-
Notifications
You must be signed in to change notification settings - Fork 2
/
serialisation.ts
101 lines (93 loc) · 3.05 KB
/
serialisation.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
import bufferToArray from 'buffer-to-arraybuffer';
import { NODE_ENGINE } from '../pkijs';
import { CryptoKeyWithProvider } from './CryptoKeyWithProvider';
const DEFAULT_RSA_KEY_PARAMS: RsaHashedImportParams = {
hash: { name: 'SHA-256' },
name: 'RSA-PSS',
};
/**
* Return DER serialization of public key.
*
* @param publicKey
*/
export async function derSerializePublicKey(
publicKey: CryptoKey | CryptoKeyWithProvider,
): Promise<Buffer> {
let publicKeyDer: ArrayBuffer;
if ((publicKey as CryptoKeyWithProvider).provider) {
// This is likely a KMS-backed private key, so use the provider directly to prevent the
// engine from exporting the key to JWK first.
// https://github.com/relaycorp/cloud-gateway/issues/93
const provider = (publicKey as CryptoKeyWithProvider).provider;
publicKeyDer = (await provider.exportKey('spki', publicKey as CryptoKey)) as ArrayBuffer;
} else {
publicKeyDer = await NODE_ENGINE.exportKey('spki', publicKey as CryptoKey);
}
return Buffer.from(publicKeyDer);
}
/**
* Return DER serialization of private key.
*
* @param privateKey
*/
export async function derSerializePrivateKey(privateKey: CryptoKey): Promise<Buffer> {
const keyDer = (await NODE_ENGINE.exportKey('pkcs8', privateKey)) as ArrayBuffer;
return Buffer.from(keyDer);
}
/**
* Parse DER-serialized RSA public key.
*
* @param publicKeyDer
* @param algorithmOptions
*/
export async function derDeserializeRSAPublicKey(
publicKeyDer: Buffer | ArrayBuffer,
algorithmOptions: RsaHashedImportParams = DEFAULT_RSA_KEY_PARAMS,
): Promise<CryptoKey> {
const keyData = publicKeyDer instanceof Buffer ? bufferToArray(publicKeyDer) : publicKeyDer;
return NODE_ENGINE.importKey('spki', keyData, algorithmOptions, true, ['verify']);
}
/**
* Parse DER-serialized ECDH public key.
*
* @param publicKeyDer
* @param curveName
*/
export async function derDeserializeECDHPublicKey(
publicKeyDer: Buffer | ArrayBuffer,
curveName: NamedCurve = 'P-256',
): Promise<CryptoKey> {
const keyData = publicKeyDer instanceof Buffer ? bufferToArray(publicKeyDer) : publicKeyDer;
const algorithm: AlgorithmIdentifier = { name: 'ECDH', namedCurve: curveName } as any;
return NODE_ENGINE.importKey('spki', keyData, algorithm, true, []);
}
/**
* Parse DER-serialized RSA private key.
*
* @param privateKeyDer
* @param algorithmOptions
*/
export async function derDeserializeRSAPrivateKey(
privateKeyDer: Buffer,
algorithmOptions: RsaHashedImportParams = DEFAULT_RSA_KEY_PARAMS,
): Promise<CryptoKey> {
return NODE_ENGINE.importKey('pkcs8', bufferToArray(privateKeyDer), algorithmOptions, true, [
'sign',
]);
}
/**
* Parse DER-serialized ECDH private key.
*
* @param privateKeyDer
* @param curveName
*/
export async function derDeserializeECDHPrivateKey(
privateKeyDer: Buffer,
curveName: NamedCurve = 'P-256',
): Promise<CryptoKey> {
const algorithm: AlgorithmIdentifier = { name: 'ECDH', namedCurve: curveName } as any;
return NODE_ENGINE.importKey('pkcs8', bufferToArray(privateKeyDer), algorithm, true, [
'deriveBits',
'deriveKey',
]);
}