Skip to content

Commit

Permalink
Use dedicated keypair for signature validation
Browse files Browse the repository at this point in the history
  • Loading branch information
@agix
agix committed Dec 24, 2022
1 parent 3643c1d commit c4a7b36
Show file tree
Hide file tree
Showing 15 changed files with 1,225 additions and 582 deletions.
73 changes: 67 additions & 6 deletions dist/adapters/browser.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,18 @@ var SecretinBrowserAdapter = (function (exports) {
return crypto.subtle.generateKey(algorithm, extractable, keyUsages);
}

function genRSAPSS() {
const algorithm = {
name: 'RSA-PSS',
modulusLength: 4096,
publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
hash: { name: 'SHA-256' },
};
const extractable = true;
const keyUsages = ['sign', 'verify'];
return crypto.subtle.generateKey(algorithm, extractable, keyUsages);
}

function generateWrappingKey() {
const algorithm = {
name: 'AES-CBC',
Expand Down Expand Up @@ -223,19 +235,23 @@ var SecretinBrowserAdapter = (function (exports) {
);
}

function unwrapRSAOAEP(wrappedKeyHex, unwrappingPrivateKey) {
function unwrapRSAOAEP(
wrappedKeyHex,
unwrappingPrivateKey,
unwrappedKeyAlgorithm = {
name: 'AES-GCM',
length: 256,
}
) {
const format = 'raw';
const wrappedKey = hexStringToUint8Array(wrappedKeyHex);
const unwrapAlgorithm = {
name: 'RSA-OAEP',
hash: { name: 'SHA-256' },
};
const unwrappedKeyAlgorithm = {
name: 'AES-GCM',
length: 256,
};

const extractable = true;
const usages = ['decrypt', 'encrypt'];
const usages = ['decrypt', 'encrypt', 'wrapKey', 'unwrapKey'];

return crypto.subtle.unwrapKey(
format,
Expand Down Expand Up @@ -294,6 +310,23 @@ var SecretinBrowserAdapter = (function (exports) {
);
}

function importPublicKeySign(jwkPublicKey) {
const format = 'jwk';
const algorithm = {
name: 'RSA-PSS',
hash: { name: 'SHA-256' },
};
const extractable = true;
const keyUsages = ['verify'];
return crypto.subtle.importKey(
format,
jwkPublicKey,
algorithm,
extractable,
keyUsages
);
}

function derivePassword(password, parameters) {
const result = {};

Expand Down Expand Up @@ -401,6 +434,31 @@ var SecretinBrowserAdapter = (function (exports) {
);
}

function importPrivateKeySign(key, privateKeyObject) {
const format = 'jwk';
const wrappedPrivateKey = hexStringToUint8Array(privateKeyObject.privateKey);
const unwrapAlgorithm = {
name: 'AES-CBC',
iv: hexStringToUint8Array(privateKeyObject.iv),
};
const unwrappedKeyAlgorithm = {
name: 'RSA-PSS',
hash: { name: 'sha-256' },
};
const extractable = true;
const keyUsages = ['sign'];

return crypto.subtle.unwrapKey(
format,
wrappedPrivateKey,
key,
unwrapAlgorithm,
unwrappedKeyAlgorithm,
extractable,
keyUsages
);
}

function importKey(key, keyObject) {
const format = 'jwk';
const wrappedKey = hexStringToUint8Array(keyObject.key);
Expand Down Expand Up @@ -454,11 +512,14 @@ var SecretinBrowserAdapter = (function (exports) {
exports.exportClearKey = exportClearKey;
exports.exportKey = exportKey;
exports.genRSAOAEP = genRSAOAEP;
exports.genRSAPSS = genRSAPSS;
exports.generateWrappingKey = generateWrappingKey;
exports.getSHA256 = getSHA256;
exports.importKey = importKey;
exports.importPrivateKey = importPrivateKey;
exports.importPrivateKeySign = importPrivateKeySign;
exports.importPublicKey = importPublicKey;
exports.importPublicKeySign = importPublicKeySign;
exports.sign = sign;
exports.unwrapRSAOAEP = unwrapRSAOAEP;
exports.verify = verify;
Expand Down
73 changes: 67 additions & 6 deletions dist/adapters/browser.umd.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,18 @@
return crypto.subtle.generateKey(algorithm, extractable, keyUsages);
}

function genRSAPSS() {
const algorithm = {
name: 'RSA-PSS',
modulusLength: 4096,
publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
hash: { name: 'SHA-256' },
};
const extractable = true;
const keyUsages = ['sign', 'verify'];
return crypto.subtle.generateKey(algorithm, extractable, keyUsages);
}

function generateWrappingKey() {
const algorithm = {
name: 'AES-CBC',
Expand Down Expand Up @@ -226,19 +238,23 @@
);
}

function unwrapRSAOAEP(wrappedKeyHex, unwrappingPrivateKey) {
function unwrapRSAOAEP(
wrappedKeyHex,
unwrappingPrivateKey,
unwrappedKeyAlgorithm = {
name: 'AES-GCM',
length: 256,
}
) {
const format = 'raw';
const wrappedKey = hexStringToUint8Array(wrappedKeyHex);
const unwrapAlgorithm = {
name: 'RSA-OAEP',
hash: { name: 'SHA-256' },
};
const unwrappedKeyAlgorithm = {
name: 'AES-GCM',
length: 256,
};

const extractable = true;
const usages = ['decrypt', 'encrypt'];
const usages = ['decrypt', 'encrypt', 'wrapKey', 'unwrapKey'];

return crypto.subtle.unwrapKey(
format,
Expand Down Expand Up @@ -297,6 +313,23 @@
);
}

function importPublicKeySign(jwkPublicKey) {
const format = 'jwk';
const algorithm = {
name: 'RSA-PSS',
hash: { name: 'SHA-256' },
};
const extractable = true;
const keyUsages = ['verify'];
return crypto.subtle.importKey(
format,
jwkPublicKey,
algorithm,
extractable,
keyUsages
);
}

function derivePassword(password, parameters) {
const result = {};

Expand Down Expand Up @@ -404,6 +437,31 @@
);
}

function importPrivateKeySign(key, privateKeyObject) {
const format = 'jwk';
const wrappedPrivateKey = hexStringToUint8Array(privateKeyObject.privateKey);
const unwrapAlgorithm = {
name: 'AES-CBC',
iv: hexStringToUint8Array(privateKeyObject.iv),
};
const unwrappedKeyAlgorithm = {
name: 'RSA-PSS',
hash: { name: 'sha-256' },
};
const extractable = true;
const keyUsages = ['sign'];

return crypto.subtle.unwrapKey(
format,
wrappedPrivateKey,
key,
unwrapAlgorithm,
unwrappedKeyAlgorithm,
extractable,
keyUsages
);
}

function importKey(key, keyObject) {
const format = 'jwk';
const wrappedKey = hexStringToUint8Array(keyObject.key);
Expand Down Expand Up @@ -457,11 +515,14 @@
exports.exportClearKey = exportClearKey;
exports.exportKey = exportKey;
exports.genRSAOAEP = genRSAOAEP;
exports.genRSAPSS = genRSAPSS;
exports.generateWrappingKey = generateWrappingKey;
exports.getSHA256 = getSHA256;
exports.importKey = importKey;
exports.importPrivateKey = importPrivateKey;
exports.importPrivateKeySign = importPrivateKeySign;
exports.importPublicKey = importPublicKey;
exports.importPublicKeySign = importPublicKeySign;
exports.sign = sign;
exports.unwrapRSAOAEP = unwrapRSAOAEP;
exports.verify = verify;
Expand Down
15 changes: 15 additions & 0 deletions dist/adapters/node.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,10 @@ var SecretinNodeAdapter = (function (exports, crypto, forge) {
});
}

function genRSAPSS() {
return genRSAOAEP();
}

function generateWrappingKey() {
const key = forge__default["default"].random.getBytesSync(32);
return Promise.resolve(key);
Expand Down Expand Up @@ -277,6 +281,10 @@ var SecretinNodeAdapter = (function (exports, crypto, forge) {
return Promise.resolve(publicKey);
}

function importPublicKeySign(jwkPublicKey) {
return importPublicKey(jwkPublicKey);
}

function derivePassword(password, parameters) {
const result = {};

Expand Down Expand Up @@ -406,6 +414,10 @@ var SecretinNodeAdapter = (function (exports, crypto, forge) {
return Promise.resolve(privateKey);
}

function importPrivateKeySign(key, privateKeyObject) {
return importPrivateKey(key, privateKeyObject);
}

function importKey(key, keyObject) {
const wrappedKey = hexStringToUint8Array(keyObject.key);
const iv = hexStringToAscii(keyObject.iv);
Expand Down Expand Up @@ -455,11 +467,14 @@ var SecretinNodeAdapter = (function (exports, crypto, forge) {
exports.exportClearKey = exportClearKey;
exports.exportKey = exportKey;
exports.genRSAOAEP = genRSAOAEP;
exports.genRSAPSS = genRSAPSS;
exports.generateWrappingKey = generateWrappingKey;
exports.getSHA256 = getSHA256;
exports.importKey = importKey;
exports.importPrivateKey = importPrivateKey;
exports.importPrivateKeySign = importPrivateKeySign;
exports.importPublicKey = importPublicKey;
exports.importPublicKeySign = importPublicKeySign;
exports.sign = sign;
exports.unwrapRSAOAEP = unwrapRSAOAEP;
exports.verify = verify;
Expand Down
15 changes: 15 additions & 0 deletions dist/adapters/node.umd.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,10 @@
});
}

function genRSAPSS() {
return genRSAOAEP();
}

function generateWrappingKey() {
const key = forge__default["default"].random.getBytesSync(32);
return Promise.resolve(key);
Expand Down Expand Up @@ -280,6 +284,10 @@
return Promise.resolve(publicKey);
}

function importPublicKeySign(jwkPublicKey) {
return importPublicKey(jwkPublicKey);
}

function derivePassword(password, parameters) {
const result = {};

Expand Down Expand Up @@ -409,6 +417,10 @@
return Promise.resolve(privateKey);
}

function importPrivateKeySign(key, privateKeyObject) {
return importPrivateKey(key, privateKeyObject);
}

function importKey(key, keyObject) {
const wrappedKey = hexStringToUint8Array(keyObject.key);
const iv = hexStringToAscii(keyObject.iv);
Expand Down Expand Up @@ -458,11 +470,14 @@
exports.exportClearKey = exportClearKey;
exports.exportKey = exportKey;
exports.genRSAOAEP = genRSAOAEP;
exports.genRSAPSS = genRSAPSS;
exports.generateWrappingKey = generateWrappingKey;
exports.getSHA256 = getSHA256;
exports.importKey = importKey;
exports.importPrivateKey = importPrivateKey;
exports.importPrivateKeySign = importPrivateKeySign;
exports.importPublicKey = importPublicKey;
exports.importPublicKeySign = importPublicKeySign;
exports.sign = sign;
exports.unwrapRSAOAEP = unwrapRSAOAEP;
exports.verify = verify;
Expand Down
Loading

0 comments on commit c4a7b36

Please sign in to comment.