deno.land / x / jose@v5.2.4 / runtime / encrypt.ts
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132import { concat, uint64be } from '../lib/buffer_utils.ts'import type { EncryptFunction } from './interfaces.d.ts'import checkIvLength from '../lib/check_iv_length.ts'import checkCekLength from './check_cek_length.ts'import crypto, { isCryptoKey } from './webcrypto.ts'import { checkEncCryptoKey } from '../lib/crypto_key.ts'import invalidKeyInput from '../lib/invalid_key_input.ts'import generateIv from '../lib/iv.ts'import { JOSENotSupported } from '../util/errors.ts'import { types } from './is_key_like.ts'
async function cbcEncrypt( enc: string, plaintext: Uint8Array, cek: Uint8Array | CryptoKey, iv: Uint8Array, aad: Uint8Array,) { if (!(cek instanceof Uint8Array)) { throw new TypeError(invalidKeyInput(cek, 'Uint8Array')) } const keySize = parseInt(enc.slice(1, 4), 10) const encKey = await crypto.subtle.importKey( 'raw', cek.subarray(keySize >> 3), 'AES-CBC', false, ['encrypt'], ) const macKey = await crypto.subtle.importKey( 'raw', cek.subarray(0, keySize >> 3), { hash: `SHA-${keySize << 1}`, name: 'HMAC', }, false, ['sign'], )
const ciphertext = new Uint8Array( await crypto.subtle.encrypt( { iv, name: 'AES-CBC', }, encKey, plaintext, ), )
const macData = concat(aad, iv, ciphertext, uint64be(aad.length << 3)) const tag = new Uint8Array( (await crypto.subtle.sign('HMAC', macKey, macData)).slice(0, keySize >> 3), )
return { ciphertext, tag, iv }}
async function gcmEncrypt( enc: string, plaintext: Uint8Array, cek: Uint8Array | CryptoKey, iv: Uint8Array, aad: Uint8Array,) { let encKey: CryptoKey if (cek instanceof Uint8Array) { encKey = await crypto.subtle.importKey('raw', cek, 'AES-GCM', false, ['encrypt']) } else { checkEncCryptoKey(cek, enc, 'encrypt') encKey = cek }
const encrypted = new Uint8Array( await crypto.subtle.encrypt( { additionalData: aad, iv, name: 'AES-GCM', tagLength: 128, }, encKey, plaintext, ), )
const tag = encrypted.slice(-16) const ciphertext = encrypted.slice(0, -16)
return { ciphertext, tag, iv }}
const encrypt: EncryptFunction = async ( enc: string, plaintext: Uint8Array, cek: unknown, iv: Uint8Array | undefined, aad: Uint8Array,) => { if (!isCryptoKey(cek) && !(cek instanceof Uint8Array)) { throw new TypeError(invalidKeyInput(cek, ...types, 'Uint8Array')) }
if (iv) { checkIvLength(enc, iv) } else { iv = generateIv(enc) }
switch (enc) { case 'A128CBC-HS256': case 'A192CBC-HS384': case 'A256CBC-HS512': if (cek instanceof Uint8Array) { checkCekLength(cek, parseInt(enc.slice(-3), 10)) } return cbcEncrypt(enc, plaintext, cek, iv, aad) case 'A128GCM': case 'A192GCM': case 'A256GCM': if (cek instanceof Uint8Array) { checkCekLength(cek, parseInt(enc.slice(1, 4), 10)) } return gcmEncrypt(enc, plaintext, cek, iv, aad) default: throw new JOSENotSupported('Unsupported JWE Content Encryption Algorithm') }}
export default encrypt
Version Info