rsaDecrypt implementation

src/abstractions/cryptoFunction.service.ts

@@ -3,4 +3,5 @@ export abstract class CryptoFunctionService {
         iterations: number) => Promise<ArrayBuffer>;
     hash: (value: string | ArrayBuffer, algorithm: 'sha1' | 'sha256' | 'sha512') => Promise<ArrayBuffer>;
     hmac: (value: ArrayBuffer, key: ArrayBuffer, algorithm: 'sha1' | 'sha256' | 'sha512') => Promise<ArrayBuffer>;
+    rsaDecrypt: (data: ArrayBuffer, key: ArrayBuffer, algorithm: 'sha1' | 'sha256') => Promise<ArrayBuffer>;
 }

src/services/nodeCryptoFunction.service.ts

@@ -1,4 +1,5 @@
 import * as crypto from 'crypto';
+import * as constants from 'constants';
 
 import { CryptoFunctionService } from '../abstractions/cryptoFunction.service';
 
@@ -56,6 +57,20 @@ export class NodeCryptoFunctionService implements CryptoFunctionService {
         return Promise.resolve(decBuf.buffer);
     }
 
+    rsaDecrypt(data: ArrayBuffer, key: ArrayBuffer, algorithm: 'sha1' | 'sha256'): Promise<ArrayBuffer> {
+        if (algorithm !== 'sha1') {
+            throw new Error('only sha1 is supported on this platform.');
+        }
+
+        const nodeData = this.toNodeBuffer(data);
+        const rsaKey: crypto.RsaPrivateKey = {
+            key: this.toPem(key),
+            padding: constants.RSA_PKCS1_OAEP_PADDING,
+        };
+        const decBuf = crypto.publicDecrypt(rsaKey, nodeData);
+        return Promise.resolve(decBuf.buffer);
+    }
+
     randomBytes(length: number): Promise<ArrayBuffer> {
         return new Promise<ArrayBuffer>((resolve, reject) => {
             crypto.randomBytes(length, (error, bytes) => {
@@ -81,4 +96,9 @@ export class NodeCryptoFunctionService implements CryptoFunctionService {
     private toNodeBuffer(value: ArrayBuffer): Buffer {
         return Buffer.from(new Uint8Array(value) as any);
     }
+
+    private toPem(key: ArrayBuffer): string {
+        const b64Key = ''; // TODO: key to b84
+        return '-----BEGIN PRIVATE KEY-----\n' + b64Key + '\n-----END PRIVATE KEY-----';
+    }
 }

src/services/webCryptoFunction.service.ts

@@ -30,7 +30,7 @@ export class WebCryptoFunctionService implements CryptoFunctionService {
         const passwordBuf = this.toBuf(password);
         const saltBuf = this.toBuf(salt);
 
-        const alg: Pbkdf2Params = {
+        const pbkdf2Params: Pbkdf2Params = {
             name: 'PBKDF2',
             salt: saltBuf,
             iterations: iterations,
@@ -38,7 +38,7 @@ export class WebCryptoFunctionService implements CryptoFunctionService {
         };
 
         const impKey = await this.subtle.importKey('raw', passwordBuf, { name: 'PBKDF2' }, false, ['deriveBits']);
-        return await window.crypto.subtle.deriveBits(alg, impKey, wcLen);
+        return await window.crypto.subtle.deriveBits(pbkdf2Params, impKey, wcLen);
     }
 
     async hash(value: string | ArrayBuffer, algorithm: 'sha1' | 'sha256' | 'sha512'): Promise<ArrayBuffer> {
@@ -102,6 +102,17 @@ export class WebCryptoFunctionService implements CryptoFunctionService {
         return await this.subtle.decrypt({ name: 'AES-CBC', iv: iv }, impKey, data);
     }
 
+    async rsaDecrypt(data: ArrayBuffer, key: ArrayBuffer, algorithm: 'sha1' | 'sha256'): Promise<ArrayBuffer> {
+        // Note: Edge browser requires that we specify name and hash for both key import and decrypt.
+        // We cannot use the proper types here.
+        const rsaParams = {
+            name: 'RSA-OAEP',
+            hash: { name: this.toWebCryptoAlgorithm(algorithm) },
+        };
+        const impKey = await this.subtle.importKey('pkcs8', key, rsaParams, false, ['decrypt']);
+        return await this.subtle.decrypt(rsaParams, impKey, data);
+    }
+
     randomBytes(length: number): Promise<ArrayBuffer> {
         const arr = new Uint8Array(length);
         this.crypto.getRandomValues(arr);