feat: add support for RSA-OAEP-384 and RSA-OAEP-512 JWE algorithms

docs/README.md

@@ -3086,8 +3086,8 @@ _**default value**_:
 
 ```js
 [
-  // asymmetric RSAES based (note: RSA-OAEP-256 is only supported in node runtime >= 12.9.0)
-  'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5',
+  // asymmetric RSAES based (note: RSA-OAEP-* is only supported in node runtime >= 12.9.0)
+  'RSA-OAEP', 'RSA-OAEP-256', 'RSA-OAEP-384', 'RSA-OAEP-512', 'RSA1_5',
   // asymmetric ECDH-ES based
   'ECDH-ES', 'ECDH-ES+A128KW', 'ECDH-ES+A192KW', 'ECDH-ES+A256KW',
   // symmetric AES key wrapping
@@ -3205,8 +3205,8 @@ _**default value**_:
 
 ```js
 [
-  // asymmetric RSAES based (note: RSA-OAEP-256 is only supported in node runtime >= 12.9.0)
-  'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5',
+  // asymmetric RSAES based (note: RSA-OAEP-* is only supported in node runtime >= 12.9.0)
+  'RSA-OAEP', 'RSA-OAEP-256', 'RSA-OAEP-384', 'RSA-OAEP-512', 'RSA1_5',
   // asymmetric ECDH-ES based
   'ECDH-ES', 'ECDH-ES+A128KW', 'ECDH-ES+A192KW', 'ECDH-ES+A256KW',
   // symmetric AES key wrapping
@@ -3297,8 +3297,8 @@ _**default value**_:
 
 ```js
 [
-  // asymmetric RSAES based (note: RSA-OAEP-256 is only supported in node runtime >= 12.9.0)
-  'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5',
+  // asymmetric RSAES based (note: RSA-OAEP-* is only supported in node runtime >= 12.9.0)
+  'RSA-OAEP', 'RSA-OAEP-256', 'RSA-OAEP-384', 'RSA-OAEP-512', 'RSA1_5',
   // asymmetric ECDH-ES based
   'ECDH-ES', 'ECDH-ES+A128KW', 'ECDH-ES+A192KW', 'ECDH-ES+A256KW',
   // symmetric AES key wrapping
@@ -3419,8 +3419,8 @@ _**default value**_:
 
 ```js
 [
-  // asymmetric RSAES based (note: RSA-OAEP-256 is only supported in node runtime >= 12.9.0)
-  'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5',
+  // asymmetric RSAES based (note: RSA-OAEP-* is only supported in node runtime >= 12.9.0)
+  'RSA-OAEP', 'RSA-OAEP-256', 'RSA-OAEP-384', 'RSA-OAEP-512', 'RSA1_5',
   // asymmetric ECDH-ES based
   'ECDH-ES', 'ECDH-ES+A128KW', 'ECDH-ES+A192KW', 'ECDH-ES+A256KW',
   // symmetric AES key wrapping
@@ -3571,8 +3571,8 @@ _**default value**_:
 
 ```js
 [
-  // asymmetric RSAES based (note: RSA-OAEP-256 is only supported in node runtime >= 12.9.0)
-  'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5',
+  // asymmetric RSAES based (note: RSA-OAEP-* is only supported in node runtime >= 12.9.0)
+  'RSA-OAEP', 'RSA-OAEP-256', 'RSA-OAEP-384', 'RSA-OAEP-512', 'RSA1_5',
   // asymmetric ECDH-ES based
   'ECDH-ES', 'ECDH-ES+A128KW', 'ECDH-ES+A192KW', 'ECDH-ES+A256KW',
   // symmetric AES key wrapping

lib/consts/jwa.js

@@ -9,13 +9,15 @@ const signingAlgValues = [
 ].filter(Boolean);
 
 const encryptionAlgValues = [
-  // asymmetric kw
-  'RSA-OAEP', runtimeSupport['RSA-OAEP-256'] ? 'RSA-OAEP-256' : false, 'RSA1_5',
+  // asymmetric
+  'RSA-OAEP',
+  ...(runtimeSupport.oaepHash ? ['RSA-OAEP-256', 'RSA-OAEP-384', 'RSA-OAEP-512'] : []),
+  'RSA1_5',
   'ECDH-ES', 'ECDH-ES+A128KW', 'ECDH-ES+A192KW', 'ECDH-ES+A256KW',
-  // symmetric kw
+  // symmetric
   'A128GCMKW', 'A192GCMKW', 'A256GCMKW', 'A128KW', 'A192KW', 'A256KW',
   'PBES2-HS256+A128KW', 'PBES2-HS384+A192KW', 'PBES2-HS512+A256KW',
-  // no kw
+  // direct
   'dir',
 ].filter(Boolean);
 

lib/helpers/defaults.js

@@ -2338,8 +2338,8 @@ const DEFAULTS = {
      * example: Supported values list
      * ```js
      * [
-     *   // asymmetric RSAES based (note: RSA-OAEP-256 is only supported in node runtime >= 12.9.0)
-     *   'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5',
+     *   // asymmetric RSAES based (note: RSA-OAEP-* is only supported in node runtime >= 12.9.0)
+     *   'RSA-OAEP', 'RSA-OAEP-256', 'RSA-OAEP-384', 'RSA-OAEP-512', 'RSA1_5',
      *   // asymmetric ECDH-ES based
      *   'ECDH-ES', 'ECDH-ES+A128KW', 'ECDH-ES+A192KW', 'ECDH-ES+A256KW',
      *   // symmetric AES key wrapping
@@ -2365,8 +2365,8 @@ const DEFAULTS = {
      * example: Supported values list
      * ```js
      * [
-     *   // asymmetric RSAES based (note: RSA-OAEP-256 is only supported in node runtime >= 12.9.0)
-     *   'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5',
+     *   // asymmetric RSAES based (note: RSA-OAEP-* is only supported in node runtime >= 12.9.0)
+     *   'RSA-OAEP', 'RSA-OAEP-256', 'RSA-OAEP-384', 'RSA-OAEP-512', 'RSA1_5',
      *   // asymmetric ECDH-ES based
      *   'ECDH-ES', 'ECDH-ES+A128KW', 'ECDH-ES+A192KW', 'ECDH-ES+A256KW',
      *   // symmetric AES key wrapping
@@ -2391,8 +2391,8 @@ const DEFAULTS = {
      * example: Supported values list
      * ```js
      * [
-     *   // asymmetric RSAES based (note: RSA-OAEP-256 is only supported in node runtime >= 12.9.0)
-     *   'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5',
+     *   // asymmetric RSAES based (note: RSA-OAEP-* is only supported in node runtime >= 12.9.0)
+     *   'RSA-OAEP', 'RSA-OAEP-256', 'RSA-OAEP-384', 'RSA-OAEP-512', 'RSA1_5',
      *   // asymmetric ECDH-ES based
      *   'ECDH-ES', 'ECDH-ES+A128KW', 'ECDH-ES+A192KW', 'ECDH-ES+A256KW',
      *   // symmetric AES key wrapping
@@ -2418,8 +2418,8 @@ const DEFAULTS = {
      * example: Supported values list
      * ```js
      * [
-     *   // asymmetric RSAES based (note: RSA-OAEP-256 is only supported in node runtime >= 12.9.0)
-     *   'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5',
+     *   // asymmetric RSAES based (note: RSA-OAEP-* is only supported in node runtime >= 12.9.0)
+     *   'RSA-OAEP', 'RSA-OAEP-256', 'RSA-OAEP-384', 'RSA-OAEP-512', 'RSA1_5',
      *   // asymmetric ECDH-ES based
      *   'ECDH-ES', 'ECDH-ES+A128KW', 'ECDH-ES+A192KW', 'ECDH-ES+A256KW',
      *   // symmetric AES key wrapping
@@ -2445,8 +2445,8 @@ const DEFAULTS = {
      * example: Supported values list
      * ```js
      * [
-     *   // asymmetric RSAES based (note: RSA-OAEP-256 is only supported in node runtime >= 12.9.0)
-     *   'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5',
+     *   // asymmetric RSAES based (note: RSA-OAEP-* is only supported in node runtime >= 12.9.0)
+     *   'RSA-OAEP', 'RSA-OAEP-256', 'RSA-OAEP-384', 'RSA-OAEP-512', 'RSA1_5',
      *   // asymmetric ECDH-ES based
      *   'ECDH-ES', 'ECDH-ES+A128KW', 'ECDH-ES+A192KW', 'ECDH-ES+A256KW',
      *   // symmetric AES key wrapping

lib/helpers/runtime_support.js

@@ -5,7 +5,7 @@ const xofOutputLength = major > 12 || (major === 12 && minor >= 8);
 const shake256 = xofOutputLength && crypto.getHashes().includes('shake256');
 
 module.exports = {
-  'RSA-OAEP-256': major > 12 || (major === 12 && minor >= 9),
+  oaepHash: major > 12 || (major === 12 && minor >= 9),
   EdDSA: major >= 12,
   KeyObject: typeof crypto.KeyObject !== 'undefined',
   shake256,

package.json

@@ -52,7 +52,7 @@
     "debug": "^4.1.1",
     "ejs": "^3.0.1",
     "got": "^9.6.0",
-    "jose": "^1.22.2",
+    "jose": "^1.23.0",
     "jsesc": "^2.5.2",
     "koa": "^2.11.0",
     "koa-compose": "^4.1.0",

test/configuration/client_metadata.test.js

@@ -624,7 +624,7 @@ describe('Client metadata validation', () => {
       }));
       allows(this.title, 'dir', undefined, configuration);
       [
-        'RSA-OAEP', runtimeSupport['RSA-OAEP-256'] ? 'RSA-OAEP-256' : false, 'RSA1_5', 'ECDH-ES', 'ECDH-ES+A128KW', 'ECDH-ES+A192KW',
+        'RSA-OAEP', ...(runtimeSupport.oaepHash ? ['RSA-OAEP-256', 'RSA-OAEP-384', 'RSA-OAEP-512'] : []), 'RSA1_5', 'ECDH-ES', 'ECDH-ES+A128KW', 'ECDH-ES+A192KW',
         'ECDH-ES+A256KW', 'A128GCMKW', 'A192GCMKW', 'A256GCMKW', 'A128KW', 'A192KW', 'A256KW',
         'PBES2-HS256+A128KW', 'PBES2-HS384+A192KW', 'PBES2-HS512+A256KW',
       ].filter(Boolean).forEach((value) => {
@@ -676,7 +676,7 @@ describe('Client metadata validation', () => {
       }));
       allows(this.title, 'dir', undefined, configuration);
       [
-        'RSA-OAEP', runtimeSupport['RSA-OAEP-256'] ? 'RSA-OAEP-256' : false, 'RSA1_5', 'ECDH-ES', 'ECDH-ES+A128KW', 'ECDH-ES+A192KW',
+        'RSA-OAEP', ...(runtimeSupport.oaepHash ? ['RSA-OAEP-256', 'RSA-OAEP-384', 'RSA-OAEP-512'] : []), 'RSA1_5', 'ECDH-ES', 'ECDH-ES+A128KW', 'ECDH-ES+A192KW',
         'ECDH-ES+A256KW', 'A128GCMKW', 'A192GCMKW', 'A256GCMKW', 'A128KW', 'A192KW', 'A256KW',
         'PBES2-HS256+A128KW', 'PBES2-HS384+A192KW', 'PBES2-HS512+A256KW',
       ].filter(Boolean).forEach((value) => {
@@ -729,7 +729,7 @@ describe('Client metadata validation', () => {
       }));
       allows(this.title, 'dir', undefined, configuration);
       [
-        'RSA-OAEP', runtimeSupport['RSA-OAEP-256'] ? 'RSA-OAEP-256' : false, 'RSA1_5', 'ECDH-ES', 'ECDH-ES+A128KW', 'ECDH-ES+A192KW',
+        'RSA-OAEP', ...(runtimeSupport.oaepHash ? ['RSA-OAEP-256', 'RSA-OAEP-384', 'RSA-OAEP-512'] : []), 'RSA1_5', 'ECDH-ES', 'ECDH-ES+A128KW', 'ECDH-ES+A192KW',
         'ECDH-ES+A256KW', 'A128GCMKW', 'A192GCMKW', 'A256GCMKW', 'A128KW', 'A192KW', 'A256KW',
         'PBES2-HS256+A128KW', 'PBES2-HS384+A192KW', 'PBES2-HS512+A256KW',
       ].filter(Boolean).forEach((value) => {
@@ -782,7 +782,7 @@ describe('Client metadata validation', () => {
       }));
       allows(this.title, 'dir', undefined, configuration);
       [
-        'RSA-OAEP', runtimeSupport['RSA-OAEP-256'] ? 'RSA-OAEP-256' : false, 'RSA1_5', 'ECDH-ES', 'ECDH-ES+A128KW', 'ECDH-ES+A192KW',
+        'RSA-OAEP', ...(runtimeSupport.oaepHash ? ['RSA-OAEP-256', 'RSA-OAEP-384', 'RSA-OAEP-512'] : []), 'RSA1_5', 'ECDH-ES', 'ECDH-ES+A128KW', 'ECDH-ES+A192KW',
         'ECDH-ES+A256KW', 'A128GCMKW', 'A192GCMKW', 'A256GCMKW', 'A128KW', 'A192KW', 'A256KW',
         'PBES2-HS256+A128KW', 'PBES2-HS384+A192KW', 'PBES2-HS512+A256KW',
       ].filter(Boolean).forEach((value) => {
@@ -841,7 +841,7 @@ describe('Client metadata validation', () => {
       }));
       allows(this.title, 'dir', undefined, configuration);
       [
-        'RSA-OAEP', runtimeSupport['RSA-OAEP-256'] ? 'RSA-OAEP-256' : false, 'RSA1_5', 'ECDH-ES', 'ECDH-ES+A128KW', 'ECDH-ES+A192KW',
+        'RSA-OAEP', ...(runtimeSupport.oaepHash ? ['RSA-OAEP-256', 'RSA-OAEP-384', 'RSA-OAEP-512'] : []), 'RSA1_5', 'ECDH-ES', 'ECDH-ES+A128KW', 'ECDH-ES+A192KW',
         'ECDH-ES+A256KW', 'A128GCMKW', 'A192GCMKW', 'A256GCMKW', 'A128KW', 'A192KW', 'A256KW',
         'PBES2-HS256+A128KW', 'PBES2-HS384+A192KW', 'PBES2-HS512+A256KW',
       ].filter(Boolean).forEach((value) => {

types/index.d.ts

@@ -1116,7 +1116,7 @@ export type AsymmetricSigningAlgoritm = 'PS256' | 'PS384' | 'PS512' | 'ES256' |
 export type SymmetricSigningAlgorithm = 'HS256' | 'HS384' | 'HS512';
 export type SigningAlgorithm = AsymmetricSigningAlgoritm | SymmetricSigningAlgorithm;
 export type SigningAlgorithmWithNone = AsymmetricSigningAlgoritm | SymmetricSigningAlgorithm | NoneAlg;
-export type EncryptionAlgValues = 'RSA-OAEP' | 'RSA-OAEP-256' | 'RSA1_5' | 'ECDH-ES' |
+export type EncryptionAlgValues = 'RSA-OAEP' | 'RSA-OAEP-256' | 'RSA-OAEP-384' | 'RSA-OAEP-512' | 'RSA1_5' | 'ECDH-ES' |
   'ECDH-ES+A128KW' | 'ECDH-ES+A192KW' | 'ECDH-ES+A256KW' | 'A128KW' | 'A192KW' | 'A256KW' |
   'A128GCMKW' | 'A192GCMKW' | 'A256GCMKW' | 'PBES2-HS256+A128KW' | 'PBES2-HS384+A192KW' |
   'PBES2-HS512+A256KW' | 'dir';