Skip to content

Commit 4460c4c

Browse files
committed
refactor: key keyObject property is private
1 parent ca4355b commit 4460c4c

File tree

16 files changed

+47
-40
lines changed

16 files changed

+47
-40
lines changed

lib/help/symbols.js

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
1-
module.exports.THUMBPRINT_MATERIAL = Symbol('THUMBPRINT_MATERIAL')
2-
module.exports.PUBLIC_MEMBERS = Symbol('PUBLIC_MEMBERS')
1+
module.exports.KEYOBJECT = Symbol('KEYOBJECT')
32
module.exports.PRIVATE_MEMBERS = Symbol('PRIVATE_MEMBERS')
3+
module.exports.PUBLIC_MEMBERS = Symbol('PUBLIC_MEMBERS')
4+
module.exports.THUMBPRINT_MATERIAL = Symbol('THUMBPRINT_MATERIAL')

lib/jwa/aes_cbc_hmac_sha2.js

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@ const { strict: assert } = require('assert')
44
const { JWEInvalid, JWEDecryptionFailed } = require('../errors')
55
const uint64be = require('../help/uint64be')
66
const timingSafeEqual = require('../help/timing_safe_equal')
7+
const { KEYOBJECT } = require('../help/symbols')
78

89
const checkInput = function (size, iv, tag) {
910
if (iv.length !== 16) {
@@ -16,7 +17,7 @@ const checkInput = function (size, iv, tag) {
1617
}
1718
}
1819

19-
const encrypt = (size, sign, { keyObject }, cleartext, { iv, aad = Buffer.alloc(0) }) => {
20+
const encrypt = (size, sign, { [KEYOBJECT]: keyObject }, cleartext, { iv, aad = Buffer.alloc(0) }) => {
2021
const key = keyObject.export()
2122
checkInput(size, iv)
2223

@@ -27,12 +28,12 @@ const encrypt = (size, sign, { keyObject }, cleartext, { iv, aad = Buffer.alloc(
2728
const macData = Buffer.concat([aad, iv, ciphertext, uint64be(aad.length * 8)])
2829

2930
const macKey = key.slice(0, keySize)
30-
const tag = sign({ keyObject: macKey }, macData).slice(0, keySize)
31+
const tag = sign({ [KEYOBJECT]: macKey }, macData).slice(0, keySize)
3132

3233
return { ciphertext, tag }
3334
}
3435

35-
const decrypt = (size, sign, { keyObject }, ciphertext, { iv, tag = Buffer.alloc(0), aad = Buffer.alloc(0) }) => {
36+
const decrypt = (size, sign, { [KEYOBJECT]: keyObject }, ciphertext, { iv, tag = Buffer.alloc(0), aad = Buffer.alloc(0) }) => {
3637
checkInput(size, iv, tag)
3738

3839
const keySize = size / 8
@@ -41,7 +42,7 @@ const decrypt = (size, sign, { keyObject }, ciphertext, { iv, tag = Buffer.alloc
4142
const macKey = key.slice(0, keySize)
4243

4344
const macData = Buffer.concat([aad, iv, ciphertext, uint64be(aad.length * 8)])
44-
const expectedTag = sign({ keyObject: macKey }, macData, tag).slice(0, keySize)
45+
const expectedTag = sign({ [KEYOBJECT]: macKey }, macData, tag).slice(0, keySize)
4546
const macCheckPassed = timingSafeEqual(tag, expectedTag)
4647

4748
let cleartext

lib/jwa/aes_gcm.js

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
const { createCipheriv, createDecipheriv } = require('crypto')
22
const { strict: assert } = require('assert')
33
const { JWEInvalid, JWEDecryptionFailed } = require('../errors')
4+
const { KEYOBJECT } = require('../help/symbols')
45

56
const checkInput = function (size, iv, tag) {
67
if (iv.length !== 12) {
@@ -13,7 +14,7 @@ const checkInput = function (size, iv, tag) {
1314
}
1415
}
1516

16-
const encrypt = (size, { keyObject }, cleartext, { iv, aad = Buffer.alloc(0) }) => {
17+
const encrypt = (size, { [KEYOBJECT]: keyObject }, cleartext, { iv, aad = Buffer.alloc(0) }) => {
1718
checkInput(size, iv)
1819

1920
const cipher = createCipheriv(`AES-${size}-GCM`, keyObject, iv)
@@ -25,7 +26,7 @@ const encrypt = (size, { keyObject }, cleartext, { iv, aad = Buffer.alloc(0) })
2526
return { ciphertext, tag }
2627
}
2728

28-
const decrypt = (size, { keyObject }, ciphertext, { iv, tag = Buffer.alloc(0), aad = Buffer.alloc(0) }) => {
29+
const decrypt = (size, { [KEYOBJECT]: keyObject }, ciphertext, { iv, tag = Buffer.alloc(0), aad = Buffer.alloc(0) }) => {
2930
checkInput(size, iv, tag)
3031

3132
try {

lib/jwa/aes_kw.js

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@ const { createCipheriv, createDecipheriv } = require('crypto')
22
const { strict: assert } = require('assert')
33
const uint64be = require('../help/uint64be')
44
const timingSafeEqual = require('../help/timing_safe_equal')
5+
const { KEYOBJECT } = require('../help/symbols')
56

67
const checkInput = (data) => {
78
if (data !== undefined && data.length % 8 !== 0) {
@@ -29,7 +30,7 @@ const split = (input, size) => {
2930
return output
3031
}
3132

32-
const wrapKey = (size, { keyObject }, payload) => {
33+
const wrapKey = (size, { [KEYOBJECT]: keyObject }, payload) => {
3334
const iv = Buffer.alloc(16)
3435
let R = split(payload, 8)
3536
let A
@@ -52,7 +53,7 @@ const wrapKey = (size, { keyObject }, payload) => {
5253
return { wrapped: Buffer.concat(R) }
5354
}
5455

55-
const unwrapKey = (size, { keyObject }, payload) => {
56+
const unwrapKey = (size, { [KEYOBJECT]: keyObject }, payload) => {
5657
checkInput(payload)
5758

5859
const iv = Buffer.alloc(16)

lib/jwa/ecdh/kw.js

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,13 +2,14 @@ const { strict: assert } = require('assert')
22

33
const ECKey = require('../../jwk/key/ec')
44
const derive = require('./derive')
5+
const { KEYOBJECT } = require('../../help/symbols')
56

67
const wrapKey = (wrap, derive, key, payload) => {
78
const epk = ECKey.generateSync(key.crv)
89

910
const derivedKey = derive(epk, key, payload)
1011

11-
const result = wrap({ keyObject: derivedKey }, payload)
12+
const result = wrap({ [KEYOBJECT]: derivedKey }, payload)
1213
result.header = { epk: { kty: 'EC', crv: key.crv, x: epk.x, y: epk.y } }
1314

1415
return result
@@ -17,7 +18,7 @@ const wrapKey = (wrap, derive, key, payload) => {
1718
const unwrapKey = (unwrap, derive, key, payload, { apu, apv, epk }) => {
1819
const derivedKey = derive(key, epk, { apu, apv })
1920

20-
return unwrap({ keyObject: derivedKey }, payload)
21+
return unwrap({ [KEYOBJECT]: derivedKey }, payload)
2122
}
2223

2324
module.exports = (JWA) => {

lib/jwa/ecdsa.js

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
const { createSign, createVerify } = require('crypto')
22
const { strict: assert } = require('assert')
33
const { derToJose, joseToDer } = require('../help/ecdsa_signatures')
4+
const { KEYOBJECT } = require('../help/symbols')
45

56
const resolveNodeAlg = (alg) => {
67
switch (alg) {
@@ -13,13 +14,13 @@ const resolveNodeAlg = (alg) => {
1314
}
1415
}
1516

16-
const sign = (jwaAlg, nodeAlg, { keyObject }, payload) => {
17+
const sign = (jwaAlg, nodeAlg, { [KEYOBJECT]: keyObject }, payload) => {
1718
const sign = createSign(nodeAlg)
1819
sign.update(payload)
1920
return derToJose(sign.sign(keyObject), jwaAlg)
2021
}
2122

22-
const verify = (jwaAlg, nodeAlg, { keyObject }, payload, signature) => {
23+
const verify = (jwaAlg, nodeAlg, { [KEYOBJECT]: keyObject }, payload, signature) => {
2324
const verify = createVerify(nodeAlg)
2425
verify.update(payload)
2526

lib/jwa/hmac.js

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
const { createHmac } = require('crypto')
22
const { strict: assert } = require('assert')
3+
const { KEYOBJECT } = require('../help/symbols')
34

45
const timingSafeEqual = require('../help/timing_safe_equal')
56

@@ -14,13 +15,13 @@ const resolveHmacAlg = (alg) => {
1415
}
1516
}
1617

17-
const sign = (jwaAlg, hmacAlg, { keyObject }, payload) => {
18+
const sign = (jwaAlg, hmacAlg, { [KEYOBJECT]: keyObject }, payload) => {
1819
const hmac = createHmac(hmacAlg, keyObject)
1920
hmac.update(payload)
2021
return hmac.digest()
2122
}
2223

23-
const verify = (jwaAlg, hmacAlg, { keyObject }, payload, signature) => {
24+
const verify = (jwaAlg, hmacAlg, { [KEYOBJECT]: keyObject }, payload, signature) => {
2425
const hmac = createHmac(hmacAlg, keyObject)
2526
hmac.update(payload)
2627
const expected = hmac.digest()

lib/jwa/pbes2.js

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
const { strict: assert } = require('assert')
22
const { pbkdf2Sync: pbkdf2, randomBytes } = require('crypto')
3+
const { KEYOBJECT } = require('../help/symbols')
34

45
const base64url = require('../help/base64url')
56

@@ -14,7 +15,7 @@ const concatSalt = (alg, p2s) => {
1415
])
1516
}
1617

17-
const wrapKey = (keylen, sha, concat, wrap, { keyObject }, payload) => {
18+
const wrapKey = (keylen, sha, concat, wrap, { [KEYOBJECT]: keyObject }, payload) => {
1819
// Note that if password-based encryption is used for multiple
1920
// recipients, it is expected that each recipient use different values
2021
// for the PBES2 parameters "p2s" and "p2c".
@@ -25,16 +26,16 @@ const wrapKey = (keylen, sha, concat, wrap, { keyObject }, payload) => {
2526

2627
const derivedKey = pbkdf2(keyObject.export(), salt, p2c, keylen, sha)
2728

28-
const result = wrap({ keyObject: derivedKey }, payload)
29+
const result = wrap({ [KEYOBJECT]: derivedKey }, payload)
2930
result.header = { p2c, p2s: base64url.encode(p2s) }
3031

3132
return result
3233
}
3334

34-
const unwrapKey = (keylen, sha, concat, unwrap, { keyObject }, payload, { p2c, p2s }) => {
35+
const unwrapKey = (keylen, sha, concat, unwrap, { [KEYOBJECT]: keyObject }, payload, { p2c, p2s }) => {
3536
const salt = concat(p2s)
3637
const derivedKey = pbkdf2(keyObject.export(), salt, p2c, keylen, sha)
37-
return unwrap({ keyObject: derivedKey }, payload)
38+
return unwrap({ [KEYOBJECT]: derivedKey }, payload)
3839
}
3940

4041
module.exports = (JWA) => {

lib/jwa/rsaes.js

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
const { strict: assert } = require('assert')
22
const { publicEncrypt, privateDecrypt, constants } = require('crypto')
3+
const { KEYOBJECT } = require('../help/symbols')
34

45
const resolvePadding = (alg) => {
56
switch (alg) {
@@ -10,11 +11,11 @@ const resolvePadding = (alg) => {
1011
}
1112
}
1213

13-
const wrapKey = (padding, { keyObject }, payload) => {
14+
const wrapKey = (padding, { [KEYOBJECT]: keyObject }, payload) => {
1415
return { wrapped: publicEncrypt({ key: keyObject, padding }, payload) }
1516
}
1617

17-
const unwrapKey = (padding, { keyObject }, payload) => {
18+
const unwrapKey = (padding, { [KEYOBJECT]: keyObject }, payload) => {
1819
return privateDecrypt({ key: keyObject, padding }, payload)
1920
}
2021

lib/jwa/rsassa.js

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
const { createSign, createVerify, constants } = require('crypto')
22
const { strict: assert } = require('assert')
3+
const { KEYOBJECT } = require('../help/symbols')
34

45
const resolveNodeAlg = (alg) => {
56
switch (alg) {
@@ -23,13 +24,13 @@ const resolvePadding = (alg) => {
2324
return constants.RSA_PKCS1_PSS_PADDING
2425
}
2526

26-
const sign = (nodeAlg, padding, { keyObject }, payload) => {
27+
const sign = (nodeAlg, padding, { [KEYOBJECT]: keyObject }, payload) => {
2728
const sign = createSign(nodeAlg)
2829
sign.update(payload)
2930
return sign.sign({ key: keyObject, padding })
3031
}
3132

32-
const verify = (nodeAlg, padding, { keyObject }, payload, signature) => {
33+
const verify = (nodeAlg, padding, { [KEYOBJECT]: keyObject }, payload, signature) => {
3334
const verify = createVerify(nodeAlg)
3435
verify.update(payload)
3536
return verify.verify({ key: keyObject, padding }, signature)

0 commit comments

Comments
 (0)