├── .npmignore
├── .gitattributes
├── src
    ├── main.js
    ├── main.browser.js
    ├── browser.ios.js
    ├── index.ios.js
    ├── browser.android.js
    ├── index.android.js
    ├── browser.mjs
    ├── index.mjs
    ├── index.js
    ├── browser.js
    └── react-native.js
├── index.d.ts
├── jest.react-native.json
├── .travis.yml
├── __tests__
    ├── node.js
    ├── react-native.js
    └── browser.js
├── LICENSE
├── .gitignore
├── karma.conf.js
├── package.json
└── README.md


/.npmignore:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/.gitattributes:
--------------------------------------------------------------------------------
1 | package-lock.json -diff
2 | 


--------------------------------------------------------------------------------
/src/main.js:
--------------------------------------------------------------------------------
1 | module.exports = require('./index')
2 | 


--------------------------------------------------------------------------------
/src/main.browser.js:
--------------------------------------------------------------------------------
1 | module.exports = require('./browser')
2 | 


--------------------------------------------------------------------------------
/src/browser.ios.js:
--------------------------------------------------------------------------------
1 | module.exports = require('./react-native.js')
2 | 


--------------------------------------------------------------------------------
/src/index.ios.js:
--------------------------------------------------------------------------------
1 | module.exports = require('./react-native.js')
2 | 


--------------------------------------------------------------------------------
/src/browser.android.js:
--------------------------------------------------------------------------------
1 | module.exports = require('./react-native.js')
2 | 


--------------------------------------------------------------------------------
/src/index.android.js:
--------------------------------------------------------------------------------
1 | module.exports = require('./react-native.js')
2 | 


--------------------------------------------------------------------------------
/src/browser.mjs:
--------------------------------------------------------------------------------
1 | import './webcrypto-shim.mjs'
2 | export default window.crypto
3 | 


--------------------------------------------------------------------------------
/src/index.mjs:
--------------------------------------------------------------------------------
1 | import { Crypto } from '@peculiar/webcrypto'
2 | export default new Crypto()
3 | 


--------------------------------------------------------------------------------
/src/index.js:
--------------------------------------------------------------------------------
1 | const { Crypto } = require('@peculiar/webcrypto')
2 | module.exports = new Crypto()
3 | 


--------------------------------------------------------------------------------
/index.d.ts:
--------------------------------------------------------------------------------
1 | interface WebCrypto extends Crypto {
2 |     ensureSecure(): Promise<any>;
3 | }
4 | declare var crypto: WebCrypto
5 | export = crypto;
6 | export default crypto;
7 | 


--------------------------------------------------------------------------------
/jest.react-native.json:
--------------------------------------------------------------------------------
1 | {
2 |   "preset": "react-native",
3 |   "transform": {
4 |     "^.+\\.js$": "<rootDir>/node_modules/react-native/jest/preprocessor.js"
5 |   }
6 | }
7 | 


--------------------------------------------------------------------------------
/.travis.yml:
--------------------------------------------------------------------------------
 1 | language: node_js
 2 | node_js: "stable"
 3 | dist: trusty
 4 | sudo: required
 5 | addons:
 6 |   firefox: latest
 7 |   chrome: stable
 8 | install:
 9 |   - npm i
10 | script:
11 |   - npm test
12 | 


--------------------------------------------------------------------------------
/__tests__/node.js:
--------------------------------------------------------------------------------
 1 | const crypto = require('../src/index');
 2 | 
 3 | function includes(haystack, needle) {
 4 |   return haystack.indexOf(needle) > -1;
 5 | }
 6 | 
 7 | require('webcrypto-test-suite')({
 8 |   crypto,
 9 |   shouldSkip: function(spec) {
10 |     if (includes(spec,'PBKDF2') && includes(spec,'deriveKey')) return true;
11 |   }
12 | });
13 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2017 Len Boyette
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | .DS_Store
 2 | webcrypto-shim.mjs
 3 | webcrypto-liner.js
 4 | tmp
 5 | 
 6 | # Logs
 7 | logs
 8 | *.log
 9 | npm-debug.log*
10 | yarn-debug.log*
11 | yarn-error.log*
12 | 
13 | # Runtime data
14 | pids
15 | *.pid
16 | *.seed
17 | *.pid.lock
18 | 
19 | # Directory for instrumented libs generated by jscoverage/JSCover
20 | lib-cov
21 | 
22 | # Coverage directory used by tools like istanbul
23 | coverage
24 | 
25 | # nyc test coverage
26 | .nyc_output
27 | 
28 | # Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files)
29 | .grunt
30 | 
31 | # Bower dependency directory (https://bower.io/)
32 | bower_components
33 | 
34 | # node-waf configuration
35 | .lock-wscript
36 | 
37 | # Compiled binary addons (http://nodejs.org/api/addons.html)
38 | build/Release
39 | 
40 | # Dependency directories
41 | node_modules/
42 | jspm_packages/
43 | 
44 | # Typescript v1 declaration files
45 | typings/
46 | 
47 | # Optional npm cache directory
48 | .npm
49 | 
50 | # Optional eslint cache
51 | .eslintcache
52 | 
53 | # Optional REPL history
54 | .node_repl_history
55 | 
56 | # Output of 'npm pack'
57 | *.tgz
58 | 
59 | # Yarn Integrity file
60 | .yarn-integrity
61 | 
62 | # dotenv environment variables file
63 | .env
64 | 
65 | 


--------------------------------------------------------------------------------
/karma.conf.js:
--------------------------------------------------------------------------------
 1 | const os = require('os');
 2 | 
 3 | let browsers = ['ChromeHeadless', 'FirefoxHeadless'];
 4 | if (process.platform === 'darwin') {
 5 |   browsers.push('Safari');
 6 | } else if (process.platform === 'win32' && 
 7 |           os.release().slice(3) === '10.') {
 8 |   browsers.push('Edge');
 9 | }
10 | 
11 | module.exports = function(config) {
12 |   config.set({
13 |     frameworks: ['jasmine'],
14 |     files: [
15 |       '__tests__/browser.js'
16 |     ],
17 |     preprocessors: {
18 |       '__tests__/browser.js': ['webpack']
19 |     },
20 |     webpack: {
21 |       mode: 'none',
22 |       node: false
23 |     },
24 |     reporters: ['progress'],
25 |     port: 9876,
26 |     colors: true,
27 |     // config.LOG_DISABLE || config.LOG_ERROR || config.LOG_WARN || config.LOG_INFO || config.LOG_DEBUG
28 |     logLevel: config.LOG_INFO,
29 |     autoWatch: true,
30 |     browsers,
31 |     customLaunchers: {
32 |       FirefoxHeadless: {
33 |         base: 'Firefox',
34 |         flags: ['-headless']
35 |       },
36 |       EdgeVM: {
37 |         base: 'VirtualBoxEdge',
38 |         keepAlive: true,
39 |         uuid: process.env.EDGE_VIRTUAL_BOX_UUID
40 |       },
41 |       IE11VM: {
42 |         base: 'VirtualBoxIE11',
43 |         keepAlive: true,
44 |         uuid: process.env.IE11_VIRTUAL_BOX_UUID
45 |       }
46 |     }
47 |   })
48 | }
49 | 


--------------------------------------------------------------------------------
/__tests__/react-native.js:
--------------------------------------------------------------------------------
 1 | // Include additional mocks not included in the react-native preset
 2 | global.window = {
 3 |   Uint8Array,
 4 |   Promise
 5 | };
 6 | function XMLHttpRequest() {}
 7 | XMLHttpRequest.prototype.getResponseHeader = function() {};
 8 | global.XMLHttpRequest = XMLHttpRequest;
 9 | 
10 | delete global.Buffer;
11 | 
12 | jest.mock('b64-lite', () => require('b64-lite/dist/react-native.js'));
13 | jest.mock('str2buf', () => require('str2buf/dist/str2buf.js'));
14 | 
15 | const crypto = require('../src/react-native');
16 | 
17 | require('webcrypto-test-suite')({
18 |   crypto,
19 |   shouldSkip(spec) {
20 |     if (spec.includes('RS256') && spec.includes('generateKey')) return true;
21 |     if (spec.includes('RS384') && spec.includes('generateKey')) return true;
22 |     if (spec.includes('RS512') && spec.includes('generateKey')) return true;
23 |     if (spec.includes('PS256') && spec.includes('generateKey')) return true;
24 |     if (spec.includes('PS384') && spec.includes('generateKey')) return true;
25 |     if (spec.includes('PS512') && spec.includes('generateKey')) return true;
26 | 
27 |     // FIXME: https://github.com/facebook/jest/issues/8475
28 |     if (spec.includes('sign')) return true;
29 |     if (spec.includes('PBKDF2')) {
30 |         if (spec.includes('deriveBits')) return true;
31 |         if (spec.includes('deriveKey')) return true;
32 |     }
33 |   }
34 | });
35 | 


--------------------------------------------------------------------------------
/src/browser.js:
--------------------------------------------------------------------------------
 1 | require('webcrypto-shim');
 2 | var b64u = require('b64u-lite/bundle/b64u-lite');
 3 | var str2buf = require('str2buf');
 4 | 
 5 | var isEdge = navigator.userAgent.indexOf('Edge') > -1;
 6 | var isIE11 = !!window.MSInputMethodContext && !!document.documentMode;
 7 | 
 8 | // https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/assign#Polyfill
 9 | function assign(target) {
10 |   if (target == null) {
11 |     throw new TypeError('Cannot convert undefined or null to object');
12 |   }
13 | 
14 |   var to = Object(target);
15 | 
16 |   for (var index = 1; index < arguments.length; index++) {
17 |     var nextSource = arguments[index];
18 | 
19 |     if (nextSource != null) {
20 |       for (var nextKey in nextSource) {
21 |         if (Object.prototype.hasOwnProperty.call(nextSource, nextKey)) {
22 |           to[nextKey] = nextSource[nextKey];
23 |         }
24 |       }
25 |     }
26 |   }
27 |   return to;
28 | }
29 | 
30 | function toArray(item) {
31 |   return Array.prototype.slice.call(item);
32 | }
33 | 
34 | if (isEdge || isIE11) {
35 |   var originalGenerateKey = crypto.subtle.generateKey;
36 |   crypto.subtle.generateKey = function() {
37 |     const args = toArray(arguments);
38 |     var algo = assign({}, args[0]);
39 |     if (algo.name === 'ECDSA') {
40 |       delete algo.hash
41 |     }
42 |     args[0] = algo;
43 |     return originalGenerateKey.apply(crypto.subtle, args);
44 |   };
45 | 
46 |   var originalExportKey = crypto.subtle.exportKey;
47 |   crypto.subtle.exportKey = function() {
48 |     var args = toArray(arguments);
49 |     var key = args[1];
50 |     return originalExportKey.apply(crypto.subtle, args)
51 |     .then(function(res) {
52 |       if (!res.key_ops || !res.key_ops.length) {
53 |         res.key_ops = key.usages;
54 |       }
55 |       return res;
56 |     });;
57 |   };
58 | 
59 |   var originalImportKey = crypto.subtle.importKey;
60 |   crypto.subtle.importKey = function() {
61 |     var args = toArray(arguments);
62 |     var jwk = args[1];
63 |     var algo = args[2];
64 | 
65 |     if (algo.name === 'RSASSA-PKCS1-v1_5' && algo.hash.name === 'SHA-256') {
66 |       delete jwk.qi;
67 |     }
68 |     
69 |     return originalImportKey.apply(crypto.subtle, args)
70 |     .then(function(res) {
71 |       var algo = res.algorithm;
72 |       if (algo.name === 'RSASSA-PKCS1-v1_5') {
73 |         algo.modulusLength = str2buf.toUint8Array(b64u.toBinaryString(jwk.n)).length * 8;
74 |         algo.publicExponent = str2buf.toUint8Array(b64u.toBinaryString(jwk.e));
75 |       }
76 |       return res;
77 |     });
78 |   };
79 | }
80 | 
81 | module.exports = window.crypto;
82 | 


--------------------------------------------------------------------------------
/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "isomorphic-webcrypto",
 3 |   "version": "2.3.8",
 4 |   "description": "webcrypto library for Node, React Native and IE11+",
 5 |   "main": "./src/main.js",
 6 |   "module": "./src/index.mjs",
 7 |   "browser": {
 8 |     "./src/main.js": "./src/main.browser.js",
 9 |     "./src/index.mjs": "./src/browser.mjs"
10 |   },
11 |   "types": "index.d.ts",
12 |   "scripts": {
13 |     "build": "node build.js",
14 |     "prepublishOnly": "npm run build",
15 |     "test": "npm run build && npm run test:node && npm run test:react-native && npm run test:browser",
16 |     "test:node": "jest ./__tests__/node.js",
17 |     "test:react-native": "jest ./__tests__/react-native.js --config=jest.react-native.json",
18 |     "test:browser": "karma start karma.conf.js --single-run",
19 |     "test:EdgeVM": "npm run test:browser -- --browsers 'EdgeVM'",
20 |     "test:IE11VM": "npm run test:browser -- --browsers 'IE11VM'",
21 |     "release": "npm run test && npm run build && git commit -am $npm_package_version && git tag $npm_package_version && git push && git push --tags && npm publish"
22 |   },
23 |   "repository": {
24 |     "type": "git",
25 |     "url": "git+https://github.com/kevlened/isomorphic-webcrypto.git"
26 |   },
27 |   "files": [
28 |     "src",
29 |     "index.d.ts"
30 |   ],
31 |   "keywords": [
32 |     "isomorphic",
33 |     "webcrypto",
34 |     "small"
35 |   ],
36 |   "license": "MIT",
37 |   "bugs": {
38 |     "url": "https://github.com/kevlened/isomorphic-webcrypto/issues"
39 |   },
40 |   "homepage": "https://github.com/kevlened/isomorphic-webcrypto#readme",
41 |   "dependencies": {
42 |     "@peculiar/webcrypto": "^1.0.22",
43 |     "asmcrypto.js": "^0.22.0",
44 |     "b64-lite": "^1.3.1",
45 |     "b64u-lite": "^1.0.1",
46 |     "msrcrypto": "^1.5.6",
47 |     "str2buf": "^1.3.0",
48 |     "webcrypto-shim": "^0.1.4"
49 |   },
50 |   "devDependencies": {
51 |     "ajv": "^6.5.2",
52 |     "bluebird": "^3.5.1",
53 |     "jasmine": "^3.4.0",
54 |     "jasmine-core": "^3.4.0",
55 |     "jest": "^25.1.0",
56 |     "karma": "^4.4.1",
57 |     "karma-chrome-launcher": "^3.1.0",
58 |     "karma-edge-launcher": "^0.4.2",
59 |     "karma-firefox-launcher": "^1.1.0",
60 |     "karma-jasmine": "^2.0.1",
61 |     "karma-safari-launcher": "^1.0.0",
62 |     "karma-virtualbox-edge-launcher": "^1.1.8",
63 |     "karma-virtualbox-ie11-launcher": "^1.1.8",
64 |     "karma-webpack": "^4.0.2",
65 |     "react": "^16.9.0",
66 |     "react-native": "^0.61.5",
67 |     "webcrypto-liner": "^1.0.1",
68 |     "webcrypto-test-suite": "^0.4.0",
69 |     "webpack": "^4.42.0"
70 |   },
71 |   "optionalDependencies": {
72 |     "react-native-securerandom": "^0.1.1",
73 |     "expo-random": "*",
74 |     "@unimodules/core": "*",
75 |     "@unimodules/react-native-adapter": "*"
76 |   }
77 | }
78 | 


--------------------------------------------------------------------------------
/__tests__/browser.js:
--------------------------------------------------------------------------------
 1 | function includes(haystack, needle) {
 2 |   return haystack.indexOf(needle) > -1;
 3 | }
 4 | 
 5 | window.Promise = require('bluebird');
 6 | 
 7 | var ua = navigator.userAgent;
 8 | var isSafari = includes(ua, 'Safari') && !includes(ua, 'Chrome');
 9 | var isChrome = !isSafari && includes(ua, 'Chrome');
10 | var isEdge = includes(ua, 'Edge');
11 | var isIE11 = !!window.MSInputMethodContext && !!document.documentMode;
12 | require('webcrypto-test-suite')({
13 |   crypto: require('../src/browser.js'),
14 |   shouldSkip: function(spec) {
15 |     if (isChrome) {
16 |       if (includes(spec, 'A192GCM')) return true;
17 |       if (includes(spec, 'A192CBC')) return true;
18 |     }
19 |     if (isSafari) {
20 |       if (includes(spec,'ES512')) return true;
21 |       if (includes(spec,'RS384') && includes(spec,'exportKey')) return true;
22 |       if (includes(spec,'RS512') && includes(spec,'exportKey')) return true;
23 |       if (includes(spec,'PS256') && includes(spec,'exportKey')) return true;
24 |       if (includes(spec,'PS384') && includes(spec,'exportKey')) return true;
25 |       if (includes(spec,'PS512') && includes(spec,'exportKey')) return true;
26 |     }
27 |     if (isEdge) {
28 |       // Misidentifies private types as public and has no modulesLength or publicExponent
29 |       if (includes(spec,'RS256') && includes(spec,'importKey')) return true;
30 |       
31 |       // Has no modulesLength or publicExponent
32 |       if (includes(spec,'RS384') && includes(spec,'importKey')) return true;
33 |       if (includes(spec,'RS512') && includes(spec,'importKey')) return true;
34 | 
35 |       // Should return Uint8Array for publicExponent rather than Int8Array
36 |       if (includes(spec,'RS256') && includes(spec,'generateKey')) return true;
37 |       if (includes(spec,'RS384') && includes(spec,'generateKey')) return true;
38 |       if (includes(spec,'RS512') && includes(spec,'generateKey')) return true;
39 | 
40 |       // Could not complete the operation due to error c000000d
41 |       if (includes(spec,'RS256') && includes(spec,'sign')) return true;
42 | 
43 |       // Not working at all
44 |       if (includes(spec,'ES256')) return true;
45 |       if (includes(spec,'ES384')) return true;
46 |       if (includes(spec,'ES512')) return true;
47 |     }
48 |     if (isIE11) {
49 |       // All errors are browser events, so there are no error messages to aid debugging
50 | 
51 |       // Misidentifies private types as public
52 |       if (includes(spec,'RS256') && includes(spec,'importKey')) return true;
53 |       
54 |       // Missing d, q, dq, p, dp (probably because importKey says it's public)
55 |       if (includes(spec,'RS256') && includes(spec,'exportKey')) return true;
56 |       
57 |       // Not working at all
58 |       if (includes(spec,'RS256') && includes(spec,'sign')) return true;
59 |       if (includes(spec,'RS512') && includes(spec,'sign')) return true;
60 |       if (includes(spec,'RS512') && includes(spec,'verify')) return true;
61 |       if (includes(spec,'HS512')) return true;
62 |       if (includes(spec,'ES256')) return true;
63 |       if (includes(spec,'ES384')) return true;
64 |       if (includes(spec,'ES512')) return true;
65 |     }
66 |   }
67 | });
68 | 


--------------------------------------------------------------------------------
/src/react-native.js:
--------------------------------------------------------------------------------
  1 | let generateSecureRandom;
  2 | if (require.getModules) {
  3 |   const NativeModules = require('react-native').NativeModules;
  4 |   const RNSecureRandom = NativeModules.RNSecureRandom;
  5 |   const NativeUnimoduleProxy = NativeModules.NativeUnimoduleProxy;
  6 |   if (RNSecureRandom && RNSecureRandom.generateSecureRandomAsBase64) {
  7 |     generateSecureRandom = require('react-native-securerandom').generateSecureRandom;
  8 |   } else if (NativeUnimoduleProxy && NativeUnimoduleProxy.exportedMethods.ExpoRandom) {
  9 |     generateSecureRandom = require('expo-random').getRandomBytesAsync;
 10 |   }
 11 | }
 12 | 
 13 | if (!generateSecureRandom) {
 14 |   console.log(`
 15 |     isomorphic-webcrypto cannot ensure the security of some operations!
 16 |     Install and configure react-native-securerandom or expo-random
 17 |     If managed by Expo, run 'expo install expo-random'
 18 |   `);
 19 |   generateSecureRandom = function(length) {
 20 |     const uint8Array = new Uint8Array(length);
 21 |     while (length && length--) {
 22 |       uint8Array[length] = Math.floor(Math.random() * 256);
 23 |     }
 24 |     return Promise.resolve(uint8Array);
 25 |   }
 26 | }
 27 | 
 28 | const str2buf = require('str2buf');
 29 | const b64u = require('b64u-lite');
 30 | const b64 = require('b64-lite');
 31 | 
 32 | if(global.window.navigator === undefined)
 33 |   global.window.navigator = {};
 34 | 
 35 | global.window.navigator.userAgent = '';
 36 | global.atob = typeof atob === 'undefined' ? b64.atob : atob;
 37 | global.btoa = typeof btoa === 'undefined' ? b64.btoa : btoa;
 38 | global.msrCryptoPermanentForceSync = true;
 39 | 
 40 | const crypto = require('msrcrypto');
 41 | 
 42 | let isSecured = false;
 43 | const secured = new Promise((resolve, reject) => {
 44 |     if (!crypto.initPrng) return resolve(false);
 45 |     return generateSecureRandom(48)
 46 |     .then(byteArray => {
 47 |         crypto.initPrng(Array.from(byteArray))
 48 |         isSecured = true;
 49 |         resolve(true);
 50 |     })
 51 |     .catch(err => reject(err));
 52 |   })
 53 |   .then(() => {
 54 |     if (!global.window.crypto) {
 55 |       global.window.crypto = crypto;
 56 |     }
 57 | 
 58 |     global.asmCrypto = require('asmcrypto.js');
 59 |     const liner = require('./webcrypto-liner');
 60 | 
 61 |     const originalImportKey = crypto.subtle.importKey;
 62 |     crypto.subtle.importKey = function importKey() {
 63 |       const importType = arguments[0];
 64 |       const key = arguments[1];
 65 |       const algorithm = arguments[2];
 66 |       if (algorithm.name.toUpperCase() === 'PBKDF2') {
 67 |         let importKey, ref;
 68 |         if (liner.crypto.subtle.getProvider) {
 69 |           ref = liner.crypto.subtle.getProvider('PBKDF2');
 70 |           importKey = ref.onImportKey;
 71 |         } else {
 72 |           ref = liner.crypto.subtle;
 73 |           importKey = ref.importKey;
 74 |         }
 75 |         if (importType === 'raw') arguments[1] = new ArrayBuffer(arguments[1]);
 76 |         return importKey.apply(ref, arguments);
 77 |       }
 78 | 
 79 |       return originalImportKey.apply(this, arguments)
 80 |       .then(res => {
 81 |         res.algorithm.name = standardizeAlgoName(res.algorithm.name);
 82 |         switch(res.type) {
 83 |           case 'secret':
 84 |             res.usages = res.algorithm.name === 'HMAC' ? ['sign', 'verify'] : ['encrypt', 'decrypt'];
 85 |             break;
 86 |           case 'private':
 87 |             res.usages = ['sign'];
 88 |             break;
 89 |           case 'public':
 90 |             res.usages = ['verify'];
 91 |             break;
 92 |         }
 93 |         if (importType === 'jwk' && key.kty === 'RSA') {
 94 |           res.algorithm.modulusLength = b64u.toBinaryString(key.n).length * 8;
 95 |           res.algorithm.publicExponent = str2buf.toUint8Array(b64u.toBinaryString(key.e));
 96 |         }
 97 |         return res;
 98 |       });
 99 |     }
100 | 
101 |     const originalDeriveBits = crypto.subtle.deriveBits;
102 |     crypto.subtle.deriveBits = function deriveBits() {
103 |       const algorithm = arguments[0];
104 |       if (algorithm.name.toUpperCase() === 'PBKDF2') {
105 |         let deriveBits, ref;
106 |         if (liner.crypto.subtle.getProvider) {
107 |           ref = liner.crypto.subtle.getProvider('PBKDF2');
108 |           deriveBits = ref.onDeriveBits;
109 |         } else {
110 |           ref = liner.crypto.subtle;
111 |           deriveBits = ref.deriveBits;
112 |         }
113 |         return deriveBits.apply(ref, arguments);
114 |       }
115 | 
116 |       return originalDeriveBits.apply(this, arguments);
117 |     }
118 |   })
119 |   .catch(e => {
120 |     console.log('Unable to secure:', e.message);
121 |     throw e;
122 |   });
123 | 
124 | crypto.ensureSecure = () => secured;
125 | 
126 | function standardizeAlgoName(algo) {
127 |   const upper = algo.toUpperCase();
128 |   return upper === 'RSASSA-PKCS1-V1_5' ? 'RSASSA-PKCS1-v1_5' : upper;
129 | }
130 | 
131 | function ensureUint8Array(buffer) {
132 |   if (typeof buffer === 'string' || buffer instanceof String)
133 |     return str2buf.toUint8Array(buffer);
134 |   if (!buffer) return;
135 |   if (buffer instanceof ArrayBuffer) return new Uint8Array(buffer);
136 |   if (buffer instanceof Uint8Array) return buffer;
137 |   return buffer;
138 | }
139 | 
140 | const originalGetRandomValues = crypto.getRandomValues;
141 | crypto.getRandomValues = function getRandomValues() {
142 |   if (!isSecured) {
143 |     throw new Error(`
144 |       You must wait until the library is secure to call this method:
145 | 
146 |       await crypto.ensureSecure();
147 |       const safeValues = crypto.getRandomValues();
148 |     `);
149 |   }
150 |   return originalGetRandomValues.apply(crypto, arguments);
151 | }
152 | 
153 | // wrap all methods to ensure they're secure
154 | const methods = [
155 |   'decrypt',
156 |   'digest',
157 |   'deriveKey',
158 |   'encrypt',
159 |   'exportKey',
160 |   'generateKey',
161 |   'importKey',
162 |   'sign',
163 |   'unwrapKey',
164 |   'verify',
165 |   'wrapKey'
166 | ]
167 | methods.map(key => {
168 |   const original = crypto.subtle[key]
169 |   const proxy = function() {
170 |     const args = Array.from(arguments)
171 |     const before = crypto.subtle[key];
172 |     return crypto.ensureSecure()
173 |     .then(() => {
174 |       const after = crypto.subtle[key];
175 |       if (before === after) {
176 |         return original.apply(crypto.subtle, args)
177 |       } else {
178 |         return crypto.subtle[key].apply(crypto.subtle, args)
179 |       }
180 |     });
181 |   }
182 |   crypto.subtle[key] = proxy;
183 |   crypto.subtle[key].name = key;
184 | })
185 | 
186 | const originalGenerateKey = crypto.subtle.generateKey;
187 | crypto.subtle.generateKey = function generateKey() {
188 |   const algo = arguments[0];
189 |   if (algo) {
190 |     if (algo.name) algo.name = algo.name.toLowerCase();
191 |     if (algo.hash && algo.hash.name) algo.hash.name = algo.hash.name.toLowerCase();
192 |   }
193 |   return originalGenerateKey.apply(this, arguments)
194 |   .then(res => {
195 |     if (res.publicKey) {
196 |       res.publicKey.usages = ['verify'];
197 |       res.publicKey.algorithm.name = standardizeAlgoName(res.publicKey.algorithm.name);
198 |       res.privateKey.usages = ['sign'];
199 |       res.privateKey.algorithm.name = standardizeAlgoName(res.privateKey.algorithm.name);
200 |     } else {
201 |       res.algorithm.name = standardizeAlgoName(res.algorithm.name);
202 |       res.usages = res.algorithm.name === 'HMAC' ? ['sign', 'verify'] : ['encrypt', 'decrypt'];
203 |     }
204 |     return res;
205 |   });
206 | }
207 | 
208 | const originalExportKey = crypto.subtle.exportKey;
209 | crypto.subtle.exportKey = function exportKey() {
210 |   const key = arguments[1];
211 |   return originalExportKey.apply(this, arguments)
212 |   .then(res => {
213 |     if (res.kty === 'RSA' || res.kty === 'EC') {
214 |       if (res.d) {
215 |         res.key_ops = ['sign'];
216 |       } else {
217 |         res.key_ops = ['verify'];
218 |       }
219 |     }
220 |     switch(res.alg) {
221 |       case 'EC-256':
222 |       case 'EC-384':
223 |       case 'EC-521':
224 |         delete res.alg;
225 |     }
226 |     return res;
227 |   });
228 | }
229 | 
230 | const originalDigest = crypto.subtle.digest;
231 | crypto.subtle.digest = function digest() {
232 |   arguments[1] = ensureUint8Array(arguments[1]);
233 |   return originalDigest.apply(this, arguments);
234 | }
235 | 
236 | module.exports = crypto
237 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # isomorphic-webcrypto [![NPM](https://img.shields.io/npm/v/isomorphic-webcrypto.svg)](https://npmjs.com/package/isomorphic-webcrypto) [![bundlephobia](https://img.shields.io/bundlephobia/minzip/isomorphic-webcrypto.svg)](https://bundlephobia.com/result?p=isomorphic-webcrypto)
  2 | webcrypto library for Node, React Native and IE11+
  3 | 
  4 | ## What?
  5 | 
  6 | There's [a great Node polyfill](https://github.com/PeculiarVentures/webcrypto) for the [Web Crypto API](https://developer.mozilla.org/en-US/docs/Web/API/Web_Crypto_API), but it's not isomorphic.
  7 | 
  8 | IE11 and versions of Safari < 11 use an older version of the spec, so the browser implementation includes a [webcrypto-shim](https://github.com/vibornoff/webcrypto-shim) to iron out the differences. You'll still need to provide your own Promise polyfill.
  9 | 
 10 | There's currently no native crypto support in React Native, so [the Microsoft Research library](https://github.com/kevlened/msrCrypto) is exposed.
 11 | 
 12 | > **Note:** If you're performing cross-platform jwt operations, consider [jwt-lite](https://www.npmjs.com/package/jwt-lite) or [jwt-verifier-lite](https://www.npmjs.com/package/jwt-verifier-lite) (for OpenID Connect), which build on `isomorphic-webcrypto`
 13 | 
 14 | ## Install
 15 | 
 16 | `npm install isomorphic-webcrypto`
 17 | 
 18 | ## Usage
 19 | 
 20 | There's a simple hashing example below, but [there are many more WebCrypto examples here](https://github.com/diafygi/webcrypto-examples). This example requires you to `npm install hex-lite`.
 21 | 
 22 | ```javascript
 23 | const crypto = require('isomorphic-webcrypto')
 24 | const hex = require('hex-lite')
 25 | // or
 26 | import crypto from 'isomorphic-webcrypto'
 27 | import hex from 'hex-lite'
 28 | 
 29 | crypto.subtle.digest(
 30 |   { name: 'SHA-256' },
 31 |   new Uint8Array([1,2,3]).buffer
 32 | )
 33 | .then(hash => {
 34 |   // hashes are usually represented as hex strings
 35 |   // hex-lite makes this easier
 36 |   const hashString = hex.fromBuffer(hash);
 37 | })
 38 | ```
 39 | 
 40 | ### React Native
 41 | 
 42 | React Native support is implemented using [the Microsoft Research library](https://github.com/kevlened/msrCrypto). The React Native environment only supports `Math.random()`, so [react-native-securerandom](https://github.com/rh389/react-native-securerandom) is used to provide proper entropy. This is handled automatically, except for `crypto.getRandomValues()`, which requires you wait:
 43 | 
 44 | ```javascript
 45 | const crypto = require('isomorphic-webcrypto')
 46 | 
 47 | (async () => {
 48 |   // Only needed for crypto.getRandomValues
 49 |   // but only wait once, future calls are secure
 50 |   await crypto.ensureSecure();
 51 |   const array = new Uint8Array(1);
 52 |   crypto.getRandomValues(array);
 53 |   const safeValue = array[0];
 54 | })()
 55 | ```
 56 | 
 57 | Working React Native examples:
 58 | 
 59 | * Using [create-react-native-app](https://github.com/kevlened/webcrypto-react-native-examples/tree/master/crna) with Expo
 60 | * Using an ejected [create-react-native-app](https://github.com/kevlened/webcrypto-react-native-examples/blob/master/crna-ejected)
 61 | 
 62 | ## I just want to drop in a script tag
 63 | 
 64 | You should use [the webcrypto-shim](https://github.com/vibornoff/webcrypto-shim) library directly:
 65 | 
 66 | ```html
 67 | <!-- Any Promise polyfill will do -->
 68 | <script src="https://unpkg.com/bluebird"></script>
 69 | <script src="https://unpkg.com/webcrypto-shim"></script>
 70 | ```
 71 | 
 72 | ## Compatibility
 73 | 
 74 | * IE11+
 75 | * Safari 8+
 76 | * Edge 12+
 77 | * Chrome 43+
 78 | * Opera 24+
 79 | * Firefox 34+
 80 | * Node 8+
 81 | * React Native
 82 | 
 83 | Although the library runs on IE11+, the level of functionality varies between implementations. The grid below shows the discrepancies between the latest versions of each environment.
 84 | 
 85 | > __Legend__
 86 | >
 87 | > * **~** works with some caveats - see the \_\_tests__ directory for the caveats
 88 | > * **?** untested
 89 | > * **x** unsupported algorithm
 90 | > * **strikethrough** broken method
 91 | 
 92 | | Key                | Node                                                        | React Native                                                | Chrome/Firefox                                          | Safari                                                      | Edge                                                          | IE11                                                            |
 93 | | ------------------ | ----------------------------------------------------------- | ----------------------------------------------------------- | ------------------------------------------------------- | ----------------------------------------------------------- | ------------------------------------------------------------- | --------------------------------------------------------------- |
 94 | | HS256              | importKey<br>exportKey<br>generateKey<br>sign<br>verify     | importKey<br>exportKey<br>generateKey<br>sign<br>verify     | importKey<br>exportKey<br>generateKey<br>sign<br>verify | importKey<br>exportKey<br>generateKey<br>sign<br>verify     | importKey<br>exportKey<br>generateKey<br>sign<br>verify       | importKey<br>exportKey<br>generateKey<br>sign<br>verify         |
 95 | | HS384              | importKey<br>exportKey<br>generateKey<br>sign<br>verify     | importKey<br>exportKey<br>generateKey<br>sign<br>verify     | importKey<br>exportKey<br>generateKey<br>sign<br>verify | importKey<br>exportKey<br>generateKey<br>sign<br>verify     | importKey<br>exportKey<br>generateKey<br>sign<br>verify       | importKey<br>exportKey<br>generateKey<br>sign<br>verify         |
 96 | | HS512              | importKey<br>exportKey<br>generateKey<br>sign<br>verify     | importKey<br>exportKey<br>generateKey<br>sign<br>verify     | importKey<br>exportKey<br>generateKey<br>sign<br>verify | importKey<br>exportKey<br>generateKey<br>sign<br>verify     | importKey<br>exportKey<br>generateKey<br>sign<br>verify       | x                                                               |
 97 | | RS256              | importKey<br>exportKey<br>generateKey<br>sign<br>verify     | importKey<br>exportKey<br>~~generateKey~~<br>sign<br>verify | importKey<br>exportKey<br>generateKey<br>sign<br>verify | importKey<br>exportKey<br>generateKey<br>sign<br>verify     | ~importKey<br>exportKey<br>~generateKey<br>~~sign~~<br>verify | ~importKey<br>~exportKey<br>generateKey<br>~~sign~~<br>verify   |
 98 | | RS384              | importKey<br>exportKey<br>generateKey<br>sign<br>verify     | importKey<br>exportKey<br>~~generateKey~~<br>sign<br>verify | importKey<br>exportKey<br>generateKey<br>sign<br>verify | importKey<br>~~exportKey~~<br>generateKey<br>sign<br>verify | ~importKey<br>exportKey<br>~generateKey<br>sign<br>verify     | importKey<br>exportKey<br>generateKey<br>sign<br>verify         |
 99 | | RS512              | importKey<br>exportKey<br>generateKey<br>sign<br>verify     | importKey<br>exportKey<br>~~generateKey~~<br>sign<br>verify | importKey<br>exportKey<br>generateKey<br>sign<br>verify | importKey<br>~~exportKey~~<br>generateKey<br>sign<br>verify | ~importKey<br>exportKey<br>~generateKey<br>sign<br>verify     | importKey<br>exportKey<br>generateKey<br>~~sign~~<br>~~verify~~ |
100 | | PS256              | importKey<br>exportKey<br>generateKey<br>sign<br>verify     | importKey<br>exportKey<br>~~generateKey~~<br>sign<br>verify | importKey<br>exportKey<br>generateKey<br>sign<br>verify | importKey<br>~~exportKey~~<br>generateKey<br>sign<br>verify | ? | ? |
101 | | PS384              | importKey<br>exportKey<br>generateKey<br>sign<br>verify     | importKey<br>exportKey<br>~~generateKey~~<br>sign<br>verify | importKey<br>exportKey<br>generateKey<br>sign<br>verify | importKey<br>~~exportKey~~<br>generateKey<br>sign<br>verify | ? | ? |
102 | | PS512              | importKey<br>exportKey<br>generateKey<br>sign<br>verify     | importKey<br>exportKey<br>~~generateKey~~<br>sign<br>verify | importKey<br>exportKey<br>generateKey<br>sign<br>verify | importKey<br>~~exportKey~~<br>generateKey<br>sign<br>verify | ? | ? |
103 | | ES256              | importKey<br>exportKey<br>generateKey<br>sign<br>verify     | importKey<br>exportKey<br>generateKey<br>sign<br>verify     | importKey<br>exportKey<br>generateKey<br>sign<br>verify | importKey<br>exportKey<br>generateKey<br>sign<br>verify     | x                                                             | x                                                               |
104 | | ES384              | importKey<br>exportKey<br>generateKey<br>sign<br>verify     | importKey<br>exportKey<br>generateKey<br>sign<br>verify     | importKey<br>exportKey<br>generateKey<br>sign<br>verify | importKey<br>exportKey<br>generateKey<br>sign<br>verify     | x                                                             | x                                                               |
105 | | ES512              | importKey<br>exportKey<br>generateKey<br>sign<br>verify     | importKey<br>exportKey<br>generateKey<br>sign<br>verify     | importKey<br>exportKey<br>generateKey<br>sign<br>verify | x                                                           | x                                                             | x                                                               |
106 | | RSA1_5             | ? | ? | ? | ? | ? | ? |
107 | | RSA-OAEP           | ? | ? | ? | ? | ? | ? |
108 | | RSA-OAEP-256       | ? | ? | ? | ? | ? | ? |
109 | | A128KW             | ? | ? | ? | ? | ? | ? |
110 | | A192KW             | ? | ? | ? | ? | ? | ? |
111 | | A256KW             | ? | ? | ? | ? | ? | ? |
112 | | dir                | ? | ? | ? | ? | ? | ? |
113 | | ECDH-ES            | ? | ? | ? | ? | ? | ? |
114 | | ECDH-ES+A128KW     | ? | ? | ? | ? | ? | ? |
115 | | ECDH-ES+A192KW     | ? | ? | ? | ? | ? | ? |
116 | | ECDH-ES+A256KW     | ? | ? | ? | ? | ? | ? |
117 | | A128GCMKW          | ? | ? | ? | ? | ? | ? |
118 | | A192GCMKW          | ? | ? | ? | ? | ? | ? |
119 | | A256GCMKW          | ? | ? | ? | ? | ? | ? |
120 | | PBES2-HS256+A128KW | ? | ? | ? | ? | ? | ? |
121 | | PBES2-HS384+A192KW | ? | ? | ? | ? | ? | ? |
122 | | PBES2-HS512+A256KW | ? | ? | ? | ? | ? | ? |
123 | 
124 | Here's a legend for the [JWA alg abbreviations](https://tools.ietf.org/html/rfc7518#section-3.1):
125 | 
126 | | Key                | Signature, MAC or Key Management Algorithm                                    |
127 | | ------------------ | ----------------------------------------------------------------------------- |
128 | | HS256              | HMAC using SHA-256                                                            |
129 | | HS384              | HMAC using SHA-384                                                            |
130 | | HS512              | HMAC using SHA-512                                                            |
131 | | RS256              | RSASSA-PKCS1-v1_5 using SHA-256                                               |
132 | | RS384              | RSASSA-PKCS1-v1_5 using SHA-384                                               |
133 | | RS512              | RSASSA-PKCS1-v1_5 using SHA-512                                               |
134 | | ES256              | ECDSA using P-256 and SHA-256                                                 |
135 | | ES384              | ECDSA using P-384 and SHA-384                                                 |
136 | | ES512              | ECDSA using P-521 and SHA-512                                                 |
137 | | PS256              | RSASSA-PSS using SHA-256 and MGF1 with SHA-256                                |
138 | | PS384              | RSASSA-PSS using SHA-384 and MGF1 with SHA-384                                |
139 | | PS512              | RSASSA-PSS using SHA-512 and MGF1 with SHA-512                                |
140 | | RSA1_5             | RSAES-PKCS1-v1_5                                                              |
141 | | RSA-OAEP           | RSAES OAEP using default parameters                                           |
142 | | RSA-OAEP-256       | RSAES OAEP using SHA-256 and MGF1 with SHA-256                                |
143 | | A128KW             | AES Key Wrap with default initial value using 128-bit key                     |
144 | | A192KW             | AES Key Wrap with default initial value using 192-bit key                     |
145 | | A256KW             | AES Key Wrap with default initial value using 256-bit key                     |
146 | | dir                | Direct use of a shared symmetric key as the CEK                               |
147 | | ECDH-ES            | Elliptic Curve Diffie-Hellman Ephemeral Static key agreement using Concat KDF |
148 | | ECDH-ES+A128KW     | ECDH-ES using Concat KDF and CEK wrapped with "A128KW"                        |
149 | | ECDH-ES+A192KW     | ECDH-ES using Concat KDF and CEK wrapped with "A192KW"                        |
150 | | ECDH-ES+A256KW     | ECDH-ES using Concat KDF and CEK wrapped with "A256KW"                        |
151 | | A128GCMKW          | Key wrapping with AES GCM using 128-bit key                                   |
152 | | A192GCMKW          | Key wrapping with AES GCM using 192-bit key                                   |
153 | | A256GCMKW          | Key wrapping with AES GCM using 256-bit key                                   |
154 | | PBES2-HS256+A128KW | PBES2 with HMAC SHA-256 and "A128KW" wrapping                                 |
155 | | PBES2-HS384+A192KW | PBES2 with HMAC SHA-384 and "A192KW" wrapping                                 |
156 | | PBES2-HS512+A256KW | PBES2 with HMAC SHA-512 and "A256KW" wrapping                                 |
157 | 
158 | ## License
159 | 
160 | MIT
161 | 


--------------------------------------------------------------------------------