From 2831909aae6081502ba67575b1d58f37f4db84d6 Mon Sep 17 00:00:00 2001 From: Orie Steele Date: Sat, 10 Aug 2024 08:29:52 -0500 Subject: [PATCH 1/7] update cose-js --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 0530066..ad436f5 100644 --- a/package.json +++ b/package.json @@ -37,7 +37,7 @@ "@typescript-eslint/eslint-plugin": "^5.47.1", "@typescript-eslint/parser": "^5.47.1", "axios": "^1.6.7", - "cose-js": "^0.8.4", + "cose-js": "^0.9.0", "csv-parser": "^3.0.0", "eslint": "^8.30.0", "hpke-js": "^1.2.7", From 52b905793bf099ea5733f52ece86d88b01b031b1 Mon Sep 17 00:00:00 2001 From: Orie Steele Date: Sat, 10 Aug 2024 08:30:52 -0500 Subject: [PATCH 2/7] package lock --- package-lock.json | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/package-lock.json b/package-lock.json index 2c9cc37..6a989db 100644 --- a/package-lock.json +++ b/package-lock.json @@ -23,7 +23,7 @@ "@typescript-eslint/eslint-plugin": "^5.47.1", "@typescript-eslint/parser": "^5.47.1", "axios": "^1.6.7", - "cose-js": "^0.8.4", + "cose-js": "^0.9.0", "csv-parser": "^3.0.0", "eslint": "^8.30.0", "hpke-js": "^1.2.7", @@ -1314,6 +1314,23 @@ "uuid": "^9.0.1" } }, + "node_modules/@transmute/cose/node_modules/cose-js": { + "version": "0.8.4", + "resolved": "https://registry.npmjs.org/cose-js/-/cose-js-0.8.4.tgz", + "integrity": "sha512-TYt82olRQS/iZyb/qchG4KZSnzVBlOVXJjTCCgwKZUIkqqFyUIA+JG8OQdX5+ZyiWLj9W118Kuf3/jII0Gb/Bg==", + "license": "Apache-2.0", + "dependencies": { + "aes-cbc-mac": "^1.0.1", + "any-promise": "^1.3.0", + "cbor": "^8.1.0", + "elliptic": "^6.4.0", + "node-hkdf-sync": "^1.0.0", + "node-rsa": "^1.1.1" + }, + "engines": { + "node": ">=12.0" + } + }, "node_modules/@transmute/rfc9162": { "version": "0.0.5", "license": "Apache-2.0" @@ -2097,7 +2114,10 @@ "license": "MIT" }, "node_modules/cose-js": { - "version": "0.8.4", + "version": "0.9.0", + "resolved": "https://registry.npmjs.org/cose-js/-/cose-js-0.9.0.tgz", + "integrity": "sha512-iYQvus+3LmjqXE2VkNKPQMZ5x+frSrk7WfSB7asTHYqpBuAG1ezdUEqJ5lXDuGoLbOSDOFAIgslawjkI2fX/hQ==", + "dev": true, "license": "Apache-2.0", "dependencies": { "aes-cbc-mac": "^1.0.1", From 7ae4190d5cd051bbb255bda2b560bba738a4d1b8 Mon Sep 17 00:00:00 2001 From: Orie Steele Date: Sat, 10 Aug 2024 08:32:27 -0500 Subject: [PATCH 3/7] remove cose-js --- package.json | 3 +- test/encrypt.interop.test.ts | 291 ----------------------------------- test/sign1.interop.test.ts | 72 --------- typings.d.ts | 2 - 4 files changed, 1 insertion(+), 367 deletions(-) delete mode 100644 test/encrypt.interop.test.ts delete mode 100644 test/sign1.interop.test.ts diff --git a/package.json b/package.json index ad436f5..760c9c4 100644 --- a/package.json +++ b/package.json @@ -37,7 +37,6 @@ "@typescript-eslint/eslint-plugin": "^5.47.1", "@typescript-eslint/parser": "^5.47.1", "axios": "^1.6.7", - "cose-js": "^0.9.0", "csv-parser": "^3.0.0", "eslint": "^8.30.0", "hpke-js": "^1.2.7", @@ -55,4 +54,4 @@ "node-hkdf-sync": "^1.0.0", "uuid": "^9.0.1" } -} +} \ No newline at end of file diff --git a/test/encrypt.interop.test.ts b/test/encrypt.interop.test.ts deleted file mode 100644 index a32c6b3..0000000 --- a/test/encrypt.interop.test.ts +++ /dev/null @@ -1,291 +0,0 @@ -import cose from 'cose-js'; - -import * as transmute from '../src' - -const { - ProtectedHeader, - UnprotectedHeader, - Protected, - Unprotected, - Aead, - KeyType, - COSE_Encrypt, - Epk, - Curve, - KeyAgreement, - KeyAgreementWithKeyWrap -} = transmute - -it('p256-hkdf-256-01: ECDH-ES direct w/ hkdf-sha-256 for 128-bit key', async () => { - const example = { - "title": "p256-hkdf-256-01: ECDH-ES direct w/ hkdf-sha-256 for 128-bit key", - "input": { - "plaintext": "This is the content.", - "enveloped": { - "protected": { - "alg": "A128GCM" - }, - "recipients": [ - { - "key": { - "kty": "EC", - "kid": "meriadoc.brandybuck@buckland.example", - "crv": "P-256", - "x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0", - "y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw", - "d": "r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8" - }, - "protected": { - "alg": "ECDH-ES" - }, - "unprotected": { - "kid": "meriadoc.brandybuck@buckland.example" - }, - "unsent": { - "compressed": 0 - } - } - ] - }, - "rng_stream": [ - "02D1F7E6F26C43D4868D87CEB2353161740AACF1F7163647984B522A848DF1C3", - "C9CF4DF2FE6C632BF7886413" - ] - }, - "intermediates": { - "AAD_hex": "8367456E637279707443A1010140", - "CEK_hex": "56074D506729CA40C4B4FE50C6439893", - "recipients": [ - { - "Context_hex": "840183F6F6F683F6F6F682188044A1013818", - "Secret_hex": "4B31712E096E5F20B4ECF9790FD8CC7C8B7E2C8AD90BDA81CB224F62C0E7B9A6" - } - ] - }, - "output": { - "cbor_diag": "96([h'A10101', {5: h'C9CF4DF2FE6C632BF7886413'}, h'7ADBE2709CA818FB415F1E5DF66F4E1A51053BA6D65A1A0C52A357DA7A644B8070A151B0', [[h'A1013818', {-1: {1: 2, -1: 1, -2: h'98F50A4FF6C05861C8860D13A638EA56C3F5AD7590BBFBF054E1C7B4D91D6280', -3: h'F01400B089867804B8E9FC96C3932161F1934F4223069170D924B7E03BF822BB'}, 4: h'6D65726961646F632E6272616E64796275636B406275636B6C616E642E6578616D706C65'}, h'']]])", - "cbor": "D8608443A10101A1054CC9CF4DF2FE6C632BF788641358247ADBE2709CA818FB415F1E5DF66F4E1A51053BA6D65A1A0C52A357DA7A644B8070A151B0818344A1013818A220A40102200121582098F50A4FF6C05861C8860D13A638EA56C3F5AD7590BBFBF054E1C7B4D91D6280225820F01400B089867804B8E9FC96C3932161F1934F4223069170D924B7E03BF822BB0458246D65726961646F632E6272616E64796275636B406275636B6C616E642E6578616D706C6540" - } - } - const p = example.input.enveloped.protected; - const u = undefined; - const plaintext = Buffer.from(example.input.plaintext); - function randomSource(bytes: number) { - if (bytes === 12) { - return Buffer.from('C9CF4DF2FE6C632BF7886413', 'hex'); - } else { - return Buffer.from('02D1F7E6F26C43D4868D87CEB2353161740AACF1F7163647984B522A848DF1C3', 'hex'); - } - } - const recipient = [{ - key: { - kty: example.input.enveloped.recipients[0].key.kty, - kid: example.input.enveloped.recipients[0].key.kid, - crv: example.input.enveloped.recipients[0].key.crv, - x: Buffer.from(example.input.enveloped.recipients[0].key.x, 'base64'), - y: Buffer.from(example.input.enveloped.recipients[0].key.y, 'base64'), - d: Buffer.from(example.input.enveloped.recipients[0].key.d, 'base64') - }, - p: example.input.enveloped.recipients[0].protected, - u: example.input.enveloped.recipients[0].unprotected - }]; - const options = { - randomSource: randomSource - }; - const header = { p: p, u: u }; - const buf = await cose.encrypt.create(header, plaintext, recipient, options); - const actual = transmute.cbor.decodeFirstSync(buf); - const expected = transmute.cbor.decodeFirstSync(example.output.cbor); - expect(actual.value[0].toString('hex')).toBe(expected.value[0].toString('hex').toString('hex')) - expect(actual.value[2].toString('hex')).toBe(expected.value[2].toString('hex').toString('hex')) - // https://datatracker.ietf.org/doc/html/rfc9052#section-5.1 - const [protectedHeader, unprotectedHeader, ciphertext, recipients] = actual.value - expect(unprotectedHeader.get(Unprotected.Iv).toString('hex')).toBe(Buffer.from('C9CF4DF2FE6C632BF7886413', 'hex').toString('hex')) - const decodedProtectedHeader = transmute.cbor.decodeFirstSync(protectedHeader); - expect(decodedProtectedHeader.get(Protected.Alg)).toBe(Aead.A128GCM) - const [[recipientProtectedHeader, recipientUnprotectedHeader, recipientCipherText]] = recipients - const kid = recipientUnprotectedHeader.get(Unprotected.Kid) - const epk = recipientUnprotectedHeader.get(Unprotected.Epk) - expect(kid.toString()).toBe('meriadoc.brandybuck@buckland.example') - const kty = epk.get(Epk.Kty) - expect(kty).toBe(KeyType.EC2) - const crv = epk.get(Epk.Crv) - expect(crv).toBe(Curve.P256) - const decodedRecipientProtectedHeader = transmute.cbor.decodeFirstSync(recipientProtectedHeader); - expect(decodedRecipientProtectedHeader.get(Protected.Alg)).toBe(KeyAgreement['ECDH-ES+HKDF-256']) - expect(recipientCipherText.length).toBe(0) - const decrypted = await transmute.decrypt.direct({ - ciphertext: buf, - recipients: { - keys: [{ - "kty": "EC", - "kid": "meriadoc.brandybuck@buckland.example", - "crv": "P-256", - "x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0", - "y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw", - "d": "r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8" - }] - } - }) - expect(Buffer.from(decrypted).toString()).toBe('This is the content.') -}) - - -it('p256-wrap-128-01: ECDH-ES direct w/ key wrap 128 for 128-bit key', async () => { - const example = { - "title": "p256-wrap-128-01: ECDH-ES direct w/ key wrap 128 for 128-bit key", - "input": { - "plaintext": "This is the content.", - "enveloped": { - "protected": { - "alg": "A128GCM" - }, - "recipients": [ - { - "key": { - "kty": "EC", - "kid": "meriadoc.brandybuck@buckland.example", - "crv": "P-256", - "x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0", - "y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw", - "d": "r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8" - }, - "protected": { - "alg": "ECDH-ES-A128KW" - }, - "unprotected": { - "kid": "meriadoc.brandybuck@buckland.example", - "epk": { - "kty": "EC", - "crv": "P-256", - "x": "mPUKT_bAWGHIhg0TpjjqVsP1rXWQu_vwVOHHtNkdYoA", - "y": "8BQAsImGeAS46fyWw5MhYfGTT0IjBpFw2SS34Dv4Irs" - } - } - } - ] - }, - "rng_stream": [ - "B2353161740AACF1F7163647984B522A", - "02D1F7E6F26C43D4868D87CE", - "848DF1C3C9CF4DF2FE6C632BF7886413F76E885255273703EE32E5A427A34F7B" - ] - }, - "intermediates": { - "AAD_hex": "8367456E637279707443A1010140", // good - "CEK_hex": "B2353161740AACF1F7163647984B522A", - "recipients": [ - { - "Context_hex": "842283F6F6F683F6F6F682188044A101381C", - "Secret_hex": "EE45F7C389FDB89923CA67C0E0CD29802DEC8F514EB818054BEEDD5DAFA78048", // good - "KEK_hex": "7C60CB35A78B24DCF40A394395E9E8CD" - } - ] - }, - "output": { - "cbor_diag": "96([h'A10101', {5: h'02D1F7E6F26C43D4868D87CE'}, h'64F84D913BA60A76070A9A48F26E97E863E2852948658F0811139868826E89218A75715B', [[h'A101381C', {-1: {1: 2, -1: 1, -2: h'ECDBCEC636CC1408A503BBF6B7311B900C9AED9C5B71503848C89A07D0EF6F5B', -3: h'D6D1586710C02203E4E53B20DC7B233CA4C8B6853467B9FB8244A3840ACCD602'}, 4: h'6D65726961646F632E6272616E64796275636B406275636B6C616E642E6578616D706C65'}, h'D23BCA11C3F8E35BF6F81412794E159772E946FF4FB31BD1']]])", - "cbor": "D8608443A10101A1054C02D1F7E6F26C43D4868D87CE582464F84D913BA60A76070A9A48F26E97E863E2852948658F0811139868826E89218A75715B818344A101381CA220A401022001215820ECDBCEC636CC1408A503BBF6B7311B900C9AED9C5B71503848C89A07D0EF6F5B225820D6D1586710C02203E4E53B20DC7B233CA4C8B6853467B9FB8244A3840ACCD6020458246D65726961646F632E6272616E64796275636B406275636B6C616E642E6578616D706C655818D23BCA11C3F8E35BF6F81412794E159772E946FF4FB31BD1" - } - } - const expected = transmute.cbor.decode(Buffer.from(example.output.cbor, 'hex')) - const [protectedHeader, , ciphertext, recipients] = expected.value - const decodedProtectedHeader = transmute.cbor.decodeFirstSync(protectedHeader); - expect(decodedProtectedHeader.get(Protected.Alg)).toBe(Aead.A128GCM) // alg : A128GCM - const [[recipientProtectedHeader, recipientUnprotectedHeader, recipientCipherText]] = recipients - const kid = recipientUnprotectedHeader.get(Unprotected.Kid) - const epk = recipientUnprotectedHeader.get(Unprotected.Epk) - expect(kid.toString()).toBe('meriadoc.brandybuck@buckland.example') - const kty = epk.get(Epk.Kty) - expect(kty).toBe(KeyType.EC2) - const crv = epk.get(Epk.Crv) // - expect(crv).toBe(Curve.P256) // crv : P-256 - const decodedRecipientProtectedHeader = transmute.cbor.decodeFirstSync(recipientProtectedHeader); - expect(decodedRecipientProtectedHeader.get(Protected.Alg)).toBe(KeyAgreementWithKeyWrap['ECDH-ES+A128KW']) - const decrypted = await transmute.decrypt.wrap({ - ciphertext: Buffer.from(example.output.cbor, 'hex'), - recipients: { - keys: [{ - "kty": "EC", - "kid": "meriadoc.brandybuck@buckland.example", - "crv": "P-256", - "x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0", - "y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw", - "d": "r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8" - }] - } - }) - expect(Buffer.from(decrypted).toString()).toBe('This is the content.') - -}) - -it('direct', async () => { - const message = "💀 My lungs taste the air of Time Blown past falling sands ⌛" - const ciphertext = await transmute.encrypt.direct({ - protectedHeader: ProtectedHeader([ - [Protected.Alg, Aead.A128GCM], - ]), - unprotectedHeader: UnprotectedHeader([]), - plaintext: new TextEncoder().encode(message), - recipients: { - keys: [{ - "kty": "EC", - "kid": "meriadoc.brandybuck@buckland.example", - "crv": "P-256", - "x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0", - "y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw", - }] - } - }) - const decoded = transmute.cbor.decodeFirstSync(ciphertext); - expect(decoded.tag).toBe(COSE_Encrypt) - const decrypted = await transmute.decrypt.direct({ - ciphertext: ciphertext, - recipients: { - keys: [{ - "kty": "EC", - "kid": "meriadoc.brandybuck@buckland.example", - "crv": "P-256", - "x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0", - "y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw", - "d": "r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8" - }] - } - }) - expect(new TextDecoder().decode(decrypted)).toBe(message) -}) - -it('wrap', async () => { - const message = "💀 My lungs taste the air of Time Blown past falling sands ⌛" - const ciphertext = await transmute.encrypt.wrap({ - protectedHeader: ProtectedHeader([ - [Protected.Alg, Aead.A128GCM], - ]), - unprotectedHeader: UnprotectedHeader([]), - plaintext: new TextEncoder().encode(message), - recipients: { - keys: [{ - "kty": "EC", - "kid": "meriadoc.brandybuck@buckland.example", - "crv": "P-256", - "x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0", - "y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw", - }] - } - }) - const decoded = transmute.cbor.decodeFirstSync(ciphertext); - expect(decoded.tag).toBe(COSE_Encrypt) - const decrypted = await transmute.decrypt.wrap({ - ciphertext: ciphertext, - recipients: { - keys: [{ - "kty": "EC", - "kid": "meriadoc.brandybuck@buckland.example", - "crv": "P-256", - "x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0", - "y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw", - "d": "r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8" - }] - } - }) - expect(new TextDecoder().decode(decrypted)).toBe(message) -}) \ No newline at end of file diff --git a/test/sign1.interop.test.ts b/test/sign1.interop.test.ts deleted file mode 100644 index c8a3b48..0000000 --- a/test/sign1.interop.test.ts +++ /dev/null @@ -1,72 +0,0 @@ -import * as transmute from '../src' -import * as jose from 'jose' -import cose from 'cose-js' - -const secretKeyJwk = { - alg: 'ES256', - kty: 'EC', - crv: 'P-256', - x: jose.base64url.encode(Buffer.from('143329cce7868e416927599cf65a34f3ce2ffda55a7eca69ed8919a394d42f0f', 'hex')), - y: jose.base64url.encode(Buffer.from('60f7f1a780d8a783bfb7a2dd6b2796e8128dbbcef9d3d168db9529971a36e7b9', 'hex')), - d: jose.base64url.encode(Buffer.from('6c1382765aec5358f117733d281c1c7bdc39884d04a45a1e6c67c858bc206c19', 'hex')), -} -// eslint-disable-next-line @typescript-eslint/no-unused-vars -const { d, ...publicKeyJwk } = secretKeyJwk - -const protectedHeader = new Map(); -protectedHeader.set(1, -7) -const unprotectedHeader = new Map(); - -const message = 'hello' -const payload = Buffer.from(new TextEncoder().encode(message)) - -it('cross test sign and verify', async () => { - const s1 = await cose.sign.create( - { p: { 'alg': 'ES256' }, u: unprotectedHeader }, - payload, - { - key: { - d: jose.base64url.decode(secretKeyJwk.d), - }, - }, - ) - const v1 = await cose.sign.verify(s1, { - key: { - x: jose.base64url.decode(publicKeyJwk.x), - y: jose.base64url.decode(publicKeyJwk.y), - }, - }) - expect(new TextDecoder().decode(v1)).toBe(message) - const s2 = await transmute.signer({ - remote: transmute.crypto.signer({ - secretKeyJwk - }) - }).sign({ - protectedHeader, - unprotectedHeader, - payload: payload - }); - const v2 = await transmute.verifier({ - resolver: { - resolve: async () => { - return publicKeyJwk - } - } - }).verify({ coseSign1: s2 }); - expect(new TextDecoder().decode(v2)).toBe(message) - const v3 = await cose.sign.verify(s2, { - key: { - x: jose.base64url.decode(publicKeyJwk.x), - y: jose.base64url.decode(publicKeyJwk.y), - }, - }) - expect(new TextDecoder().decode(v3)).toBe(message) - const v4 = await transmute.verifier({ - resolver: { - resolve: async () => { - return publicKeyJwk - } - } - }).verify({ coseSign1: s1 }); - expect(new TextDecoder().decode(v4)).toBe(message) -}) diff --git a/typings.d.ts b/typings.d.ts index 3c67ca9..e69de29 100644 --- a/typings.d.ts +++ b/typings.d.ts @@ -1,2 +0,0 @@ -declare module 'cose-js' -declare module 'elliptic' \ No newline at end of file From b8cab4692b55fe03461fd50ef0299cb66749264f Mon Sep 17 00:00:00 2001 From: Orie Steele Date: Sat, 10 Aug 2024 08:33:01 -0500 Subject: [PATCH 4/7] lock --- package-lock.json | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/package-lock.json b/package-lock.json index 6a989db..5aa860a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -23,7 +23,6 @@ "@typescript-eslint/eslint-plugin": "^5.47.1", "@typescript-eslint/parser": "^5.47.1", "axios": "^1.6.7", - "cose-js": "^0.9.0", "csv-parser": "^3.0.0", "eslint": "^8.30.0", "hpke-js": "^1.2.7", @@ -2113,24 +2112,6 @@ "dev": true, "license": "MIT" }, - "node_modules/cose-js": { - "version": "0.9.0", - "resolved": "https://registry.npmjs.org/cose-js/-/cose-js-0.9.0.tgz", - "integrity": "sha512-iYQvus+3LmjqXE2VkNKPQMZ5x+frSrk7WfSB7asTHYqpBuAG1ezdUEqJ5lXDuGoLbOSDOFAIgslawjkI2fX/hQ==", - "dev": true, - "license": "Apache-2.0", - "dependencies": { - "aes-cbc-mac": "^1.0.1", - "any-promise": "^1.3.0", - "cbor": "^8.1.0", - "elliptic": "^6.4.0", - "node-hkdf-sync": "^1.0.0", - "node-rsa": "^1.1.1" - }, - "engines": { - "node": ">=12.0" - } - }, "node_modules/cross-spawn": { "version": "7.0.3", "dev": true, From 435dfb96efdf4a90e0603897ae48a07025da398c Mon Sep 17 00:00:00 2001 From: Orie Steele Date: Sat, 10 Aug 2024 08:33:04 -0500 Subject: [PATCH 5/7] 0.2.3 --- package-lock.json | 4 ++-- package.json | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index 5aa860a..46a6e8d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "@transmute/cose", - "version": "0.2.2", + "version": "0.2.3", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "@transmute/cose", - "version": "0.2.2", + "version": "0.2.3", "license": "Apache-2.0", "dependencies": { "@peculiar/x509": "^1.9.7", diff --git a/package.json b/package.json index 760c9c4..6a4f0b0 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@transmute/cose", - "version": "0.2.2", + "version": "0.2.3", "description": "COSE and related work.", "main": "./dist/index.js", "typings": "dist/index.d.ts", @@ -54,4 +54,4 @@ "node-hkdf-sync": "^1.0.0", "uuid": "^9.0.1" } -} \ No newline at end of file +} From 7a0a97d5cf9f6b8901517dcf59493da0af8e0f8a Mon Sep 17 00:00:00 2001 From: Orie Steele Date: Sat, 10 Aug 2024 08:35:31 -0500 Subject: [PATCH 6/7] fix audit --- package-lock.json | 121 +--------------------------------------------- package.json | 3 +- 2 files changed, 2 insertions(+), 122 deletions(-) diff --git a/package-lock.json b/package-lock.json index 46a6e8d..c362f4f 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10,7 +10,6 @@ "license": "Apache-2.0", "dependencies": { "@peculiar/x509": "^1.9.7", - "@transmute/cose": "^0.1.0", "@transmute/rfc9162": "^0.0.5", "cbor-web": "^9.0.2", "jose": "^4.14.4", @@ -1300,36 +1299,6 @@ "@sinonjs/commons": "^2.0.0" } }, - "node_modules/@transmute/cose": { - "version": "0.1.1", - "license": "Apache-2.0", - "dependencies": { - "@peculiar/x509": "^1.9.7", - "@transmute/cose": "^0.1.0", - "@transmute/rfc9162": "^0.0.5", - "cbor-web": "^9.0.2", - "cose-js": "^0.8.4", - "jose": "^4.14.4", - "uuid": "^9.0.1" - } - }, - "node_modules/@transmute/cose/node_modules/cose-js": { - "version": "0.8.4", - "resolved": "https://registry.npmjs.org/cose-js/-/cose-js-0.8.4.tgz", - "integrity": "sha512-TYt82olRQS/iZyb/qchG4KZSnzVBlOVXJjTCCgwKZUIkqqFyUIA+JG8OQdX5+ZyiWLj9W118Kuf3/jII0Gb/Bg==", - "license": "Apache-2.0", - "dependencies": { - "aes-cbc-mac": "^1.0.1", - "any-promise": "^1.3.0", - "cbor": "^8.1.0", - "elliptic": "^6.4.0", - "node-hkdf-sync": "^1.0.0", - "node-rsa": "^1.1.1" - }, - "engines": { - "node": ">=12.0" - } - }, "node_modules/@transmute/rfc9162": { "version": "0.0.5", "license": "Apache-2.0" @@ -1651,10 +1620,6 @@ "acorn": "^6.0.0 || ^7.0.0 || ^8.0.0" } }, - "node_modules/aes-cbc-mac": { - "version": "1.0.1", - "license": "MIT" - }, "node_modules/ajv": { "version": "6.12.6", "dev": true, @@ -1717,10 +1682,6 @@ "url": "https://github.com/chalk/ansi-styles?sponsor=1" } }, - "node_modules/any-promise": { - "version": "1.3.0", - "license": "MIT" - }, "node_modules/anymatch": { "version": "3.1.3", "dev": true, @@ -1746,13 +1707,6 @@ "node": ">=8" } }, - "node_modules/asn1": { - "version": "0.2.6", - "license": "MIT", - "dependencies": { - "safer-buffer": "~2.1.0" - } - }, "node_modules/asn1js": { "version": "3.0.5", "license": "BSD-3-Clause", @@ -1875,10 +1829,6 @@ "dev": true, "license": "MIT" }, - "node_modules/bn.js": { - "version": "4.12.0", - "license": "MIT" - }, "node_modules/brace-expansion": { "version": "1.1.11", "dev": true, @@ -1899,10 +1849,6 @@ "node": ">=8" } }, - "node_modules/brorand": { - "version": "1.1.0", - "license": "MIT" - }, "node_modules/browserslist": { "version": "4.21.5", "dev": true, @@ -1989,16 +1935,6 @@ ], "license": "CC-BY-4.0" }, - "node_modules/cbor": { - "version": "8.1.0", - "license": "MIT", - "dependencies": { - "nofilter": "^3.1.0" - }, - "engines": { - "node": ">=12.19" - } - }, "node_modules/cbor-web": { "version": "9.0.2", "license": "MIT", @@ -2224,19 +2160,6 @@ "dev": true, "license": "ISC" }, - "node_modules/elliptic": { - "version": "6.5.6", - "license": "MIT", - "dependencies": { - "bn.js": "^4.11.9", - "brorand": "^1.1.0", - "hash.js": "^1.0.0", - "hmac-drbg": "^1.0.1", - "inherits": "^2.0.4", - "minimalistic-assert": "^1.0.1", - "minimalistic-crypto-utils": "^1.0.1" - } - }, "node_modules/emittery": { "version": "0.13.1", "dev": true, @@ -2806,23 +2729,6 @@ "node": ">=8" } }, - "node_modules/hash.js": { - "version": "1.1.7", - "license": "MIT", - "dependencies": { - "inherits": "^2.0.3", - "minimalistic-assert": "^1.0.1" - } - }, - "node_modules/hmac-drbg": { - "version": "1.0.1", - "license": "MIT", - "dependencies": { - "hash.js": "^1.0.3", - "minimalistic-assert": "^1.0.0", - "minimalistic-crypto-utils": "^1.0.1" - } - }, "node_modules/hpke-js": { "version": "1.2.7", "dev": true, @@ -2909,6 +2815,7 @@ }, "node_modules/inherits": { "version": "2.0.4", + "dev": true, "license": "ISC" }, "node_modules/ipaddr.js": { @@ -3821,14 +3728,6 @@ "node": ">=6" } }, - "node_modules/minimalistic-assert": { - "version": "1.0.1", - "license": "ISC" - }, - "node_modules/minimalistic-crypto-utils": { - "version": "1.0.1", - "license": "MIT" - }, "node_modules/minimatch": { "version": "3.1.2", "dev": true, @@ -3890,20 +3789,6 @@ "dev": true, "license": "MIT" }, - "node_modules/node-rsa": { - "version": "1.1.1", - "license": "MIT", - "dependencies": { - "asn1": "^0.2.4" - } - }, - "node_modules/nofilter": { - "version": "3.1.0", - "license": "MIT", - "engines": { - "node": ">=12.19" - } - }, "node_modules/normalize-path": { "version": "3.0.0", "dev": true, @@ -4367,10 +4252,6 @@ "queue-microtask": "^1.2.2" } }, - "node_modules/safer-buffer": { - "version": "2.1.2", - "license": "MIT" - }, "node_modules/semver": { "version": "7.6.3", "dev": true, diff --git a/package.json b/package.json index 6a4f0b0..ce5d0e5 100644 --- a/package.json +++ b/package.json @@ -47,11 +47,10 @@ }, "dependencies": { "@peculiar/x509": "^1.9.7", - "@transmute/cose": "^0.1.0", "@transmute/rfc9162": "^0.0.5", "cbor-web": "^9.0.2", "jose": "^4.14.4", "node-hkdf-sync": "^1.0.0", "uuid": "^9.0.1" } -} +} \ No newline at end of file From 45289bab33212a9ebe6192ffca70468428aee380 Mon Sep 17 00:00:00 2001 From: Orie Steele Date: Sat, 10 Aug 2024 08:35:40 -0500 Subject: [PATCH 7/7] 0.2.4 --- package-lock.json | 4 ++-- package.json | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index c362f4f..9ffa6a2 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "@transmute/cose", - "version": "0.2.3", + "version": "0.2.4", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "@transmute/cose", - "version": "0.2.3", + "version": "0.2.4", "license": "Apache-2.0", "dependencies": { "@peculiar/x509": "^1.9.7", diff --git a/package.json b/package.json index ce5d0e5..bd81266 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@transmute/cose", - "version": "0.2.3", + "version": "0.2.4", "description": "COSE and related work.", "main": "./dist/index.js", "typings": "dist/index.d.ts", @@ -53,4 +53,4 @@ "node-hkdf-sync": "^1.0.0", "uuid": "^9.0.1" } -} \ No newline at end of file +}