commit 1c90efecc64a0b9fa59236efcaeb073f24f0714b Author: Magnus von Wachenfeldt Date: Thu Aug 26 14:18:43 2021 +0200 stuff diff --git a/README.md b/README.md new file mode 100644 index 0000000..bb666d2 --- /dev/null +++ b/README.md @@ -0,0 +1,377 @@ +# Node-RSA + +Node.js RSA library
+Based on jsbn library from Tom Wu http://www-cs-students.stanford.edu/~tjw/jsbn/ + +* Pure JavaScript +* No needed OpenSSL +* Generating keys +* Supports long messages for encrypt/decrypt +* Signing and verifying + +## Example + +```javascript +const NodeRSA = require('node-rsa'); +const key = new NodeRSA({b: 512}); + +const text = 'Hello RSA!'; +const encrypted = key.encrypt(text, 'base64'); +console.log('encrypted: ', encrypted); +const decrypted = key.decrypt(encrypted, 'utf8'); +console.log('decrypted: ', decrypted); +``` + +## Installing + +```shell +npm install node-rsa +``` +> Requires nodejs >= 8.11.1 + +### Testing + +```shell +npm test +``` + +## Work environment + +This library developed and tested primary for Node.js, but it still can work in browsers with [browserify](http://browserify.org/). + +## Usage + +### Create instance +```javascript +const NodeRSA = require('node-rsa'); + +const key = new NodeRSA([keyData, [format]], [options]); +``` + +* keyData — `{string|buffer|object}` — parameters for generating key or the key in one of supported formats.
+* format — `{string}` — format for importing key. See more details about formats in [Export/Import](#importexport-keys) section.
+* options — `{object}` — additional settings. + +#### Options +You can specify some options by second/third constructor argument, or over `key.setOptions()` method. + +* environment — working environment (default autodetect): + * `'browser'` — will run pure js implementation of RSA algorithms. + * `'node'` for `nodejs >= 0.10.x or io.js >= 1.x` — provide some native methods like sign/verify and encrypt/decrypt. +* encryptionScheme — padding scheme for encrypt/decrypt. Can be `'pkcs1_oaep'` or `'pkcs1'`. Default `'pkcs1_oaep'`. +* signingScheme — scheme used for signing and verifying. Can be `'pkcs1'` or `'pss'` or 'scheme-hash' format string (eg `'pss-sha1'`). Default `'pkcs1-sha256'`, or, if chosen pss: `'pss-sha1'`. + +> *Notice:* This lib supporting next hash algorithms: `'md5'`, `'ripemd160'`, `'sha1'`, `'sha256'`, `'sha512'` in browser and node environment and additional `'md4'`, `'sha'`, `'sha224'`, `'sha384'` in node only. + +Some [advanced options info](https://github.com/rzcoder/node-rsa/wiki/Advanced-options) + +#### Creating "empty" key +```javascript +const key = new NodeRSA(); +``` + +#### Generate new 512bit-length key +```javascript +const key = new NodeRSA({b: 512}); +``` + +Also you can use next method: + +```javascript +key.generateKeyPair([bits], [exp]); +``` + +* bits — `{int}` — key size in bits. 2048 by default. +* exp — `{int}` — public exponent. 65537 by default. + +#### Load key from PEM string + +```javascript +const key = new NodeRSA('-----BEGIN RSA PRIVATE KEY-----\n'+ + 'MIIBOQIBAAJAVY6quuzCwyOWzymJ7C4zXjeV/232wt2ZgJZ1kHzjI73wnhQ3WQcL\n'+ + 'DFCSoi2lPUW8/zspk0qWvPdtp6Jg5Lu7hwIDAQABAkBEws9mQahZ6r1mq2zEm3D/\n'+ + 'VM9BpV//xtd6p/G+eRCYBT2qshGx42ucdgZCYJptFoW+HEx/jtzWe74yK6jGIkWJ\n'+ + 'AiEAoNAMsPqwWwTyjDZCo9iKvfIQvd3MWnmtFmjiHoPtjx0CIQCIMypAEEkZuQUi\n'+ + 'pMoreJrOlLJWdc0bfhzNAJjxsTv/8wIgQG0ZqI3GubBxu9rBOAM5EoA4VNjXVigJ\n'+ + 'QEEk1jTkp8ECIQCHhsoq90mWM/p9L5cQzLDWkTYoPI49Ji+Iemi2T5MRqwIgQl07\n'+ + 'Es+KCn25OKXR/FJ5fu6A6A+MptABL3r8SEjlpLc=\n'+ + '-----END RSA PRIVATE KEY-----'); +``` + +### Import/Export keys +```javascript +key.importKey(keyData, [format]); +key.exportKey([format]); +``` + +* keyData — `{string|buffer}` — may be: + * key in PEM string + * Buffer containing PEM string + * Buffer containing DER encoded data + * Object contains key components +* format — `{string}` — format id for export/import. + +#### Format string syntax +Format string composed of several parts: `scheme-[key_type]-[output_type]`
+ +Scheme — NodeRSA supports multiple format schemes for import/export keys: + + * `'pkcs1'` — public key starts from `'-----BEGIN RSA PUBLIC KEY-----'` header and private key starts from `'-----BEGIN RSA PRIVATE KEY-----'` header + * `'pkcs8'` — public key starts from `'-----BEGIN PUBLIC KEY-----'` header and private key starts from `'-----BEGIN PRIVATE KEY-----'` header + * `'openssh'` — public key starts from `'ssh-rsa'` header and private key starts from `'-----BEGIN OPENSSH PRIVATE KEY-----'` header + * `'components'` — use it for import/export key from/to raw components (see example below). For private key, importing data should contain all private key components, for public key: only public exponent (`e`) and modulus (`n`). All components (except `e`) should be Buffer, `e` could be Buffer or just normal Number. + +Key type — can be `'private'` or `'public'`. Default `'private'`
+Output type — can be: + + * `'pem'` — Base64 encoded string with header and footer. Used by default. + * `'der'` — Binary encoded key data. + +> *Notice:* For import, if *keyData* is PEM string or buffer containing string, you can do not specify format, but if you provide *keyData* as DER you must specify it in format string. + +**Shortcuts and examples** + * `'private'` or `'pkcs1'` or `'pkcs1-private'` == `'pkcs1-private-pem'` — private key encoded in pcks1 scheme as pem string. + * `'public'` or `'pkcs8-public'` == `'pkcs8-public-pem'` — public key encoded in pcks8 scheme as pem string. + * `'pkcs8'` or `'pkcs8-private'` == `'pkcs8-private-pem'` — private key encoded in pcks8 scheme as pem string. + * `'pkcs1-der'` == `'pkcs1-private-der'` — private key encoded in pcks1 scheme as binary buffer. + * `'pkcs8-public-der'` — public key encoded in pcks8 scheme as binary buffer. + +**Code example** + +```javascript +const keyData = '-----BEGIN PUBLIC KEY----- ... -----END PUBLIC KEY-----'; +key.importKey(keyData, 'pkcs8'); +const publicDer = key.exportKey('pkcs8-public-der'); +const privateDer = key.exportKey('pkcs1-der'); +``` + +```javascript +key.importKey({ + n: Buffer.from('0086fa9ba066685845fc03833a9699c8baefb53cfbf19052a7f10f1eaa30488cec1ceb752bdff2df9fad6c64b3498956e7dbab4035b4823c99a44cc57088a23783', 'hex'), + e: 65537, + d: Buffer.from('5d2f0dd982596ef781affb1cab73a77c46985c6da2aafc252cea3f4546e80f40c0e247d7d9467750ea1321cc5aa638871b3ed96d19dcc124916b0bcb296f35e1', 'hex'), + p: Buffer.from('00c59419db615e56b9805cc45673a32d278917534804171edcf925ab1df203927f', 'hex'), + q: Buffer.from('00aee3f86b66087abc069b8b1736e38ad6af624f7ea80e70b95f4ff2bf77cd90fd', 'hex'), + dmp1: Buffer.from('008112f5a969fcb56f4e3a4c51a60dcdebec157ee4a7376b843487b53844e8ac85', 'hex'), + dmq1: Buffer.from('1a7370470e0f8a4095df40922a430fe498720e03e1f70d257c3ce34202249d21', 'hex'), + coeff: Buffer.from('00b399675e5e81506b729a777cc03026f0b2119853dfc5eb124610c0ab82999e45', 'hex') +}, 'components'); +const publicComponents = key.exportKey('components-public'); +console.log(publicComponents); + +/* +{ n: , + e: 65537 +} +*/ +``` + +If you want to only import the public key use `'components-public'` as an option: + +```javascript +key.importKey({ + n: Buffer.from('0086fa9ba066685845fc03833a9699c8baefb53cfbf19052a7f10f1eaa30488cec1ceb752bdff2df9fad6c64b3498956e7dbab4035b4823c99a44cc57088a23783', 'hex'), + e: 65537, +}, 'components-public'); +``` + +### Properties + +#### Key testing +```javascript +key.isPrivate(); +key.isPublic([strict]); +``` +strict — `{boolean}` — if true method will return false if key pair have private exponent. Default `false`. + +```javascript +key.isEmpty(); +``` +Return `true` if key pair doesn't have any data. + +#### Key info +```javascript +key.getKeySize(); +``` +Return key size in bits. + +```javascript +key.getMaxMessageSize(); +``` +Return max data size for encrypt in bytes. + +### Encrypting/decrypting + +```javascript +key.encrypt(buffer, [encoding], [source_encoding]); +key.encryptPrivate(buffer, [encoding], [source_encoding]); // use private key for encryption +``` +Return encrypted data.
+ +* buffer — `{buffer}` — data for encrypting, may be string, Buffer, or any object/array. Arrays and objects will encoded to JSON string first.
+* encoding — `{string}` — encoding for output result, may be `'buffer'`, `'binary'`, `'hex'` or `'base64'`. Default `'buffer'`.
+* source_encoding — `{string}` — source encoding, works only with string buffer. Can take standard Node.js Buffer encodings (hex, utf8, base64, etc). `'utf8'` by default.
+ +```javascript +key.decrypt(buffer, [encoding]); +key.decryptPublic(buffer, [encoding]); // use public key for decryption +``` +Return decrypted data.
+ +* buffer — `{buffer}` — data for decrypting. Takes Buffer object or base64 encoded string.
+* encoding — `{string}` — encoding for result string. Can also take `'buffer'` for raw Buffer object, or `'json'` for automatic JSON.parse result. Default `'buffer'`. + +> *Notice:* `encryptPrivate` and `decryptPublic` using only pkcs1 padding type 1 (not random) + +### Signing/Verifying +```javascript +key.sign(buffer, [encoding], [source_encoding]); +``` +Return signature for buffer. All the arguments are the same as for `encrypt` method. + +```javascript +key.verify(buffer, signature, [source_encoding], [signature_encoding]) +``` +Return result of check, `true` or `false`.
+ +* buffer — `{buffer}` — data for check, same as `encrypt` method.
+* signature — `{string}` — signature for check, result of `sign` method.
+* source_encoding — `{string}` — same as for `encrypt` method.
+* signature_encoding — `{string}` — encoding of given signature. May be `'buffer'`, `'binary'`, `'hex'` or `'base64'`. Default `'buffer'`. + +## Contributing + +Questions, comments, bug reports, and pull requests are all welcome. + +## Changelog + +### 1.1.0 + * Added OpenSSH key format support. + +### 1.0.2 + * Importing keys from PEM now is less dependent on non-key data in files. + +### 1.0.1 + * `importKey()` now returns `this` + +### 1.0.0 + * Using semver now 🎉 + * **Breaking change**: Drop support nodejs < 8.11.1 + * **Possible breaking change**: `new Buffer()` call as deprecated was replaced by `Buffer.from` & `Buffer.alloc`. + * **Possible breaking change**: Drop support for hash scheme `sha` (was removed in node ~10). `sha1`, `sha256` and others still works. + * **Possible breaking change**: Little change in environment detect algorithm. + +### 0.4.2 + * `no padding` scheme will padded data with zeros on all environments. + +### 0.4.1 + * `PKCS1 no padding` scheme support. + +### 0.4.0 + * License changed from BSD to MIT. + * Some changes in internal api. + +### 0.3.3 + * Fixed PSS encode/verify methods with max salt length. + +### 0.3.2 + * Fixed environment detection in web worker. + +### 0.3.0 + * Added import/export from/to raw key components. + * Removed lodash from dependencies. + +### 0.2.30 + * Fixed a issue when the key was generated by 1 bit smaller than specified. It may slow down the generation of large keys. + +### 0.2.24 + * Now used old hash APIs for webpack compatible. + +### 0.2.22 + * `encryptPrivate` and `decryptPublic` now using only pkcs1 (type 1) padding. + +### 0.2.20 + * Added `.encryptPrivate()` and `.decryptPublic()` methods. + * Encrypt/decrypt methods in nodejs 0.12.x and io.js using native implementation (> 40x speed boost). + * Fixed some regex issue causing catastrophic backtracking. + +### 0.2.10 + * **Methods `.exportPrivate()` and `.exportPublic()` was replaced by `.exportKey([format])`.** + * By default `.exportKey()` returns private key as `.exportPrivate()`, if you need public key from `.exportPublic()` you must specify format as `'public'` or `'pkcs8-public-pem'`. + * Method `.importKey(key, [format])` now has second argument. + +### 0.2.0 + * **`.getPublicPEM()` method was renamed to `.exportPublic()`** + * **`.getPrivatePEM()` method was renamed to `.exportPrivate()`** + * **`.loadFromPEM()` method was renamed to `.importKey()`** + * Added PKCS1_OAEP encrypting/decrypting support. + * **PKCS1_OAEP now default scheme, you need to specify 'encryptingScheme' option to 'pkcs1' for compatibility with 0.1.x version of NodeRSA.** + * Added PSS signing/verifying support. + * Signing now supports `'md5'`, `'ripemd160'`, `'sha1'`, `'sha256'`, `'sha512'` hash algorithms in both environments + and additional `'md4'`, `'sha'`, `'sha224'`, `'sha384'` for nodejs env. + * **`options.signingAlgorithm` was renamed to `options.signingScheme`** + * Added `encryptingScheme` option. + * Property `key.options` now mark as private. Added `key.setOptions(options)` method. + + +### 0.1.54 + * Added support for loading PEM key from Buffer (`fs.readFileSync()` output). + * Added `isEmpty()` method. + +### 0.1.52 + * Improve work with not properly trimming PEM strings. + +### 0.1.50 + * Implemented native js signing and verifying for browsers. + * `options.signingAlgorithm` now takes only hash-algorithm name. + * Added `.getKeySize()` and `.getMaxMessageSize()` methods. + * `.loadFromPublicPEM` and `.loadFromPrivatePEM` methods marked as private. + +### 0.1.40 + * Added signing/verifying. + +### 0.1.30 + * Added long message support. + + +## License + +Copyright (c) 2014 rzcoder
+ +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +## Licensing for code used in rsa.js and jsbn.js + +Copyright (c) 2003-2005 Tom Wu
+All Rights Reserved. + +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. +THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, +EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY +WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + +IN NO EVENT SHALL TOM WU BE LIABLE FOR ANY SPECIAL, INCIDENTAL, +INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER +RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF +THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT +OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +In addition, the following condition applies: + +All redistributions must retain an intact copy of this copyright notice +and disclaimer. + +[![Build Status](https://travis-ci.org/rzcoder/node-rsa.svg?branch=master)](https://travis-ci.org/rzcoder/node-rsa) diff --git a/gruntfile.js b/gruntfile.js new file mode 100644 index 0000000..4d00789 --- /dev/null +++ b/gruntfile.js @@ -0,0 +1,33 @@ +module.exports = function (grunt) { + grunt.initConfig({ + jshint: { + options: {}, + default: { + files: { + src: ['gruntfile.js', 'src/**/*.js', '!src/libs/jsbn.js'] + } + }, + libs: { + files: { + src: ['src/libs/**/*'] + } + } + }, + + simplemocha: { + options: { + reporter: 'list' + }, + all: {src: ['test/**/*.js']} + } + }); + + require('jit-grunt')(grunt, { + 'simplemocha': 'grunt-simple-mocha' + }); + + grunt.registerTask('lint', ['jshint:default']); + grunt.registerTask('test', ['simplemocha']); + + grunt.registerTask('default', ['lint', 'test']); +}; \ No newline at end of file diff --git a/package.json b/package.json new file mode 100644 index 0000000..b89a788 --- /dev/null +++ b/package.json @@ -0,0 +1,44 @@ +{ + "name": "node-rsa", + "version": "1.1.2", + "description": "Node.js RSA library", + "main": "src/NodeRSA.js", + "scripts": { + "test": "grunt test" + }, + "repository": { + "type": "git", + "url": "https://github.com/magnusvw/node-rsa.git" + }, + "keywords": [ + "node", + "rsa", + "crypto", + "assymetric", + "encryption", + "decryption", + "sign", + "verify", + "pkcs1", + "oaep", + "pss" + ], + "author": "rzcoder", + "license": "MIT", + "bugs": { + "url": "https://github.com/magnusvw/node-rsa/issues" + }, + "homepage": "https://github.com/magnusvw/node-rsa", + "devDependencies": { + "chai": "^4.2.0", + "grunt": "^1.1.0", + "grunt-contrib-jshint": "^2.1.0", + "grunt-simple-mocha": "0.4.1", + "jit-grunt": "0.10.0", + "lodash": "^4.17.15", + "nyc": "^15.0.0" + }, + "dependencies": { + "asn1": "^0.2.4" + } +} diff --git a/src/NodeRSA.js b/src/NodeRSA.js new file mode 100644 index 0000000..6ac90b6 --- /dev/null +++ b/src/NodeRSA.js @@ -0,0 +1,396 @@ +/*! + * RSA library for Node.js + * + * Author: rzcoder + * License MIT + */ + +var constants = require('constants'); +var rsa = require('./libs/rsa.js'); +var _ = require('./utils')._; +var utils = require('./utils'); +var schemes = require('./schemes/schemes.js'); +var formats = require('./formats/formats.js'); + +if (typeof constants.RSA_NO_PADDING === "undefined") { + //patch for node v0.10.x, constants do not defined + constants.RSA_NO_PADDING = 3; +} + +module.exports = (function () { + var SUPPORTED_HASH_ALGORITHMS = { + node10: ['md4', 'md5', 'ripemd160', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512'], + node: ['md4', 'md5', 'ripemd160', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512'], + iojs: ['md4', 'md5', 'ripemd160', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512'], + browser: ['md5', 'ripemd160', 'sha1', 'sha256', 'sha512'] + }; + + var DEFAULT_ENCRYPTION_SCHEME = 'pkcs1_oaep'; + var DEFAULT_SIGNING_SCHEME = 'pkcs1'; + + var DEFAULT_EXPORT_FORMAT = 'private'; + var EXPORT_FORMAT_ALIASES = { + 'private': 'pkcs1-private-pem', + 'private-der': 'pkcs1-private-der', + 'public': 'pkcs8-public-pem', + 'public-der': 'pkcs8-public-der', + }; + + /** + * @param key {string|buffer|object} Key in PEM format, or data for generate key {b: bits, e: exponent} + * @constructor + */ + function NodeRSA(key, format, options) { + if (!(this instanceof NodeRSA)) { + return new NodeRSA(key, format, options); + } + + if (_.isObject(format)) { + options = format; + format = undefined; + } + + this.$options = { + signingScheme: DEFAULT_SIGNING_SCHEME, + signingSchemeOptions: { + hash: 'sha256', + saltLength: null + }, + encryptionScheme: DEFAULT_ENCRYPTION_SCHEME, + encryptionSchemeOptions: { + hash: 'sha1', + label: null + }, + environment: utils.detectEnvironment(), + rsaUtils: this + }; + this.keyPair = new rsa.Key(); + this.$cache = {}; + + if (Buffer.isBuffer(key) || _.isString(key)) { + this.importKey(key, format); + } else if (_.isObject(key)) { + this.generateKeyPair(key.b, key.e); + } + + this.setOptions(options); + } + + /** + * Set and validate options for key instance + * @param options + */ + NodeRSA.prototype.setOptions = function (options) { + options = options || {}; + if (options.environment) { + this.$options.environment = options.environment; + } + + if (options.signingScheme) { + if (_.isString(options.signingScheme)) { + var signingScheme = options.signingScheme.toLowerCase().split('-'); + if (signingScheme.length == 1) { + if (SUPPORTED_HASH_ALGORITHMS.node.indexOf(signingScheme[0]) > -1) { + this.$options.signingSchemeOptions = { + hash: signingScheme[0] + }; + this.$options.signingScheme = DEFAULT_SIGNING_SCHEME; + } else { + this.$options.signingScheme = signingScheme[0]; + this.$options.signingSchemeOptions = { + hash: null + }; + } + } else { + this.$options.signingSchemeOptions = { + hash: signingScheme[1] + }; + this.$options.signingScheme = signingScheme[0]; + } + } else if (_.isObject(options.signingScheme)) { + this.$options.signingScheme = options.signingScheme.scheme || DEFAULT_SIGNING_SCHEME; + this.$options.signingSchemeOptions = _.omit(options.signingScheme, 'scheme'); + } + + if (!schemes.isSignature(this.$options.signingScheme)) { + throw Error('Unsupported signing scheme'); + } + + if (this.$options.signingSchemeOptions.hash && + SUPPORTED_HASH_ALGORITHMS[this.$options.environment].indexOf(this.$options.signingSchemeOptions.hash) === -1) { + throw Error('Unsupported hashing algorithm for ' + this.$options.environment + ' environment'); + } + } + + if (options.encryptionScheme) { + if (_.isString(options.encryptionScheme)) { + this.$options.encryptionScheme = options.encryptionScheme.toLowerCase(); + this.$options.encryptionSchemeOptions = {}; + } else if (_.isObject(options.encryptionScheme)) { + this.$options.encryptionScheme = options.encryptionScheme.scheme || DEFAULT_ENCRYPTION_SCHEME; + this.$options.encryptionSchemeOptions = _.omit(options.encryptionScheme, 'scheme'); + } + + if (!schemes.isEncryption(this.$options.encryptionScheme)) { + throw Error('Unsupported encryption scheme'); + } + + if (this.$options.encryptionSchemeOptions.hash && + SUPPORTED_HASH_ALGORITHMS[this.$options.environment].indexOf(this.$options.encryptionSchemeOptions.hash) === -1) { + throw Error('Unsupported hashing algorithm for ' + this.$options.environment + ' environment'); + } + } + + this.keyPair.setOptions(this.$options); + }; + + /** + * Generate private/public keys pair + * + * @param bits {int} length key in bits. Default 2048. + * @param exp {int} public exponent. Default 65537. + * @returns {NodeRSA} + */ + NodeRSA.prototype.generateKeyPair = function (bits, exp) { + bits = bits || 2048; + exp = exp || 65537; + + if (bits % 8 !== 0) { + throw Error('Key size must be a multiple of 8.'); + } + + this.keyPair.generate(bits, exp.toString(16)); + this.$cache = {}; + return this; + }; + + /** + * Importing key + * @param keyData {string|buffer|Object} + * @param format {string} + */ + NodeRSA.prototype.importKey = function (keyData, format) { + if (!keyData) { + throw Error("Empty key given"); + } + + if (format) { + format = EXPORT_FORMAT_ALIASES[format] || format; + } + + if (!formats.detectAndImport(this.keyPair, keyData, format) && format === undefined) { + throw Error("Key format must be specified"); + } + + this.$cache = {}; + + return this; + }; + + /** + * Exporting key + * @param [format] {string} + */ + NodeRSA.prototype.exportKey = function (format) { + format = format || DEFAULT_EXPORT_FORMAT; + format = EXPORT_FORMAT_ALIASES[format] || format; + + if (!this.$cache[format]) { + this.$cache[format] = formats.detectAndExport(this.keyPair, format); + } + + return this.$cache[format]; + }; + + /** + * Check if key pair contains private key + */ + NodeRSA.prototype.isPrivate = function () { + return this.keyPair.isPrivate(); + }; + + /** + * Check if key pair contains public key + * @param [strict] {boolean} - public key only, return false if have private exponent + */ + NodeRSA.prototype.isPublic = function (strict) { + return this.keyPair.isPublic(strict); + }; + + /** + * Check if key pair doesn't contains any data + */ + NodeRSA.prototype.isEmpty = function (strict) { + return !(this.keyPair.n || this.keyPair.e || this.keyPair.d); + }; + + /** + * Encrypting data method with public key + * + * @param buffer {string|number|object|array|Buffer} - data for encrypting. Object and array will convert to JSON string. + * @param encoding {string} - optional. Encoding for output result, may be 'buffer', 'binary', 'hex' or 'base64'. Default 'buffer'. + * @param source_encoding {string} - optional. Encoding for given string. Default utf8. + * @returns {string|Buffer} + */ + NodeRSA.prototype.encrypt = function (buffer, encoding, source_encoding) { + return this.$$encryptKey(false, buffer, encoding, source_encoding); + }; + + /** + * Decrypting data method with private key + * + * @param buffer {Buffer} - buffer for decrypting + * @param encoding - encoding for result string, can also take 'json' or 'buffer' for the automatic conversion of this type + * @returns {Buffer|object|string} + */ + NodeRSA.prototype.decrypt = function (buffer, encoding) { + return this.$$decryptKey(false, buffer, encoding); + }; + + /** + * Encrypting data method with private key + * + * Parameters same as `encrypt` method + */ + NodeRSA.prototype.encryptPrivate = function (buffer, encoding, source_encoding) { + return this.$$encryptKey(true, buffer, encoding, source_encoding); + }; + + /** + * Decrypting data method with public key + * + * Parameters same as `decrypt` method + */ + NodeRSA.prototype.decryptPublic = function (buffer, encoding) { + return this.$$decryptKey(true, buffer, encoding); + }; + + /** + * Encrypting data method with custom key + */ + NodeRSA.prototype.$$encryptKey = function (usePrivate, buffer, encoding, source_encoding) { + try { + var res = this.keyPair.encrypt(this.$getDataForEncrypt(buffer, source_encoding), usePrivate); + + if (encoding == 'buffer' || !encoding) { + return res; + } else { + return res.toString(encoding); + } + } catch (e) { + throw Error('Error during encryption. Original error: ' + e); + } + }; + + /** + * Decrypting data method with custom key + */ + NodeRSA.prototype.$$decryptKey = function (usePublic, buffer, encoding) { + try { + buffer = _.isString(buffer) ? Buffer.from(buffer, 'base64') : buffer; + var res = this.keyPair.decrypt(buffer, usePublic); + + if (res === null) { + throw Error('Key decrypt method returns null.'); + } + + return this.$getDecryptedData(res, encoding); + } catch (e) { + throw Error('Error during decryption (probably incorrect key). Original error: ' + e); + } + }; + + /** + * Signing data + * + * @param buffer {string|number|object|array|Buffer} - data for signing. Object and array will convert to JSON string. + * @param encoding {string} - optional. Encoding for output result, may be 'buffer', 'binary', 'hex' or 'base64'. Default 'buffer'. + * @param source_encoding {string} - optional. Encoding for given string. Default utf8. + * @returns {string|Buffer} + */ + NodeRSA.prototype.sign = function (buffer, encoding, source_encoding) { + if (!this.isPrivate()) { + throw Error("This is not private key"); + } + + var res = this.keyPair.sign(this.$getDataForEncrypt(buffer, source_encoding)); + + if (encoding && encoding != 'buffer') { + res = res.toString(encoding); + } + + return res; + }; + + /** + * Verifying signed data + * + * @param buffer - signed data + * @param signature + * @param source_encoding {string} - optional. Encoding for given string. Default utf8. + * @param signature_encoding - optional. Encoding of given signature. May be 'buffer', 'binary', 'hex' or 'base64'. Default 'buffer'. + * @returns {*} + */ + NodeRSA.prototype.verify = function (buffer, signature, source_encoding, signature_encoding) { + if (!this.isPublic()) { + throw Error("This is not public key"); + } + signature_encoding = (!signature_encoding || signature_encoding == 'buffer' ? null : signature_encoding); + return this.keyPair.verify(this.$getDataForEncrypt(buffer, source_encoding), signature, signature_encoding); + }; + + /** + * Returns key size in bits + * @returns {int} + */ + NodeRSA.prototype.getKeySize = function () { + return this.keyPair.keySize; + }; + + /** + * Returns max message length in bytes (for 1 chunk) depending on current encryption scheme + * @returns {int} + */ + NodeRSA.prototype.getMaxMessageSize = function () { + return this.keyPair.maxMessageLength; + }; + + /** + * Preparing given data for encrypting/signing. Just make new/return Buffer object. + * + * @param buffer {string|number|object|array|Buffer} - data for encrypting. Object and array will convert to JSON string. + * @param encoding {string} - optional. Encoding for given string. Default utf8. + * @returns {Buffer} + */ + NodeRSA.prototype.$getDataForEncrypt = function (buffer, encoding) { + if (_.isString(buffer) || _.isNumber(buffer)) { + return Buffer.from('' + buffer, encoding || 'utf8'); + } else if (Buffer.isBuffer(buffer)) { + return buffer; + } else if (_.isObject(buffer)) { + return Buffer.from(JSON.stringify(buffer)); + } else { + throw Error("Unexpected data type"); + } + }; + + /** + * + * @param buffer {Buffer} - decrypted data. + * @param encoding - optional. Encoding for result output. May be 'buffer', 'json' or any of Node.js Buffer supported encoding. + * @returns {*} + */ + NodeRSA.prototype.$getDecryptedData = function (buffer, encoding) { + encoding = encoding || 'buffer'; + + if (encoding == 'buffer') { + return buffer; + } else if (encoding == 'json') { + return JSON.parse(buffer.toString()); + } else { + return buffer.toString(encoding); + } + }; + + return NodeRSA; +})(); diff --git a/src/encryptEngines/encryptEngines.js b/src/encryptEngines/encryptEngines.js new file mode 100644 index 0000000..2d7421b --- /dev/null +++ b/src/encryptEngines/encryptEngines.js @@ -0,0 +1,17 @@ +var crypt = require('crypto'); + +module.exports = { + getEngine: function (keyPair, options) { + var engine = require('./js.js'); + if (options.environment === 'node') { + if (typeof crypt.publicEncrypt === 'function' && typeof crypt.privateDecrypt === 'function') { + if (typeof crypt.privateEncrypt === 'function' && typeof crypt.publicDecrypt === 'function') { + engine = require('./io.js'); + } else { + engine = require('./node12.js'); + } + } + } + return engine(keyPair, options); + } +}; \ No newline at end of file diff --git a/src/encryptEngines/io.js b/src/encryptEngines/io.js new file mode 100644 index 0000000..799ae1d --- /dev/null +++ b/src/encryptEngines/io.js @@ -0,0 +1,72 @@ +var crypto = require('crypto'); +var constants = require('constants'); +var schemes = require('../schemes/schemes.js'); + +module.exports = function (keyPair, options) { + var pkcs1Scheme = schemes.pkcs1.makeScheme(keyPair, options); + + return { + encrypt: function (buffer, usePrivate) { + var padding; + if (usePrivate) { + padding = constants.RSA_PKCS1_PADDING; + if (options.encryptionSchemeOptions && options.encryptionSchemeOptions.padding) { + padding = options.encryptionSchemeOptions.padding; + } + return crypto.privateEncrypt({ + key: options.rsaUtils.exportKey('private'), + padding: padding + }, buffer); + } else { + padding = constants.RSA_PKCS1_OAEP_PADDING; + if (options.encryptionScheme === 'pkcs1') { + padding = constants.RSA_PKCS1_PADDING; + } + if (options.encryptionSchemeOptions && options.encryptionSchemeOptions.padding) { + padding = options.encryptionSchemeOptions.padding; + } + + var data = buffer; + if (padding === constants.RSA_NO_PADDING) { + data = pkcs1Scheme.pkcs0pad(buffer); + } + + return crypto.publicEncrypt({ + key: options.rsaUtils.exportKey('public'), + padding: padding + }, data); + } + }, + + decrypt: function (buffer, usePublic) { + var padding; + if (usePublic) { + padding = constants.RSA_PKCS1_PADDING; + if (options.encryptionSchemeOptions && options.encryptionSchemeOptions.padding) { + padding = options.encryptionSchemeOptions.padding; + } + return crypto.publicDecrypt({ + key: options.rsaUtils.exportKey('public'), + padding: padding + }, buffer); + } else { + padding = constants.RSA_PKCS1_OAEP_PADDING; + if (options.encryptionScheme === 'pkcs1') { + padding = constants.RSA_PKCS1_PADDING; + } + if (options.encryptionSchemeOptions && options.encryptionSchemeOptions.padding) { + padding = options.encryptionSchemeOptions.padding; + } + var res = crypto.privateDecrypt({ + key: options.rsaUtils.exportKey('private'), + padding: padding + }, buffer); + + if (padding === constants.RSA_NO_PADDING) { + return pkcs1Scheme.pkcs0unpad(res); + } + return res; + } + } + }; +}; \ No newline at end of file diff --git a/src/encryptEngines/js.js b/src/encryptEngines/js.js new file mode 100644 index 0000000..4df3531 --- /dev/null +++ b/src/encryptEngines/js.js @@ -0,0 +1,34 @@ +var BigInteger = require('../libs/jsbn.js'); +var schemes = require('../schemes/schemes.js'); + +module.exports = function (keyPair, options) { + var pkcs1Scheme = schemes.pkcs1.makeScheme(keyPair, options); + + return { + encrypt: function (buffer, usePrivate) { + var m, c; + if (usePrivate) { + /* Type 1: zeros padding for private key encrypt */ + m = new BigInteger(pkcs1Scheme.encPad(buffer, {type: 1})); + c = keyPair.$doPrivate(m); + } else { + m = new BigInteger(keyPair.encryptionScheme.encPad(buffer)); + c = keyPair.$doPublic(m); + } + return c.toBuffer(keyPair.encryptedDataLength); + }, + + decrypt: function (buffer, usePublic) { + var m, c = new BigInteger(buffer); + + if (usePublic) { + m = keyPair.$doPublic(c); + /* Type 1: zeros padding for private key decrypt */ + return pkcs1Scheme.encUnPad(m.toBuffer(keyPair.encryptedDataLength), {type: 1}); + } else { + m = keyPair.$doPrivate(c); + return keyPair.encryptionScheme.encUnPad(m.toBuffer(keyPair.encryptedDataLength)); + } + } + }; +}; \ No newline at end of file diff --git a/src/encryptEngines/node12.js b/src/encryptEngines/node12.js new file mode 100644 index 0000000..86e5836 --- /dev/null +++ b/src/encryptEngines/node12.js @@ -0,0 +1,56 @@ +var crypto = require('crypto'); +var constants = require('constants'); +var schemes = require('../schemes/schemes.js'); + +module.exports = function (keyPair, options) { + var jsEngine = require('./js.js')(keyPair, options); + var pkcs1Scheme = schemes.pkcs1.makeScheme(keyPair, options); + + return { + encrypt: function (buffer, usePrivate) { + if (usePrivate) { + return jsEngine.encrypt(buffer, usePrivate); + } + var padding = constants.RSA_PKCS1_OAEP_PADDING; + if (options.encryptionScheme === 'pkcs1') { + padding = constants.RSA_PKCS1_PADDING; + } + if (options.encryptionSchemeOptions && options.encryptionSchemeOptions.padding) { + padding = options.encryptionSchemeOptions.padding; + } + + var data = buffer; + if (padding === constants.RSA_NO_PADDING) { + data = pkcs1Scheme.pkcs0pad(buffer); + } + + return crypto.publicEncrypt({ + key: options.rsaUtils.exportKey('public'), + padding: padding + }, data); + }, + + decrypt: function (buffer, usePublic) { + if (usePublic) { + return jsEngine.decrypt(buffer, usePublic); + } + var padding = constants.RSA_PKCS1_OAEP_PADDING; + if (options.encryptionScheme === 'pkcs1') { + padding = constants.RSA_PKCS1_PADDING; + } + if (options.encryptionSchemeOptions && options.encryptionSchemeOptions.padding) { + padding = options.encryptionSchemeOptions.padding; + } + + var res = crypto.privateDecrypt({ + key: options.rsaUtils.exportKey('private'), + padding: padding + }, buffer); + + if (padding === constants.RSA_NO_PADDING) { + return pkcs1Scheme.pkcs0unpad(res); + } + return res; + } + }; +}; \ No newline at end of file diff --git a/src/formats/components.js b/src/formats/components.js new file mode 100644 index 0000000..56af95c --- /dev/null +++ b/src/formats/components.js @@ -0,0 +1,71 @@ +var _ = require('../utils')._; +var utils = require('../utils'); + +module.exports = { + privateExport: function (key, options) { + return { + n: key.n.toBuffer(), + e: key.e, + d: key.d.toBuffer(), + p: key.p.toBuffer(), + q: key.q.toBuffer(), + dmp1: key.dmp1.toBuffer(), + dmq1: key.dmq1.toBuffer(), + coeff: key.coeff.toBuffer() + }; + }, + + privateImport: function (key, data, options) { + if (data.n && data.e && data.d && data.p && data.q && data.dmp1 && data.dmq1 && data.coeff) { + key.setPrivate( + data.n, + data.e, + data.d, + data.p, + data.q, + data.dmp1, + data.dmq1, + data.coeff + ); + } else { + throw Error("Invalid key data"); + } + }, + + publicExport: function (key, options) { + return { + n: key.n.toBuffer(), + e: key.e + }; + }, + + publicImport: function (key, data, options) { + if (data.n && data.e) { + key.setPublic( + data.n, + data.e + ); + } else { + throw Error("Invalid key data"); + } + }, + + /** + * Trying autodetect and import key + * @param key + * @param data + */ + autoImport: function (key, data) { + if (data.n && data.e) { + if (data.d && data.p && data.q && data.dmp1 && data.dmq1 && data.coeff) { + module.exports.privateImport(key, data); + return true; + } else { + module.exports.publicImport(key, data); + return true; + } + } + + return false; + } +}; diff --git a/src/formats/formats.js b/src/formats/formats.js new file mode 100644 index 0000000..e1fc3fb --- /dev/null +++ b/src/formats/formats.js @@ -0,0 +1,97 @@ +var _ = require('../utils')._; + +function formatParse(format) { + format = format.split('-'); + var keyType = 'private'; + var keyOpt = {type: 'default'}; + + for (var i = 1; i < format.length; i++) { + if (format[i]) { + switch (format[i]) { + case 'public': + keyType = format[i]; + break; + case 'private': + keyType = format[i]; + break; + case 'pem': + keyOpt.type = format[i]; + break; + case 'der': + keyOpt.type = format[i]; + break; + } + } + } + + return {scheme: format[0], keyType: keyType, keyOpt: keyOpt}; +} + +module.exports = { + pkcs1: require('./pkcs1'), + pkcs8: require('./pkcs8'), + components: require('./components'), + openssh: require('./openssh'), + + isPrivateExport: function (format) { + return module.exports[format] && typeof module.exports[format].privateExport === 'function'; + }, + + isPrivateImport: function (format) { + return module.exports[format] && typeof module.exports[format].privateImport === 'function'; + }, + + isPublicExport: function (format) { + return module.exports[format] && typeof module.exports[format].publicExport === 'function'; + }, + + isPublicImport: function (format) { + return module.exports[format] && typeof module.exports[format].publicImport === 'function'; + }, + + detectAndImport: function (key, data, format) { + if (format === undefined) { + for (var scheme in module.exports) { + if (typeof module.exports[scheme].autoImport === 'function' && module.exports[scheme].autoImport(key, data)) { + return true; + } + } + } else if (format) { + var fmt = formatParse(format); + + if (module.exports[fmt.scheme]) { + if (fmt.keyType === 'private') { + module.exports[fmt.scheme].privateImport(key, data, fmt.keyOpt); + } else { + module.exports[fmt.scheme].publicImport(key, data, fmt.keyOpt); + } + } else { + throw Error('Unsupported key format'); + } + } + + return false; + }, + + detectAndExport: function (key, format) { + if (format) { + var fmt = formatParse(format); + + if (module.exports[fmt.scheme]) { + if (fmt.keyType === 'private') { + if (!key.isPrivate()) { + throw Error("This is not private key"); + } + return module.exports[fmt.scheme].privateExport(key, fmt.keyOpt); + } else { + if (!key.isPublic()) { + throw Error("This is not public key"); + } + return module.exports[fmt.scheme].publicExport(key, fmt.keyOpt); + } + } else { + throw Error('Unsupported key format'); + } + } + } +}; \ No newline at end of file diff --git a/src/formats/openssh.js b/src/formats/openssh.js new file mode 100644 index 0000000..60aa146 --- /dev/null +++ b/src/formats/openssh.js @@ -0,0 +1,292 @@ +var _ = require("../utils")._; +var utils = require("../utils"); +var BigInteger = require("../libs/jsbn"); + +const PRIVATE_OPENING_BOUNDARY = "-----BEGIN OPENSSH PRIVATE KEY-----"; +const PRIVATE_CLOSING_BOUNDARY = "-----END OPENSSH PRIVATE KEY-----"; + +module.exports = { + privateExport: function (key, options) { + const nbuf = key.n.toBuffer(); + + let ebuf = Buffer.alloc(4) + ebuf.writeUInt32BE(key.e, 0); + //Slice leading zeroes + while (ebuf[0] === 0) ebuf = ebuf.slice(1); + + const dbuf = key.d.toBuffer(); + const coeffbuf = key.coeff.toBuffer(); + const pbuf = key.p.toBuffer(); + const qbuf = key.q.toBuffer(); + let commentbuf; + if (typeof key.sshcomment !== "undefined") { + commentbuf = Buffer.from(key.sshcomment); + } else { + commentbuf = Buffer.from([]); + } + + const pubkeyLength = + 11 + // 32bit length, 'ssh-rsa' + 4 + ebuf.byteLength + + 4 + nbuf.byteLength; + + const privateKeyLength = + 8 + //64bit unused checksum + 11 + // 32bit length, 'ssh-rsa' + 4 + nbuf.byteLength + + 4 + ebuf.byteLength + + 4 + dbuf.byteLength + + 4 + coeffbuf.byteLength + + 4 + pbuf.byteLength + + 4 + qbuf.byteLength + + 4 + commentbuf.byteLength; + + let length = + 15 + //openssh-key-v1,0x00, + 16 + // 2*(32bit length, 'none') + 4 + // 32bit length, empty string + 4 + // 32bit number of keys + 4 + // 32bit pubkey length + pubkeyLength + + 4 + //32bit private+checksum+comment+padding length + privateKeyLength; + + const paddingLength = Math.ceil(privateKeyLength / 8) * 8 - privateKeyLength; + length += paddingLength; + + const buf = Buffer.alloc(length); + const writer = {buf: buf, off: 0}; + buf.write("openssh-key-v1", "utf8"); + buf.writeUInt8(0, 14); + writer.off += 15; + + writeOpenSSHKeyString(writer, Buffer.from("none")); + writeOpenSSHKeyString(writer, Buffer.from("none")); + writeOpenSSHKeyString(writer, Buffer.from("")); + + writer.off = writer.buf.writeUInt32BE(1, writer.off); + writer.off = writer.buf.writeUInt32BE(pubkeyLength, writer.off); + + writeOpenSSHKeyString(writer, Buffer.from("ssh-rsa")); + writeOpenSSHKeyString(writer, ebuf); + writeOpenSSHKeyString(writer, nbuf); + + writer.off = writer.buf.writeUInt32BE( + length - 47 - pubkeyLength, + writer.off + ); + writer.off += 8; + + writeOpenSSHKeyString(writer, Buffer.from("ssh-rsa")); + writeOpenSSHKeyString(writer, nbuf); + writeOpenSSHKeyString(writer, ebuf); + writeOpenSSHKeyString(writer, dbuf); + writeOpenSSHKeyString(writer, coeffbuf); + writeOpenSSHKeyString(writer, pbuf); + writeOpenSSHKeyString(writer, qbuf); + writeOpenSSHKeyString(writer, commentbuf); + + let pad = 0x01; + while (writer.off < length) { + writer.off = writer.buf.writeUInt8(pad++, writer.off); + } + + if (options.type === "der") { + return writer.buf + } else { + return PRIVATE_OPENING_BOUNDARY + "\n" + utils.linebrk(buf.toString("base64"), 70) + "\n" + PRIVATE_CLOSING_BOUNDARY + "\n"; + } + }, + + privateImport: function (key, data, options) { + options = options || {}; + var buffer; + + if (options.type !== "der") { + if (Buffer.isBuffer(data)) { + data = data.toString("utf8"); + } + + if (_.isString(data)) { + var pem = utils.trimSurroundingText(data, PRIVATE_OPENING_BOUNDARY, PRIVATE_CLOSING_BOUNDARY) + .replace(/\s+|\n\r|\n|\r$/gm, ""); + buffer = Buffer.from(pem, "base64"); + } else { + throw Error("Unsupported key format"); + } + } else if (Buffer.isBuffer(data)) { + buffer = data; + } else { + throw Error("Unsupported key format"); + } + + const reader = {buf: buffer, off: 0}; + + if (buffer.slice(0, 14).toString("ascii") !== "openssh-key-v1") + throw "Invalid file format."; + + reader.off += 15; + + //ciphername + if (readOpenSSHKeyString(reader).toString("ascii") !== "none") + throw Error("Unsupported key type"); + //kdfname + if (readOpenSSHKeyString(reader).toString("ascii") !== "none") + throw Error("Unsupported key type"); + //kdf + if (readOpenSSHKeyString(reader).toString("ascii") !== "") + throw Error("Unsupported key type"); + //keynum + reader.off += 4; + + //sshpublength + reader.off += 4; + + //keytype + if (readOpenSSHKeyString(reader).toString("ascii") !== "ssh-rsa") + throw Error("Unsupported key type"); + readOpenSSHKeyString(reader); + readOpenSSHKeyString(reader); + + reader.off += 12; + if (readOpenSSHKeyString(reader).toString("ascii") !== "ssh-rsa") + throw Error("Unsupported key type"); + + const n = readOpenSSHKeyString(reader); + const e = readOpenSSHKeyString(reader); + const d = readOpenSSHKeyString(reader); + const coeff = readOpenSSHKeyString(reader); + const p = readOpenSSHKeyString(reader); + const q = readOpenSSHKeyString(reader); + + //Calculate missing values + const dint = new BigInteger(d); + const qint = new BigInteger(q); + const pint = new BigInteger(p); + const dp = dint.mod(pint.subtract(BigInteger.ONE)); + const dq = dint.mod(qint.subtract(BigInteger.ONE)); + + key.setPrivate( + n, // modulus + e, // publicExponent + d, // privateExponent + p, // prime1 + q, // prime2 + dp.toBuffer(), // exponent1 -- d mod (p1) + dq.toBuffer(), // exponent2 -- d mod (q-1) + coeff // coefficient -- (inverse of q) mod p + ); + + key.sshcomment = readOpenSSHKeyString(reader).toString("ascii"); + }, + + publicExport: function (key, options) { + let ebuf = Buffer.alloc(4) + ebuf.writeUInt32BE(key.e, 0); + //Slice leading zeroes + while (ebuf[0] === 0) ebuf = ebuf.slice(1); + const nbuf = key.n.toBuffer(); + const buf = Buffer.alloc( + ebuf.byteLength + 4 + + nbuf.byteLength + 4 + + "ssh-rsa".length + 4 + ); + + const writer = {buf: buf, off: 0}; + writeOpenSSHKeyString(writer, Buffer.from("ssh-rsa")); + writeOpenSSHKeyString(writer, ebuf); + writeOpenSSHKeyString(writer, nbuf); + + let comment = key.sshcomment || ""; + + if (options.type === "der") { + return writer.buf + } else { + return "ssh-rsa " + buf.toString("base64") + " " + comment + "\n"; + } + }, + + publicImport: function (key, data, options) { + options = options || {}; + var buffer; + + if (options.type !== "der") { + if (Buffer.isBuffer(data)) { + data = data.toString("utf8"); + } + + if (_.isString(data)) { + if (data.substring(0, 8) !== "ssh-rsa ") + throw Error("Unsupported key format"); + let pemEnd = data.indexOf(" ", 8); + + //Handle keys with no comment + if (pemEnd === -1) { + pemEnd = data.length; + } else { + key.sshcomment = data.substring(pemEnd + 1) + .replace(/\s+|\n\r|\n|\r$/gm, ""); + } + + const pem = data.substring(8, pemEnd) + .replace(/\s+|\n\r|\n|\r$/gm, ""); + buffer = Buffer.from(pem, "base64"); + } else { + throw Error("Unsupported key format"); + } + } else if (Buffer.isBuffer(data)) { + buffer = data; + } else { + throw Error("Unsupported key format"); + } + + const reader = {buf: buffer, off: 0}; + + const type = readOpenSSHKeyString(reader).toString("ascii"); + + if (type !== "ssh-rsa") + throw Error("Invalid key type: " + type); + + const e = readOpenSSHKeyString(reader); + const n = readOpenSSHKeyString(reader); + + key.setPublic( + n, + e + ); + }, + + /** + * Trying autodetect and import key + * @param key + * @param data + */ + autoImport: function (key, data) { + // [\S\s]* matches zero or more of any character + if (/^[\S\s]*-----BEGIN OPENSSH PRIVATE KEY-----\s*(?=(([A-Za-z0-9+/=]+\s*)+))\1-----END OPENSSH PRIVATE KEY-----[\S\s]*$/g.test(data)) { + module.exports.privateImport(key, data); + return true; + } + + if (/^[\S\s]*ssh-rsa \s*(?=(([A-Za-z0-9+/=]+\s*)+))\1[\S\s]*$/g.test(data)) { + module.exports.publicImport(key, data); + return true; + } + + return false; + } +}; + +function readOpenSSHKeyString(reader) { + const len = reader.buf.readInt32BE(reader.off); + reader.off += 4; + const res = reader.buf.slice(reader.off, reader.off + len); + reader.off += len; + return res; +} + +function writeOpenSSHKeyString(writer, data) { + writer.buf.writeInt32BE(data.byteLength, writer.off); + writer.off += 4; + writer.off += data.copy(writer.buf, writer.off); +} \ No newline at end of file diff --git a/src/formats/pkcs1.js b/src/formats/pkcs1.js new file mode 100644 index 0000000..5fba246 --- /dev/null +++ b/src/formats/pkcs1.js @@ -0,0 +1,148 @@ +var ber = require('asn1').Ber; +var _ = require('../utils')._; +var utils = require('../utils'); + +const PRIVATE_OPENING_BOUNDARY = '-----BEGIN RSA PRIVATE KEY-----'; +const PRIVATE_CLOSING_BOUNDARY = '-----END RSA PRIVATE KEY-----'; + +const PUBLIC_OPENING_BOUNDARY = '-----BEGIN RSA PUBLIC KEY-----'; +const PUBLIC_CLOSING_BOUNDARY = '-----END RSA PUBLIC KEY-----'; + +module.exports = { + privateExport: function (key, options) { + options = options || {}; + + var n = key.n.toBuffer(); + var d = key.d.toBuffer(); + var p = key.p.toBuffer(); + var q = key.q.toBuffer(); + var dmp1 = key.dmp1.toBuffer(); + var dmq1 = key.dmq1.toBuffer(); + var coeff = key.coeff.toBuffer(); + + var length = n.length + d.length + p.length + q.length + dmp1.length + dmq1.length + coeff.length + 512; // magic + var writer = new ber.Writer({size: length}); + + writer.startSequence(); + writer.writeInt(0); + writer.writeBuffer(n, 2); + writer.writeInt(key.e); + writer.writeBuffer(d, 2); + writer.writeBuffer(p, 2); + writer.writeBuffer(q, 2); + writer.writeBuffer(dmp1, 2); + writer.writeBuffer(dmq1, 2); + writer.writeBuffer(coeff, 2); + writer.endSequence(); + + if (options.type === 'der') { + return writer.buffer; + } else { + return PRIVATE_OPENING_BOUNDARY + '\n' + utils.linebrk(writer.buffer.toString('base64'), 64) + '\n' + PRIVATE_CLOSING_BOUNDARY; + } + }, + + privateImport: function (key, data, options) { + options = options || {}; + var buffer; + + if (options.type !== 'der') { + if (Buffer.isBuffer(data)) { + data = data.toString('utf8'); + } + + if (_.isString(data)) { + var pem = utils.trimSurroundingText(data, PRIVATE_OPENING_BOUNDARY, PRIVATE_CLOSING_BOUNDARY) + .replace(/\s+|\n\r|\n|\r$/gm, ''); + buffer = Buffer.from(pem, 'base64'); + } else { + throw Error('Unsupported key format'); + } + } else if (Buffer.isBuffer(data)) { + buffer = data; + } else { + throw Error('Unsupported key format'); + } + + var reader = new ber.Reader(buffer); + reader.readSequence(); + reader.readString(2, true); // just zero + key.setPrivate( + reader.readString(2, true), // modulus + reader.readString(2, true), // publicExponent + reader.readString(2, true), // privateExponent + reader.readString(2, true), // prime1 + reader.readString(2, true), // prime2 + reader.readString(2, true), // exponent1 -- d mod (p1) + reader.readString(2, true), // exponent2 -- d mod (q-1) + reader.readString(2, true) // coefficient -- (inverse of q) mod p + ); + }, + + publicExport: function (key, options) { + options = options || {}; + + var n = key.n.toBuffer(); + var length = n.length + 512; // magic + + var bodyWriter = new ber.Writer({size: length}); + bodyWriter.startSequence(); + bodyWriter.writeBuffer(n, 2); + bodyWriter.writeInt(key.e); + bodyWriter.endSequence(); + + if (options.type === 'der') { + return bodyWriter.buffer; + } else { + return PUBLIC_OPENING_BOUNDARY + '\n' + utils.linebrk(bodyWriter.buffer.toString('base64'), 64) + '\n' + PUBLIC_CLOSING_BOUNDARY; + } + }, + + publicImport: function (key, data, options) { + options = options || {}; + var buffer; + + if (options.type !== 'der') { + if (Buffer.isBuffer(data)) { + data = data.toString('utf8'); + } + + if (_.isString(data)) { + var pem = utils.trimSurroundingText(data, PUBLIC_OPENING_BOUNDARY, PUBLIC_CLOSING_BOUNDARY) + .replace(/\s+|\n\r|\n|\r$/gm, ''); + buffer = Buffer.from(pem, 'base64'); + } + } else if (Buffer.isBuffer(data)) { + buffer = data; + } else { + throw Error('Unsupported key format'); + } + + var body = new ber.Reader(buffer); + body.readSequence(); + key.setPublic( + body.readString(0x02, true), // modulus + body.readString(0x02, true) // publicExponent + ); + }, + + /** + * Trying autodetect and import key + * @param key + * @param data + */ + autoImport: function (key, data) { + // [\S\s]* matches zero or more of any character + if (/^[\S\s]*-----BEGIN RSA PRIVATE KEY-----\s*(?=(([A-Za-z0-9+/=]+\s*)+))\1-----END RSA PRIVATE KEY-----[\S\s]*$/g.test(data)) { + module.exports.privateImport(key, data); + return true; + } + + if (/^[\S\s]*-----BEGIN RSA PUBLIC KEY-----\s*(?=(([A-Za-z0-9+/=]+\s*)+))\1-----END RSA PUBLIC KEY-----[\S\s]*$/g.test(data)) { + module.exports.publicImport(key, data); + return true; + } + + return false; + } +}; \ No newline at end of file diff --git a/src/formats/pkcs8.js b/src/formats/pkcs8.js new file mode 100644 index 0000000..3dd1a3c --- /dev/null +++ b/src/formats/pkcs8.js @@ -0,0 +1,187 @@ +var ber = require('asn1').Ber; +var _ = require('../utils')._; +var PUBLIC_RSA_OID = '1.2.840.113549.1.1.1'; +var utils = require('../utils'); + +const PRIVATE_OPENING_BOUNDARY = '-----BEGIN PRIVATE KEY-----'; +const PRIVATE_CLOSING_BOUNDARY = '-----END PRIVATE KEY-----'; + +const PUBLIC_OPENING_BOUNDARY = '-----BEGIN PUBLIC KEY-----'; +const PUBLIC_CLOSING_BOUNDARY = '-----END PUBLIC KEY-----'; + +module.exports = { + privateExport: function (key, options) { + options = options || {}; + + var n = key.n.toBuffer(); + var d = key.d.toBuffer(); + var p = key.p.toBuffer(); + var q = key.q.toBuffer(); + var dmp1 = key.dmp1.toBuffer(); + var dmq1 = key.dmq1.toBuffer(); + var coeff = key.coeff.toBuffer(); + + var length = n.length + d.length + p.length + q.length + dmp1.length + dmq1.length + coeff.length + 512; // magic + var bodyWriter = new ber.Writer({size: length}); + + bodyWriter.startSequence(); + bodyWriter.writeInt(0); + bodyWriter.writeBuffer(n, 2); + bodyWriter.writeInt(key.e); + bodyWriter.writeBuffer(d, 2); + bodyWriter.writeBuffer(p, 2); + bodyWriter.writeBuffer(q, 2); + bodyWriter.writeBuffer(dmp1, 2); + bodyWriter.writeBuffer(dmq1, 2); + bodyWriter.writeBuffer(coeff, 2); + bodyWriter.endSequence(); + + var writer = new ber.Writer({size: length}); + writer.startSequence(); + writer.writeInt(0); + writer.startSequence(); + writer.writeOID(PUBLIC_RSA_OID); + writer.writeNull(); + writer.endSequence(); + writer.writeBuffer(bodyWriter.buffer, 4); + writer.endSequence(); + + if (options.type === 'der') { + return writer.buffer; + } else { + return PRIVATE_OPENING_BOUNDARY + '\n' + utils.linebrk(writer.buffer.toString('base64'), 64) + '\n' + PRIVATE_CLOSING_BOUNDARY; + } + }, + + privateImport: function (key, data, options) { + options = options || {}; + var buffer; + + if (options.type !== 'der') { + if (Buffer.isBuffer(data)) { + data = data.toString('utf8'); + } + + if (_.isString(data)) { + var pem = utils.trimSurroundingText(data, PRIVATE_OPENING_BOUNDARY, PRIVATE_CLOSING_BOUNDARY) + .replace('-----END PRIVATE KEY-----', '') + .replace(/\s+|\n\r|\n|\r$/gm, ''); + buffer = Buffer.from(pem, 'base64'); + } else { + throw Error('Unsupported key format'); + } + } else if (Buffer.isBuffer(data)) { + buffer = data; + } else { + throw Error('Unsupported key format'); + } + + var reader = new ber.Reader(buffer); + reader.readSequence(); + reader.readInt(0); + var header = new ber.Reader(reader.readString(0x30, true)); + + if (header.readOID(0x06, true) !== PUBLIC_RSA_OID) { + throw Error('Invalid Public key format'); + } + + var body = new ber.Reader(reader.readString(0x04, true)); + body.readSequence(); + body.readString(2, true); // just zero + key.setPrivate( + body.readString(2, true), // modulus + body.readString(2, true), // publicExponent + body.readString(2, true), // privateExponent + body.readString(2, true), // prime1 + body.readString(2, true), // prime2 + body.readString(2, true), // exponent1 -- d mod (p1) + body.readString(2, true), // exponent2 -- d mod (q-1) + body.readString(2, true) // coefficient -- (inverse of q) mod p + ); + }, + + publicExport: function (key, options) { + options = options || {}; + + var n = key.n.toBuffer(); + var length = n.length + 512; // magic + + var bodyWriter = new ber.Writer({size: length}); + bodyWriter.writeByte(0); + bodyWriter.startSequence(); + bodyWriter.writeBuffer(n, 2); + bodyWriter.writeInt(key.e); + bodyWriter.endSequence(); + + var writer = new ber.Writer({size: length}); + writer.startSequence(); + writer.startSequence(); + writer.writeOID(PUBLIC_RSA_OID); + writer.writeNull(); + writer.endSequence(); + writer.writeBuffer(bodyWriter.buffer, 3); + writer.endSequence(); + + if (options.type === 'der') { + return writer.buffer; + } else { + return PUBLIC_OPENING_BOUNDARY + '\n' + utils.linebrk(writer.buffer.toString('base64'), 64) + '\n' + PUBLIC_CLOSING_BOUNDARY; + } + }, + + publicImport: function (key, data, options) { + options = options || {}; + var buffer; + + if (options.type !== 'der') { + if (Buffer.isBuffer(data)) { + data = data.toString('utf8'); + } + + if (_.isString(data)) { + var pem = utils.trimSurroundingText(data, PUBLIC_OPENING_BOUNDARY, PUBLIC_CLOSING_BOUNDARY) + .replace(/\s+|\n\r|\n|\r$/gm, ''); + buffer = Buffer.from(pem, 'base64'); + } + } else if (Buffer.isBuffer(data)) { + buffer = data; + } else { + throw Error('Unsupported key format'); + } + + var reader = new ber.Reader(buffer); + reader.readSequence(); + var header = new ber.Reader(reader.readString(0x30, true)); + + if (header.readOID(0x06, true) !== PUBLIC_RSA_OID) { + throw Error('Invalid Public key format'); + } + + var body = new ber.Reader(reader.readString(0x03, true)); + body.readByte(); + body.readSequence(); + key.setPublic( + body.readString(0x02, true), // modulus + body.readString(0x02, true) // publicExponent + ); + }, + + /** + * Trying autodetect and import key + * @param key + * @param data + */ + autoImport: function (key, data) { + if (/^[\S\s]*-----BEGIN PRIVATE KEY-----\s*(?=(([A-Za-z0-9+/=]+\s*)+))\1-----END PRIVATE KEY-----[\S\s]*$/g.test(data)) { + module.exports.privateImport(key, data); + return true; + } + + if (/^[\S\s]*-----BEGIN PUBLIC KEY-----\s*(?=(([A-Za-z0-9+/=]+\s*)+))\1-----END PUBLIC KEY-----[\S\s]*$/g.test(data)) { + module.exports.publicImport(key, data); + return true; + } + + return false; + } +}; diff --git a/src/libs/jsbn.js b/src/libs/jsbn.js new file mode 100644 index 0000000..5464d7c --- /dev/null +++ b/src/libs/jsbn.js @@ -0,0 +1,1540 @@ +/* + * Basic JavaScript BN library - subset useful for RSA encryption. + * + * Copyright (c) 2003-2005 Tom Wu + * All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, + * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY + * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + * + * IN NO EVENT SHALL TOM WU BE LIABLE FOR ANY SPECIAL, INCIDENTAL, + * INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER + * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF + * THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT + * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * In addition, the following condition applies: + * + * All redistributions must retain an intact copy of this copyright notice + * and disclaimer. + */ + +/* + * Added Node.js Buffers support + * 2014 rzcoder + */ + +var crypt = require('crypto'); +var _ = require('../utils')._; + +// Bits per digit +var dbits; + +// JavaScript engine analysis +var canary = 0xdeadbeefcafe; +var j_lm = ((canary & 0xffffff) == 0xefcafe); + +// (public) Constructor +function BigInteger(a, b) { + if (a != null) { + if ("number" == typeof a) { + this.fromNumber(a, b); + } else if (Buffer.isBuffer(a)) { + this.fromBuffer(a); + } else if (b == null && "string" != typeof a) { + this.fromByteArray(a); + } else { + this.fromString(a, b); + } + } +} + +// return new, unset BigInteger +function nbi() { + return new BigInteger(null); +} + +// am: Compute w_j += (x*this_i), propagate carries, +// c is initial carry, returns final carry. +// c < 3*dvalue, x < 2*dvalue, this_i < dvalue +// We need to select the fastest one that works in this environment. + +// am1: use a single mult and divide to get the high bits, +// max digit bits should be 26 because +// max internal value = 2*dvalue^2-2*dvalue (< 2^53) +function am1(i, x, w, j, c, n) { + while (--n >= 0) { + var v = x * this[i++] + w[j] + c; + c = Math.floor(v / 0x4000000); + w[j++] = v & 0x3ffffff; + } + return c; +} +// am2 avoids a big mult-and-extract completely. +// Max digit bits should be <= 30 because we do bitwise ops +// on values up to 2*hdvalue^2-hdvalue-1 (< 2^31) +function am2(i, x, w, j, c, n) { + var xl = x & 0x7fff, xh = x >> 15; + while (--n >= 0) { + var l = this[i] & 0x7fff; + var h = this[i++] >> 15; + var m = xh * l + h * xl; + l = xl * l + ((m & 0x7fff) << 15) + w[j] + (c & 0x3fffffff); + c = (l >>> 30) + (m >>> 15) + xh * h + (c >>> 30); + w[j++] = l & 0x3fffffff; + } + return c; +} +// Alternately, set max digit bits to 28 since some +// browsers slow down when dealing with 32-bit numbers. +function am3(i, x, w, j, c, n) { + var xl = x & 0x3fff, xh = x >> 14; + while (--n >= 0) { + var l = this[i] & 0x3fff; + var h = this[i++] >> 14; + var m = xh * l + h * xl; + l = xl * l + ((m & 0x3fff) << 14) + w[j] + c; + c = (l >> 28) + (m >> 14) + xh * h; + w[j++] = l & 0xfffffff; + } + return c; +} + +// We need to select the fastest one that works in this environment. +//if (j_lm && (navigator.appName == "Microsoft Internet Explorer")) { +// BigInteger.prototype.am = am2; +// dbits = 30; +//} else if (j_lm && (navigator.appName != "Netscape")) { +// BigInteger.prototype.am = am1; +// dbits = 26; +//} else { // Mozilla/Netscape seems to prefer am3 +// BigInteger.prototype.am = am3; +// dbits = 28; +//} + +// For node.js, we pick am3 with max dbits to 28. +BigInteger.prototype.am = am3; +dbits = 28; + +BigInteger.prototype.DB = dbits; +BigInteger.prototype.DM = ((1 << dbits) - 1); +BigInteger.prototype.DV = (1 << dbits); + +var BI_FP = 52; +BigInteger.prototype.FV = Math.pow(2, BI_FP); +BigInteger.prototype.F1 = BI_FP - dbits; +BigInteger.prototype.F2 = 2 * dbits - BI_FP; + +// Digit conversions +var BI_RM = "0123456789abcdefghijklmnopqrstuvwxyz"; +var BI_RC = new Array(); +var rr, vv; +rr = "0".charCodeAt(0); +for (vv = 0; vv <= 9; ++vv) BI_RC[rr++] = vv; +rr = "a".charCodeAt(0); +for (vv = 10; vv < 36; ++vv) BI_RC[rr++] = vv; +rr = "A".charCodeAt(0); +for (vv = 10; vv < 36; ++vv) BI_RC[rr++] = vv; + +function int2char(n) { + return BI_RM.charAt(n); +} +function intAt(s, i) { + var c = BI_RC[s.charCodeAt(i)]; + return (c == null) ? -1 : c; +} + +// (protected) copy this to r +function bnpCopyTo(r) { + for (var i = this.t - 1; i >= 0; --i) r[i] = this[i]; + r.t = this.t; + r.s = this.s; +} + +// (protected) set from integer value x, -DV <= x < DV +function bnpFromInt(x) { + this.t = 1; + this.s = (x < 0) ? -1 : 0; + if (x > 0) this[0] = x; + else if (x < -1) this[0] = x + DV; + else this.t = 0; +} + +// return bigint initialized to value +function nbv(i) { + var r = nbi(); + r.fromInt(i); + return r; +} + +// (protected) set from string and radix +function bnpFromString(data, radix, unsigned) { + var k; + switch (radix) { + case 2: + k = 1; + break; + case 4: + k = 2; + break; + case 8: + k = 3; + break; + case 16: + k = 4; + break; + case 32: + k = 5; + break; + case 256: + k = 8; + break; + default: + this.fromRadix(data, radix); + return; + } + + this.t = 0; + this.s = 0; + + var i = data.length; + var mi = false; + var sh = 0; + + while (--i >= 0) { + var x = (k == 8) ? data[i] & 0xff : intAt(data, i); + if (x < 0) { + if (data.charAt(i) == "-") mi = true; + continue; + } + mi = false; + if (sh === 0) + this[this.t++] = x; + else if (sh + k > this.DB) { + this[this.t - 1] |= (x & ((1 << (this.DB - sh)) - 1)) << sh; + this[this.t++] = (x >> (this.DB - sh)); + } + else + this[this.t - 1] |= x << sh; + sh += k; + if (sh >= this.DB) sh -= this.DB; + } + if ((!unsigned) && k == 8 && (data[0] & 0x80) != 0) { + this.s = -1; + if (sh > 0) this[this.t - 1] |= ((1 << (this.DB - sh)) - 1) << sh; + } + this.clamp(); + if (mi) BigInteger.ZERO.subTo(this, this); +} + +function bnpFromByteArray(a, unsigned) { + this.fromString(a, 256, unsigned) +} + +function bnpFromBuffer(a) { + this.fromString(a, 256, true) +} + +// (protected) clamp off excess high words +function bnpClamp() { + var c = this.s & this.DM; + while (this.t > 0 && this[this.t - 1] == c) --this.t; +} + +// (public) return string representation in given radix +function bnToString(b) { + if (this.s < 0) return "-" + this.negate().toString(b); + var k; + if (b == 16) k = 4; + else if (b == 8) k = 3; + else if (b == 2) k = 1; + else if (b == 32) k = 5; + else if (b == 4) k = 2; + else return this.toRadix(b); + var km = (1 << k) - 1, d, m = false, r = "", i = this.t; + var p = this.DB - (i * this.DB) % k; + if (i-- > 0) { + if (p < this.DB && (d = this[i] >> p) > 0) { + m = true; + r = int2char(d); + } + while (i >= 0) { + if (p < k) { + d = (this[i] & ((1 << p) - 1)) << (k - p); + d |= this[--i] >> (p += this.DB - k); + } + else { + d = (this[i] >> (p -= k)) & km; + if (p <= 0) { + p += this.DB; + --i; + } + } + if (d > 0) m = true; + if (m) r += int2char(d); + } + } + return m ? r : "0"; +} + +// (public) -this +function bnNegate() { + var r = nbi(); + BigInteger.ZERO.subTo(this, r); + return r; +} + +// (public) |this| +function bnAbs() { + return (this.s < 0) ? this.negate() : this; +} + +// (public) return + if this > a, - if this < a, 0 if equal +function bnCompareTo(a) { + var r = this.s - a.s; + if (r != 0) return r; + var i = this.t; + r = i - a.t; + if (r != 0) return (this.s < 0) ? -r : r; + while (--i >= 0) if ((r = this[i] - a[i]) != 0) return r; + return 0; +} + +// returns bit length of the integer x +function nbits(x) { + var r = 1, t; + if ((t = x >>> 16) != 0) { + x = t; + r += 16; + } + if ((t = x >> 8) != 0) { + x = t; + r += 8; + } + if ((t = x >> 4) != 0) { + x = t; + r += 4; + } + if ((t = x >> 2) != 0) { + x = t; + r += 2; + } + if ((t = x >> 1) != 0) { + x = t; + r += 1; + } + return r; +} + +// (public) return the number of bits in "this" +function bnBitLength() { + if (this.t <= 0) return 0; + return this.DB * (this.t - 1) + nbits(this[this.t - 1] ^ (this.s & this.DM)); +} + +// (protected) r = this << n*DB +function bnpDLShiftTo(n, r) { + var i; + for (i = this.t - 1; i >= 0; --i) r[i + n] = this[i]; + for (i = n - 1; i >= 0; --i) r[i] = 0; + r.t = this.t + n; + r.s = this.s; +} + +// (protected) r = this >> n*DB +function bnpDRShiftTo(n, r) { + for (var i = n; i < this.t; ++i) r[i - n] = this[i]; + r.t = Math.max(this.t - n, 0); + r.s = this.s; +} + +// (protected) r = this << n +function bnpLShiftTo(n, r) { + var bs = n % this.DB; + var cbs = this.DB - bs; + var bm = (1 << cbs) - 1; + var ds = Math.floor(n / this.DB), c = (this.s << bs) & this.DM, i; + for (i = this.t - 1; i >= 0; --i) { + r[i + ds + 1] = (this[i] >> cbs) | c; + c = (this[i] & bm) << bs; + } + for (i = ds - 1; i >= 0; --i) r[i] = 0; + r[ds] = c; + r.t = this.t + ds + 1; + r.s = this.s; + r.clamp(); +} + +// (protected) r = this >> n +function bnpRShiftTo(n, r) { + r.s = this.s; + var ds = Math.floor(n / this.DB); + if (ds >= this.t) { + r.t = 0; + return; + } + var bs = n % this.DB; + var cbs = this.DB - bs; + var bm = (1 << bs) - 1; + r[0] = this[ds] >> bs; + for (var i = ds + 1; i < this.t; ++i) { + r[i - ds - 1] |= (this[i] & bm) << cbs; + r[i - ds] = this[i] >> bs; + } + if (bs > 0) r[this.t - ds - 1] |= (this.s & bm) << cbs; + r.t = this.t - ds; + r.clamp(); +} + +// (protected) r = this - a +function bnpSubTo(a, r) { + var i = 0, c = 0, m = Math.min(a.t, this.t); + while (i < m) { + c += this[i] - a[i]; + r[i++] = c & this.DM; + c >>= this.DB; + } + if (a.t < this.t) { + c -= a.s; + while (i < this.t) { + c += this[i]; + r[i++] = c & this.DM; + c >>= this.DB; + } + c += this.s; + } + else { + c += this.s; + while (i < a.t) { + c -= a[i]; + r[i++] = c & this.DM; + c >>= this.DB; + } + c -= a.s; + } + r.s = (c < 0) ? -1 : 0; + if (c < -1) r[i++] = this.DV + c; + else if (c > 0) r[i++] = c; + r.t = i; + r.clamp(); +} + +// (protected) r = this * a, r != this,a (HAC 14.12) +// "this" should be the larger one if appropriate. +function bnpMultiplyTo(a, r) { + var x = this.abs(), y = a.abs(); + var i = x.t; + r.t = i + y.t; + while (--i >= 0) r[i] = 0; + for (i = 0; i < y.t; ++i) r[i + x.t] = x.am(0, y[i], r, i, 0, x.t); + r.s = 0; + r.clamp(); + if (this.s != a.s) BigInteger.ZERO.subTo(r, r); +} + +// (protected) r = this^2, r != this (HAC 14.16) +function bnpSquareTo(r) { + var x = this.abs(); + var i = r.t = 2 * x.t; + while (--i >= 0) r[i] = 0; + for (i = 0; i < x.t - 1; ++i) { + var c = x.am(i, x[i], r, 2 * i, 0, 1); + if ((r[i + x.t] += x.am(i + 1, 2 * x[i], r, 2 * i + 1, c, x.t - i - 1)) >= x.DV) { + r[i + x.t] -= x.DV; + r[i + x.t + 1] = 1; + } + } + if (r.t > 0) r[r.t - 1] += x.am(i, x[i], r, 2 * i, 0, 1); + r.s = 0; + r.clamp(); +} + +// (protected) divide this by m, quotient and remainder to q, r (HAC 14.20) +// r != q, this != m. q or r may be null. +function bnpDivRemTo(m, q, r) { + var pm = m.abs(); + if (pm.t <= 0) return; + var pt = this.abs(); + if (pt.t < pm.t) { + if (q != null) q.fromInt(0); + if (r != null) this.copyTo(r); + return; + } + if (r == null) r = nbi(); + var y = nbi(), ts = this.s, ms = m.s; + var nsh = this.DB - nbits(pm[pm.t - 1]); // normalize modulus + if (nsh > 0) { + pm.lShiftTo(nsh, y); + pt.lShiftTo(nsh, r); + } + else { + pm.copyTo(y); + pt.copyTo(r); + } + var ys = y.t; + var y0 = y[ys - 1]; + if (y0 === 0) return; + var yt = y0 * (1 << this.F1) + ((ys > 1) ? y[ys - 2] >> this.F2 : 0); + var d1 = this.FV / yt, d2 = (1 << this.F1) / yt, e = 1 << this.F2; + var i = r.t, j = i - ys, t = (q == null) ? nbi() : q; + y.dlShiftTo(j, t); + if (r.compareTo(t) >= 0) { + r[r.t++] = 1; + r.subTo(t, r); + } + BigInteger.ONE.dlShiftTo(ys, t); + t.subTo(y, y); // "negative" y so we can replace sub with am later + while (y.t < ys) y[y.t++] = 0; + while (--j >= 0) { + // Estimate quotient digit + var qd = (r[--i] == y0) ? this.DM : Math.floor(r[i] * d1 + (r[i - 1] + e) * d2); + if ((r[i] += y.am(0, qd, r, j, 0, ys)) < qd) { // Try it out + y.dlShiftTo(j, t); + r.subTo(t, r); + while (r[i] < --qd) r.subTo(t, r); + } + } + if (q != null) { + r.drShiftTo(ys, q); + if (ts != ms) BigInteger.ZERO.subTo(q, q); + } + r.t = ys; + r.clamp(); + if (nsh > 0) r.rShiftTo(nsh, r); // Denormalize remainder + if (ts < 0) BigInteger.ZERO.subTo(r, r); +} + +// (public) this mod a +function bnMod(a) { + var r = nbi(); + this.abs().divRemTo(a, null, r); + if (this.s < 0 && r.compareTo(BigInteger.ZERO) > 0) a.subTo(r, r); + return r; +} + +// Modular reduction using "classic" algorithm +function Classic(m) { + this.m = m; +} +function cConvert(x) { + if (x.s < 0 || x.compareTo(this.m) >= 0) return x.mod(this.m); + else return x; +} +function cRevert(x) { + return x; +} +function cReduce(x) { + x.divRemTo(this.m, null, x); +} +function cMulTo(x, y, r) { + x.multiplyTo(y, r); + this.reduce(r); +} +function cSqrTo(x, r) { + x.squareTo(r); + this.reduce(r); +} + +Classic.prototype.convert = cConvert; +Classic.prototype.revert = cRevert; +Classic.prototype.reduce = cReduce; +Classic.prototype.mulTo = cMulTo; +Classic.prototype.sqrTo = cSqrTo; + +// (protected) return "-1/this % 2^DB"; useful for Mont. reduction +// justification: +// xy == 1 (mod m) +// xy = 1+km +// xy(2-xy) = (1+km)(1-km) +// x[y(2-xy)] = 1-k^2m^2 +// x[y(2-xy)] == 1 (mod m^2) +// if y is 1/x mod m, then y(2-xy) is 1/x mod m^2 +// should reduce x and y(2-xy) by m^2 at each step to keep size bounded. +// JS multiply "overflows" differently from C/C++, so care is needed here. +function bnpInvDigit() { + if (this.t < 1) return 0; + var x = this[0]; + if ((x & 1) === 0) return 0; + var y = x & 3; // y == 1/x mod 2^2 + y = (y * (2 - (x & 0xf) * y)) & 0xf; // y == 1/x mod 2^4 + y = (y * (2 - (x & 0xff) * y)) & 0xff; // y == 1/x mod 2^8 + y = (y * (2 - (((x & 0xffff) * y) & 0xffff))) & 0xffff; // y == 1/x mod 2^16 + // last step - calculate inverse mod DV directly; + // assumes 16 < DB <= 32 and assumes ability to handle 48-bit ints + y = (y * (2 - x * y % this.DV)) % this.DV; // y == 1/x mod 2^dbits + // we really want the negative inverse, and -DV < y < DV + return (y > 0) ? this.DV - y : -y; +} + +// Montgomery reduction +function Montgomery(m) { + this.m = m; + this.mp = m.invDigit(); + this.mpl = this.mp & 0x7fff; + this.mph = this.mp >> 15; + this.um = (1 << (m.DB - 15)) - 1; + this.mt2 = 2 * m.t; +} + +// xR mod m +function montConvert(x) { + var r = nbi(); + x.abs().dlShiftTo(this.m.t, r); + r.divRemTo(this.m, null, r); + if (x.s < 0 && r.compareTo(BigInteger.ZERO) > 0) this.m.subTo(r, r); + return r; +} + +// x/R mod m +function montRevert(x) { + var r = nbi(); + x.copyTo(r); + this.reduce(r); + return r; +} + +// x = x/R mod m (HAC 14.32) +function montReduce(x) { + while (x.t <= this.mt2) // pad x so am has enough room later + x[x.t++] = 0; + for (var i = 0; i < this.m.t; ++i) { + // faster way of calculating u0 = x[i]*mp mod DV + var j = x[i] & 0x7fff; + var u0 = (j * this.mpl + (((j * this.mph + (x[i] >> 15) * this.mpl) & this.um) << 15)) & x.DM; + // use am to combine the multiply-shift-add into one call + j = i + this.m.t; + x[j] += this.m.am(0, u0, x, i, 0, this.m.t); + // propagate carry + while (x[j] >= x.DV) { + x[j] -= x.DV; + x[++j]++; + } + } + x.clamp(); + x.drShiftTo(this.m.t, x); + if (x.compareTo(this.m) >= 0) x.subTo(this.m, x); +} + +// r = "x^2/R mod m"; x != r +function montSqrTo(x, r) { + x.squareTo(r); + this.reduce(r); +} + +// r = "xy/R mod m"; x,y != r +function montMulTo(x, y, r) { + x.multiplyTo(y, r); + this.reduce(r); +} + +Montgomery.prototype.convert = montConvert; +Montgomery.prototype.revert = montRevert; +Montgomery.prototype.reduce = montReduce; +Montgomery.prototype.mulTo = montMulTo; +Montgomery.prototype.sqrTo = montSqrTo; + +// (protected) true iff this is even +function bnpIsEven() { + return ((this.t > 0) ? (this[0] & 1) : this.s) === 0; +} + +// (protected) this^e, e < 2^32, doing sqr and mul with "r" (HAC 14.79) +function bnpExp(e, z) { + if (e > 0xffffffff || e < 1) return BigInteger.ONE; + var r = nbi(), r2 = nbi(), g = z.convert(this), i = nbits(e) - 1; + g.copyTo(r); + while (--i >= 0) { + z.sqrTo(r, r2); + if ((e & (1 << i)) > 0) z.mulTo(r2, g, r); + else { + var t = r; + r = r2; + r2 = t; + } + } + return z.revert(r); +} + +// (public) this^e % m, 0 <= e < 2^32 +function bnModPowInt(e, m) { + var z; + if (e < 256 || m.isEven()) z = new Classic(m); else z = new Montgomery(m); + return this.exp(e, z); +} + +// Copyright (c) 2005-2009 Tom Wu +// All Rights Reserved. +// See "LICENSE" for details. + +// Extended JavaScript BN functions, required for RSA private ops. + +// Version 1.1: new BigInteger("0", 10) returns "proper" zero +// Version 1.2: square() API, isProbablePrime fix + +//(public) +function bnClone() { + var r = nbi(); + this.copyTo(r); + return r; +} + +//(public) return value as integer +function bnIntValue() { + if (this.s < 0) { + if (this.t == 1) return this[0] - this.DV; + else if (this.t === 0) return -1; + } + else if (this.t == 1) return this[0]; + else if (this.t === 0) return 0; +// assumes 16 < DB < 32 + return ((this[1] & ((1 << (32 - this.DB)) - 1)) << this.DB) | this[0]; +} + +//(public) return value as byte +function bnByteValue() { + return (this.t == 0) ? this.s : (this[0] << 24) >> 24; +} + +//(public) return value as short (assumes DB>=16) +function bnShortValue() { + return (this.t == 0) ? this.s : (this[0] << 16) >> 16; +} + +//(protected) return x s.t. r^x < DV +function bnpChunkSize(r) { + return Math.floor(Math.LN2 * this.DB / Math.log(r)); +} + +//(public) 0 if this === 0, 1 if this > 0 +function bnSigNum() { + if (this.s < 0) return -1; + else if (this.t <= 0 || (this.t == 1 && this[0] <= 0)) return 0; + else return 1; +} + +//(protected) convert to radix string +function bnpToRadix(b) { + if (b == null) b = 10; + if (this.signum() === 0 || b < 2 || b > 36) return "0"; + var cs = this.chunkSize(b); + var a = Math.pow(b, cs); + var d = nbv(a), y = nbi(), z = nbi(), r = ""; + this.divRemTo(d, y, z); + while (y.signum() > 0) { + r = (a + z.intValue()).toString(b).substr(1) + r; + y.divRemTo(d, y, z); + } + return z.intValue().toString(b) + r; +} + +//(protected) convert from radix string +function bnpFromRadix(s, b) { + this.fromInt(0); + if (b == null) b = 10; + var cs = this.chunkSize(b); + var d = Math.pow(b, cs), mi = false, j = 0, w = 0; + for (var i = 0; i < s.length; ++i) { + var x = intAt(s, i); + if (x < 0) { + if (s.charAt(i) == "-" && this.signum() === 0) mi = true; + continue; + } + w = b * w + x; + if (++j >= cs) { + this.dMultiply(d); + this.dAddOffset(w, 0); + j = 0; + w = 0; + } + } + if (j > 0) { + this.dMultiply(Math.pow(b, j)); + this.dAddOffset(w, 0); + } + if (mi) BigInteger.ZERO.subTo(this, this); +} + +//(protected) alternate constructor +function bnpFromNumber(a, b) { + if ("number" == typeof b) { + // new BigInteger(int,int,RNG) + if (a < 2) this.fromInt(1); + else { + this.fromNumber(a); + if (!this.testBit(a - 1)) // force MSB set + this.bitwiseTo(BigInteger.ONE.shiftLeft(a - 1), op_or, this); + if (this.isEven()) this.dAddOffset(1, 0); // force odd + while (!this.isProbablePrime(b)) { + this.dAddOffset(2, 0); + if (this.bitLength() > a) this.subTo(BigInteger.ONE.shiftLeft(a - 1), this); + } + } + } else { + // new BigInteger(int,RNG) + var x = crypt.randomBytes((a >> 3) + 1) + var t = a & 7; + + if (t > 0) + x[0] &= ((1 << t) - 1); + else + x[0] = 0; + + this.fromByteArray(x); + } +} + +//(public) convert to bigendian byte array +function bnToByteArray() { + var i = this.t, r = new Array(); + r[0] = this.s; + var p = this.DB - (i * this.DB) % 8, d, k = 0; + if (i-- > 0) { + if (p < this.DB && (d = this[i] >> p) != (this.s & this.DM) >> p) + r[k++] = d | (this.s << (this.DB - p)); + while (i >= 0) { + if (p < 8) { + d = (this[i] & ((1 << p) - 1)) << (8 - p); + d |= this[--i] >> (p += this.DB - 8); + } + else { + d = (this[i] >> (p -= 8)) & 0xff; + if (p <= 0) { + p += this.DB; + --i; + } + } + if ((d & 0x80) != 0) d |= -256; + if (k === 0 && (this.s & 0x80) != (d & 0x80)) ++k; + if (k > 0 || d != this.s) r[k++] = d; + } + } + return r; +} + +/** + * return Buffer object + * @param trim {boolean} slice buffer if first element == 0 + * @returns {Buffer} + */ +function bnToBuffer(trimOrSize) { + var res = Buffer.from(this.toByteArray()); + if (trimOrSize === true && res[0] === 0) { + res = res.slice(1); + } else if (_.isNumber(trimOrSize)) { + if (res.length > trimOrSize) { + for (var i = 0; i < res.length - trimOrSize; i++) { + if (res[i] !== 0) { + return null; + } + } + return res.slice(res.length - trimOrSize); + } else if (res.length < trimOrSize) { + var padded = Buffer.alloc(trimOrSize); + padded.fill(0, 0, trimOrSize - res.length); + res.copy(padded, trimOrSize - res.length); + return padded; + } + } + return res; +} + +function bnEquals(a) { + return (this.compareTo(a) == 0); +} +function bnMin(a) { + return (this.compareTo(a) < 0) ? this : a; +} +function bnMax(a) { + return (this.compareTo(a) > 0) ? this : a; +} + +//(protected) r = this op a (bitwise) +function bnpBitwiseTo(a, op, r) { + var i, f, m = Math.min(a.t, this.t); + for (i = 0; i < m; ++i) r[i] = op(this[i], a[i]); + if (a.t < this.t) { + f = a.s & this.DM; + for (i = m; i < this.t; ++i) r[i] = op(this[i], f); + r.t = this.t; + } + else { + f = this.s & this.DM; + for (i = m; i < a.t; ++i) r[i] = op(f, a[i]); + r.t = a.t; + } + r.s = op(this.s, a.s); + r.clamp(); +} + +//(public) this & a +function op_and(x, y) { + return x & y; +} +function bnAnd(a) { + var r = nbi(); + this.bitwiseTo(a, op_and, r); + return r; +} + +//(public) this | a +function op_or(x, y) { + return x | y; +} +function bnOr(a) { + var r = nbi(); + this.bitwiseTo(a, op_or, r); + return r; +} + +//(public) this ^ a +function op_xor(x, y) { + return x ^ y; +} +function bnXor(a) { + var r = nbi(); + this.bitwiseTo(a, op_xor, r); + return r; +} + +//(public) this & ~a +function op_andnot(x, y) { + return x & ~y; +} +function bnAndNot(a) { + var r = nbi(); + this.bitwiseTo(a, op_andnot, r); + return r; +} + +//(public) ~this +function bnNot() { + var r = nbi(); + for (var i = 0; i < this.t; ++i) r[i] = this.DM & ~this[i]; + r.t = this.t; + r.s = ~this.s; + return r; +} + +//(public) this << n +function bnShiftLeft(n) { + var r = nbi(); + if (n < 0) this.rShiftTo(-n, r); else this.lShiftTo(n, r); + return r; +} + +//(public) this >> n +function bnShiftRight(n) { + var r = nbi(); + if (n < 0) this.lShiftTo(-n, r); else this.rShiftTo(n, r); + return r; +} + +//return index of lowest 1-bit in x, x < 2^31 +function lbit(x) { + if (x === 0) return -1; + var r = 0; + if ((x & 0xffff) === 0) { + x >>= 16; + r += 16; + } + if ((x & 0xff) === 0) { + x >>= 8; + r += 8; + } + if ((x & 0xf) === 0) { + x >>= 4; + r += 4; + } + if ((x & 3) === 0) { + x >>= 2; + r += 2; + } + if ((x & 1) === 0) ++r; + return r; +} + +//(public) returns index of lowest 1-bit (or -1 if none) +function bnGetLowestSetBit() { + for (var i = 0; i < this.t; ++i) + if (this[i] != 0) return i * this.DB + lbit(this[i]); + if (this.s < 0) return this.t * this.DB; + return -1; +} + +//return number of 1 bits in x +function cbit(x) { + var r = 0; + while (x != 0) { + x &= x - 1; + ++r; + } + return r; +} + +//(public) return number of set bits +function bnBitCount() { + var r = 0, x = this.s & this.DM; + for (var i = 0; i < this.t; ++i) r += cbit(this[i] ^ x); + return r; +} + +//(public) true iff nth bit is set +function bnTestBit(n) { + var j = Math.floor(n / this.DB); + if (j >= this.t) return (this.s != 0); + return ((this[j] & (1 << (n % this.DB))) != 0); +} + +//(protected) this op (1<>= this.DB; + } + if (a.t < this.t) { + c += a.s; + while (i < this.t) { + c += this[i]; + r[i++] = c & this.DM; + c >>= this.DB; + } + c += this.s; + } + else { + c += this.s; + while (i < a.t) { + c += a[i]; + r[i++] = c & this.DM; + c >>= this.DB; + } + c += a.s; + } + r.s = (c < 0) ? -1 : 0; + if (c > 0) r[i++] = c; + else if (c < -1) r[i++] = this.DV + c; + r.t = i; + r.clamp(); +} + +//(public) this + a +function bnAdd(a) { + var r = nbi(); + this.addTo(a, r); + return r; +} + +//(public) this - a +function bnSubtract(a) { + var r = nbi(); + this.subTo(a, r); + return r; +} + +//(public) this * a +function bnMultiply(a) { + var r = nbi(); + this.multiplyTo(a, r); + return r; +} + +// (public) this^2 +function bnSquare() { + var r = nbi(); + this.squareTo(r); + return r; +} + +//(public) this / a +function bnDivide(a) { + var r = nbi(); + this.divRemTo(a, r, null); + return r; +} + +//(public) this % a +function bnRemainder(a) { + var r = nbi(); + this.divRemTo(a, null, r); + return r; +} + +//(public) [this/a,this%a] +function bnDivideAndRemainder(a) { + var q = nbi(), r = nbi(); + this.divRemTo(a, q, r); + return new Array(q, r); +} + +//(protected) this *= n, this >= 0, 1 < n < DV +function bnpDMultiply(n) { + this[this.t] = this.am(0, n - 1, this, 0, 0, this.t); + ++this.t; + this.clamp(); +} + +//(protected) this += n << w words, this >= 0 +function bnpDAddOffset(n, w) { + if (n === 0) return; + while (this.t <= w) this[this.t++] = 0; + this[w] += n; + while (this[w] >= this.DV) { + this[w] -= this.DV; + if (++w >= this.t) this[this.t++] = 0; + ++this[w]; + } +} + +//A "null" reducer +function NullExp() { +} +function nNop(x) { + return x; +} +function nMulTo(x, y, r) { + x.multiplyTo(y, r); +} +function nSqrTo(x, r) { + x.squareTo(r); +} + +NullExp.prototype.convert = nNop; +NullExp.prototype.revert = nNop; +NullExp.prototype.mulTo = nMulTo; +NullExp.prototype.sqrTo = nSqrTo; + +//(public) this^e +function bnPow(e) { + return this.exp(e, new NullExp()); +} + +//(protected) r = lower n words of "this * a", a.t <= n +//"this" should be the larger one if appropriate. +function bnpMultiplyLowerTo(a, n, r) { + var i = Math.min(this.t + a.t, n); + r.s = 0; // assumes a,this >= 0 + r.t = i; + while (i > 0) r[--i] = 0; + var j; + for (j = r.t - this.t; i < j; ++i) r[i + this.t] = this.am(0, a[i], r, i, 0, this.t); + for (j = Math.min(a.t, n); i < j; ++i) this.am(0, a[i], r, i, 0, n - i); + r.clamp(); +} + +//(protected) r = "this * a" without lower n words, n > 0 +//"this" should be the larger one if appropriate. +function bnpMultiplyUpperTo(a, n, r) { + --n; + var i = r.t = this.t + a.t - n; + r.s = 0; // assumes a,this >= 0 + while (--i >= 0) r[i] = 0; + for (i = Math.max(n - this.t, 0); i < a.t; ++i) + r[this.t + i - n] = this.am(n - i, a[i], r, 0, 0, this.t + i - n); + r.clamp(); + r.drShiftTo(1, r); +} + +//Barrett modular reduction +function Barrett(m) { +// setup Barrett + this.r2 = nbi(); + this.q3 = nbi(); + BigInteger.ONE.dlShiftTo(2 * m.t, this.r2); + this.mu = this.r2.divide(m); + this.m = m; +} + +function barrettConvert(x) { + if (x.s < 0 || x.t > 2 * this.m.t) return x.mod(this.m); + else if (x.compareTo(this.m) < 0) return x; + else { + var r = nbi(); + x.copyTo(r); + this.reduce(r); + return r; + } +} + +function barrettRevert(x) { + return x; +} + +//x = x mod m (HAC 14.42) +function barrettReduce(x) { + x.drShiftTo(this.m.t - 1, this.r2); + if (x.t > this.m.t + 1) { + x.t = this.m.t + 1; + x.clamp(); + } + this.mu.multiplyUpperTo(this.r2, this.m.t + 1, this.q3); + this.m.multiplyLowerTo(this.q3, this.m.t + 1, this.r2); + while (x.compareTo(this.r2) < 0) x.dAddOffset(1, this.m.t + 1); + x.subTo(this.r2, x); + while (x.compareTo(this.m) >= 0) x.subTo(this.m, x); +} + +//r = x^2 mod m; x != r +function barrettSqrTo(x, r) { + x.squareTo(r); + this.reduce(r); +} + +//r = x*y mod m; x,y != r +function barrettMulTo(x, y, r) { + x.multiplyTo(y, r); + this.reduce(r); +} + +Barrett.prototype.convert = barrettConvert; +Barrett.prototype.revert = barrettRevert; +Barrett.prototype.reduce = barrettReduce; +Barrett.prototype.mulTo = barrettMulTo; +Barrett.prototype.sqrTo = barrettSqrTo; + +//(public) this^e % m (HAC 14.85) +function bnModPow(e, m) { + var i = e.bitLength(), k, r = nbv(1), z; + if (i <= 0) return r; + else if (i < 18) k = 1; + else if (i < 48) k = 3; + else if (i < 144) k = 4; + else if (i < 768) k = 5; + else k = 6; + if (i < 8) + z = new Classic(m); + else if (m.isEven()) + z = new Barrett(m); + else + z = new Montgomery(m); + +// precomputation + var g = new Array(), n = 3, k1 = k - 1, km = (1 << k) - 1; + g[1] = z.convert(this); + if (k > 1) { + var g2 = nbi(); + z.sqrTo(g[1], g2); + while (n <= km) { + g[n] = nbi(); + z.mulTo(g2, g[n - 2], g[n]); + n += 2; + } + } + + var j = e.t - 1, w, is1 = true, r2 = nbi(), t; + i = nbits(e[j]) - 1; + while (j >= 0) { + if (i >= k1) w = (e[j] >> (i - k1)) & km; + else { + w = (e[j] & ((1 << (i + 1)) - 1)) << (k1 - i); + if (j > 0) w |= e[j - 1] >> (this.DB + i - k1); + } + + n = k; + while ((w & 1) === 0) { + w >>= 1; + --n; + } + if ((i -= n) < 0) { + i += this.DB; + --j; + } + if (is1) { // ret == 1, don't bother squaring or multiplying it + g[w].copyTo(r); + is1 = false; + } + else { + while (n > 1) { + z.sqrTo(r, r2); + z.sqrTo(r2, r); + n -= 2; + } + if (n > 0) z.sqrTo(r, r2); else { + t = r; + r = r2; + r2 = t; + } + z.mulTo(r2, g[w], r); + } + + while (j >= 0 && (e[j] & (1 << i)) === 0) { + z.sqrTo(r, r2); + t = r; + r = r2; + r2 = t; + if (--i < 0) { + i = this.DB - 1; + --j; + } + } + } + return z.revert(r); +} + +//(public) gcd(this,a) (HAC 14.54) +function bnGCD(a) { + var x = (this.s < 0) ? this.negate() : this.clone(); + var y = (a.s < 0) ? a.negate() : a.clone(); + if (x.compareTo(y) < 0) { + var t = x; + x = y; + y = t; + } + var i = x.getLowestSetBit(), g = y.getLowestSetBit(); + if (g < 0) return x; + if (i < g) g = i; + if (g > 0) { + x.rShiftTo(g, x); + y.rShiftTo(g, y); + } + while (x.signum() > 0) { + if ((i = x.getLowestSetBit()) > 0) x.rShiftTo(i, x); + if ((i = y.getLowestSetBit()) > 0) y.rShiftTo(i, y); + if (x.compareTo(y) >= 0) { + x.subTo(y, x); + x.rShiftTo(1, x); + } + else { + y.subTo(x, y); + y.rShiftTo(1, y); + } + } + if (g > 0) y.lShiftTo(g, y); + return y; +} + +//(protected) this % n, n < 2^26 +function bnpModInt(n) { + if (n <= 0) return 0; + var d = this.DV % n, r = (this.s < 0) ? n - 1 : 0; + if (this.t > 0) + if (d === 0) r = this[0] % n; + else for (var i = this.t - 1; i >= 0; --i) r = (d * r + this[i]) % n; + return r; +} + +//(public) 1/this % m (HAC 14.61) +function bnModInverse(m) { + var ac = m.isEven(); + if ((this.isEven() && ac) || m.signum() === 0) return BigInteger.ZERO; + var u = m.clone(), v = this.clone(); + var a = nbv(1), b = nbv(0), c = nbv(0), d = nbv(1); + while (u.signum() != 0) { + while (u.isEven()) { + u.rShiftTo(1, u); + if (ac) { + if (!a.isEven() || !b.isEven()) { + a.addTo(this, a); + b.subTo(m, b); + } + a.rShiftTo(1, a); + } + else if (!b.isEven()) b.subTo(m, b); + b.rShiftTo(1, b); + } + while (v.isEven()) { + v.rShiftTo(1, v); + if (ac) { + if (!c.isEven() || !d.isEven()) { + c.addTo(this, c); + d.subTo(m, d); + } + c.rShiftTo(1, c); + } + else if (!d.isEven()) d.subTo(m, d); + d.rShiftTo(1, d); + } + if (u.compareTo(v) >= 0) { + u.subTo(v, u); + if (ac) a.subTo(c, a); + b.subTo(d, b); + } + else { + v.subTo(u, v); + if (ac) c.subTo(a, c); + d.subTo(b, d); + } + } + if (v.compareTo(BigInteger.ONE) != 0) return BigInteger.ZERO; + if (d.compareTo(m) >= 0) return d.subtract(m); + if (d.signum() < 0) d.addTo(m, d); else return d; + if (d.signum() < 0) return d.add(m); else return d; +} + +var lowprimes = [2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, 211, 223, 227, 229, 233, 239, 241, 251, 257, 263, 269, 271, 277, 281, 283, 293, 307, 311, 313, 317, 331, 337, 347, 349, 353, 359, 367, 373, 379, 383, 389, 397, 401, 409, 419, 421, 431, 433, 439, 443, 449, 457, 461, 463, 467, 479, 487, 491, 499, 503, 509, 521, 523, 541, 547, 557, 563, 569, 571, 577, 587, 593, 599, 601, 607, 613, 617, 619, 631, 641, 643, 647, 653, 659, 661, 673, 677, 683, 691, 701, 709, 719, 727, 733, 739, 743, 751, 757, 761, 769, 773, 787, 797, 809, 811, 821, 823, 827, 829, 839, 853, 857, 859, 863, 877, 881, 883, 887, 907, 911, 919, 929, 937, 941, 947, 953, 967, 971, 977, 983, 991, 997]; +var lplim = (1 << 26) / lowprimes[lowprimes.length - 1]; + +//(public) test primality with certainty >= 1-.5^t +function bnIsProbablePrime(t) { + var i, x = this.abs(); + if (x.t == 1 && x[0] <= lowprimes[lowprimes.length - 1]) { + for (i = 0; i < lowprimes.length; ++i) + if (x[0] == lowprimes[i]) return true; + return false; + } + if (x.isEven()) return false; + i = 1; + while (i < lowprimes.length) { + var m = lowprimes[i], j = i + 1; + while (j < lowprimes.length && m < lplim) m *= lowprimes[j++]; + m = x.modInt(m); + while (i < j) if (m % lowprimes[i++] === 0) return false; + } + return x.millerRabin(t); +} + +//(protected) true if probably prime (HAC 4.24, Miller-Rabin) +function bnpMillerRabin(t) { + var n1 = this.subtract(BigInteger.ONE); + var k = n1.getLowestSetBit(); + if (k <= 0) return false; + var r = n1.shiftRight(k); + t = (t + 1) >> 1; + if (t > lowprimes.length) t = lowprimes.length; + var a = nbi(); + for (var i = 0; i < t; ++i) { + //Pick bases at random, instead of starting at 2 + a.fromInt(lowprimes[Math.floor(Math.random() * lowprimes.length)]); + var y = a.modPow(r, this); + if (y.compareTo(BigInteger.ONE) != 0 && y.compareTo(n1) != 0) { + var j = 1; + while (j++ < k && y.compareTo(n1) != 0) { + y = y.modPowInt(2, this); + if (y.compareTo(BigInteger.ONE) === 0) return false; + } + if (y.compareTo(n1) != 0) return false; + } + } + return true; +} + +// protected +BigInteger.prototype.copyTo = bnpCopyTo; +BigInteger.prototype.fromInt = bnpFromInt; +BigInteger.prototype.fromString = bnpFromString; +BigInteger.prototype.fromByteArray = bnpFromByteArray; +BigInteger.prototype.fromBuffer = bnpFromBuffer; +BigInteger.prototype.clamp = bnpClamp; +BigInteger.prototype.dlShiftTo = bnpDLShiftTo; +BigInteger.prototype.drShiftTo = bnpDRShiftTo; +BigInteger.prototype.lShiftTo = bnpLShiftTo; +BigInteger.prototype.rShiftTo = bnpRShiftTo; +BigInteger.prototype.subTo = bnpSubTo; +BigInteger.prototype.multiplyTo = bnpMultiplyTo; +BigInteger.prototype.squareTo = bnpSquareTo; +BigInteger.prototype.divRemTo = bnpDivRemTo; +BigInteger.prototype.invDigit = bnpInvDigit; +BigInteger.prototype.isEven = bnpIsEven; +BigInteger.prototype.exp = bnpExp; + +BigInteger.prototype.chunkSize = bnpChunkSize; +BigInteger.prototype.toRadix = bnpToRadix; +BigInteger.prototype.fromRadix = bnpFromRadix; +BigInteger.prototype.fromNumber = bnpFromNumber; +BigInteger.prototype.bitwiseTo = bnpBitwiseTo; +BigInteger.prototype.changeBit = bnpChangeBit; +BigInteger.prototype.addTo = bnpAddTo; +BigInteger.prototype.dMultiply = bnpDMultiply; +BigInteger.prototype.dAddOffset = bnpDAddOffset; +BigInteger.prototype.multiplyLowerTo = bnpMultiplyLowerTo; +BigInteger.prototype.multiplyUpperTo = bnpMultiplyUpperTo; +BigInteger.prototype.modInt = bnpModInt; +BigInteger.prototype.millerRabin = bnpMillerRabin; + + +// public +BigInteger.prototype.toString = bnToString; +BigInteger.prototype.negate = bnNegate; +BigInteger.prototype.abs = bnAbs; +BigInteger.prototype.compareTo = bnCompareTo; +BigInteger.prototype.bitLength = bnBitLength; +BigInteger.prototype.mod = bnMod; +BigInteger.prototype.modPowInt = bnModPowInt; + +BigInteger.prototype.clone = bnClone; +BigInteger.prototype.intValue = bnIntValue; +BigInteger.prototype.byteValue = bnByteValue; +BigInteger.prototype.shortValue = bnShortValue; +BigInteger.prototype.signum = bnSigNum; +BigInteger.prototype.toByteArray = bnToByteArray; +BigInteger.prototype.toBuffer = bnToBuffer; +BigInteger.prototype.equals = bnEquals; +BigInteger.prototype.min = bnMin; +BigInteger.prototype.max = bnMax; +BigInteger.prototype.and = bnAnd; +BigInteger.prototype.or = bnOr; +BigInteger.prototype.xor = bnXor; +BigInteger.prototype.andNot = bnAndNot; +BigInteger.prototype.not = bnNot; +BigInteger.prototype.shiftLeft = bnShiftLeft; +BigInteger.prototype.shiftRight = bnShiftRight; +BigInteger.prototype.getLowestSetBit = bnGetLowestSetBit; +BigInteger.prototype.bitCount = bnBitCount; +BigInteger.prototype.testBit = bnTestBit; +BigInteger.prototype.setBit = bnSetBit; +BigInteger.prototype.clearBit = bnClearBit; +BigInteger.prototype.flipBit = bnFlipBit; +BigInteger.prototype.add = bnAdd; +BigInteger.prototype.subtract = bnSubtract; +BigInteger.prototype.multiply = bnMultiply; +BigInteger.prototype.divide = bnDivide; +BigInteger.prototype.remainder = bnRemainder; +BigInteger.prototype.divideAndRemainder = bnDivideAndRemainder; +BigInteger.prototype.modPow = bnModPow; +BigInteger.prototype.modInverse = bnModInverse; +BigInteger.prototype.pow = bnPow; +BigInteger.prototype.gcd = bnGCD; +BigInteger.prototype.isProbablePrime = bnIsProbablePrime; +BigInteger.int2char = int2char; + +// "constants" +BigInteger.ZERO = nbv(0); +BigInteger.ONE = nbv(1); + +// JSBN-specific extension +BigInteger.prototype.square = bnSquare; + +//BigInteger interfaces not implemented in jsbn: + +//BigInteger(int signum, byte[] magnitude) +//double doubleValue() +//float floatValue() +//int hashCode() +//long longValue() +//static BigInteger valueOf(long val) + +module.exports = BigInteger; \ No newline at end of file diff --git a/src/libs/rsa.js b/src/libs/rsa.js new file mode 100644 index 0000000..158f745 --- /dev/null +++ b/src/libs/rsa.js @@ -0,0 +1,316 @@ +/* + * RSA Encryption / Decryption with PKCS1 v2 Padding. + * + * Copyright (c) 2003-2005 Tom Wu + * All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, + * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY + * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + * + * IN NO EVENT SHALL TOM WU BE LIABLE FOR ANY SPECIAL, INCIDENTAL, + * INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER + * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF + * THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT + * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * In addition, the following condition applies: + * + * All redistributions must retain an intact copy of this copyright notice + * and disclaimer. + */ + +/* + * Node.js adaptation + * long message support implementation + * signing/verifying + * + * 2014 rzcoder + */ + +var _ = require('../utils')._; +var crypt = require('crypto'); +var BigInteger = require('./jsbn.js'); +var utils = require('../utils.js'); +var schemes = require('../schemes/schemes.js'); +var encryptEngines = require('../encryptEngines/encryptEngines.js'); + +exports.BigInteger = BigInteger; +module.exports.Key = (function () { + /** + * RSA key constructor + * + * n - modulus + * e - publicExponent + * d - privateExponent + * p - prime1 + * q - prime2 + * dmp1 - exponent1 -- d mod (p1) + * dmq1 - exponent2 -- d mod (q-1) + * coeff - coefficient -- (inverse of q) mod p + */ + function RSAKey() { + this.n = null; + this.e = 0; + this.d = null; + this.p = null; + this.q = null; + this.dmp1 = null; + this.dmq1 = null; + this.coeff = null; + } + + RSAKey.prototype.setOptions = function (options) { + var signingSchemeProvider = schemes[options.signingScheme]; + var encryptionSchemeProvider = schemes[options.encryptionScheme]; + + if (signingSchemeProvider === encryptionSchemeProvider) { + this.signingScheme = this.encryptionScheme = encryptionSchemeProvider.makeScheme(this, options); + } else { + this.encryptionScheme = encryptionSchemeProvider.makeScheme(this, options); + this.signingScheme = signingSchemeProvider.makeScheme(this, options); + } + + this.encryptEngine = encryptEngines.getEngine(this, options); + }; + + /** + * Generate a new random private key B bits long, using public expt E + * @param B + * @param E + */ + RSAKey.prototype.generate = function (B, E) { + var qs = B >> 1; + this.e = parseInt(E, 16); + var ee = new BigInteger(E, 16); + while (true) { + while (true) { + this.p = new BigInteger(B - qs, 1); + if (this.p.subtract(BigInteger.ONE).gcd(ee).compareTo(BigInteger.ONE) === 0 && this.p.isProbablePrime(10)) + break; + } + while (true) { + this.q = new BigInteger(qs, 1); + if (this.q.subtract(BigInteger.ONE).gcd(ee).compareTo(BigInteger.ONE) === 0 && this.q.isProbablePrime(10)) + break; + } + if (this.p.compareTo(this.q) <= 0) { + var t = this.p; + this.p = this.q; + this.q = t; + } + var p1 = this.p.subtract(BigInteger.ONE); + var q1 = this.q.subtract(BigInteger.ONE); + var phi = p1.multiply(q1); + if (phi.gcd(ee).compareTo(BigInteger.ONE) === 0) { + this.n = this.p.multiply(this.q); + if (this.n.bitLength() < B) { + continue; + } + this.d = ee.modInverse(phi); + this.dmp1 = this.d.mod(p1); + this.dmq1 = this.d.mod(q1); + this.coeff = this.q.modInverse(this.p); + break; + } + } + this.$$recalculateCache(); + }; + + /** + * Set the private key fields N, e, d and CRT params from buffers + * + * @param N + * @param E + * @param D + * @param P + * @param Q + * @param DP + * @param DQ + * @param C + */ + RSAKey.prototype.setPrivate = function (N, E, D, P, Q, DP, DQ, C) { + if (N && E && D && N.length > 0 && (_.isNumber(E) || E.length > 0) && D.length > 0) { + this.n = new BigInteger(N); + this.e = _.isNumber(E) ? E : utils.get32IntFromBuffer(E, 0); + this.d = new BigInteger(D); + + if (P && Q && DP && DQ && C) { + this.p = new BigInteger(P); + this.q = new BigInteger(Q); + this.dmp1 = new BigInteger(DP); + this.dmq1 = new BigInteger(DQ); + this.coeff = new BigInteger(C); + } else { + // TODO: re-calculate any missing CRT params + } + this.$$recalculateCache(); + } else { + throw Error("Invalid RSA private key"); + } + }; + + /** + * Set the public key fields N and e from hex strings + * @param N + * @param E + */ + RSAKey.prototype.setPublic = function (N, E) { + if (N && E && N.length > 0 && (_.isNumber(E) || E.length > 0)) { + this.n = new BigInteger(N); + this.e = _.isNumber(E) ? E : utils.get32IntFromBuffer(E, 0); + this.$$recalculateCache(); + } else { + throw Error("Invalid RSA public key"); + } + }; + + /** + * private + * Perform raw private operation on "x": return x^d (mod n) + * + * @param x + * @returns {*} + */ + RSAKey.prototype.$doPrivate = function (x) { + if (this.p || this.q) { + return x.modPow(this.d, this.n); + } + + // TODO: re-calculate any missing CRT params + var xp = x.mod(this.p).modPow(this.dmp1, this.p); + var xq = x.mod(this.q).modPow(this.dmq1, this.q); + + while (xp.compareTo(xq) < 0) { + xp = xp.add(this.p); + } + return xp.subtract(xq).multiply(this.coeff).mod(this.p).multiply(this.q).add(xq); + }; + + /** + * private + * Perform raw public operation on "x": return x^e (mod n) + * + * @param x + * @returns {*} + */ + RSAKey.prototype.$doPublic = function (x) { + return x.modPowInt(this.e, this.n); + }; + + /** + * Return the PKCS#1 RSA encryption of buffer + * @param buffer {Buffer} + * @returns {Buffer} + */ + RSAKey.prototype.encrypt = function (buffer, usePrivate) { + var buffers = []; + var results = []; + var bufferSize = buffer.length; + var buffersCount = Math.ceil(bufferSize / this.maxMessageLength) || 1; // total buffers count for encrypt + var dividedSize = Math.ceil(bufferSize / buffersCount || 1); // each buffer size + + if (buffersCount == 1) { + buffers.push(buffer); + } else { + for (var bufNum = 0; bufNum < buffersCount; bufNum++) { + buffers.push(buffer.slice(bufNum * dividedSize, (bufNum + 1) * dividedSize)); + } + } + + for (var i = 0; i < buffers.length; i++) { + results.push(this.encryptEngine.encrypt(buffers[i], usePrivate)); + } + + return Buffer.concat(results); + }; + + /** + * Return the PKCS#1 RSA decryption of buffer + * @param buffer {Buffer} + * @returns {Buffer} + */ + RSAKey.prototype.decrypt = function (buffer, usePublic) { + if (buffer.length % this.encryptedDataLength > 0) { + throw Error('Incorrect data or key'); + } + + var result = []; + var offset = 0; + var length = 0; + var buffersCount = buffer.length / this.encryptedDataLength; + + for (var i = 0; i < buffersCount; i++) { + offset = i * this.encryptedDataLength; + length = offset + this.encryptedDataLength; + result.push(this.encryptEngine.decrypt(buffer.slice(offset, Math.min(length, buffer.length)), usePublic)); + } + + return Buffer.concat(result); + }; + + RSAKey.prototype.sign = function (buffer) { + return this.signingScheme.sign.apply(this.signingScheme, arguments); + }; + + RSAKey.prototype.verify = function (buffer, signature, signature_encoding) { + return this.signingScheme.verify.apply(this.signingScheme, arguments); + }; + + /** + * Check if key pair contains private key + */ + RSAKey.prototype.isPrivate = function () { + return this.n && this.e && this.d && true || false; + }; + + /** + * Check if key pair contains public key + * @param strict {boolean} - public key only, return false if have private exponent + */ + RSAKey.prototype.isPublic = function (strict) { + return this.n && this.e && !(strict && this.d) || false; + }; + + Object.defineProperty(RSAKey.prototype, 'keySize', { + get: function () { + return this.cache.keyBitLength; + } + }); + + Object.defineProperty(RSAKey.prototype, 'encryptedDataLength', { + get: function () { + return this.cache.keyByteLength; + } + }); + + Object.defineProperty(RSAKey.prototype, 'maxMessageLength', { + get: function () { + return this.encryptionScheme.maxMessageLength(); + } + }); + + /** + * Caching key data + */ + RSAKey.prototype.$$recalculateCache = function () { + this.cache = this.cache || {}; + // Bit & byte length + this.cache.keyBitLength = this.n.bitLength(); + this.cache.keyByteLength = (this.cache.keyBitLength + 6) >> 3; + }; + + return RSAKey; +})(); + diff --git a/src/schemes/pkcs1.js b/src/schemes/pkcs1.js new file mode 100644 index 0000000..2f27a35 --- /dev/null +++ b/src/schemes/pkcs1.js @@ -0,0 +1,198 @@ +/** + * PKCS1 padding and signature scheme + */ + +var BigInteger = require('../libs/jsbn'); +var crypt = require('crypto'); +var constants = require('constants'); +var SIGN_INFO_HEAD = { + md2: Buffer.from('3020300c06082a864886f70d020205000410', 'hex'), + md5: Buffer.from('3020300c06082a864886f70d020505000410', 'hex'), + sha1: Buffer.from('3021300906052b0e03021a05000414', 'hex'), + sha224: Buffer.from('302d300d06096086480165030402040500041c', 'hex'), + sha256: Buffer.from('3031300d060960864801650304020105000420', 'hex'), + sha384: Buffer.from('3041300d060960864801650304020205000430', 'hex'), + sha512: Buffer.from('3051300d060960864801650304020305000440', 'hex'), + ripemd160: Buffer.from('3021300906052b2403020105000414', 'hex'), + rmd160: Buffer.from('3021300906052b2403020105000414', 'hex') +}; + +var SIGN_ALG_TO_HASH_ALIASES = { + 'ripemd160': 'rmd160' +}; + +var DEFAULT_HASH_FUNCTION = 'sha256'; + +module.exports = { + isEncryption: true, + isSignature: true +}; + +module.exports.makeScheme = function (key, options) { + function Scheme(key, options) { + this.key = key; + this.options = options; + } + + Scheme.prototype.maxMessageLength = function () { + if (this.options.encryptionSchemeOptions && this.options.encryptionSchemeOptions.padding == 3) { + return this.key.encryptedDataLength; + } + return this.key.encryptedDataLength - 11; + }; + + /** + * Pad input Buffer to encryptedDataLength bytes, and return Buffer.from + * alg: PKCS#1 + * @param buffer + * @returns {Buffer} + */ + Scheme.prototype.encPad = function (buffer, options) { + options = options || {}; + var filled; + if (buffer.length > this.key.maxMessageLength) { + throw new Error("Message too long for RSA (n=" + this.key.encryptedDataLength + ", l=" + buffer.length + ")"); + } + + if (this.options.encryptionSchemeOptions && this.options.encryptionSchemeOptions.padding == 3) { + //RSA_NO_PADDING treated like JAVA left pad with zero character + filled = Buffer.alloc(this.key.maxMessageLength - buffer.length); + filled.fill(0); + return Buffer.concat([filled, buffer]); + } + + /* Type 1: zeros padding for private key encrypt */ + if (options.type === 1) { + filled = Buffer.alloc(this.key.encryptedDataLength - buffer.length - 1); + filled.fill(0xff, 0, filled.length - 1); + filled[0] = 1; + filled[filled.length - 1] = 0; + + return Buffer.concat([filled, buffer]); + } else { + /* random padding for public key encrypt */ + filled = Buffer.alloc(this.key.encryptedDataLength - buffer.length); + filled[0] = 0; + filled[1] = 2; + var rand = crypt.randomBytes(filled.length - 3); + for (var i = 0; i < rand.length; i++) { + var r = rand[i]; + while (r === 0) { // non-zero only + r = crypt.randomBytes(1)[0]; + } + filled[i + 2] = r; + } + filled[filled.length - 1] = 0; + return Buffer.concat([filled, buffer]); + } + }; + + /** + * Unpad input Buffer and, if valid, return the Buffer object + * alg: PKCS#1 (type 2, random) + * @param buffer + * @returns {Buffer} + */ + Scheme.prototype.encUnPad = function (buffer, options) { + return buffer; + }; + + Scheme.prototype.sign = function (buffer) { + var hashAlgorithm = this.options.signingSchemeOptions.hash || DEFAULT_HASH_FUNCTION; + if (this.options.environment === 'browser') { + hashAlgorithm = SIGN_ALG_TO_HASH_ALIASES[hashAlgorithm] || hashAlgorithm; + + var hasher = crypt.createHash(hashAlgorithm); + hasher.update(buffer); + var hash = this.pkcs1pad(hasher.digest(), hashAlgorithm); + var res = this.key.$doPrivate(new BigInteger(hash)).toBuffer(this.key.encryptedDataLength); + + return res; + } else { + var signer = crypt.createSign('RSA-' + hashAlgorithm.toUpperCase()); + signer.update(buffer); + return signer.sign(this.options.rsaUtils.exportKey('private')); + } + }; + + Scheme.prototype.verify = function (buffer, signature, signature_encoding) { + if (this.options.encryptionSchemeOptions && this.options.encryptionSchemeOptions.padding == 3) { + //RSA_NO_PADDING has no verify data + return false; + } + var hashAlgorithm = this.options.signingSchemeOptions.hash || DEFAULT_HASH_FUNCTION; + if (this.options.environment === 'browser') { + hashAlgorithm = SIGN_ALG_TO_HASH_ALIASES[hashAlgorithm] || hashAlgorithm; + + if (signature_encoding) { + signature = Buffer.from(signature, signature_encoding); + } + + var hasher = crypt.createHash(hashAlgorithm); + hasher.update(buffer); + var hash = this.pkcs1pad(hasher.digest(), hashAlgorithm); + var m = this.key.$doPublic(new BigInteger(signature)); + + return m.toBuffer().toString('hex') == hash.toString('hex'); + } else { + var verifier = crypt.createVerify('RSA-' + hashAlgorithm.toUpperCase()); + verifier.update(buffer); + return verifier.verify(this.options.rsaUtils.exportKey('public'), signature, signature_encoding); + } + }; + + /** + * PKCS#1 zero pad input buffer to max data length + * @param hashBuf + * @param hashAlgorithm + * @returns {*} + */ + Scheme.prototype.pkcs0pad = function (buffer) { + var filled = Buffer.alloc(this.key.maxMessageLength - buffer.length); + filled.fill(0); + return Buffer.concat([filled, buffer]); + }; + + Scheme.prototype.pkcs0unpad = function (buffer) { + var unPad; + if (typeof buffer.lastIndexOf == "function") { //patch for old node version + unPad = buffer.slice(buffer.lastIndexOf('\0') + 1, buffer.length); + } else { + unPad = buffer.slice(String.prototype.lastIndexOf.call(buffer, '\0') + 1, buffer.length); + } + + return unPad; + }; + + /** + * PKCS#1 pad input buffer to max data length + * @param hashBuf + * @param hashAlgorithm + * @returns {*} + */ + Scheme.prototype.pkcs1pad = function (hashBuf, hashAlgorithm) { + var digest = SIGN_INFO_HEAD[hashAlgorithm]; + if (!digest) { + throw Error('Unsupported hash algorithm'); + } + + var data = Buffer.concat([digest, hashBuf]); + + if (data.length + 10 > this.key.encryptedDataLength) { + throw Error('Key is too short for signing algorithm (' + hashAlgorithm + ')'); + } + + var filled = Buffer.alloc(this.key.encryptedDataLength - data.length - 1); + filled.fill(0xff, 0, filled.length - 1); + filled[0] = 1; + filled[filled.length - 1] = 0; + + var res = Buffer.concat([filled, data]); + + return res; + }; + + return new Scheme(key, options); +}; + + diff --git a/src/schemes/schemes.js b/src/schemes/schemes.js new file mode 100644 index 0000000..0acbd14 --- /dev/null +++ b/src/schemes/schemes.js @@ -0,0 +1,21 @@ +module.exports = { + pkcs1: require('./pkcs1'), + + /** + * Check if scheme has padding methods + * @param scheme {string} + * @returns {Boolean} + */ + isEncryption: function (scheme) { + return module.exports[scheme] && module.exports[scheme].isEncryption; + }, + + /** + * Check if scheme has sign/verify methods + * @param scheme {string} + * @returns {Boolean} + */ + isSignature: function (scheme) { + return module.exports[scheme] && module.exports[scheme].isSignature; + } +}; \ No newline at end of file diff --git a/src/utils.js b/src/utils.js new file mode 100644 index 0000000..d254a33 --- /dev/null +++ b/src/utils.js @@ -0,0 +1,106 @@ +/* + * Utils functions + * + */ + +/** + * Break string str each maxLen symbols + * @param str + * @param maxLen + * @returns {string} + */ +module.exports.linebrk = function (str, maxLen) { + var res = ''; + var i = 0; + while (i + maxLen < str.length) { + res += str.substring(i, i + maxLen) + "\n"; + i += maxLen; + } + return res + str.substring(i, str.length); +}; + +module.exports.detectEnvironment = function () { + if (typeof(window) !== 'undefined' && window && !(process && process.title === 'node')) { + return 'browser'; + } + + return 'node'; +}; + +/** + * Trying get a 32-bit unsigned integer from the partial buffer + * @param buffer + * @param offset + * @returns {Number} + */ +module.exports.get32IntFromBuffer = function (buffer, offset) { + offset = offset || 0; + var size = 0; + if ((size = buffer.length - offset) > 0) { + if (size >= 4) { + return buffer.readUIntBE(offset, size); + } else { + var res = 0; + for (var i = offset + size, d = 0; i > offset; i--, d += 2) { + res += buffer[i - 1] * Math.pow(16, d); + } + return res; + } + } else { + return NaN; + } +}; + +module.exports._ = { + isObject: function (value) { + var type = typeof value; + return !!value && (type == 'object' || type == 'function'); + }, + + isString: function (value) { + return typeof value == 'string' || value instanceof String; + }, + + isNumber: function (value) { + return typeof value == 'number' || !isNaN(parseFloat(value)) && isFinite(value); + }, + + /** + * Returns copy of `obj` without `removeProp` field. + * @param obj + * @param removeProp + * @returns Object + */ + omit: function (obj, removeProp) { + var newObj = {}; + for (var prop in obj) { + if (!obj.hasOwnProperty(prop) || prop === removeProp) { + continue; + } + newObj[prop] = obj[prop]; + } + + return newObj; + } +}; + +/** + * Strips everything around the opening and closing lines, including the lines + * themselves. + */ +module.exports.trimSurroundingText = function (data, opening, closing) { + var trimStartIndex = 0; + var trimEndIndex = data.length; + + var openingBoundaryIndex = data.indexOf(opening); + if (openingBoundaryIndex >= 0) { + trimStartIndex = openingBoundaryIndex + opening.length; + } + + var closingBoundaryIndex = data.indexOf(closing, openingBoundaryIndex); + if (closingBoundaryIndex >= 0) { + trimEndIndex = closingBoundaryIndex; + } + + return data.substring(trimStartIndex, trimEndIndex); +} \ No newline at end of file