75 lines
3.2 KiB
Plaintext
75 lines
3.2 KiB
Plaintext
"use strict";
|
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
const node_crypto_1 = require("node:crypto");
|
|
const check_iv_length_js_1 = require("../lib/check_iv_length.js");
|
|
const check_cek_length_js_1 = require("./check_cek_length.js");
|
|
const buffer_utils_js_1 = require("../lib/buffer_utils.js");
|
|
const cbc_tag_js_1 = require("./cbc_tag.js");
|
|
const webcrypto_js_1 = require("./webcrypto.js");
|
|
const crypto_key_js_1 = require("../lib/crypto_key.js");
|
|
const is_key_object_js_1 = require("./is_key_object.js");
|
|
const invalid_key_input_js_1 = require("../lib/invalid_key_input.js");
|
|
const errors_js_1 = require("../util/errors.js");
|
|
const ciphers_js_1 = require("./ciphers.js");
|
|
const is_key_like_js_1 = require("./is_key_like.js");
|
|
function cbcEncrypt(enc, plaintext, cek, iv, aad) {
|
|
const keySize = parseInt(enc.slice(1, 4), 10);
|
|
if ((0, is_key_object_js_1.default)(cek)) {
|
|
cek = cek.export();
|
|
}
|
|
const encKey = cek.subarray(keySize >> 3);
|
|
const macKey = cek.subarray(0, keySize >> 3);
|
|
const algorithm = `aes-${keySize}-cbc`;
|
|
if (!(0, ciphers_js_1.default)(algorithm)) {
|
|
throw new errors_js_1.JOSENotSupported(`alg ${enc} is not supported by your javascript runtime`);
|
|
}
|
|
const cipher = (0, node_crypto_1.createCipheriv)(algorithm, encKey, iv);
|
|
const ciphertext = (0, buffer_utils_js_1.concat)(cipher.update(plaintext), cipher.final());
|
|
const macSize = parseInt(enc.slice(-3), 10);
|
|
const tag = (0, cbc_tag_js_1.default)(aad, iv, ciphertext, macSize, macKey, keySize);
|
|
return { ciphertext, tag };
|
|
}
|
|
function gcmEncrypt(enc, plaintext, cek, iv, aad) {
|
|
const keySize = parseInt(enc.slice(1, 4), 10);
|
|
const algorithm = `aes-${keySize}-gcm`;
|
|
if (!(0, ciphers_js_1.default)(algorithm)) {
|
|
throw new errors_js_1.JOSENotSupported(`alg ${enc} is not supported by your javascript runtime`);
|
|
}
|
|
const cipher = (0, node_crypto_1.createCipheriv)(algorithm, cek, iv, { authTagLength: 16 });
|
|
if (aad.byteLength) {
|
|
cipher.setAAD(aad, { plaintextLength: plaintext.length });
|
|
}
|
|
const ciphertext = cipher.update(plaintext);
|
|
cipher.final();
|
|
const tag = cipher.getAuthTag();
|
|
return { ciphertext, tag };
|
|
}
|
|
const encrypt = (enc, plaintext, cek, iv, aad) => {
|
|
let key;
|
|
if ((0, webcrypto_js_1.isCryptoKey)(cek)) {
|
|
(0, crypto_key_js_1.checkEncCryptoKey)(cek, enc, 'encrypt');
|
|
key = node_crypto_1.KeyObject.from(cek);
|
|
}
|
|
else if (cek instanceof Uint8Array || (0, is_key_object_js_1.default)(cek)) {
|
|
key = cek;
|
|
}
|
|
else {
|
|
throw new TypeError((0, invalid_key_input_js_1.default)(cek, ...is_key_like_js_1.types, 'Uint8Array'));
|
|
}
|
|
(0, check_cek_length_js_1.default)(enc, key);
|
|
(0, check_iv_length_js_1.default)(enc, iv);
|
|
switch (enc) {
|
|
case 'A128CBC-HS256':
|
|
case 'A192CBC-HS384':
|
|
case 'A256CBC-HS512':
|
|
return cbcEncrypt(enc, plaintext, key, iv, aad);
|
|
case 'A128GCM':
|
|
case 'A192GCM':
|
|
case 'A256GCM':
|
|
return gcmEncrypt(enc, plaintext, key, iv, aad);
|
|
default:
|
|
throw new errors_js_1.JOSENotSupported('Unsupported JWE Content Encryption Algorithm');
|
|
}
|
|
};
|
|
exports.default = encrypt;
|