feat: add RSA-OAEP-384 and RSA-OAEP-512 JWE Key Management Algorithms

These are registered for JOSE by W3C Web Cryptography Working Group in [Web Cryptography API](https://www.w3.org/TR/WebCryptoAPI/)
panva · Feb 13, 2020 · 7477f08 · 7477f08
1 parent b92079c
commit 7477f08
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 12 deletions.
diff --git a/README.md b/README.md
@@ -300,7 +300,7 @@ jose.JWE.decrypt(
 | AES | ✓ | A128KW<sup>[1]</sup>, A192KW<sup>[1]</sup>, A256KW<sup>[1]</sup> |
 | AES GCM | ✓ | A128GCMKW, A192GCMKW, A256GCMKW |
 | Direct Key Agreement | ✓ | dir |
-| RSAES OAEP | ✓ | RSA-OAEP, RSA-OAEP-256<sup>[3]</sup> |
+| RSAES OAEP | ✓ | RSA-OAEP, RSA-OAEP-256<sup>[3]</sup>, RSA-OAEP-384<sup>[3]</sup>, RSA-OAEP-512<sup>[3]</sup> |
 | RSAES-PKCS1-v1_5 | ✓ | RSA1_5 |
 | PBES2 | ✓ | PBES2-HS256+A128KW<sup>[1]</sup>, PBES2-HS384+A192KW<sup>[1]</sup>, PBES2-HS512+A256KW<sup>[1]</sup> |
 | ECDH-ES (for all EC keys) | ✓ | ECDH-ES, ECDH-ES+A128KW<sup>[1]</sup>, ECDH-ES+A192KW<sup>[1]</sup>, ECDH-ES+A256KW<sup>[1]</sup> |
@@ -330,7 +330,7 @@ Legend:
 <sup>2</sup> Unsecured JWS is [supported][documentation-none] for the JWS and JWT sign and verify
 operations but it is an entirely opt-in behaviour, downgrade attacks are prevented by the required
 use of a special `JWK.Key`-like object that cannot be instantiated through the key import API 
-<sup>3</sup> RSA-OAEP-256 is only supported when Node.js >= 12.9.0 runtime is detected
+<sup>3</sup> RSAES OAEP using SHA-2 and MGF1 with SHA-2 is only supported when Node.js >= 12.9.0 runtime is detected
 
 ## FAQ
 

diff --git a/lib/jwa/rsaes.js b/lib/jwa/rsaes.js
@@ -6,8 +6,10 @@ const { asInput } = require('../help/key_object')
 
 const resolvePadding = (alg) => {
  switch (alg) {
- case 'RSA-OAEP-256':
  case 'RSA-OAEP':
+ case 'RSA-OAEP-256':
+ case 'RSA-OAEP-384':
+ case 'RSA-OAEP-512':
  return constants.RSA_PKCS1_OAEP_PADDING
  case 'RSA1_5':
  return constants.RSA_PKCS1_PADDING
@@ -16,10 +18,14 @@ const resolvePadding = (alg) => {
 
 const resolveOaepHash = (alg) => {
  switch (alg) {
- case 'RSA-OAEP-256':
- return 'sha256'
  case 'RSA-OAEP':
  return 'sha1'
+ case 'RSA-OAEP-256':
+ return 'sha256'
+ case 'RSA-OAEP-384':
+ return 'sha384'
+ case 'RSA-OAEP-512':
+ return 'sha512'
  default:
  return undefined
  }
@@ -38,14 +44,16 @@ const unwrapKey = (padding, oaepHash, { [KEYOBJECT]: keyObject }, payload) => {
 const LENGTHS = {
  RSA1_5: 0,
  'RSA-OAEP': 592,
- 'RSA-OAEP-256': 784
+ 'RSA-OAEP-256': 784,
+ 'RSA-OAEP-384': 1040,
+ 'RSA-OAEP-512': 1296
 }
 
 module.exports = (JWA, JWK) => {
  const algs = ['RSA-OAEP', 'RSA1_5']
 
  if (oaepHashSupported) {
- algs.splice(1, 0, 'RSA-OAEP-256')
+ algs.splice(1, 0, 'RSA-OAEP-256', 'RSA-OAEP-384', 'RSA-OAEP-512')
  }
 
  algs.forEach((jwaAlg) => {

diff --git a/test/jwk/rsa.test.js b/test/jwk/rsa.test.js
@@ -36,7 +36,7 @@ test('RSA key .algorithms invalid operation', t => {
  test('RSA Private key algorithms (no operation)', t => {
  const result = key.algorithms()
  t.is(result.constructor, Set)
- t.deepEqual([...result], ['PS256', 'PS384', 'PS512', 'RS256', 'RS384', 'RS512', 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5'])
+ t.deepEqual([...result], ['PS256', 'PS384', 'PS512', 'RS256', 'RS384', 'RS512', 'RSA-OAEP', 'RSA-OAEP-256', 'RSA-OAEP-384', 'RSA-OAEP-512', 'RSA1_5'])
  })
  } else {
  test('RSA Private key algorithms (no operation)', t => {
@@ -129,7 +129,7 @@ test('RSA key .algorithms invalid operation', t => {
  test('RSA Private key .algorithms("wrapKey")', t => {
  const result = key.algorithms('wrapKey')
  t.is(result.constructor, Set)
- t.deepEqual([...result], ['RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5'])
+ t.deepEqual([...result], ['RSA-OAEP', 'RSA-OAEP-256', 'RSA-OAEP-384', 'RSA-OAEP-512', 'RSA1_5'])
  })
  } else {
  test('RSA Private key .algorithms("wrapKey")', t => {
@@ -150,7 +150,7 @@ test('RSA key .algorithms invalid operation', t => {
  test('RSA Private key .algorithms("unwrapKey")', t => {
  const result = key.algorithms('unwrapKey')
  t.is(result.constructor, Set)
- t.deepEqual([...result], ['RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5'])
+ t.deepEqual([...result], ['RSA-OAEP', 'RSA-OAEP-256', 'RSA-OAEP-384', 'RSA-OAEP-512', 'RSA1_5'])
  })
  } else {
  test('RSA Private key .algorithms("unwrapKey")', t => {
@@ -192,7 +192,7 @@ test('RSA key .algorithms invalid operation', t => {
  test('RSA EC Public key algorithms (no operation)', t => {
  const result = key.algorithms()
  t.is(result.constructor, Set)
- t.deepEqual([...result], ['PS256', 'PS384', 'PS512', 'RS256', 'RS384', 'RS512', 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5'])
+ t.deepEqual([...result], ['PS256', 'PS384', 'PS512', 'RS256', 'RS384', 'RS512', 'RSA-OAEP', 'RSA-OAEP-256', 'RSA-OAEP-384', 'RSA-OAEP-512', 'RSA1_5'])
  })
  } else {
  test('RSA EC Public key algorithms (no operation)', t => {
@@ -285,7 +285,7 @@ test('RSA key .algorithms invalid operation', t => {
  test('RSA Public key .algorithms("wrapKey")', t => {
  const result = key.algorithms('wrapKey')
  t.is(result.constructor, Set)
- t.deepEqual([...result], ['RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5'])
+ t.deepEqual([...result], ['RSA-OAEP', 'RSA-OAEP-256', 'RSA-OAEP-384', 'RSA-OAEP-512', 'RSA1_5'])
  })
  } else {
  test('RSA Public key .algorithms("wrapKey")', t => {
@@ -341,6 +341,16 @@ test('RSA key .algorithms invalid operation', t => {
  const k = generateSync('RSA', 784)
  t.true(k.algorithms().has('RSA-OAEP-256'))
  })
+
+ test('RSA key >= 1040 bits can do RSA-OAEP-256', t => {
+ const k = generateSync('RSA', 1040)
+ t.true(k.algorithms().has('RSA-OAEP-384'))
+ })
+
+ test('RSA key >= 1296 bits can do RSA-OAEP-256', t => {
+ const k = generateSync('RSA', 1296)
+ t.true(k.algorithms().has('RSA-OAEP-512'))
+ })
  }
 
  test('RSA key >= 784 bits can do PS384', t => {
@@ -375,6 +385,16 @@ test('RSA key .algorithms invalid operation', t => {
  const k = generateSync('RSA', 896)
  t.true(k.algorithms().has('RSA-OAEP-256'))
  })
+
+ test('RSA key >= 1040 bits can do RSA-OAEP-256', t => {
+ const k = generateSync('RSA', 1152)
+ t.true(k.algorithms().has('RSA-OAEP-384'))
+ })
+
+ test('RSA key >= 1408 bits can do RSA-OAEP-256', t => {
+ const k = generateSync('RSA', 1408)
+ t.true(k.algorithms().has('RSA-OAEP-512'))
+ })
  }
 
  test('RSA key >= 1152 bits can do PS512', t => {