FortKnoxster · mickeyjoes · Apr 5, 2022 · Mar 31, 2022 · Apr 4, 2022 · Apr 4, 2022
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -18,9 +18,9 @@
     "files": [
       "**/**.test.js"
     ],
-    "babel": true,
+    "verbose": true,
     "require": [
-      "@babel/polyfill",
+      "@babel/register",
       "./src/test/helpers/_setup-browser-env.js"
     ]
   },
@@ -44,28 +44,27 @@
     "end-to-end encryption"
   ],
   "devDependencies": {
-    "@ava/babel": "^1.0.1",
     "@babel/core": "^7.14.0",
     "@babel/polyfill": "^7.12.1",
     "@babel/preset-env": "^7.14.0",
     "@babel/register": "^7.12.1",
     "@istanbuljs/nyc-config-babel": "^3.0.0",
-    "ava": "^3.13.0",
+    "@peculiar/webcrypto": "^1.3.3",
+    "ava": "^4.1.0",
     "babel-core": "^6.26.3",
     "babel-loader": "^8.2.1",
     "babel-plugin-istanbul": "^6.0.0",
     "babel-register": "^6.26.0",
     "browser-env": "^3.3.0",
-    "eslint": "^7.26.0",
-    "eslint-config-airbnb-base": "^14.2.1",
+    "eslint": "^8.12.0",
+    "eslint-config-airbnb-base": "^15.0.0",
     "eslint-config-prettier": "^8.3.0",
-    "eslint-plugin-ava": "^12.0.0",
+    "eslint-plugin-ava": "^13.2.0",
     "eslint-plugin-import": "^2.22.1",
-    "eslint-plugin-prettier": "^3.1.4",
-    "husky": "^4.3.0",
+    "eslint-plugin-prettier": "^4.0.0",
+    "husky": "^7.0.4",
     "jsdoc": "^3.6.7",
-    "lint-staged": "^10.5.1",
-    "node-webcrypto-ossl": "^2.1.2",
+    "lint-staged": "^12.3.7",
     "nyc": "^15.1.0",
     "prettier": "^2.2.0",
     "webcrypto-core": "^1.2.0"

diff --git a/src/index.js b/src/index.js
@@ -83,6 +83,8 @@ export { decryptRawSessionKey } from './kryptos/decrypter.js'
 export {
   initIdentity,
   generateUserKeys,
+  generateServiceKeys,
+  generateUserKeysV2,
   signData,
   verifyData,
   signWithIdentity,

diff --git a/src/kryptos/algorithms.js b/src/kryptos/algorithms.js
@@ -1,4 +1,4 @@
-import { LENGTH_256, LENGTH_2048, PSK, PDK } from './constants.js'
+import { LENGTH_256, LENGTH_2048, LENGTH_8192, PSK, PDK } from './constants.js'
 
 export const EC_AES_GCM_256 = 'EC:AES-GCM-256'
 export const RSA = 'RSA'
@@ -16,6 +16,12 @@ export const RSA_OAEP_2048 = 'RSA-OAEP-2048'
 export const ES512 = 'ES512'
 export const ECDSA_P521 = 'ECDSA-P521'
 export const ECDH_P521 = 'ECDH-P521'
+export const RSA_OAEP_512 = 'RSA-OAEP-512'
+export const PS512 = 'PS512'
+export const RSA_OAEP_4096 = 'RSA-OAEP-4096'
+export const RSA_PSS_4096 = 'RSA-PSS-4096'
+export const RSA_OAEP_8192 = 'RSA-OAEP-8192'
+export const RSA_PSS_8192 = 'RSA-PSS-8192'
 
 export const PBKDF2 = {
   name: 'PBKDF2',
@@ -29,11 +35,25 @@ export const SHA_256 = {
   name: 'SHA-256',
 }
 
+export const SHA_512 = {
+  name: 'SHA-512',
+}
+
 export const RSA_OAEP = {
   name: 'RSA-OAEP',
   hash: SHA_256,
 }
 
+export const RSA_OAEP_8K = {
+  name: 'RSA-OAEP',
+  hash: SHA_512,
+}
+
+export const RSA_PSS_8K = {
+  name: 'RSA-PSS',
+  hash: SHA_512,
+}
+
 export const AES_CBC = {
   name: 'AES-CBC',
 }
@@ -69,6 +89,20 @@ export const RSA_OAEP_ALGO = {
   hash: SHA_256,
 }
 
+export const RSA_OAEP_ALGO_8K = {
+  name: 'RSA-OAEP',
+  modulusLength: LENGTH_8192,
+  publicExponent: new Uint8Array([1, 0, 1]), // 24 bit representation of 65537
+  hash: SHA_512,
+}
+
+export const RSA_PSS_ALGO_8K = {
+  name: 'RSA-PSS',
+  modulusLength: LENGTH_8192,
+  publicExponent: new Uint8Array([1, 0, 1]), // 24 bit representation of 65537
+  hash: SHA_512,
+}
+
 export const ECDH_ALGO = {
   name: 'ECDH',
   namedCurve: 'P-521',
@@ -134,6 +168,10 @@ export function getAlgorithm(algo) {
     case RSA_OAEP_2048:
     case RSA_OAEP.name:
       return RSA_OAEP
+    case RSA_OAEP_512:
+      return RSA_OAEP_8K
+    case PS512:
+      return RSA_PSS_8K
     case ECDSA_ALGO.name:
     case ES512:
     case ECDSA_P521:
@@ -153,6 +191,8 @@ export function getSignAlgorithm(algo) {
   switch (algo) {
     case RSASSA_PKCS1_V1_5.name:
       return RSASSA_PKCS1_V1_5
+    case RSA_PSS_8K.name:
+      return RSA_PSS_8K
     case ECDSA_ALGO.name:
       return { name: ECDSA_ALGO.name, hash: SHA_256 }
     case HMAC_ALGO.name:
@@ -205,6 +245,10 @@ export function getKeyMode(keyType) {
       return EC
     case RSA_OAEP_2048:
     case RSASSA_PKCS1_V1_5_2048:
+    case RSA_OAEP_4096:
+    case RSA_PSS_4096:
+    case RSA_OAEP_8192:
+    case RSA_PSS_8192:
       return RSA
     default:
       break
@@ -222,6 +266,10 @@ export function keyContainerType(algorithm) {
       return RSASSA_PKCS1_V1_5_2048
     case RSA_OAEP_ALGO:
       return RSA_OAEP_2048
+    case RSA_OAEP_ALGO_8K:
+      return RSA_OAEP_8192
+    case RSA_PSS_ALGO_8K:
+      return RSA_PSS_8192
     default:
       break
   }

diff --git a/src/kryptos/constants.js b/src/kryptos/constants.js
@@ -18,6 +18,7 @@ export const SERVICES = {
   storage: 'storage',
   protocol: 'protocol',
   company: 'company',
+  wallet: 'wallet',
 }
 export const SERVICE_MODES = {
   rsa: 'RSA',

diff --git a/src/kryptos/identity.js b/src/kryptos/identity.js
@@ -5,6 +5,14 @@ import {
   generateIdentityKeys,
 } from './serviceKeyStore.js'
 import { PSK, PVK, SERVICES, PROTECTOR_TYPES } from './constants.js'
+import {
+  ECDSA_ALGO,
+  ECDH_ALGO,
+  RSASSA_PKCS1_V1_5_ALGO,
+  RSA_OAEP_ALGO,
+  RSA_PSS_ALGO_8K,
+  RSA_OAEP_ALGO_8K,
+} from './algorithms.js'
 import { importPublicVerifyKey } from './keys.js'
 import { signIt, sign } from './signer.js'
 import { verifyIt, verify } from './verifier.js'
@@ -82,13 +90,7 @@ export async function initIdentity(id) {
   }
 }
 
-const serviceKeys = [
-  { service: SERVICES.mail, rsa: true },
-  { service: SERVICES.storage, rsa: true },
-  { service: SERVICES.protocol, rsa: false },
-]
-
-export async function generateUserKeys(id, plainPassword) {
+export async function generateServiceKeys(id, plainPassword, serviceKeys) {
   try {
     const identityKeyStore = await generateIdentityKeys(plainPassword)
 
@@ -105,7 +107,8 @@ export async function generateUserKeys(id, plainPassword) {
           plainPassword,
           identityKeyStore.psk.privateKey,
           PROTECTOR_TYPES.password,
-          serviceKey.rsa,
+          serviceKey.signAlgorithm,
+          serviceKey.encryptAlgorithm,
         ),
       ),
     )
@@ -125,3 +128,40 @@ export async function generateUserKeys(id, plainPassword) {
     return Promise.reject(e)
   }
 }
+
+export function generateUserKeys(id, plainPassword) {
+  const serviceKeys = [
+    {
+      service: SERVICES.mail,
+      signAlgorithm: RSASSA_PKCS1_V1_5_ALGO,
+      encryptAlgorithm: RSA_OAEP_ALGO,
+    },
+    {
+      service: SERVICES.storage,
+      signAlgorithm: RSASSA_PKCS1_V1_5_ALGO,
+      encryptAlgorithm: RSA_OAEP_ALGO,
+    },
+    {
+      service: SERVICES.protocol,
+      signAlgorithm: ECDSA_ALGO,
+      encryptAlgorithm: ECDH_ALGO,
+    },
+  ]
+  return generateServiceKeys(id, plainPassword, serviceKeys)
+}
+
+export function generateUserKeysV2(id, plainPassword) {
+  const serviceKeys = [
+    {
+      service: SERVICES.storage,
+      signAlgorithm: RSA_PSS_ALGO_8K,
+      encryptAlgorithm: RSA_OAEP_ALGO_8K,
+    },
+    {
+      service: SERVICES.protocol,
+      signAlgorithm: ECDSA_ALGO,
+      encryptAlgorithm: ECDH_ALGO,
+    },
+  ]
+  return generateServiceKeys(id, plainPassword, serviceKeys)
+}
diff --git a/src/kryptos/keyContainer.js b/src/kryptos/keyContainer.js
@@ -43,7 +43,7 @@ import { encrypt } from './encrypter.js'
 import * as algorithms from './algorithms.js'
 import { getUsage } from './usages.js'
 import { getProtector, packProtector } from './protector.js'
-import { PROTECTOR_TYPES, EXTRACTABLE } from './constants.js'
+import { EXTRACTABLE } from './constants.js'
 
 function newKeyContainer(wrappedKey, iv, keyType) {
   return {
@@ -165,7 +165,7 @@ export async function lockKeyContainer(
 export async function unlockKeyContainer(
   keyContainer,
   protectorKey,
-  type = PROTECTOR_TYPES.password,
+  type,
   includeProtector,
 ) {
   try {

diff --git a/src/kryptos/keys.js b/src/kryptos/keys.js
@@ -290,9 +290,11 @@ export function exportRawKey(key) {
 export function generateKeyPair(algorithm) {
   switch (algorithm.name) {
     case algorithms.RSASSA_PKCS1_V1_5_ALGO.name:
+    case algorithms.RSA_PSS_ALGO_8K.name:
     case algorithms.ECDSA_ALGO.name:
       return generateSigningKeyPair(algorithm)
     case algorithms.RSA_OAEP_ALGO.name:
+    case algorithms.RSA_OAEP_ALGO_8K.name:
       return generateEncryptionKeyPair(algorithm)
     case algorithms.ECDH_ALGO.name:
       return generateDerivationKeyPair(algorithm)

diff --git a/src/kryptos/keystore.js b/src/kryptos/keystore.js
@@ -75,7 +75,7 @@ export async function setupIdentityKeys(
   id,
   protectorKey,
   algorithm,
-  protectorType = PROTECTOR_TYPES.password,
+  protectorType,
   protectorIdentifier,
 ) {
   try {
@@ -116,7 +116,7 @@ export async function setupKeys(
   identityKey,
   signAlgorithm,
   encryptAlgorithm,
-  protectorType = PROTECTOR_TYPES.password,
+  protectorType,
   protectorIdentifier,
 ) {
   try {
@@ -136,7 +136,7 @@ export async function setupKeys(
       protectorIdentifier,
     )
     const signature = await signPublicKeys(
-      identityKey,
+      identityKey, // === null ? signContainer.privateKey : identityKey, // Self-sign if no identity key provided
       encryptContainer.publicKey,
       signContainer.publicKey,
     )
@@ -347,9 +347,9 @@ export async function lock(
   service,
   keyContainers,
   protectorKey,
-  type = PROTECTOR_TYPES.password,
+  type,
   newProtectorKey,
-  newType = PROTECTOR_TYPES.password,
+  newType,
   protectorIdentifier,
 ) {
   try {