Merge pull request #36 from anvilresearch/ibudea-aes-gcm-alg

JWE with AES-GCM

examples/A128GCM-JWT.js

@@ -0,0 +1,42 @@
+const crypto = require('@trust/webcrypto')
+const { JWT } = require('../src')
+const base64url = require('base64url')
+
+
+let key
+let plaintext = "The true sign of intelligence is not knowledge but imagination."
+let protectedHeader = {alg: "dir", enc: "A256GCM"}
+
+crypto.subtle
+
+  // use webcrypto to generate a keypair
+  .generateKey(
+    {
+      name: 'AES-GCM',
+      length: 256
+    },
+    false,
+    ['encrypt', 'decrypt']
+  )
+
+  // use key with JWA to encrypt
+  .then(result => {
+    key = result
+    console.log(key)
+    // this should give me back a JWE
+    return JWT.encrypt({
+      protected: protectedHeader,
+      key,
+      plaintext,
+      serialization: 'compact'
+    })
+  })
+
+  // print the ciphertext
+  .then(jwe => {
+    console.log(jwe)
+    // JWT.decrypt('A128GCM', key, ciphertext, iv),
+    return JWT.decrypt({key, serialized: jwe })
+  })
+
+  .then(console.log)

package.json

@@ -48,10 +48,10 @@
   },
   "homepage": "https://github.com/anvilresearch/jose#README",
   "dependencies": {
-    "base64url": "^2.0.0",
     "@trust/json-document": "^0.1.4",
-    "text-encoding": "^0.6.1",
-    "@trust/webcrypto": ">=0.2.1"
+    "@trust/jwa": "^0.4.4",
+    "@trust/webcrypto": ">=0.4.0",
+    "base64url": "^2.0.0"
   },
   "devDependencies": {
     "@trust/keyto": "^0.3.0",

src/KeyManagement.js

@@ -0,0 +1,103 @@
+'use strict'
+/**
+ * Dependencies
+ */
+const crypto = require('@trust/webcrypto')
+const NotSupportedError = require('./errors/NotSupportedError')
+const { JWA } = require('@trust/jwa')
+
+/**
+ * KeyManagement
+ */
+class KeyManagement {
+
+  /**
+   * constructor
+   */
+  constructor () {
+    // Entries for key algorithms used to decide on
+    // cek and compute the encrypted key
+    this.keyAlgorithms = new Map([
+      ['dir', { encrypt: this.direct, decrypt: this.direct }]
+    ])
+  }
+
+  direct (alg, key) {
+    return {
+      cek: key,
+      encrypted_key: new Uint8Array()
+    }
+  }
+
+  keyWrapOrEncrypt (alg, key) {
+    let cek, encrypted_key
+    cek = new Uint8Array(this.keyAlgorithms.get(alg).cekLength)
+    cek = crypto.getRandomValues(cek)
+    JWA.encryptKey(alg, cek, key)
+    .then(result => {
+      encrypted_key = result
+
+      return {
+        cek,
+        encrypted_key
+      }
+    })
+  }
+
+  keyAgreeAndWrap (alg, key) {
+    let cek = new Uint8Array(this.keyAlgorithms.get(alg).cekLength)
+    cek = crypto.getRandomValues(cek)
+    // use alg to agree on the key
+    JWA.generateKey(alg)
+    .then(agreedKey => {
+      JWA.encryptKey(alg, cek, agreedKey)
+      .then(result => {
+        encrypted_key = result
+
+        return {
+          cek,
+          encrypted_key
+        }
+      })
+    })
+  }
+
+  directAgree (alg, key) {
+    JWA.generateKey(alg)
+    .then(agreedKey => {
+      return {
+        cek: agreedKey,
+        encrypted_key: new Uint8Array()
+      }
+    })
+  }
+
+  /**
+   * determineCek
+   *
+   * @description
+   * Call the corresponding method for the algorithm type
+   * based on JWA alg name
+   *
+   * @param {Boolean} verify
+   * @param {Object} alg
+   * @param {Object} key
+   *
+   * @returns {Promise}
+   */
+  determineCek (verify, alg, key) {
+    if (!this.keyAlgorithms.get(alg)) {
+      throw new NotSupportedError("Key Algorithm is not supported")
+    }
+    if (!verify) {
+      return (this.keyAlgorithms.get(alg).encrypt)(alg, key)
+    } else {
+      return (this.keyAlgorithms.get(alg).decrypt)(alg, key)
+    }
+  }
+}
+
+/**
+ * Export
+ */
+module.exports = KeyManagement