;gBACvD,IAAI,sBAAsB,KAAK,mBAAmB;oBAAE,OAAO,QAAQ,CAAC;aACrE;SACF;IACH,CAAC,CAAC,EAAE,CAAC;IACL,MAAM,GAAG,GAAG,CAAC,GAAG,EAAE;QAChB,QAAQ,sBAAsB,EAAE;YAC9B,KAAK,OAAO;gBACV,OAAO,EAAE,IAAI,EAAE,sBAAsB,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;YAC5D,KAAK,mBAAmB;gBACtB,OAAO;oBACL,IAAI,EAAE,sBAAsB;oBAC5B,IAAI;oBACJ,cAAc,EAAE,IAAI,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;oBACzC,aAAa,EAAE,IAAI;iBACpB,CAAC;SACL;IACH,CAAC,CAAC,EAAE,CAAC;IAEL,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;IAE5E,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,gBAAgB,CAAC;QAChE,YAAY,EAAE,gBAAU,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC;QACvD,IAAI,EAAE,iDAAiD;QACvD,SAAS,EAAE,IAAI,IAAI,EAAE;QACrB,QAAQ,EAAE,IAAA,kBAAQ,EAAC,IAAI,CAAC,GAAG,EAAE,EAAE,EAAE,CAAC;QAClC,gBAAgB,EAAE,GAAG;QACrB,IAAI;KACL,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACrC,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,MAAM,CACrC,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,CAAC,UAAiB,CAAC,EAC9D,aAAa,CACd,CAAC;IAEF,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;AAC5C,CAAE,CAAA","sourcesContent":["import { Certificate, PrivateKey } from \"@fidm/x509\";\nimport { Crypto } from \"@peculiar/webcrypto\";\nimport * as x509 from \"@peculiar/x509\";\nimport { decode, encode, types } from \"binary-data\";\nimport nodeCrypto, { createSign } from \"crypto\";\nimport addYears from \"date-fns/addYears\";\n\nimport {\n  CipherSuites,\n  CurveType,\n  HashAlgorithm,\n  NamedCurveAlgorithm,\n  NamedCurveAlgorithms,\n  SignatureAlgorithm,\n  SignatureHash,\n} from \"../cipher/const\";\nimport { NamedCurveKeyPair } from \"../cipher/namedCurve\";\nimport { prfVerifyDataClient, prfVerifyDataServer } from \"../cipher/prf\";\nimport { SessionType, SessionTypes } from \"../cipher/suites/abstract\";\nimport AEADCipher from \"../cipher/suites/aead\";\nimport { ProtocolVersion } from \"../handshake/binary\";\nimport { DtlsRandom } from \"../handshake/random\";\nimport { DtlsPlaintext } from \"../record/message/plaintext\";\n\nconst crypto = new Crypto();\nx509.cryptoProvider.set(crypto as any);\n\nexport class CipherContext {\n  localRandom!: DtlsRandom;\n  remoteRandom!: DtlsRandom;\n  cipherSuite!: CipherSuites;\n  remoteCertificate?: Buffer;\n  remoteKeyPair!: Partial<NamedCurveKeyPair>;\n  localKeyPair!: NamedCurveKeyPair;\n  masterSecret!: Buffer;\n  cipher!: AEADCipher;\n  namedCurve!: NamedCurveAlgorithms;\n  signatureHashAlgorithm?: SignatureHash;\n  localCert!: Buffer;\n  localPrivateKey!: PrivateKey;\n\n  constructor(\n    public sessionType: SessionTypes,\n    public certPem?: string,\n    public keyPem?: string,\n    signatureHashAlgorithm?: SignatureHash\n  ) {\n    if (certPem && keyPem && signatureHashAlgorithm) {\n      this.parseX509(certPem, keyPem, signatureHashAlgorithm);\n    }\n  }\n\n  /**\n   *\n   * @param signatureHash\n   * @param namedCurveAlgorithm necessary when use ecdsa\n   */\n  static createSelfSignedCertificateWithKey = async (\n    signatureHash: SignatureHash,\n    namedCurveAlgorithm?: NamedCurveAlgorithms\n  ) => {\n    const signatureAlgorithmName = (() => {\n      switch (signatureHash.signature) {\n        case SignatureAlgorithm.rsa_1:\n          return \"RSASSA-PKCS1-v1_5\";\n        case SignatureAlgorithm.ecdsa_3:\n          return \"ECDSA\";\n      }\n    })();\n    const hash = (() => {\n      switch (signatureHash.hash) {\n        case HashAlgorithm.sha256_4:\n          return \"SHA-256\";\n      }\n    })();\n    const namedCurve = (() => {\n      switch (namedCurveAlgorithm) {\n        case NamedCurveAlgorithm.secp256r1_23:\n          return \"P-256\";\n        case NamedCurveAlgorithm.x25519_29:\n          // todo fix (X25519 not supported with ECDSA)\n          if (signatureAlgorithmName === \"ECDSA\") {\n            return \"P-256\";\n          }\n          return \"X25519\";\n        default: {\n          if (signatureAlgorithmName === \"ECDSA\") return \"P-256\";\n          if (signatureAlgorithmName === \"RSASSA-PKCS1-v1_5\") return \"X25519\";\n        }\n      }\n    })();\n    const alg = (() => {\n      switch (signatureAlgorithmName) {\n        case \"ECDSA\":\n          return { name: signatureAlgorithmName, hash, namedCurve };\n        case \"RSASSA-PKCS1-v1_5\":\n          return {\n            name: signatureAlgorithmName,\n            hash,\n            publicExponent: new Uint8Array([1, 0, 1]),\n            modulusLength: 2048,\n          };\n      }\n    })();\n\n    const keys = await crypto.subtle.generateKey(alg, true, [\"sign\", \"verify\"]);\n\n    const cert = await x509.X509CertificateGenerator.createSelfSigned({\n      serialNumber: nodeCrypto.randomBytes(8).toString(\"hex\"),\n      name: \"C=AU, ST=Some-State, O=Internet Widgits Pty Ltd\",\n      notBefore: new Date(),\n      notAfter: addYears(Date.now(), 10),\n      signingAlgorithm: alg,\n      keys,\n    });\n\n    const certPem = cert.toString(\"pem\");\n    const keyPem = x509.PemConverter.encode(\n      await crypto.subtle.exportKey(\"pkcs8\", keys.privateKey as any),\n      \"private key\"\n    );\n\n    return { certPem, keyPem, signatureHash };\n  };\n\n  encryptPacket(pkt: DtlsPlaintext) {\n    const header = pkt.recordLayerHeader;\n    const enc = this.cipher.encrypt(this.sessionType, pkt.fragment, {\n      type: header.contentType,\n      version: decode(\n        Buffer.from(encode(header.protocolVersion, ProtocolVersion).slice()),\n        { version: types.uint16be }\n      ).version,\n      epoch: header.epoch,\n      sequenceNumber: header.sequenceNumber,\n    });\n    pkt.fragment = enc;\n    pkt.recordLayerHeader.contentLen = enc.length;\n    return pkt;\n  }\n\n  decryptPacket(pkt: DtlsPlaintext) {\n    const header = pkt.recordLayerHeader;\n    const dec = this.cipher.decrypt(this.sessionType, pkt.fragment, {\n      type: header.contentType,\n      version: decode(\n        Buffer.from(encode(header.protocolVersion, ProtocolVersion).slice()),\n        { version: types.uint16be }\n      ).version,\n      epoch: header.epoch,\n      sequenceNumber: header.sequenceNumber,\n    });\n    return dec;\n  }\n\n  verifyData(buf: Buffer) {\n    if (this.sessionType === SessionType.CLIENT)\n      return prfVerifyDataClient(this.masterSecret, buf);\n    else return prfVerifyDataServer(this.masterSecret, buf);\n  }\n\n  signatureData(data: Buffer, hash: string) {\n    const signature = createSign(hash).update(data);\n    const key = this.localPrivateKey.toPEM().toString();\n    const signed = signature.sign(key);\n    return signed;\n  }\n\n  generateKeySignature(hashAlgorithm: string) {\n    const clientRandom =\n      this.sessionType === SessionType.CLIENT\n        ? this.localRandom\n        : this.remoteRandom;\n    const serverRandom =\n      this.sessionType === SessionType.SERVER\n        ? this.localRandom\n        : this.remoteRandom;\n\n    const sig = this.valueKeySignature(\n      clientRandom.serialize(),\n      serverRandom.serialize(),\n      this.localKeyPair.publicKey,\n      this.namedCurve\n    );\n\n    const enc = this.localPrivateKey.sign(sig, hashAlgorithm);\n    return enc;\n  }\n\n  parseX509(certPem: string, keyPem: string, signatureHash: SignatureHash) {\n    const cert = Certificate.fromPEM(Buffer.from(certPem));\n    const sec = PrivateKey.fromPEM(Buffer.from(keyPem));\n    this.localCert = cert.raw;\n    this.localPrivateKey = sec;\n    this.signatureHashAlgorithm = signatureHash;\n  }\n\n  private valueKeySignature(\n    clientRandom: Buffer,\n    serverRandom: Buffer,\n    publicKey: Buffer,\n    namedCurve: number\n  ) {\n    const serverParams = Buffer.from(\n      encode(\n        {\n          type: CurveType.named_curve_3,\n          curve: namedCurve,\n          len: publicKey.length,\n        },\n        { type: types.uint8, curve: types.uint16be, len: types.uint8 }\n      ).slice()\n    );\n    return Buffer.concat([clientRandom, serverRandom, serverParams, publicKey]);\n  }\n}\n"]}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "werift",
-  "version": "0.15.6",
+  "version": "0.15.7",
   "description": "WebRTC Implementation for TypeScript (Node.js)",
   "keywords": [
     "WebRTC",