fix(web): check Uint8Array CEK lengths, refactor for better tree-shaking

panva · Oct 17, 2021 · e8299f2 · e8299f2
1 parent 244e2f9
commit e8299f2
Show file tree

Hide file tree

Showing 27 changed files with 346 additions and 478 deletions.
diff --git a/src/lib/cek.ts b/src/lib/cek.ts
@@ -1,23 +1,22 @@
 import { JOSENotSupported } from '../util/errors.js'
 import random from '../runtime/random.js'
 
-const bitLengths = new Map<string, number>([
- ['A128CBC-HS256', 256],
- ['A128GCM', 128],
- ['A192CBC-HS384', 384],
- ['A192GCM', 192],
- ['A256CBC-HS512', 512],
- ['A256GCM', 256],
-])
-
-const generateCek = (alg: string): Uint8Array => {
- const bitLength = bitLengths.get(alg)
- if (!bitLength) {
- throw new JOSENotSupported(`Unsupported JWE Algorithm: ${alg}`)
+export function bitLength(alg: string) {
+ switch (alg) {
+ case 'A128CBC-HS256':
+ return 256
+ case 'A192CBC-HS384':
+ return 384
+ case 'A256CBC-HS512':
+ return 512
+ case 'A128GCM':
+ return 128
+ case 'A192GCM':
+ return 192
+ case 'A256GCM':
+ return 256
+ default:
+ throw new JOSENotSupported(`Unsupported JWE Algorithm: ${alg}`)
  }
-
- return random(new Uint8Array(bitLength >> 3))
 }
-
-export default generateCek
-export { bitLengths }
+export default (alg: string): Uint8Array => random(new Uint8Array(bitLength(alg) >> 3))
diff --git a/src/lib/check_iv_length.ts b/src/lib/check_iv_length.ts
@@ -1,8 +1,8 @@
 import { JWEInvalid } from '../util/errors.js'
-import { bitLengths } from './iv.js'
+import { bitLength } from './iv.js'
 
 const checkIvLength = (enc: string, iv: Uint8Array) => {
- if (iv.length << 3 !== bitLengths.get(enc)) {
+ if (iv.length << 3 !== bitLength(enc)) {
  throw new JWEInvalid('Invalid Initialization Vector length')
  }
 }

diff --git a/src/lib/crypto_key.ts b/src/lib/crypto_key.ts
@@ -0,0 +1,209 @@
+import { isCloudflareWorkers, isNodeJs } from '../runtime/global.js'
+
+function getHashLength(hash: KeyAlgorithm) {
+ return parseInt(hash?.name.substr(4), 10)
+}
+
+function getNamedCurve(alg: string) {
+ switch (alg) {
+ case 'ES256':
+ return 'P-256'
+ case 'ES384':
+ return 'P-384'
+ case 'ES512':
+ return 'P-521'
+ }
+}
+
+function checkUsage(key: CryptoKey, usages: KeyUsage[]) {
+ if (usages.length && !usages.some((expected) => key.usages.includes(expected))) {
+ let msg = 'CryptoKey does not support this operation, its usages must include '
+ if (usages.length > 2) {
+ const last = usages.pop()
+ msg += `one of ${usages.join(', ')}, or ${last}.`
+ } else if (usages.length === 2) {
+ msg += `one of ${usages[0]} or ${usages[1]}.`
+ } else {
+ msg += `${usages[0]}.`
+ }
+
+ throw new TypeError(msg)
+ }
+}
+
+export function checkSigCryptoKey(key: CryptoKey, alg: string, ...usages: KeyUsage[]) {
+ switch (alg) {
+ case 'HS256':
+ case 'HS384':
+ case 'HS512': {
+ if (key.algorithm.name !== 'HMAC') {
+ throw new TypeError(
+ `CryptoKey does not support this operation, its algorithm.name must be HMAC.`,
+ )
+ }
+
+ const expected = parseInt(alg.substr(2), 10)
+ const actual = getHashLength((<HmacKeyAlgorithm>key.algorithm).hash)
+ if (actual !== expected) {
+ throw new TypeError(
+ `CryptoKey does not support this operation, its algorithm.hash must be SHA-${expected}.`,
+ )
+ }
+ break
+ }
+ case 'RS256':
+ case 'RS384':
+ case 'RS512': {
+ if (key.algorithm.name !== 'RSASSA-PKCS1-v1_5') {
+ throw new TypeError(
+ `CryptoKey does not support this operation, its algorithm.name must be RSASSA-PKCS1-v1_5.`,
+ )
+ }
+
+ const expected = parseInt(alg.substr(2), 10)
+ const actual = getHashLength((<RsaHashedKeyAlgorithm>key.algorithm).hash)
+ if (actual !== expected) {
+ throw new TypeError(
+ `CryptoKey does not support this operation, its algorithm.hash must be SHA-${expected}.`,
+ )
+ }
+ break
+ }
+ case 'PS256':
+ case 'PS384':
+ case 'PS512': {
+ if (key.algorithm.name !== 'RSA-PSS') {
+ throw new TypeError(
+ `CryptoKey does not support this operation, its algorithm.name must be RSA-PSS.`,
+ )
+ }
+
+ const expected = parseInt(alg.substr(2), 10)
+ const actual = getHashLength((<RsaHashedKeyAlgorithm>key.algorithm).hash)
+ if (actual !== expected) {
+ throw new TypeError(
+ `CryptoKey does not support this operation, its algorithm.hash must be SHA-${expected}.`,
+ )
+ }
+ break
+ }
+ case isNodeJs() && 'EdDSA': {
+ if (key.algorithm.name !== 'NODE-ED25519' && key.algorithm.name !== 'NODE-ED448') {
+ throw new TypeError(
+ `CryptoKey does not support this operation, its algorithm.name must be NODE-ED25519 or NODE-ED448.`,
+ )
+ }
+ break
+ }
+ case isCloudflareWorkers() && 'EdDSA': {
+ if (key.algorithm.name !== 'NODE-ED25519') {
+ throw new TypeError(
+ `CryptoKey does not support this operation, its algorithm.name must be NODE-ED25519.`,
+ )
+ }
+ break
+ }
+ case 'ES256':
+ case 'ES384':
+ case 'ES512': {
+ if (key.algorithm.name !== 'ECDSA') {
+ throw new TypeError(
+ `CryptoKey does not support this operation, its algorithm.name must be ECDSA.`,
+ )
+ }
+
+ const expected = getNamedCurve(alg)
+ const actual = (<EcKeyAlgorithm>key.algorithm).namedCurve
+ if (actual !== expected) {
+ throw new TypeError(
+ `CryptoKey does not support this operation, its algorithm.namedCurve must be ${expected}.`,
+ )
+ }
+ break
+ }
+ default:
+ throw new TypeError('CryptoKey does not support this operation')
+ }
+
+ checkUsage(key, usages)
+}
+
+export function checkEncCryptoKey(key: CryptoKey, alg: string, ...usages: KeyUsage[]) {
+ switch (alg) {
+ case 'A128GCM':
+ case 'A192GCM':
+ case 'A256GCM': {
+ if (key.algorithm.name !== 'AES-GCM') {
+ throw new TypeError(
+ `CryptoKey does not support this operation, its algorithm.name must be AES-GCM.`,
+ )
+ }
+
+ const expected = parseInt(alg.substr(1, 3), 10)
+ const actual = (<AesKeyAlgorithm>key.algorithm).length
+ if (actual !== expected) {
+ throw new TypeError(
+ `CryptoKey does not support this operation, its algorithm.length must be ${expected}.`,
+ )
+ }
+ break
+ }
+ case 'A128KW':
+ case 'A192KW':
+ case 'A256KW': {
+ if (key.algorithm.name !== 'AES-KW') {
+ throw new TypeError(
+ `CryptoKey does not support this operation, its algorithm.name must be AES-KW.`,
+ )
+ }
+
+ const expected = parseInt(alg.substr(1, 3), 10)
+ const actual = (<AesKeyAlgorithm>key.algorithm).length
+ if (actual !== expected) {
+ throw new TypeError(
+ `CryptoKey does not support this operation, its algorithm.length must be ${expected}.`,
+ )
+ }
+ break
+ }
+ case 'ECDH-ES':
+ if (key.algorithm.name !== 'ECDH') {
+ throw new TypeError(
+ `CryptoKey does not support this operation, its algorithm.name must be ECDH.`,
+ )
+ }
+ break
+ case 'PBES2-HS256+A128KW':
+ case 'PBES2-HS384+A192KW':
+ case 'PBES2-HS512+A256KW':
+ if (key.algorithm.name !== 'PBKDF2') {
+ throw new TypeError(
+ `CryptoKey does not support this operation, its algorithm.name must be PBKDF2.`,
+ )
+ }
+ break
+ case 'RSA-OAEP':
+ case 'RSA-OAEP-256':
+ case 'RSA-OAEP-384':
+ case 'RSA-OAEP-512': {
+ if (key.algorithm.name !== 'RSA-OAEP') {
+ throw new TypeError(
+ `CryptoKey does not support this operation, its algorithm.name must be RSA-OAEP.`,
+ )
+ }
+
+ const expected = parseInt(alg.substr(9), 10) || 1
+ const actual = getHashLength((<RsaHashedKeyAlgorithm>key.algorithm).hash)
+ if (actual !== expected) {
+ throw new TypeError(
+ `CryptoKey does not support this operation, its algorithm.hash must be SHA-${expected}.`,
+ )
+ }
+ break
+ }
+ default:
+ throw new TypeError('CryptoKey does not support this operation')
+ }
+
+ checkUsage(key, usages)
+}
diff --git a/src/lib/decrypt_key_management.ts b/src/lib/decrypt_key_management.ts
@@ -7,7 +7,7 @@ import { decode as base64url } from '../runtime/base64url.js'
 
 import type { JWEHeaderParameters, KeyLike, JWK } from '../types.d'
 import { JOSENotSupported, JWEInvalid } from '../util/errors.js'
-import { bitLengths as cekLengths } from '../lib/cek.js'
+import { bitLength as cekLength } from '../lib/cek.js'
 import { importJWK } from '../key/import.js'
 import checkKeyType from './check_key_type.js'
 import isObject from './is_object.js'
@@ -65,7 +65,7 @@ async function decryptKeyManagement(
  epk,
  key,
  alg === 'ECDH-ES' ? joseHeader.enc! : alg,
- parseInt(alg.substr(-5, 3), 10) || <number>cekLengths.get(joseHeader.enc!),
+ parseInt(alg.substr(-5, 3), 10) || cekLength(joseHeader.enc!),
  partyUInfo,
  partyVInfo,
  )

diff --git a/src/lib/encrypt_key_management.ts b/src/lib/encrypt_key_management.ts
@@ -6,7 +6,7 @@ import { wrap as aesGcmKw } from '../runtime/aesgcmkw.js'
 import { encode as base64url } from '../runtime/base64url.js'
 
 import type { KeyLike, JWEKeyManagementHeaderParameters, JWEHeaderParameters } from '../types.d'
-import generateCek, { bitLengths as cekLengths } from '../lib/cek.js'
+import generateCek, { bitLength as cekLength } from '../lib/cek.js'
 import { JOSENotSupported } from '../util/errors.js'
 import { exportJWK } from '../key/export.js'
 import checkKeyType from './check_key_type.js'
@@ -52,7 +52,7 @@ async function encryptKeyManagement(
  key,
  ephemeralKey,
  alg === 'ECDH-ES' ? enc : alg,
- parseInt(alg.substr(-5, 3), 10) || <number>cekLengths.get(enc),
+ parseInt(alg.substr(-5, 3), 10) || cekLength(enc),
  apu,
  apv,
  )

diff --git a/src/lib/iv.ts b/src/lib/iv.ts
@@ -1,26 +1,28 @@
 import { JOSENotSupported } from '../util/errors.js'
 import random from '../runtime/random.js'
 
-const bitLengths = new Map<string, number>([
- ['A128CBC-HS256', 128],
- ['A128GCM', 96],
- ['A128GCMKW', 96],
- ['A192CBC-HS384', 128],
- ['A192GCM', 96],
- ['A192GCMKW', 96],
- ['A256CBC-HS512', 128],
- ['A256GCM', 96],
- ['A256GCMKW', 96],
-])
-
-const generateIv = (alg: string): Uint8Array => {
- const bitLength = bitLengths.get(alg)
- if (!bitLength) {
- throw new JOSENotSupported(`Unsupported JWE Algorithm: ${alg}`)
+export function bitLength(alg: string) {
+ switch (alg) {
+ case 'A128CBC-HS256':
+ return 128
+ case 'A128GCM':
+ return 96
+ case 'A128GCMKW':
+ return 96
+ case 'A192CBC-HS384':
+ return 128
+ case 'A192GCM':
+ return 96
+ case 'A192GCMKW':
+ return 96
+ case 'A256CBC-HS512':
+ return 128
+ case 'A256GCM':
+ return 96
+ case 'A256GCMKW':
+ return 96
+ default:
+ throw new JOSENotSupported(`Unsupported JWE Algorithm: ${alg}`)
  }
-
- return random(new Uint8Array(bitLength >> 3))
 }
-
-export default generateIv
-export { bitLengths }
+export default (alg: string): Uint8Array => random(new Uint8Array(bitLength(alg) >> 3))
diff --git a/src/runtime/browser/aeskw.ts b/src/runtime/browser/aeskw.ts
@@ -1,6 +1,7 @@
 import type { AesKwUnwrapFunction, AesKwWrapFunction } from '../interfaces.d'
 import bogusWebCrypto from './bogus.js'
-import crypto, { checkCryptoKey, isCryptoKey } from './webcrypto.js'
+import crypto, { isCryptoKey } from './webcrypto.js'
+import { checkEncCryptoKey } from '../../lib/crypto_key.js'
 import invalidKeyInput from './invalid_key_input.js'
 
 function checkKeySize(key: CryptoKey, alg: string) {
@@ -11,7 +12,7 @@ function checkKeySize(key: CryptoKey, alg: string) {
 
 function getCryptoKey(key: unknown, alg: string, usage: KeyUsage) {
  if (isCryptoKey(key)) {
- checkCryptoKey(key, alg, usage)
+ checkEncCryptoKey(key, alg, usage)
  return key
  }
 

diff --git a/src/runtime/browser/check_cek_length.ts b/src/runtime/browser/check_cek_length.ts
@@ -0,0 +1,9 @@
+import { JWEInvalid } from '../../util/errors.js'
+
+const checkCekLength = (cek: Uint8Array, expected: number) => {
+ if (cek.length << 3 !== expected) {
+ throw new JWEInvalid('Invalid Content Encryption Key length')
+ }
+}
+
+export default checkCekLength