-
-
Notifications
You must be signed in to change notification settings - Fork 299
/
rsaes.ts
64 lines (55 loc) · 2.08 KB
/
rsaes.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
import type { RsaEsDecryptFunction, RsaEsEncryptFunction } from './interfaces.d.ts'
import subtleAlgorithm from './subtle_rsaes.ts'
import bogusWebCrypto from './bogus.ts'
import crypto, { isCryptoKey } from './webcrypto.ts'
import { checkEncCryptoKey } from '../lib/crypto_key.ts'
import checkKeyLength from './check_key_length.ts'
import invalidKeyInput from '../lib/invalid_key_input.ts'
export const encrypt: RsaEsEncryptFunction = async (alg: string, key: unknown, cek: Uint8Array) => {
if (!isCryptoKey(key)) {
throw new TypeError(invalidKeyInput(key, 'CryptoKey'))
}
checkEncCryptoKey(key, alg, 'encrypt', 'wrapKey')
checkKeyLength(alg, key)
if (key.usages.includes('encrypt')) {
return new Uint8Array(await crypto.subtle.encrypt(subtleAlgorithm(alg), key, cek))
}
if (key.usages.includes('wrapKey')) {
// we're importing the cek to end up with CryptoKey instance that can be wrapped, the algorithm used is irrelevant
const cryptoKeyCek = await crypto.subtle.importKey('raw', cek, ...bogusWebCrypto)
return new Uint8Array(
await crypto.subtle.wrapKey('raw', cryptoKeyCek, key, subtleAlgorithm(alg)),
)
}
throw new TypeError(
'RSA-OAEP key "usages" must include "encrypt" or "wrapKey" for this operation',
)
}
export const decrypt: RsaEsDecryptFunction = async (
alg: string,
key: unknown,
encryptedKey: Uint8Array,
) => {
if (!isCryptoKey(key)) {
throw new TypeError(invalidKeyInput(key, 'CryptoKey'))
}
checkEncCryptoKey(key, alg, 'decrypt', 'unwrapKey')
checkKeyLength(alg, key)
if (key.usages.includes('decrypt')) {
return new Uint8Array(await crypto.subtle.decrypt(subtleAlgorithm(alg), key, encryptedKey))
}
if (key.usages.includes('unwrapKey')) {
// @ts-ignore
const cryptoKeyCek = await crypto.subtle.unwrapKey(
'raw',
encryptedKey,
key,
subtleAlgorithm(alg),
...bogusWebCrypto,
)
return new Uint8Array(await crypto.subtle.exportKey('raw', cryptoKeyCek))
}
throw new TypeError(
'RSA-OAEP key "usages" must include "decrypt" or "unwrapKey" for this operation',
)
}