Installed node-rsa, fixed package.json
This commit is contained in:
parent
e77a48ebb8
commit
2e19f02dc6
|
@ -0,0 +1,19 @@
|
|||
Copyright (c) 2011 Mark Cavage, All rights reserved.
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in
|
||||
all copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||
THE SOFTWARE
|
|
@ -0,0 +1,50 @@
|
|||
node-asn1 is a library for encoding and decoding ASN.1 datatypes in pure JS.
|
||||
Currently BER encoding is supported; at some point I'll likely have to do DER.
|
||||
|
||||
## Usage
|
||||
|
||||
Mostly, if you're *actually* needing to read and write ASN.1, you probably don't
|
||||
need this readme to explain what and why. If you have no idea what ASN.1 is,
|
||||
see this: ftp://ftp.rsa.com/pub/pkcs/ascii/layman.asc
|
||||
|
||||
The source is pretty much self-explanatory, and has read/write methods for the
|
||||
common types out there.
|
||||
|
||||
### Decoding
|
||||
|
||||
The following reads an ASN.1 sequence with a boolean.
|
||||
|
||||
var Ber = require('asn1').Ber;
|
||||
|
||||
var reader = new Ber.Reader(Buffer.from([0x30, 0x03, 0x01, 0x01, 0xff]));
|
||||
|
||||
reader.readSequence();
|
||||
console.log('Sequence len: ' + reader.length);
|
||||
if (reader.peek() === Ber.Boolean)
|
||||
console.log(reader.readBoolean());
|
||||
|
||||
### Encoding
|
||||
|
||||
The following generates the same payload as above.
|
||||
|
||||
var Ber = require('asn1').Ber;
|
||||
|
||||
var writer = new Ber.Writer();
|
||||
|
||||
writer.startSequence();
|
||||
writer.writeBoolean(true);
|
||||
writer.endSequence();
|
||||
|
||||
console.log(writer.buffer);
|
||||
|
||||
## Installation
|
||||
|
||||
npm install asn1
|
||||
|
||||
## License
|
||||
|
||||
MIT.
|
||||
|
||||
## Bugs
|
||||
|
||||
See <https://github.com/joyent/node-asn1/issues>.
|
|
@ -0,0 +1,13 @@
|
|||
// Copyright 2011 Mark Cavage <mcavage@gmail.com> All rights reserved.
|
||||
|
||||
|
||||
module.exports = {
|
||||
|
||||
newInvalidAsn1Error: function (msg) {
|
||||
var e = new Error();
|
||||
e.name = 'InvalidAsn1Error';
|
||||
e.message = msg || '';
|
||||
return e;
|
||||
}
|
||||
|
||||
};
|
|
@ -0,0 +1,27 @@
|
|||
// Copyright 2011 Mark Cavage <mcavage@gmail.com> All rights reserved.
|
||||
|
||||
var errors = require('./errors');
|
||||
var types = require('./types');
|
||||
|
||||
var Reader = require('./reader');
|
||||
var Writer = require('./writer');
|
||||
|
||||
|
||||
// --- Exports
|
||||
|
||||
module.exports = {
|
||||
|
||||
Reader: Reader,
|
||||
|
||||
Writer: Writer
|
||||
|
||||
};
|
||||
|
||||
for (var t in types) {
|
||||
if (types.hasOwnProperty(t))
|
||||
module.exports[t] = types[t];
|
||||
}
|
||||
for (var e in errors) {
|
||||
if (errors.hasOwnProperty(e))
|
||||
module.exports[e] = errors[e];
|
||||
}
|
|
@ -0,0 +1,262 @@
|
|||
// Copyright 2011 Mark Cavage <mcavage@gmail.com> All rights reserved.
|
||||
|
||||
var assert = require('assert');
|
||||
var Buffer = require('safer-buffer').Buffer;
|
||||
|
||||
var ASN1 = require('./types');
|
||||
var errors = require('./errors');
|
||||
|
||||
|
||||
// --- Globals
|
||||
|
||||
var newInvalidAsn1Error = errors.newInvalidAsn1Error;
|
||||
|
||||
|
||||
|
||||
// --- API
|
||||
|
||||
function Reader(data) {
|
||||
if (!data || !Buffer.isBuffer(data))
|
||||
throw new TypeError('data must be a node Buffer');
|
||||
|
||||
this._buf = data;
|
||||
this._size = data.length;
|
||||
|
||||
// These hold the "current" state
|
||||
this._len = 0;
|
||||
this._offset = 0;
|
||||
}
|
||||
|
||||
Object.defineProperty(Reader.prototype, 'length', {
|
||||
enumerable: true,
|
||||
get: function () { return (this._len); }
|
||||
});
|
||||
|
||||
Object.defineProperty(Reader.prototype, 'offset', {
|
||||
enumerable: true,
|
||||
get: function () { return (this._offset); }
|
||||
});
|
||||
|
||||
Object.defineProperty(Reader.prototype, 'remain', {
|
||||
get: function () { return (this._size - this._offset); }
|
||||
});
|
||||
|
||||
Object.defineProperty(Reader.prototype, 'buffer', {
|
||||
get: function () { return (this._buf.slice(this._offset)); }
|
||||
});
|
||||
|
||||
|
||||
/**
|
||||
* Reads a single byte and advances offset; you can pass in `true` to make this
|
||||
* a "peek" operation (i.e., get the byte, but don't advance the offset).
|
||||
*
|
||||
* @param {Boolean} peek true means don't move offset.
|
||||
* @return {Number} the next byte, null if not enough data.
|
||||
*/
|
||||
Reader.prototype.readByte = function (peek) {
|
||||
if (this._size - this._offset < 1)
|
||||
return null;
|
||||
|
||||
var b = this._buf[this._offset] & 0xff;
|
||||
|
||||
if (!peek)
|
||||
this._offset += 1;
|
||||
|
||||
return b;
|
||||
};
|
||||
|
||||
|
||||
Reader.prototype.peek = function () {
|
||||
return this.readByte(true);
|
||||
};
|
||||
|
||||
|
||||
/**
|
||||
* Reads a (potentially) variable length off the BER buffer. This call is
|
||||
* not really meant to be called directly, as callers have to manipulate
|
||||
* the internal buffer afterwards.
|
||||
*
|
||||
* As a result of this call, you can call `Reader.length`, until the
|
||||
* next thing called that does a readLength.
|
||||
*
|
||||
* @return {Number} the amount of offset to advance the buffer.
|
||||
* @throws {InvalidAsn1Error} on bad ASN.1
|
||||
*/
|
||||
Reader.prototype.readLength = function (offset) {
|
||||
if (offset === undefined)
|
||||
offset = this._offset;
|
||||
|
||||
if (offset >= this._size)
|
||||
return null;
|
||||
|
||||
var lenB = this._buf[offset++] & 0xff;
|
||||
if (lenB === null)
|
||||
return null;
|
||||
|
||||
if ((lenB & 0x80) === 0x80) {
|
||||
lenB &= 0x7f;
|
||||
|
||||
if (lenB === 0)
|
||||
throw newInvalidAsn1Error('Indefinite length not supported');
|
||||
|
||||
if (lenB > 4)
|
||||
throw newInvalidAsn1Error('encoding too long');
|
||||
|
||||
if (this._size - offset < lenB)
|
||||
return null;
|
||||
|
||||
this._len = 0;
|
||||
for (var i = 0; i < lenB; i++)
|
||||
this._len = (this._len << 8) + (this._buf[offset++] & 0xff);
|
||||
|
||||
} else {
|
||||
// Wasn't a variable length
|
||||
this._len = lenB;
|
||||
}
|
||||
|
||||
return offset;
|
||||
};
|
||||
|
||||
|
||||
/**
|
||||
* Parses the next sequence in this BER buffer.
|
||||
*
|
||||
* To get the length of the sequence, call `Reader.length`.
|
||||
*
|
||||
* @return {Number} the sequence's tag.
|
||||
*/
|
||||
Reader.prototype.readSequence = function (tag) {
|
||||
var seq = this.peek();
|
||||
if (seq === null)
|
||||
return null;
|
||||
if (tag !== undefined && tag !== seq)
|
||||
throw newInvalidAsn1Error('Expected 0x' + tag.toString(16) +
|
||||
': got 0x' + seq.toString(16));
|
||||
|
||||
var o = this.readLength(this._offset + 1); // stored in `length`
|
||||
if (o === null)
|
||||
return null;
|
||||
|
||||
this._offset = o;
|
||||
return seq;
|
||||
};
|
||||
|
||||
|
||||
Reader.prototype.readInt = function () {
|
||||
return this._readTag(ASN1.Integer);
|
||||
};
|
||||
|
||||
|
||||
Reader.prototype.readBoolean = function () {
|
||||
return (this._readTag(ASN1.Boolean) === 0 ? false : true);
|
||||
};
|
||||
|
||||
|
||||
Reader.prototype.readEnumeration = function () {
|
||||
return this._readTag(ASN1.Enumeration);
|
||||
};
|
||||
|
||||
|
||||
Reader.prototype.readString = function (tag, retbuf) {
|
||||
if (!tag)
|
||||
tag = ASN1.OctetString;
|
||||
|
||||
var b = this.peek();
|
||||
if (b === null)
|
||||
return null;
|
||||
|
||||
if (b !== tag)
|
||||
throw newInvalidAsn1Error('Expected 0x' + tag.toString(16) +
|
||||
': got 0x' + b.toString(16));
|
||||
|
||||
var o = this.readLength(this._offset + 1); // stored in `length`
|
||||
|
||||
if (o === null)
|
||||
return null;
|
||||
|
||||
if (this.length > this._size - o)
|
||||
return null;
|
||||
|
||||
this._offset = o;
|
||||
|
||||
if (this.length === 0)
|
||||
return retbuf ? Buffer.alloc(0) : '';
|
||||
|
||||
var str = this._buf.slice(this._offset, this._offset + this.length);
|
||||
this._offset += this.length;
|
||||
|
||||
return retbuf ? str : str.toString('utf8');
|
||||
};
|
||||
|
||||
Reader.prototype.readOID = function (tag) {
|
||||
if (!tag)
|
||||
tag = ASN1.OID;
|
||||
|
||||
var b = this.readString(tag, true);
|
||||
if (b === null)
|
||||
return null;
|
||||
|
||||
var values = [];
|
||||
var value = 0;
|
||||
|
||||
for (var i = 0; i < b.length; i++) {
|
||||
var byte = b[i] & 0xff;
|
||||
|
||||
value <<= 7;
|
||||
value += byte & 0x7f;
|
||||
if ((byte & 0x80) === 0) {
|
||||
values.push(value);
|
||||
value = 0;
|
||||
}
|
||||
}
|
||||
|
||||
value = values.shift();
|
||||
values.unshift(value % 40);
|
||||
values.unshift((value / 40) >> 0);
|
||||
|
||||
return values.join('.');
|
||||
};
|
||||
|
||||
|
||||
Reader.prototype._readTag = function (tag) {
|
||||
assert.ok(tag !== undefined);
|
||||
|
||||
var b = this.peek();
|
||||
|
||||
if (b === null)
|
||||
return null;
|
||||
|
||||
if (b !== tag)
|
||||
throw newInvalidAsn1Error('Expected 0x' + tag.toString(16) +
|
||||
': got 0x' + b.toString(16));
|
||||
|
||||
var o = this.readLength(this._offset + 1); // stored in `length`
|
||||
if (o === null)
|
||||
return null;
|
||||
|
||||
if (this.length > 4)
|
||||
throw newInvalidAsn1Error('Integer too long: ' + this.length);
|
||||
|
||||
if (this.length > this._size - o)
|
||||
return null;
|
||||
this._offset = o;
|
||||
|
||||
var fb = this._buf[this._offset];
|
||||
var value = 0;
|
||||
|
||||
for (var i = 0; i < this.length; i++) {
|
||||
value <<= 8;
|
||||
value |= (this._buf[this._offset++] & 0xff);
|
||||
}
|
||||
|
||||
if ((fb & 0x80) === 0x80 && i !== 4)
|
||||
value -= (1 << (i * 8));
|
||||
|
||||
return value >> 0;
|
||||
};
|
||||
|
||||
|
||||
|
||||
// --- Exported API
|
||||
|
||||
module.exports = Reader;
|
|
@ -0,0 +1,36 @@
|
|||
// Copyright 2011 Mark Cavage <mcavage@gmail.com> All rights reserved.
|
||||
|
||||
|
||||
module.exports = {
|
||||
EOC: 0,
|
||||
Boolean: 1,
|
||||
Integer: 2,
|
||||
BitString: 3,
|
||||
OctetString: 4,
|
||||
Null: 5,
|
||||
OID: 6,
|
||||
ObjectDescriptor: 7,
|
||||
External: 8,
|
||||
Real: 9, // float
|
||||
Enumeration: 10,
|
||||
PDV: 11,
|
||||
Utf8String: 12,
|
||||
RelativeOID: 13,
|
||||
Sequence: 16,
|
||||
Set: 17,
|
||||
NumericString: 18,
|
||||
PrintableString: 19,
|
||||
T61String: 20,
|
||||
VideotexString: 21,
|
||||
IA5String: 22,
|
||||
UTCTime: 23,
|
||||
GeneralizedTime: 24,
|
||||
GraphicString: 25,
|
||||
VisibleString: 26,
|
||||
GeneralString: 28,
|
||||
UniversalString: 29,
|
||||
CharacterString: 30,
|
||||
BMPString: 31,
|
||||
Constructor: 32,
|
||||
Context: 128
|
||||
};
|
|
@ -0,0 +1,317 @@
|
|||
// Copyright 2011 Mark Cavage <mcavage@gmail.com> All rights reserved.
|
||||
|
||||
var assert = require('assert');
|
||||
var Buffer = require('safer-buffer').Buffer;
|
||||
var ASN1 = require('./types');
|
||||
var errors = require('./errors');
|
||||
|
||||
|
||||
// --- Globals
|
||||
|
||||
var newInvalidAsn1Error = errors.newInvalidAsn1Error;
|
||||
|
||||
var DEFAULT_OPTS = {
|
||||
size: 1024,
|
||||
growthFactor: 8
|
||||
};
|
||||
|
||||
|
||||
// --- Helpers
|
||||
|
||||
function merge(from, to) {
|
||||
assert.ok(from);
|
||||
assert.equal(typeof (from), 'object');
|
||||
assert.ok(to);
|
||||
assert.equal(typeof (to), 'object');
|
||||
|
||||
var keys = Object.getOwnPropertyNames(from);
|
||||
keys.forEach(function (key) {
|
||||
if (to[key])
|
||||
return;
|
||||
|
||||
var value = Object.getOwnPropertyDescriptor(from, key);
|
||||
Object.defineProperty(to, key, value);
|
||||
});
|
||||
|
||||
return to;
|
||||
}
|
||||
|
||||
|
||||
|
||||
// --- API
|
||||
|
||||
function Writer(options) {
|
||||
options = merge(DEFAULT_OPTS, options || {});
|
||||
|
||||
this._buf = Buffer.alloc(options.size || 1024);
|
||||
this._size = this._buf.length;
|
||||
this._offset = 0;
|
||||
this._options = options;
|
||||
|
||||
// A list of offsets in the buffer where we need to insert
|
||||
// sequence tag/len pairs.
|
||||
this._seq = [];
|
||||
}
|
||||
|
||||
Object.defineProperty(Writer.prototype, 'buffer', {
|
||||
get: function () {
|
||||
if (this._seq.length)
|
||||
throw newInvalidAsn1Error(this._seq.length + ' unended sequence(s)');
|
||||
|
||||
return (this._buf.slice(0, this._offset));
|
||||
}
|
||||
});
|
||||
|
||||
Writer.prototype.writeByte = function (b) {
|
||||
if (typeof (b) !== 'number')
|
||||
throw new TypeError('argument must be a Number');
|
||||
|
||||
this._ensure(1);
|
||||
this._buf[this._offset++] = b;
|
||||
};
|
||||
|
||||
|
||||
Writer.prototype.writeInt = function (i, tag) {
|
||||
if (typeof (i) !== 'number')
|
||||
throw new TypeError('argument must be a Number');
|
||||
if (typeof (tag) !== 'number')
|
||||
tag = ASN1.Integer;
|
||||
|
||||
var sz = 4;
|
||||
|
||||
while ((((i & 0xff800000) === 0) || ((i & 0xff800000) === 0xff800000 >> 0)) &&
|
||||
(sz > 1)) {
|
||||
sz--;
|
||||
i <<= 8;
|
||||
}
|
||||
|
||||
if (sz > 4)
|
||||
throw newInvalidAsn1Error('BER ints cannot be > 0xffffffff');
|
||||
|
||||
this._ensure(2 + sz);
|
||||
this._buf[this._offset++] = tag;
|
||||
this._buf[this._offset++] = sz;
|
||||
|
||||
while (sz-- > 0) {
|
||||
this._buf[this._offset++] = ((i & 0xff000000) >>> 24);
|
||||
i <<= 8;
|
||||
}
|
||||
|
||||
};
|
||||
|
||||
|
||||
Writer.prototype.writeNull = function () {
|
||||
this.writeByte(ASN1.Null);
|
||||
this.writeByte(0x00);
|
||||
};
|
||||
|
||||
|
||||
Writer.prototype.writeEnumeration = function (i, tag) {
|
||||
if (typeof (i) !== 'number')
|
||||
throw new TypeError('argument must be a Number');
|
||||
if (typeof (tag) !== 'number')
|
||||
tag = ASN1.Enumeration;
|
||||
|
||||
return this.writeInt(i, tag);
|
||||
};
|
||||
|
||||
|
||||
Writer.prototype.writeBoolean = function (b, tag) {
|
||||
if (typeof (b) !== 'boolean')
|
||||
throw new TypeError('argument must be a Boolean');
|
||||
if (typeof (tag) !== 'number')
|
||||
tag = ASN1.Boolean;
|
||||
|
||||
this._ensure(3);
|
||||
this._buf[this._offset++] = tag;
|
||||
this._buf[this._offset++] = 0x01;
|
||||
this._buf[this._offset++] = b ? 0xff : 0x00;
|
||||
};
|
||||
|
||||
|
||||
Writer.prototype.writeString = function (s, tag) {
|
||||
if (typeof (s) !== 'string')
|
||||
throw new TypeError('argument must be a string (was: ' + typeof (s) + ')');
|
||||
if (typeof (tag) !== 'number')
|
||||
tag = ASN1.OctetString;
|
||||
|
||||
var len = Buffer.byteLength(s);
|
||||
this.writeByte(tag);
|
||||
this.writeLength(len);
|
||||
if (len) {
|
||||
this._ensure(len);
|
||||
this._buf.write(s, this._offset);
|
||||
this._offset += len;
|
||||
}
|
||||
};
|
||||
|
||||
|
||||
Writer.prototype.writeBuffer = function (buf, tag) {
|
||||
if (typeof (tag) !== 'number')
|
||||
throw new TypeError('tag must be a number');
|
||||
if (!Buffer.isBuffer(buf))
|
||||
throw new TypeError('argument must be a buffer');
|
||||
|
||||
this.writeByte(tag);
|
||||
this.writeLength(buf.length);
|
||||
this._ensure(buf.length);
|
||||
buf.copy(this._buf, this._offset, 0, buf.length);
|
||||
this._offset += buf.length;
|
||||
};
|
||||
|
||||
|
||||
Writer.prototype.writeStringArray = function (strings) {
|
||||
if ((!strings instanceof Array))
|
||||
throw new TypeError('argument must be an Array[String]');
|
||||
|
||||
var self = this;
|
||||
strings.forEach(function (s) {
|
||||
self.writeString(s);
|
||||
});
|
||||
};
|
||||
|
||||
// This is really to solve DER cases, but whatever for now
|
||||
Writer.prototype.writeOID = function (s, tag) {
|
||||
if (typeof (s) !== 'string')
|
||||
throw new TypeError('argument must be a string');
|
||||
if (typeof (tag) !== 'number')
|
||||
tag = ASN1.OID;
|
||||
|
||||
if (!/^([0-9]+\.){3,}[0-9]+$/.test(s))
|
||||
throw new Error('argument is not a valid OID string');
|
||||
|
||||
function encodeOctet(bytes, octet) {
|
||||
if (octet < 128) {
|
||||
bytes.push(octet);
|
||||
} else if (octet < 16384) {
|
||||
bytes.push((octet >>> 7) | 0x80);
|
||||
bytes.push(octet & 0x7F);
|
||||
} else if (octet < 2097152) {
|
||||
bytes.push((octet >>> 14) | 0x80);
|
||||
bytes.push(((octet >>> 7) | 0x80) & 0xFF);
|
||||
bytes.push(octet & 0x7F);
|
||||
} else if (octet < 268435456) {
|
||||
bytes.push((octet >>> 21) | 0x80);
|
||||
bytes.push(((octet >>> 14) | 0x80) & 0xFF);
|
||||
bytes.push(((octet >>> 7) | 0x80) & 0xFF);
|
||||
bytes.push(octet & 0x7F);
|
||||
} else {
|
||||
bytes.push(((octet >>> 28) | 0x80) & 0xFF);
|
||||
bytes.push(((octet >>> 21) | 0x80) & 0xFF);
|
||||
bytes.push(((octet >>> 14) | 0x80) & 0xFF);
|
||||
bytes.push(((octet >>> 7) | 0x80) & 0xFF);
|
||||
bytes.push(octet & 0x7F);
|
||||
}
|
||||
}
|
||||
|
||||
var tmp = s.split('.');
|
||||
var bytes = [];
|
||||
bytes.push(parseInt(tmp[0], 10) * 40 + parseInt(tmp[1], 10));
|
||||
tmp.slice(2).forEach(function (b) {
|
||||
encodeOctet(bytes, parseInt(b, 10));
|
||||
});
|
||||
|
||||
var self = this;
|
||||
this._ensure(2 + bytes.length);
|
||||
this.writeByte(tag);
|
||||
this.writeLength(bytes.length);
|
||||
bytes.forEach(function (b) {
|
||||
self.writeByte(b);
|
||||
});
|
||||
};
|
||||
|
||||
|
||||
Writer.prototype.writeLength = function (len) {
|
||||
if (typeof (len) !== 'number')
|
||||
throw new TypeError('argument must be a Number');
|
||||
|
||||
this._ensure(4);
|
||||
|
||||
if (len <= 0x7f) {
|
||||
this._buf[this._offset++] = len;
|
||||
} else if (len <= 0xff) {
|
||||
this._buf[this._offset++] = 0x81;
|
||||
this._buf[this._offset++] = len;
|
||||
} else if (len <= 0xffff) {
|
||||
this._buf[this._offset++] = 0x82;
|
||||
this._buf[this._offset++] = len >> 8;
|
||||
this._buf[this._offset++] = len;
|
||||
} else if (len <= 0xffffff) {
|
||||
this._buf[this._offset++] = 0x83;
|
||||
this._buf[this._offset++] = len >> 16;
|
||||
this._buf[this._offset++] = len >> 8;
|
||||
this._buf[this._offset++] = len;
|
||||
} else {
|
||||
throw newInvalidAsn1Error('Length too long (> 4 bytes)');
|
||||
}
|
||||
};
|
||||
|
||||
Writer.prototype.startSequence = function (tag) {
|
||||
if (typeof (tag) !== 'number')
|
||||
tag = ASN1.Sequence | ASN1.Constructor;
|
||||
|
||||
this.writeByte(tag);
|
||||
this._seq.push(this._offset);
|
||||
this._ensure(3);
|
||||
this._offset += 3;
|
||||
};
|
||||
|
||||
|
||||
Writer.prototype.endSequence = function () {
|
||||
var seq = this._seq.pop();
|
||||
var start = seq + 3;
|
||||
var len = this._offset - start;
|
||||
|
||||
if (len <= 0x7f) {
|
||||
this._shift(start, len, -2);
|
||||
this._buf[seq] = len;
|
||||
} else if (len <= 0xff) {
|
||||
this._shift(start, len, -1);
|
||||
this._buf[seq] = 0x81;
|
||||
this._buf[seq + 1] = len;
|
||||
} else if (len <= 0xffff) {
|
||||
this._buf[seq] = 0x82;
|
||||
this._buf[seq + 1] = len >> 8;
|
||||
this._buf[seq + 2] = len;
|
||||
} else if (len <= 0xffffff) {
|
||||
this._shift(start, len, 1);
|
||||
this._buf[seq] = 0x83;
|
||||
this._buf[seq + 1] = len >> 16;
|
||||
this._buf[seq + 2] = len >> 8;
|
||||
this._buf[seq + 3] = len;
|
||||
} else {
|
||||
throw newInvalidAsn1Error('Sequence too long');
|
||||
}
|
||||
};
|
||||
|
||||
|
||||
Writer.prototype._shift = function (start, len, shift) {
|
||||
assert.ok(start !== undefined);
|
||||
assert.ok(len !== undefined);
|
||||
assert.ok(shift);
|
||||
|
||||
this._buf.copy(this._buf, start + shift, start, start + len);
|
||||
this._offset += shift;
|
||||
};
|
||||
|
||||
Writer.prototype._ensure = function (len) {
|
||||
assert.ok(len);
|
||||
|
||||
if (this._size - this._offset < len) {
|
||||
var sz = this._size * this._options.growthFactor;
|
||||
if (sz - this._offset < len)
|
||||
sz += len;
|
||||
|
||||
var buf = Buffer.alloc(sz);
|
||||
|
||||
this._buf.copy(buf, 0, 0, this._offset);
|
||||
this._buf = buf;
|
||||
this._size = sz;
|
||||
}
|
||||
};
|
||||
|
||||
|
||||
|
||||
// --- Exported API
|
||||
|
||||
module.exports = Writer;
|
|
@ -0,0 +1,20 @@
|
|||
// Copyright 2011 Mark Cavage <mcavage@gmail.com> All rights reserved.
|
||||
|
||||
// If you have no idea what ASN.1 or BER is, see this:
|
||||
// ftp://ftp.rsa.com/pub/pkcs/ascii/layman.asc
|
||||
|
||||
var Ber = require('./ber/index');
|
||||
|
||||
|
||||
|
||||
// --- Exported API
|
||||
|
||||
module.exports = {
|
||||
|
||||
Ber: Ber,
|
||||
|
||||
BerReader: Ber.Reader,
|
||||
|
||||
BerWriter: Ber.Writer
|
||||
|
||||
};
|
|
@ -0,0 +1,118 @@
|
|||
{
|
||||
"_args": [
|
||||
[
|
||||
"asn1@^0.2.4",
|
||||
"/mnt/c/Users/Josua/Desktop/data/nodejs/electron/chat-project/chat-server/node_modules/node-rsa"
|
||||
]
|
||||
],
|
||||
"_from": "asn1@>=0.2.4 <0.3.0",
|
||||
"_id": "asn1@0.2.4",
|
||||
"_inCache": true,
|
||||
"_installable": true,
|
||||
"_location": "/asn1",
|
||||
"_nodeVersion": "8.11.3",
|
||||
"_npmOperationalInternal": {
|
||||
"host": "s3://npm-registry-packages",
|
||||
"tmp": "tmp/asn1_0.2.4_1533239008530_0.4258479106965425"
|
||||
},
|
||||
"_npmUser": {
|
||||
"email": "cody.mello@joyent.com",
|
||||
"name": "melloc"
|
||||
},
|
||||
"_npmVersion": "5.6.0",
|
||||
"_phantomChildren": {},
|
||||
"_requested": {
|
||||
"name": "asn1",
|
||||
"raw": "asn1@^0.2.4",
|
||||
"rawSpec": "^0.2.4",
|
||||
"scope": null,
|
||||
"spec": ">=0.2.4 <0.3.0",
|
||||
"type": "range"
|
||||
},
|
||||
"_requiredBy": [
|
||||
"/node-rsa"
|
||||
],
|
||||
"_resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.4.tgz",
|
||||
"_shasum": "8d2475dfab553bb33e77b54e59e880bb8ce23136",
|
||||
"_shrinkwrap": null,
|
||||
"_spec": "asn1@^0.2.4",
|
||||
"_where": "/mnt/c/Users/Josua/Desktop/data/nodejs/electron/chat-project/chat-server/node_modules/node-rsa",
|
||||
"author": {
|
||||
"name": "Joyent",
|
||||
"url": "joyent.com"
|
||||
},
|
||||
"bugs": {
|
||||
"url": "https://github.com/joyent/node-asn1/issues"
|
||||
},
|
||||
"contributors": [
|
||||
{
|
||||
"name": "Mark Cavage",
|
||||
"email": "mcavage@gmail.com"
|
||||
},
|
||||
{
|
||||
"name": "David Gwynne",
|
||||
"email": "loki@animata.net"
|
||||
},
|
||||
{
|
||||
"name": "Yunong Xiao",
|
||||
"email": "yunong@joyent.com"
|
||||
},
|
||||
{
|
||||
"name": "Alex Wilson",
|
||||
"email": "alex.wilson@joyent.com"
|
||||
}
|
||||
],
|
||||
"dependencies": {
|
||||
"safer-buffer": "~2.1.0"
|
||||
},
|
||||
"description": "Contains parsers and serializers for ASN.1 (currently BER only)",
|
||||
"devDependencies": {
|
||||
"eslint": "2.13.1",
|
||||
"eslint-plugin-joyent": "~1.3.0",
|
||||
"faucet": "0.0.1",
|
||||
"istanbul": "^0.3.6",
|
||||
"tape": "^3.5.0"
|
||||
},
|
||||
"directories": {},
|
||||
"dist": {
|
||||
"fileCount": 9,
|
||||
"integrity": "sha512-jxwzQpLQjSmWXgwaCZE9Nz+glAG01yF1QnWgbhGwHI5A6FRIEY6IVqtHhIepHqI7/kyEyQEagBC5mBEFlIYvdg==",
|
||||
"npm-signature": "-----BEGIN PGP SIGNATURE-----\r\nVersion: OpenPGP.js v3.0.4\r\nComment: https://openpgpjs.org\r\n\r\nwsFcBAEBCAAQBQJbY17hCRA9TVsSAnZWagAAIyEQAIzewTkLKyCEwZLZAa+Y\n4gyxLVzRjMv+m6jEs6F5c/WFro6qDfmlGLT4Bjxbbyu65Hbe2x9/6meItAu9\nRfrylo9sziNMM2VotpEXhvxEbB1eLXwJQfQyYespJ66jW4nCYibcuRIyAa9k\nU0sjmdkmc15sct9tVr/6y66s7wk7tPflpbTw5LIiJkPS7l9XUTv4m2pxgKy6\n3iFpWHWCw3qL0lM+fK6akfBRQqUYuRt64b8GOFokOzZ8umyTQNJ0Uf9t6HDG\neN/reQn19ShhMOgHEb+TbzQyZavzLCG6C0cto6axvYDWhFe0HCrEjYlcEAxK\nvJ6k6ZbBegdIGbtufxWx8w/PwSQWDj81zyrdSOGK+Q2exlcBeuKdxzCujr+r\nWVZttUAhd57u71QwsLYdFfiAOGU524NbMNGXYMhYR3cfMSxMj+n4gq9I4duO\nQjMM/Ssngc7j5zL9pBtld9NG5T9R68i+Rx7Bd0FPPA0gs5UyyxIjQBt3vmuC\n7uWEpkOWuN//jrz18oJFS9pzVUxF35eyTLB+leKlLBa+56XSl/B0QrONgaXF\n+V9wRHnMrfTGg98WcehqeoCEkXdrwvMGgssSr0+undAO0Vx3dPufLkwqyPbj\nictqz6YWwonqLcD0jihHcrb0sUz+A1T1aEbdW4iKVrgU1Z+SwjJebdPJtP7r\nnYrv\r\n=Rn3q\r\n-----END PGP SIGNATURE-----\r\n",
|
||||
"shasum": "8d2475dfab553bb33e77b54e59e880bb8ce23136",
|
||||
"tarball": "https://registry.npmjs.org/asn1/-/asn1-0.2.4.tgz",
|
||||
"unpackedSize": 18040
|
||||
},
|
||||
"gitHead": "a80f9f24f17a915a8b8634cb72cd55af3f724f6d",
|
||||
"homepage": "https://github.com/joyent/node-asn1#readme",
|
||||
"license": "MIT",
|
||||
"main": "lib/index.js",
|
||||
"maintainers": [
|
||||
{
|
||||
"name": "arekinath",
|
||||
"email": "alex@cooperi.net"
|
||||
},
|
||||
{
|
||||
"name": "mcavage",
|
||||
"email": "mcavage@gmail.com"
|
||||
},
|
||||
{
|
||||
"name": "melloc",
|
||||
"email": "cody.mello@joyent.com"
|
||||
},
|
||||
{
|
||||
"name": "pfmooney",
|
||||
"email": "pmooney@pfmooney.com"
|
||||
}
|
||||
],
|
||||
"name": "asn1",
|
||||
"optionalDependencies": {},
|
||||
"readme": "ERROR: No README data found!",
|
||||
"repository": {
|
||||
"type": "git",
|
||||
"url": "git://github.com/joyent/node-asn1.git"
|
||||
},
|
||||
"scripts": {
|
||||
"test": "tape ./test/ber/*.test.js"
|
||||
},
|
||||
"version": "0.2.4"
|
||||
}
|
|
@ -0,0 +1,373 @@
|
|||
# Node-RSA
|
||||
|
||||
Node.js RSA library<br/>
|
||||
Based on jsbn library from Tom Wu http://www-cs-students.stanford.edu/~tjw/jsbn/
|
||||
|
||||
* Pure JavaScript
|
||||
* No needed OpenSSL
|
||||
* Generating keys
|
||||
* Supports long messages for encrypt/decrypt
|
||||
* Signing and verifying
|
||||
|
||||
## Example
|
||||
|
||||
```javascript
|
||||
const NodeRSA = require('node-rsa');
|
||||
const key = new NodeRSA({b: 512});
|
||||
|
||||
const text = 'Hello RSA!';
|
||||
const encrypted = key.encrypt(text, 'base64');
|
||||
console.log('encrypted: ', encrypted);
|
||||
const decrypted = key.decrypt(encrypted, 'utf8');
|
||||
console.log('decrypted: ', decrypted);
|
||||
```
|
||||
|
||||
## Installing
|
||||
|
||||
```shell
|
||||
npm install node-rsa
|
||||
```
|
||||
> <sub>Requires nodejs >= 8.11.1</sub>
|
||||
|
||||
### Testing
|
||||
|
||||
```shell
|
||||
npm test
|
||||
```
|
||||
|
||||
## Work environment
|
||||
|
||||
This library developed and tested primary for Node.js, but it still can work in browsers with [browserify](http://browserify.org/).
|
||||
|
||||
## Usage
|
||||
|
||||
### Create instance
|
||||
```javascript
|
||||
const NodeRSA = require('node-rsa');
|
||||
|
||||
const key = new NodeRSA([keyData, [format]], [options]);
|
||||
```
|
||||
|
||||
* keyData — `{string|buffer|object}` — parameters for generating key or the key in one of supported formats.<br/>
|
||||
* format — `{string}` — format for importing key. See more details about formats in [Export/Import](#importexport-keys) section.<br/>
|
||||
* options — `{object}` — additional settings.
|
||||
|
||||
#### Options
|
||||
You can specify some options by second/third constructor argument, or over `key.setOptions()` method.
|
||||
|
||||
* environment — working environment (default autodetect):
|
||||
* `'browser'` — will run pure js implementation of RSA algorithms.
|
||||
* `'node'` for `nodejs >= 0.10.x or io.js >= 1.x` — provide some native methods like sign/verify and encrypt/decrypt.
|
||||
* encryptionScheme — padding scheme for encrypt/decrypt. Can be `'pkcs1_oaep'` or `'pkcs1'`. Default `'pkcs1_oaep'`.
|
||||
* signingScheme — scheme used for signing and verifying. Can be `'pkcs1'` or `'pss'` or 'scheme-hash' format string (eg `'pss-sha1'`). Default `'pkcs1-sha256'`, or, if chosen pss: `'pss-sha1'`.
|
||||
|
||||
> *Notice:* This lib supporting next hash algorithms: `'md5'`, `'ripemd160'`, `'sha1'`, `'sha256'`, `'sha512'` in browser and node environment and additional `'md4'`, `'sha'`, `'sha224'`, `'sha384'` in node only.
|
||||
|
||||
<sub>Some [advanced options info](https://github.com/rzcoder/node-rsa/wiki/Advanced-options)</sub>
|
||||
|
||||
#### Creating "empty" key
|
||||
```javascript
|
||||
const key = new NodeRSA();
|
||||
```
|
||||
|
||||
#### Generate new 512bit-length key
|
||||
```javascript
|
||||
const key = new NodeRSA({b: 512});
|
||||
```
|
||||
|
||||
Also you can use next method:
|
||||
|
||||
```javascript
|
||||
key.generateKeyPair([bits], [exp]);
|
||||
```
|
||||
|
||||
* bits — `{int}` — key size in bits. 2048 by default.
|
||||
* exp — `{int}` — public exponent. 65537 by default.
|
||||
|
||||
#### Load key from PEM string
|
||||
|
||||
```javascript
|
||||
const key = new NodeRSA('-----BEGIN RSA PRIVATE KEY-----\n'+
|
||||
'MIIBOQIBAAJAVY6quuzCwyOWzymJ7C4zXjeV/232wt2ZgJZ1kHzjI73wnhQ3WQcL\n'+
|
||||
'DFCSoi2lPUW8/zspk0qWvPdtp6Jg5Lu7hwIDAQABAkBEws9mQahZ6r1mq2zEm3D/\n'+
|
||||
'VM9BpV//xtd6p/G+eRCYBT2qshGx42ucdgZCYJptFoW+HEx/jtzWe74yK6jGIkWJ\n'+
|
||||
'AiEAoNAMsPqwWwTyjDZCo9iKvfIQvd3MWnmtFmjiHoPtjx0CIQCIMypAEEkZuQUi\n'+
|
||||
'pMoreJrOlLJWdc0bfhzNAJjxsTv/8wIgQG0ZqI3GubBxu9rBOAM5EoA4VNjXVigJ\n'+
|
||||
'QEEk1jTkp8ECIQCHhsoq90mWM/p9L5cQzLDWkTYoPI49Ji+Iemi2T5MRqwIgQl07\n'+
|
||||
'Es+KCn25OKXR/FJ5fu6A6A+MptABL3r8SEjlpLc=\n'+
|
||||
'-----END RSA PRIVATE KEY-----');
|
||||
```
|
||||
|
||||
### Import/Export keys
|
||||
```javascript
|
||||
key.importKey(keyData, [format]);
|
||||
key.exportKey([format]);
|
||||
```
|
||||
|
||||
* keyData — `{string|buffer}` — may be:
|
||||
* key in PEM string
|
||||
* Buffer containing PEM string
|
||||
* Buffer containing DER encoded data
|
||||
* Object contains key components
|
||||
* format — `{string}` — format id for export/import.
|
||||
|
||||
#### Format string syntax
|
||||
Format string composed of several parts: `scheme-[key_type]-[output_type]`<br/>
|
||||
|
||||
Scheme — NodeRSA supports multiple format schemes for import/export keys:
|
||||
|
||||
* `'pkcs1'` — public key starts from `'-----BEGIN RSA PUBLIC KEY-----'` header and private key starts from `'-----BEGIN RSA PRIVATE KEY-----'` header
|
||||
* `'pkcs8'` — public key starts from `'-----BEGIN PUBLIC KEY-----'` header and private key starts from `'-----BEGIN PRIVATE KEY-----'` header
|
||||
* `'components'` — use it for import/export key from/to raw components (see example below). For private key, importing data should contain all private key components, for public key: only public exponent (`e`) and modulus (`n`). All components (except `e`) should be Buffer, `e` could be Buffer or just normal Number.
|
||||
|
||||
Key type — can be `'private'` or `'public'`. Default `'private'`<br/>
|
||||
Output type — can be:
|
||||
|
||||
* `'pem'` — Base64 encoded string with header and footer. Used by default.
|
||||
* `'der'` — Binary encoded key data.
|
||||
|
||||
> *Notice:* For import, if *keyData* is PEM string or buffer containing string, you can do not specify format, but if you provide *keyData* as DER you must specify it in format string.
|
||||
|
||||
**Shortcuts and examples**
|
||||
* `'private'` or `'pkcs1'` or `'pkcs1-private'` == `'pkcs1-private-pem'` — private key encoded in pcks1 scheme as pem string.
|
||||
* `'public'` or `'pkcs8-public'` == `'pkcs8-public-pem'` — public key encoded in pcks8 scheme as pem string.
|
||||
* `'pkcs8'` or `'pkcs8-private'` == `'pkcs8-private-pem'` — private key encoded in pcks8 scheme as pem string.
|
||||
* `'pkcs1-der'` == `'pkcs1-private-der'` — private key encoded in pcks1 scheme as binary buffer.
|
||||
* `'pkcs8-public-der'` — public key encoded in pcks8 scheme as binary buffer.
|
||||
|
||||
**Code example**
|
||||
|
||||
```javascript
|
||||
const keyData = '-----BEGIN PUBLIC KEY----- ... -----END PUBLIC KEY-----';
|
||||
key.importKey(keyData, 'pkcs8');
|
||||
const publicDer = key.exportKey('pkcs8-public-der');
|
||||
const privateDer = key.exportKey('pkcs1-der');
|
||||
```
|
||||
|
||||
```javascript
|
||||
key.importKey({
|
||||
n: Buffer.from('0086fa9ba066685845fc03833a9699c8baefb53cfbf19052a7f10f1eaa30488cec1ceb752bdff2df9fad6c64b3498956e7dbab4035b4823c99a44cc57088a23783', 'hex'),
|
||||
e: 65537,
|
||||
d: Buffer.from('5d2f0dd982596ef781affb1cab73a77c46985c6da2aafc252cea3f4546e80f40c0e247d7d9467750ea1321cc5aa638871b3ed96d19dcc124916b0bcb296f35e1', 'hex'),
|
||||
p: Buffer.from('00c59419db615e56b9805cc45673a32d278917534804171edcf925ab1df203927f', 'hex'),
|
||||
q: Buffer.from('00aee3f86b66087abc069b8b1736e38ad6af624f7ea80e70b95f4ff2bf77cd90fd', 'hex'),
|
||||
dmp1: Buffer.from('008112f5a969fcb56f4e3a4c51a60dcdebec157ee4a7376b843487b53844e8ac85', 'hex'),
|
||||
dmq1: Buffer.from('1a7370470e0f8a4095df40922a430fe498720e03e1f70d257c3ce34202249d21', 'hex'),
|
||||
coeff: Buffer.from('00b399675e5e81506b729a777cc03026f0b2119853dfc5eb124610c0ab82999e45', 'hex')
|
||||
}, 'components');
|
||||
const publicComponents = key.exportKey('components-public');
|
||||
console.log(publicComponents);
|
||||
|
||||
/*
|
||||
{ n: <Buffer 00 86 fa 9b a0 66 68 58 45 fc 03 83 3a 96 99 c8 ba ef b5 3c fb f1 90 52 a7 f1 0f 1e aa 30 48 8c ec 1c eb 75 2b df f2 df 9f ad 6c 64 b3 49 89 56 e7 db ... >,
|
||||
e: 65537
|
||||
}
|
||||
*/
|
||||
```
|
||||
|
||||
If you want to only import the public key use `'components-public'` as an option:
|
||||
|
||||
```javascript
|
||||
key.importKey({
|
||||
n: Buffer.from('0086fa9ba066685845fc03833a9699c8baefb53cfbf19052a7f10f1eaa30488cec1ceb752bdff2df9fad6c64b3498956e7dbab4035b4823c99a44cc57088a23783', 'hex'),
|
||||
e: 65537,
|
||||
}, 'components-public');
|
||||
```
|
||||
|
||||
### Properties
|
||||
|
||||
#### Key testing
|
||||
```javascript
|
||||
key.isPrivate();
|
||||
key.isPublic([strict]);
|
||||
```
|
||||
strict — `{boolean}` — if true method will return false if key pair have private exponent. Default `false`.
|
||||
|
||||
```javascript
|
||||
key.isEmpty();
|
||||
```
|
||||
Return `true` if key pair doesn't have any data.
|
||||
|
||||
#### Key info
|
||||
```javascript
|
||||
key.getKeySize();
|
||||
```
|
||||
Return key size in bits.
|
||||
|
||||
```javascript
|
||||
key.getMaxMessageSize();
|
||||
```
|
||||
Return max data size for encrypt in bytes.
|
||||
|
||||
### Encrypting/decrypting
|
||||
|
||||
```javascript
|
||||
key.encrypt(buffer, [encoding], [source_encoding]);
|
||||
key.encryptPrivate(buffer, [encoding], [source_encoding]); // use private key for encryption
|
||||
```
|
||||
Return encrypted data.<br/>
|
||||
|
||||
* buffer — `{buffer}` — data for encrypting, may be string, Buffer, or any object/array. Arrays and objects will encoded to JSON string first.<br/>
|
||||
* encoding — `{string}` — encoding for output result, may be `'buffer'`, `'binary'`, `'hex'` or `'base64'`. Default `'buffer'`.<br/>
|
||||
* source_encoding — `{string}` — source encoding, works only with string buffer. Can take standard Node.js Buffer encodings (hex, utf8, base64, etc). `'utf8'` by default.<br/>
|
||||
|
||||
```javascript
|
||||
key.decrypt(buffer, [encoding]);
|
||||
key.decryptPublic(buffer, [encoding]); // use public key for decryption
|
||||
```
|
||||
Return decrypted data.<br/>
|
||||
|
||||
* buffer — `{buffer}` — data for decrypting. Takes Buffer object or base64 encoded string.<br/>
|
||||
* encoding — `{string}` — encoding for result string. Can also take `'buffer'` for raw Buffer object, or `'json'` for automatic JSON.parse result. Default `'buffer'`.
|
||||
|
||||
> *Notice:* `encryptPrivate` and `decryptPublic` using only pkcs1 padding type 1 (not random)
|
||||
|
||||
### Signing/Verifying
|
||||
```javascript
|
||||
key.sign(buffer, [encoding], [source_encoding]);
|
||||
```
|
||||
Return signature for buffer. All the arguments are the same as for `encrypt` method.
|
||||
|
||||
```javascript
|
||||
key.verify(buffer, signature, [source_encoding], [signature_encoding])
|
||||
```
|
||||
Return result of check, `true` or `false`.<br/>
|
||||
|
||||
* buffer — `{buffer}` — data for check, same as `encrypt` method.<br/>
|
||||
* signature — `{string}` — signature for check, result of `sign` method.<br/>
|
||||
* source_encoding — `{string}` — same as for `encrypt` method.<br/>
|
||||
* signature_encoding — `{string}` — encoding of given signature. May be `'buffer'`, `'binary'`, `'hex'` or `'base64'`. Default `'buffer'`.
|
||||
|
||||
## Contributing
|
||||
|
||||
Questions, comments, bug reports, and pull requests are all welcome.
|
||||
|
||||
## Changelog
|
||||
|
||||
### 1.0.2
|
||||
* Importing keys from PEM now is less dependent on non-key data in files.
|
||||
|
||||
### 1.0.1
|
||||
* `importKey()` now returns `this`
|
||||
|
||||
### 1.0.0
|
||||
* Using semver now 🎉
|
||||
* **Breaking change**: Drop support nodejs < 8.11.1
|
||||
* **Possible breaking change**: `new Buffer()` call as deprecated was replaced by `Buffer.from` & `Buffer.alloc`.
|
||||
* **Possible breaking change**: Drop support for hash scheme `sha` (was removed in node ~10). `sha1`, `sha256` and others still works.
|
||||
* **Possible breaking change**: Little change in environment detect algorithm.
|
||||
|
||||
### 0.4.2
|
||||
* `no padding` scheme will padded data with zeros on all environments.
|
||||
|
||||
### 0.4.1
|
||||
* `PKCS1 no padding` scheme support.
|
||||
|
||||
### 0.4.0
|
||||
* License changed from BSD to MIT.
|
||||
* Some changes in internal api.
|
||||
|
||||
### 0.3.3
|
||||
* Fixed PSS encode/verify methods with max salt length.
|
||||
|
||||
### 0.3.2
|
||||
* Fixed environment detection in web worker.
|
||||
|
||||
### 0.3.0
|
||||
* Added import/export from/to raw key components.
|
||||
* Removed lodash from dependencies.
|
||||
|
||||
### 0.2.30
|
||||
* Fixed a issue when the key was generated by 1 bit smaller than specified. It may slow down the generation of large keys.
|
||||
|
||||
### 0.2.24
|
||||
* Now used old hash APIs for webpack compatible.
|
||||
|
||||
### 0.2.22
|
||||
* `encryptPrivate` and `decryptPublic` now using only pkcs1 (type 1) padding.
|
||||
|
||||
### 0.2.20
|
||||
* Added `.encryptPrivate()` and `.decryptPublic()` methods.
|
||||
* Encrypt/decrypt methods in nodejs 0.12.x and io.js using native implementation (> 40x speed boost).
|
||||
* Fixed some regex issue causing catastrophic backtracking.
|
||||
|
||||
### 0.2.10
|
||||
* **Methods `.exportPrivate()` and `.exportPublic()` was replaced by `.exportKey([format])`.**
|
||||
* By default `.exportKey()` returns private key as `.exportPrivate()`, if you need public key from `.exportPublic()` you must specify format as `'public'` or `'pkcs8-public-pem'`.
|
||||
* Method `.importKey(key, [format])` now has second argument.
|
||||
|
||||
### 0.2.0
|
||||
* **`.getPublicPEM()` method was renamed to `.exportPublic()`**
|
||||
* **`.getPrivatePEM()` method was renamed to `.exportPrivate()`**
|
||||
* **`.loadFromPEM()` method was renamed to `.importKey()`**
|
||||
* Added PKCS1_OAEP encrypting/decrypting support.
|
||||
* **PKCS1_OAEP now default scheme, you need to specify 'encryptingScheme' option to 'pkcs1' for compatibility with 0.1.x version of NodeRSA.**
|
||||
* Added PSS signing/verifying support.
|
||||
* Signing now supports `'md5'`, `'ripemd160'`, `'sha1'`, `'sha256'`, `'sha512'` hash algorithms in both environments
|
||||
and additional `'md4'`, `'sha'`, `'sha224'`, `'sha384'` for nodejs env.
|
||||
* **`options.signingAlgorithm` was renamed to `options.signingScheme`**
|
||||
* Added `encryptingScheme` option.
|
||||
* Property `key.options` now mark as private. Added `key.setOptions(options)` method.
|
||||
|
||||
|
||||
### 0.1.54
|
||||
* Added support for loading PEM key from Buffer (`fs.readFileSync()` output).
|
||||
* Added `isEmpty()` method.
|
||||
|
||||
### 0.1.52
|
||||
* Improve work with not properly trimming PEM strings.
|
||||
|
||||
### 0.1.50
|
||||
* Implemented native js signing and verifying for browsers.
|
||||
* `options.signingAlgorithm` now takes only hash-algorithm name.
|
||||
* Added `.getKeySize()` and `.getMaxMessageSize()` methods.
|
||||
* `.loadFromPublicPEM` and `.loadFromPrivatePEM` methods marked as private.
|
||||
|
||||
### 0.1.40
|
||||
* Added signing/verifying.
|
||||
|
||||
### 0.1.30
|
||||
* Added long message support.
|
||||
|
||||
|
||||
## License
|
||||
|
||||
Copyright (c) 2014 rzcoder<br/>
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||
|
||||
## Licensing for code used in rsa.js and jsbn.js
|
||||
|
||||
Copyright (c) 2003-2005 Tom Wu<br/>
|
||||
All Rights Reserved.
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining
|
||||
a copy of this software and associated documentation files (the
|
||||
"Software"), to deal in the Software without restriction, including
|
||||
without limitation the rights to use, copy, modify, merge, publish,
|
||||
distribute, sublicense, and/or sell copies of the Software, and to
|
||||
permit persons to whom the Software is furnished to do so, subject to
|
||||
the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be
|
||||
included in all copies or substantial portions of the Software.
|
||||
THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND,
|
||||
EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY
|
||||
WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||||
|
||||
IN NO EVENT SHALL TOM WU BE LIABLE FOR ANY SPECIAL, INCIDENTAL,
|
||||
INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER
|
||||
RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF
|
||||
THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT
|
||||
OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
|
||||
In addition, the following condition applies:
|
||||
|
||||
All redistributions must retain an intact copy of this copyright notice
|
||||
and disclaimer.
|
||||
|
||||
[![Build Status](https://travis-ci.org/rzcoder/node-rsa.svg?branch=master)](https://travis-ci.org/rzcoder/node-rsa)
|
|
@ -0,0 +1,33 @@
|
|||
module.exports = function (grunt) {
|
||||
grunt.initConfig({
|
||||
jshint: {
|
||||
options: {},
|
||||
default: {
|
||||
files: {
|
||||
src: ['gruntfile.js', 'src/**/*.js', '!src/libs/jsbn.js']
|
||||
}
|
||||
},
|
||||
libs: {
|
||||
files: {
|
||||
src: ['src/libs/**/*']
|
||||
}
|
||||
}
|
||||
},
|
||||
|
||||
simplemocha: {
|
||||
options: {
|
||||
reporter: 'list'
|
||||
},
|
||||
all: {src: ['test/**/*.js']}
|
||||
}
|
||||
});
|
||||
|
||||
require('jit-grunt')(grunt, {
|
||||
'simplemocha': 'grunt-simple-mocha'
|
||||
});
|
||||
|
||||
grunt.registerTask('lint', ['jshint:default']);
|
||||
grunt.registerTask('test', ['simplemocha']);
|
||||
|
||||
grunt.registerTask('default', ['lint', 'test']);
|
||||
};
|
|
@ -0,0 +1,103 @@
|
|||
{
|
||||
"_args": [
|
||||
[
|
||||
"node-rsa",
|
||||
"/mnt/c/Users/Josua/Desktop/data/nodejs/electron/chat-project/chat-server"
|
||||
]
|
||||
],
|
||||
"_from": "node-rsa@latest",
|
||||
"_hasShrinkwrap": false,
|
||||
"_id": "node-rsa@1.0.5",
|
||||
"_inCache": true,
|
||||
"_installable": true,
|
||||
"_location": "/node-rsa",
|
||||
"_nodeVersion": "10.15.0",
|
||||
"_npmOperationalInternal": {
|
||||
"host": "s3://npm-registry-packages",
|
||||
"tmp": "tmp/node-rsa_1.0.5_1551689612843_0.6500667486372178"
|
||||
},
|
||||
"_npmUser": {
|
||||
"email": "rzcoder@gmail.com",
|
||||
"name": "rzcoder"
|
||||
},
|
||||
"_npmVersion": "6.4.1",
|
||||
"_phantomChildren": {},
|
||||
"_requested": {
|
||||
"name": "node-rsa",
|
||||
"raw": "node-rsa",
|
||||
"rawSpec": "",
|
||||
"scope": null,
|
||||
"spec": "latest",
|
||||
"type": "tag"
|
||||
},
|
||||
"_requiredBy": [
|
||||
"#USER"
|
||||
],
|
||||
"_resolved": "https://registry.npmjs.org/node-rsa/-/node-rsa-1.0.5.tgz",
|
||||
"_shasum": "854dc1b275729d69bc25883f83ca80705db9262e",
|
||||
"_shrinkwrap": null,
|
||||
"_spec": "node-rsa",
|
||||
"_where": "/mnt/c/Users/Josua/Desktop/data/nodejs/electron/chat-project/chat-server",
|
||||
"author": {
|
||||
"name": "rzcoder"
|
||||
},
|
||||
"bugs": {
|
||||
"url": "https://github.com/rzcoder/node-rsa/issues"
|
||||
},
|
||||
"dependencies": {
|
||||
"asn1": "^0.2.4"
|
||||
},
|
||||
"description": "Node.js RSA library",
|
||||
"devDependencies": {
|
||||
"chai": "^4.2.0",
|
||||
"grunt": "^1.0.3",
|
||||
"grunt-contrib-jshint": "^2.0.0",
|
||||
"grunt-simple-mocha": "0.4.1",
|
||||
"jit-grunt": "0.10.0",
|
||||
"lodash": "^4.17.11",
|
||||
"nyc": "^13.1.0"
|
||||
},
|
||||
"directories": {},
|
||||
"dist": {
|
||||
"fileCount": 19,
|
||||
"integrity": "sha512-9o51yfV167CtQANnuAf+5owNs7aIMsAKVLhNaKuRxihsUUnfoBMN5OTVOK/2mHSOWaWq9zZBiRM3bHORbTZqrg==",
|
||||
"npm-signature": "-----BEGIN PGP SIGNATURE-----\r\nVersion: OpenPGP.js v3.0.4\r\nComment: https://openpgpjs.org\r\n\r\nwsFcBAEBCAAQBQJcfOeNCRA9TVsSAnZWagAAkWQP/iwp1BMfShlAUNItO4As\n2sEiRNE2fi7iT26tuVlYF3ZvYA+ENfbfoidPlgGHlAaYKlBPkvAhiSXeQGbF\nPKnvEpaq4I+iuAhh+3UoXhPW7tt3S+s+Ju3tQf8q6Tzb6bIELLFTDAxmStRX\nYvkQkSbtcObZ3OCGa8zXaVOB6527J4kJjuyYcC8jAymS8ul1k+zW43stW6gc\nIksjz5ihuOYxEqdTZtvkH9MFnDEIV4jJLMHNPGTxifylOar1oLxYnkzJbb0H\ngFih3Rbk1m/FgJUdqsquKvj/Ef4rO2b0kJ5M+ScmvNRuTzHVElzEd7PNFtYO\nkSah8zF9yz/HBARvwwGUtD/q/TbZ/DcbE6q0tX6fuMxOjvOyrIT+n66Y3OGD\n+h/GEezYWeZLAYVKaNtI9PW/o839aFmVPQR+oVejBsqnfJ/GM/AL75M8UPJT\nFcpIOQ8ImiCRJa06Tvooo+OND58k6K1OXMaoJIFE9Xiq/btoc9mu6+K6nAxA\nj6IQwFU1LXpkOFzGn0cSym3uxVVAtnr7VoKyyL91MTxeoeLtZEORuo/blocI\n+PTM4v3bF31yag3o1URDfmtgcrEcqDCUtLPXw9qL8th+PpvLjwMSHkABYEpy\nVQ6GEqN8zNuq6uvdk52gkXsQrdxHbndil/umXffjCnKQyA2mzKVJrHtDWKlI\nctps\r\n=pnTe\r\n-----END PGP SIGNATURE-----\r\n",
|
||||
"shasum": "854dc1b275729d69bc25883f83ca80705db9262e",
|
||||
"tarball": "https://registry.npmjs.org/node-rsa/-/node-rsa-1.0.5.tgz",
|
||||
"unpackedSize": 130735
|
||||
},
|
||||
"gitHead": "9feef4ba84eac4d4a62eb208c8792e37d272aee0",
|
||||
"homepage": "https://github.com/rzcoder/node-rsa",
|
||||
"keywords": [
|
||||
"assymetric",
|
||||
"crypto",
|
||||
"decryption",
|
||||
"encryption",
|
||||
"node",
|
||||
"oaep",
|
||||
"pkcs1",
|
||||
"pss",
|
||||
"rsa",
|
||||
"sign",
|
||||
"verify"
|
||||
],
|
||||
"license": "MIT",
|
||||
"main": "src/NodeRSA.js",
|
||||
"maintainers": [
|
||||
{
|
||||
"name": "rzcoder",
|
||||
"email": "rzcoder@gmail.com"
|
||||
}
|
||||
],
|
||||
"name": "node-rsa",
|
||||
"optionalDependencies": {},
|
||||
"readme": "ERROR: No README data found!",
|
||||
"repository": {
|
||||
"type": "git",
|
||||
"url": "git+https://github.com/rzcoder/node-rsa.git"
|
||||
},
|
||||
"scripts": {
|
||||
"test": "grunt test"
|
||||
},
|
||||
"version": "1.0.5"
|
||||
}
|
|
@ -0,0 +1,398 @@
|
|||
/*!
|
||||
* RSA library for Node.js
|
||||
*
|
||||
* Author: rzcoder
|
||||
* License MIT
|
||||
*/
|
||||
|
||||
var constants = require('constants');
|
||||
var rsa = require('./libs/rsa.js');
|
||||
var crypt = require('crypto');
|
||||
var ber = require('asn1').Ber;
|
||||
var _ = require('./utils')._;
|
||||
var utils = require('./utils');
|
||||
var schemes = require('./schemes/schemes.js');
|
||||
var formats = require('./formats/formats.js');
|
||||
|
||||
if (typeof constants.RSA_NO_PADDING === "undefined") {
|
||||
//patch for node v0.10.x, constants do not defined
|
||||
constants.RSA_NO_PADDING = 3;
|
||||
}
|
||||
|
||||
module.exports = (function () {
|
||||
var SUPPORTED_HASH_ALGORITHMS = {
|
||||
node10: ['md4', 'md5', 'ripemd160', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512'],
|
||||
node: ['md4', 'md5', 'ripemd160', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512'],
|
||||
iojs: ['md4', 'md5', 'ripemd160', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512'],
|
||||
browser: ['md5', 'ripemd160', 'sha1', 'sha256', 'sha512']
|
||||
};
|
||||
|
||||
var DEFAULT_ENCRYPTION_SCHEME = 'pkcs1_oaep';
|
||||
var DEFAULT_SIGNING_SCHEME = 'pkcs1';
|
||||
|
||||
var DEFAULT_EXPORT_FORMAT = 'private';
|
||||
var EXPORT_FORMAT_ALIASES = {
|
||||
'private': 'pkcs1-private-pem',
|
||||
'private-der': 'pkcs1-private-der',
|
||||
'public': 'pkcs8-public-pem',
|
||||
'public-der': 'pkcs8-public-der',
|
||||
};
|
||||
|
||||
/**
|
||||
* @param key {string|buffer|object} Key in PEM format, or data for generate key {b: bits, e: exponent}
|
||||
* @constructor
|
||||
*/
|
||||
function NodeRSA(key, format, options) {
|
||||
if (!(this instanceof NodeRSA)) {
|
||||
return new NodeRSA(key, format, options);
|
||||
}
|
||||
|
||||
if (_.isObject(format)) {
|
||||
options = format;
|
||||
format = undefined;
|
||||
}
|
||||
|
||||
this.$options = {
|
||||
signingScheme: DEFAULT_SIGNING_SCHEME,
|
||||
signingSchemeOptions: {
|
||||
hash: 'sha256',
|
||||
saltLength: null
|
||||
},
|
||||
encryptionScheme: DEFAULT_ENCRYPTION_SCHEME,
|
||||
encryptionSchemeOptions: {
|
||||
hash: 'sha1',
|
||||
label: null
|
||||
},
|
||||
environment: utils.detectEnvironment(),
|
||||
rsaUtils: this
|
||||
};
|
||||
this.keyPair = new rsa.Key();
|
||||
this.$cache = {};
|
||||
|
||||
if (Buffer.isBuffer(key) || _.isString(key)) {
|
||||
this.importKey(key, format);
|
||||
} else if (_.isObject(key)) {
|
||||
this.generateKeyPair(key.b, key.e);
|
||||
}
|
||||
|
||||
this.setOptions(options);
|
||||
}
|
||||
|
||||
/**
|
||||
* Set and validate options for key instance
|
||||
* @param options
|
||||
*/
|
||||
NodeRSA.prototype.setOptions = function (options) {
|
||||
options = options || {};
|
||||
if (options.environment) {
|
||||
this.$options.environment = options.environment;
|
||||
}
|
||||
|
||||
if (options.signingScheme) {
|
||||
if (_.isString(options.signingScheme)) {
|
||||
var signingScheme = options.signingScheme.toLowerCase().split('-');
|
||||
if (signingScheme.length == 1) {
|
||||
if (SUPPORTED_HASH_ALGORITHMS.node.indexOf(signingScheme[0]) > -1) {
|
||||
this.$options.signingSchemeOptions = {
|
||||
hash: signingScheme[0]
|
||||
};
|
||||
this.$options.signingScheme = DEFAULT_SIGNING_SCHEME;
|
||||
} else {
|
||||
this.$options.signingScheme = signingScheme[0];
|
||||
this.$options.signingSchemeOptions = {
|
||||
hash: null
|
||||
};
|
||||
}
|
||||
} else {
|
||||
this.$options.signingSchemeOptions = {
|
||||
hash: signingScheme[1]
|
||||
};
|
||||
this.$options.signingScheme = signingScheme[0];
|
||||
}
|
||||
} else if (_.isObject(options.signingScheme)) {
|
||||
this.$options.signingScheme = options.signingScheme.scheme || DEFAULT_SIGNING_SCHEME;
|
||||
this.$options.signingSchemeOptions = _.omit(options.signingScheme, 'scheme');
|
||||
}
|
||||
|
||||
if (!schemes.isSignature(this.$options.signingScheme)) {
|
||||
throw Error('Unsupported signing scheme');
|
||||
}
|
||||
|
||||
if (this.$options.signingSchemeOptions.hash &&
|
||||
SUPPORTED_HASH_ALGORITHMS[this.$options.environment].indexOf(this.$options.signingSchemeOptions.hash) === -1) {
|
||||
throw Error('Unsupported hashing algorithm for ' + this.$options.environment + ' environment');
|
||||
}
|
||||
}
|
||||
|
||||
if (options.encryptionScheme) {
|
||||
if (_.isString(options.encryptionScheme)) {
|
||||
this.$options.encryptionScheme = options.encryptionScheme.toLowerCase();
|
||||
this.$options.encryptionSchemeOptions = {};
|
||||
} else if (_.isObject(options.encryptionScheme)) {
|
||||
this.$options.encryptionScheme = options.encryptionScheme.scheme || DEFAULT_ENCRYPTION_SCHEME;
|
||||
this.$options.encryptionSchemeOptions = _.omit(options.encryptionScheme, 'scheme');
|
||||
}
|
||||
|
||||
if (!schemes.isEncryption(this.$options.encryptionScheme)) {
|
||||
throw Error('Unsupported encryption scheme');
|
||||
}
|
||||
|
||||
if (this.$options.encryptionSchemeOptions.hash &&
|
||||
SUPPORTED_HASH_ALGORITHMS[this.$options.environment].indexOf(this.$options.encryptionSchemeOptions.hash) === -1) {
|
||||
throw Error('Unsupported hashing algorithm for ' + this.$options.environment + ' environment');
|
||||
}
|
||||
}
|
||||
|
||||
this.keyPair.setOptions(this.$options);
|
||||
};
|
||||
|
||||
/**
|
||||
* Generate private/public keys pair
|
||||
*
|
||||
* @param bits {int} length key in bits. Default 2048.
|
||||
* @param exp {int} public exponent. Default 65537.
|
||||
* @returns {NodeRSA}
|
||||
*/
|
||||
NodeRSA.prototype.generateKeyPair = function (bits, exp) {
|
||||
bits = bits || 2048;
|
||||
exp = exp || 65537;
|
||||
|
||||
if (bits % 8 !== 0) {
|
||||
throw Error('Key size must be a multiple of 8.');
|
||||
}
|
||||
|
||||
this.keyPair.generate(bits, exp.toString(16));
|
||||
this.$cache = {};
|
||||
return this;
|
||||
};
|
||||
|
||||
/**
|
||||
* Importing key
|
||||
* @param keyData {string|buffer|Object}
|
||||
* @param format {string}
|
||||
*/
|
||||
NodeRSA.prototype.importKey = function (keyData, format) {
|
||||
if (!keyData) {
|
||||
throw Error("Empty key given");
|
||||
}
|
||||
|
||||
if (format) {
|
||||
format = EXPORT_FORMAT_ALIASES[format] || format;
|
||||
}
|
||||
|
||||
if (!formats.detectAndImport(this.keyPair, keyData, format) && format === undefined) {
|
||||
throw Error("Key format must be specified");
|
||||
}
|
||||
|
||||
this.$cache = {};
|
||||
|
||||
return this;
|
||||
};
|
||||
|
||||
/**
|
||||
* Exporting key
|
||||
* @param [format] {string}
|
||||
*/
|
||||
NodeRSA.prototype.exportKey = function (format) {
|
||||
format = format || DEFAULT_EXPORT_FORMAT;
|
||||
format = EXPORT_FORMAT_ALIASES[format] || format;
|
||||
|
||||
if (!this.$cache[format]) {
|
||||
this.$cache[format] = formats.detectAndExport(this.keyPair, format);
|
||||
}
|
||||
|
||||
return this.$cache[format];
|
||||
};
|
||||
|
||||
/**
|
||||
* Check if key pair contains private key
|
||||
*/
|
||||
NodeRSA.prototype.isPrivate = function () {
|
||||
return this.keyPair.isPrivate();
|
||||
};
|
||||
|
||||
/**
|
||||
* Check if key pair contains public key
|
||||
* @param [strict] {boolean} - public key only, return false if have private exponent
|
||||
*/
|
||||
NodeRSA.prototype.isPublic = function (strict) {
|
||||
return this.keyPair.isPublic(strict);
|
||||
};
|
||||
|
||||
/**
|
||||
* Check if key pair doesn't contains any data
|
||||
*/
|
||||
NodeRSA.prototype.isEmpty = function (strict) {
|
||||
return !(this.keyPair.n || this.keyPair.e || this.keyPair.d);
|
||||
};
|
||||
|
||||
/**
|
||||
* Encrypting data method with public key
|
||||
*
|
||||
* @param buffer {string|number|object|array|Buffer} - data for encrypting. Object and array will convert to JSON string.
|
||||
* @param encoding {string} - optional. Encoding for output result, may be 'buffer', 'binary', 'hex' or 'base64'. Default 'buffer'.
|
||||
* @param source_encoding {string} - optional. Encoding for given string. Default utf8.
|
||||
* @returns {string|Buffer}
|
||||
*/
|
||||
NodeRSA.prototype.encrypt = function (buffer, encoding, source_encoding) {
|
||||
return this.$$encryptKey(false, buffer, encoding, source_encoding);
|
||||
};
|
||||
|
||||
/**
|
||||
* Decrypting data method with private key
|
||||
*
|
||||
* @param buffer {Buffer} - buffer for decrypting
|
||||
* @param encoding - encoding for result string, can also take 'json' or 'buffer' for the automatic conversion of this type
|
||||
* @returns {Buffer|object|string}
|
||||
*/
|
||||
NodeRSA.prototype.decrypt = function (buffer, encoding) {
|
||||
return this.$$decryptKey(false, buffer, encoding);
|
||||
};
|
||||
|
||||
/**
|
||||
* Encrypting data method with private key
|
||||
*
|
||||
* Parameters same as `encrypt` method
|
||||
*/
|
||||
NodeRSA.prototype.encryptPrivate = function (buffer, encoding, source_encoding) {
|
||||
return this.$$encryptKey(true, buffer, encoding, source_encoding);
|
||||
};
|
||||
|
||||
/**
|
||||
* Decrypting data method with public key
|
||||
*
|
||||
* Parameters same as `decrypt` method
|
||||
*/
|
||||
NodeRSA.prototype.decryptPublic = function (buffer, encoding) {
|
||||
return this.$$decryptKey(true, buffer, encoding);
|
||||
};
|
||||
|
||||
/**
|
||||
* Encrypting data method with custom key
|
||||
*/
|
||||
NodeRSA.prototype.$$encryptKey = function (usePrivate, buffer, encoding, source_encoding) {
|
||||
try {
|
||||
var res = this.keyPair.encrypt(this.$getDataForEncrypt(buffer, source_encoding), usePrivate);
|
||||
|
||||
if (encoding == 'buffer' || !encoding) {
|
||||
return res;
|
||||
} else {
|
||||
return res.toString(encoding);
|
||||
}
|
||||
} catch (e) {
|
||||
throw Error('Error during encryption. Original error: ' + e);
|
||||
}
|
||||
};
|
||||
|
||||
/**
|
||||
* Decrypting data method with custom key
|
||||
*/
|
||||
NodeRSA.prototype.$$decryptKey = function (usePublic, buffer, encoding) {
|
||||
try {
|
||||
buffer = _.isString(buffer) ? Buffer.from(buffer, 'base64') : buffer;
|
||||
var res = this.keyPair.decrypt(buffer, usePublic);
|
||||
|
||||
if (res === null) {
|
||||
throw Error('Key decrypt method returns null.');
|
||||
}
|
||||
|
||||
return this.$getDecryptedData(res, encoding);
|
||||
} catch (e) {
|
||||
throw Error('Error during decryption (probably incorrect key). Original error: ' + e);
|
||||
}
|
||||
};
|
||||
|
||||
/**
|
||||
* Signing data
|
||||
*
|
||||
* @param buffer {string|number|object|array|Buffer} - data for signing. Object and array will convert to JSON string.
|
||||
* @param encoding {string} - optional. Encoding for output result, may be 'buffer', 'binary', 'hex' or 'base64'. Default 'buffer'.
|
||||
* @param source_encoding {string} - optional. Encoding for given string. Default utf8.
|
||||
* @returns {string|Buffer}
|
||||
*/
|
||||
NodeRSA.prototype.sign = function (buffer, encoding, source_encoding) {
|
||||
if (!this.isPrivate()) {
|
||||
throw Error("This is not private key");
|
||||
}
|
||||
|
||||
var res = this.keyPair.sign(this.$getDataForEncrypt(buffer, source_encoding));
|
||||
|
||||
if (encoding && encoding != 'buffer') {
|
||||
res = res.toString(encoding);
|
||||
}
|
||||
|
||||
return res;
|
||||
};
|
||||
|
||||
/**
|
||||
* Verifying signed data
|
||||
*
|
||||
* @param buffer - signed data
|
||||
* @param signature
|
||||
* @param source_encoding {string} - optional. Encoding for given string. Default utf8.
|
||||
* @param signature_encoding - optional. Encoding of given signature. May be 'buffer', 'binary', 'hex' or 'base64'. Default 'buffer'.
|
||||
* @returns {*}
|
||||
*/
|
||||
NodeRSA.prototype.verify = function (buffer, signature, source_encoding, signature_encoding) {
|
||||
if (!this.isPublic()) {
|
||||
throw Error("This is not public key");
|
||||
}
|
||||
signature_encoding = (!signature_encoding || signature_encoding == 'buffer' ? null : signature_encoding);
|
||||
return this.keyPair.verify(this.$getDataForEncrypt(buffer, source_encoding), signature, signature_encoding);
|
||||
};
|
||||
|
||||
/**
|
||||
* Returns key size in bits
|
||||
* @returns {int}
|
||||
*/
|
||||
NodeRSA.prototype.getKeySize = function () {
|
||||
return this.keyPair.keySize;
|
||||
};
|
||||
|
||||
/**
|
||||
* Returns max message length in bytes (for 1 chunk) depending on current encryption scheme
|
||||
* @returns {int}
|
||||
*/
|
||||
NodeRSA.prototype.getMaxMessageSize = function () {
|
||||
return this.keyPair.maxMessageLength;
|
||||
};
|
||||
|
||||
/**
|
||||
* Preparing given data for encrypting/signing. Just make new/return Buffer object.
|
||||
*
|
||||
* @param buffer {string|number|object|array|Buffer} - data for encrypting. Object and array will convert to JSON string.
|
||||
* @param encoding {string} - optional. Encoding for given string. Default utf8.
|
||||
* @returns {Buffer}
|
||||
*/
|
||||
NodeRSA.prototype.$getDataForEncrypt = function (buffer, encoding) {
|
||||
if (_.isString(buffer) || _.isNumber(buffer)) {
|
||||
return Buffer.from('' + buffer, encoding || 'utf8');
|
||||
} else if (Buffer.isBuffer(buffer)) {
|
||||
return buffer;
|
||||
} else if (_.isObject(buffer)) {
|
||||
return Buffer.from(JSON.stringify(buffer));
|
||||
} else {
|
||||
throw Error("Unexpected data type");
|
||||
}
|
||||
};
|
||||
|
||||
/**
|
||||
*
|
||||
* @param buffer {Buffer} - decrypted data.
|
||||
* @param encoding - optional. Encoding for result output. May be 'buffer', 'json' or any of Node.js Buffer supported encoding.
|
||||
* @returns {*}
|
||||
*/
|
||||
NodeRSA.prototype.$getDecryptedData = function (buffer, encoding) {
|
||||
encoding = encoding || 'buffer';
|
||||
|
||||
if (encoding == 'buffer') {
|
||||
return buffer;
|
||||
} else if (encoding == 'json') {
|
||||
return JSON.parse(buffer.toString());
|
||||
} else {
|
||||
return buffer.toString(encoding);
|
||||
}
|
||||
};
|
||||
|
||||
return NodeRSA;
|
||||
})();
|
|
@ -0,0 +1,17 @@
|
|||
var crypt = require('crypto');
|
||||
|
||||
module.exports = {
|
||||
getEngine: function (keyPair, options) {
|
||||
var engine = require('./js.js');
|
||||
if (options.environment === 'node') {
|
||||
if (typeof crypt.publicEncrypt === 'function' && typeof crypt.privateDecrypt === 'function') {
|
||||
if (typeof crypt.privateEncrypt === 'function' && typeof crypt.publicDecrypt === 'function') {
|
||||
engine = require('./io.js');
|
||||
} else {
|
||||
engine = require('./node12.js');
|
||||
}
|
||||
}
|
||||
}
|
||||
return engine(keyPair, options);
|
||||
}
|
||||
};
|
|
@ -0,0 +1,72 @@
|
|||
var crypto = require('crypto');
|
||||
var constants = require('constants');
|
||||
var schemes = require('../schemes/schemes.js');
|
||||
|
||||
module.exports = function (keyPair, options) {
|
||||
var pkcs1Scheme = schemes.pkcs1.makeScheme(keyPair, options);
|
||||
|
||||
return {
|
||||
encrypt: function (buffer, usePrivate) {
|
||||
var padding;
|
||||
if (usePrivate) {
|
||||
padding = constants.RSA_PKCS1_PADDING;
|
||||
if (options.encryptionSchemeOptions && options.encryptionSchemeOptions.padding) {
|
||||
padding = options.encryptionSchemeOptions.padding;
|
||||
}
|
||||
return crypto.privateEncrypt({
|
||||
key: options.rsaUtils.exportKey('private'),
|
||||
padding: padding
|
||||
}, buffer);
|
||||
} else {
|
||||
padding = constants.RSA_PKCS1_OAEP_PADDING;
|
||||
if (options.encryptionScheme === 'pkcs1') {
|
||||
padding = constants.RSA_PKCS1_PADDING;
|
||||
}
|
||||
if (options.encryptionSchemeOptions && options.encryptionSchemeOptions.padding) {
|
||||
padding = options.encryptionSchemeOptions.padding;
|
||||
}
|
||||
|
||||
var data = buffer;
|
||||
if (padding === constants.RSA_NO_PADDING) {
|
||||
data = pkcs1Scheme.pkcs0pad(buffer);
|
||||
}
|
||||
|
||||
return crypto.publicEncrypt({
|
||||
key: options.rsaUtils.exportKey('public'),
|
||||
padding: padding
|
||||
}, data);
|
||||
}
|
||||
},
|
||||
|
||||
decrypt: function (buffer, usePublic) {
|
||||
var padding;
|
||||
if (usePublic) {
|
||||
padding = constants.RSA_PKCS1_PADDING;
|
||||
if (options.encryptionSchemeOptions && options.encryptionSchemeOptions.padding) {
|
||||
padding = options.encryptionSchemeOptions.padding;
|
||||
}
|
||||
return crypto.publicDecrypt({
|
||||
key: options.rsaUtils.exportKey('public'),
|
||||
padding: padding
|
||||
}, buffer);
|
||||
} else {
|
||||
padding = constants.RSA_PKCS1_OAEP_PADDING;
|
||||
if (options.encryptionScheme === 'pkcs1') {
|
||||
padding = constants.RSA_PKCS1_PADDING;
|
||||
}
|
||||
if (options.encryptionSchemeOptions && options.encryptionSchemeOptions.padding) {
|
||||
padding = options.encryptionSchemeOptions.padding;
|
||||
}
|
||||
var res = crypto.privateDecrypt({
|
||||
key: options.rsaUtils.exportKey('private'),
|
||||
padding: padding
|
||||
}, buffer);
|
||||
|
||||
if (padding === constants.RSA_NO_PADDING) {
|
||||
return pkcs1Scheme.pkcs0unpad(res);
|
||||
}
|
||||
return res;
|
||||
}
|
||||
}
|
||||
};
|
||||
};
|
|
@ -0,0 +1,34 @@
|
|||
var BigInteger = require('../libs/jsbn.js');
|
||||
var schemes = require('../schemes/schemes.js');
|
||||
|
||||
module.exports = function (keyPair, options) {
|
||||
var pkcs1Scheme = schemes.pkcs1.makeScheme(keyPair, options);
|
||||
|
||||
return {
|
||||
encrypt: function (buffer, usePrivate) {
|
||||
var m, c;
|
||||
if (usePrivate) {
|
||||
/* Type 1: zeros padding for private key encrypt */
|
||||
m = new BigInteger(pkcs1Scheme.encPad(buffer, {type: 1}));
|
||||
c = keyPair.$doPrivate(m);
|
||||
} else {
|
||||
m = new BigInteger(keyPair.encryptionScheme.encPad(buffer));
|
||||
c = keyPair.$doPublic(m);
|
||||
}
|
||||
return c.toBuffer(keyPair.encryptedDataLength);
|
||||
},
|
||||
|
||||
decrypt: function (buffer, usePublic) {
|
||||
var m, c = new BigInteger(buffer);
|
||||
|
||||
if (usePublic) {
|
||||
m = keyPair.$doPublic(c);
|
||||
/* Type 1: zeros padding for private key decrypt */
|
||||
return pkcs1Scheme.encUnPad(m.toBuffer(keyPair.encryptedDataLength), {type: 1});
|
||||
} else {
|
||||
m = keyPair.$doPrivate(c);
|
||||
return keyPair.encryptionScheme.encUnPad(m.toBuffer(keyPair.encryptedDataLength));
|
||||
}
|
||||
}
|
||||
};
|
||||
};
|
|
@ -0,0 +1,56 @@
|
|||
var crypto = require('crypto');
|
||||
var constants = require('constants');
|
||||
var schemes = require('../schemes/schemes.js');
|
||||
|
||||
module.exports = function (keyPair, options) {
|
||||
var jsEngine = require('./js.js')(keyPair, options);
|
||||
var pkcs1Scheme = schemes.pkcs1.makeScheme(keyPair, options);
|
||||
|
||||
return {
|
||||
encrypt: function (buffer, usePrivate) {
|
||||
if (usePrivate) {
|
||||
return jsEngine.encrypt(buffer, usePrivate);
|
||||
}
|
||||
var padding = constants.RSA_PKCS1_OAEP_PADDING;
|
||||
if (options.encryptionScheme === 'pkcs1') {
|
||||
padding = constants.RSA_PKCS1_PADDING;
|
||||
}
|
||||
if (options.encryptionSchemeOptions && options.encryptionSchemeOptions.padding) {
|
||||
padding = options.encryptionSchemeOptions.padding;
|
||||
}
|
||||
|
||||
var data = buffer;
|
||||
if (padding === constants.RSA_NO_PADDING) {
|
||||
data = pkcs1Scheme.pkcs0pad(buffer);
|
||||
}
|
||||
|
||||
return crypto.publicEncrypt({
|
||||
key: options.rsaUtils.exportKey('public'),
|
||||
padding: padding
|
||||
}, data);
|
||||
},
|
||||
|
||||
decrypt: function (buffer, usePublic) {
|
||||
if (usePublic) {
|
||||
return jsEngine.decrypt(buffer, usePublic);
|
||||
}
|
||||
var padding = constants.RSA_PKCS1_OAEP_PADDING;
|
||||
if (options.encryptionScheme === 'pkcs1') {
|
||||
padding = constants.RSA_PKCS1_PADDING;
|
||||
}
|
||||
if (options.encryptionSchemeOptions && options.encryptionSchemeOptions.padding) {
|
||||
padding = options.encryptionSchemeOptions.padding;
|
||||
}
|
||||
|
||||
var res = crypto.privateDecrypt({
|
||||
key: options.rsaUtils.exportKey('private'),
|
||||
padding: padding
|
||||
}, buffer);
|
||||
|
||||
if (padding === constants.RSA_NO_PADDING) {
|
||||
return pkcs1Scheme.pkcs0unpad(res);
|
||||
}
|
||||
return res;
|
||||
}
|
||||
};
|
||||
};
|
|
@ -0,0 +1,71 @@
|
|||
var _ = require('../utils')._;
|
||||
var utils = require('../utils');
|
||||
|
||||
module.exports = {
|
||||
privateExport: function (key, options) {
|
||||
return {
|
||||
n: key.n.toBuffer(),
|
||||
e: key.e,
|
||||
d: key.d.toBuffer(),
|
||||
p: key.p.toBuffer(),
|
||||
q: key.q.toBuffer(),
|
||||
dmp1: key.dmp1.toBuffer(),
|
||||
dmq1: key.dmq1.toBuffer(),
|
||||
coeff: key.coeff.toBuffer()
|
||||
};
|
||||
},
|
||||
|
||||
privateImport: function (key, data, options) {
|
||||
if (data.n && data.e && data.d && data.p && data.q && data.dmp1 && data.dmq1 && data.coeff) {
|
||||
key.setPrivate(
|
||||
data.n,
|
||||
data.e,
|
||||
data.d,
|
||||
data.p,
|
||||
data.q,
|
||||
data.dmp1,
|
||||
data.dmq1,
|
||||
data.coeff
|
||||
);
|
||||
} else {
|
||||
throw Error("Invalid key data");
|
||||
}
|
||||
},
|
||||
|
||||
publicExport: function (key, options) {
|
||||
return {
|
||||
n: key.n.toBuffer(),
|
||||
e: key.e
|
||||
};
|
||||
},
|
||||
|
||||
publicImport: function (key, data, options) {
|
||||
if (data.n && data.e) {
|
||||
key.setPublic(
|
||||
data.n,
|
||||
data.e
|
||||
);
|
||||
} else {
|
||||
throw Error("Invalid key data");
|
||||
}
|
||||
},
|
||||
|
||||
/**
|
||||
* Trying autodetect and import key
|
||||
* @param key
|
||||
* @param data
|
||||
*/
|
||||
autoImport: function (key, data) {
|
||||
if (data.n && data.e) {
|
||||
if (data.d && data.p && data.q && data.dmp1 && data.dmq1 && data.coeff) {
|
||||
module.exports.privateImport(key, data);
|
||||
return true;
|
||||
} else {
|
||||
module.exports.publicImport(key, data);
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
};
|
|
@ -0,0 +1,96 @@
|
|||
var _ = require('../utils')._;
|
||||
|
||||
function formatParse(format) {
|
||||
format = format.split('-');
|
||||
var keyType = 'private';
|
||||
var keyOpt = {type: 'default'};
|
||||
|
||||
for (var i = 1; i < format.length; i++) {
|
||||
if (format[i]) {
|
||||
switch (format[i]) {
|
||||
case 'public':
|
||||
keyType = format[i];
|
||||
break;
|
||||
case 'private':
|
||||
keyType = format[i];
|
||||
break;
|
||||
case 'pem':
|
||||
keyOpt.type = format[i];
|
||||
break;
|
||||
case 'der':
|
||||
keyOpt.type = format[i];
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return {scheme: format[0], keyType: keyType, keyOpt: keyOpt};
|
||||
}
|
||||
|
||||
module.exports = {
|
||||
pkcs1: require('./pkcs1'),
|
||||
pkcs8: require('./pkcs8'),
|
||||
components: require('./components'),
|
||||
|
||||
isPrivateExport: function (format) {
|
||||
return module.exports[format] && typeof module.exports[format].privateExport === 'function';
|
||||
},
|
||||
|
||||
isPrivateImport: function (format) {
|
||||
return module.exports[format] && typeof module.exports[format].privateImport === 'function';
|
||||
},
|
||||
|
||||
isPublicExport: function (format) {
|
||||
return module.exports[format] && typeof module.exports[format].publicExport === 'function';
|
||||
},
|
||||
|
||||
isPublicImport: function (format) {
|
||||
return module.exports[format] && typeof module.exports[format].publicImport === 'function';
|
||||
},
|
||||
|
||||
detectAndImport: function (key, data, format) {
|
||||
if (format === undefined) {
|
||||
for (var scheme in module.exports) {
|
||||
if (typeof module.exports[scheme].autoImport === 'function' && module.exports[scheme].autoImport(key, data)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
} else if (format) {
|
||||
var fmt = formatParse(format);
|
||||
|
||||
if (module.exports[fmt.scheme]) {
|
||||
if (fmt.keyType === 'private') {
|
||||
module.exports[fmt.scheme].privateImport(key, data, fmt.keyOpt);
|
||||
} else {
|
||||
module.exports[fmt.scheme].publicImport(key, data, fmt.keyOpt);
|
||||
}
|
||||
} else {
|
||||
throw Error('Unsupported key format');
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
},
|
||||
|
||||
detectAndExport: function (key, format) {
|
||||
if (format) {
|
||||
var fmt = formatParse(format);
|
||||
|
||||
if (module.exports[fmt.scheme]) {
|
||||
if (fmt.keyType === 'private') {
|
||||
if (!key.isPrivate()) {
|
||||
throw Error("This is not private key");
|
||||
}
|
||||
return module.exports[fmt.scheme].privateExport(key, fmt.keyOpt);
|
||||
} else {
|
||||
if (!key.isPublic()) {
|
||||
throw Error("This is not public key");
|
||||
}
|
||||
return module.exports[fmt.scheme].publicExport(key, fmt.keyOpt);
|
||||
}
|
||||
} else {
|
||||
throw Error('Unsupported key format');
|
||||
}
|
||||
}
|
||||
}
|
||||
};
|
|
@ -0,0 +1,148 @@
|
|||
var ber = require('asn1').Ber;
|
||||
var _ = require('../utils')._;
|
||||
var utils = require('../utils');
|
||||
|
||||
const PRIVATE_OPENING_BOUNDARY = '-----BEGIN RSA PRIVATE KEY-----';
|
||||
const PRIVATE_CLOSING_BOUNDARY = '-----END RSA PRIVATE KEY-----';
|
||||
|
||||
const PUBLIC_OPENING_BOUNDARY = '-----BEGIN RSA PUBLIC KEY-----';
|
||||
const PUBLIC_CLOSING_BOUNDARY = '-----END RSA PUBLIC KEY-----';
|
||||
|
||||
module.exports = {
|
||||
privateExport: function (key, options) {
|
||||
options = options || {};
|
||||
|
||||
var n = key.n.toBuffer();
|
||||
var d = key.d.toBuffer();
|
||||
var p = key.p.toBuffer();
|
||||
var q = key.q.toBuffer();
|
||||
var dmp1 = key.dmp1.toBuffer();
|
||||
var dmq1 = key.dmq1.toBuffer();
|
||||
var coeff = key.coeff.toBuffer();
|
||||
|
||||
var length = n.length + d.length + p.length + q.length + dmp1.length + dmq1.length + coeff.length + 512; // magic
|
||||
var writer = new ber.Writer({size: length});
|
||||
|
||||
writer.startSequence();
|
||||
writer.writeInt(0);
|
||||
writer.writeBuffer(n, 2);
|
||||
writer.writeInt(key.e);
|
||||
writer.writeBuffer(d, 2);
|
||||
writer.writeBuffer(p, 2);
|
||||
writer.writeBuffer(q, 2);
|
||||
writer.writeBuffer(dmp1, 2);
|
||||
writer.writeBuffer(dmq1, 2);
|
||||
writer.writeBuffer(coeff, 2);
|
||||
writer.endSequence();
|
||||
|
||||
if (options.type === 'der') {
|
||||
return writer.buffer;
|
||||
} else {
|
||||
return PRIVATE_OPENING_BOUNDARY + '\n' + utils.linebrk(writer.buffer.toString('base64'), 64) + '\n' + PRIVATE_CLOSING_BOUNDARY;
|
||||
}
|
||||
},
|
||||
|
||||
privateImport: function (key, data, options) {
|
||||
options = options || {};
|
||||
var buffer;
|
||||
|
||||
if (options.type !== 'der') {
|
||||
if (Buffer.isBuffer(data)) {
|
||||
data = data.toString('utf8');
|
||||
}
|
||||
|
||||
if (_.isString(data)) {
|
||||
var pem = utils.trimSurroundingText(data, PRIVATE_OPENING_BOUNDARY, PRIVATE_CLOSING_BOUNDARY)
|
||||
.replace(/\s+|\n\r|\n|\r$/gm, '');
|
||||
buffer = Buffer.from(pem, 'base64');
|
||||
} else {
|
||||
throw Error('Unsupported key format');
|
||||
}
|
||||
} else if (Buffer.isBuffer(data)) {
|
||||
buffer = data;
|
||||
} else {
|
||||
throw Error('Unsupported key format');
|
||||
}
|
||||
|
||||
var reader = new ber.Reader(buffer);
|
||||
reader.readSequence();
|
||||
reader.readString(2, true); // just zero
|
||||
key.setPrivate(
|
||||
reader.readString(2, true), // modulus
|
||||
reader.readString(2, true), // publicExponent
|
||||
reader.readString(2, true), // privateExponent
|
||||
reader.readString(2, true), // prime1
|
||||
reader.readString(2, true), // prime2
|
||||
reader.readString(2, true), // exponent1 -- d mod (p1)
|
||||
reader.readString(2, true), // exponent2 -- d mod (q-1)
|
||||
reader.readString(2, true) // coefficient -- (inverse of q) mod p
|
||||
);
|
||||
},
|
||||
|
||||
publicExport: function (key, options) {
|
||||
options = options || {};
|
||||
|
||||
var n = key.n.toBuffer();
|
||||
var length = n.length + 512; // magic
|
||||
|
||||
var bodyWriter = new ber.Writer({size: length});
|
||||
bodyWriter.startSequence();
|
||||
bodyWriter.writeBuffer(n, 2);
|
||||
bodyWriter.writeInt(key.e);
|
||||
bodyWriter.endSequence();
|
||||
|
||||
if (options.type === 'der') {
|
||||
return bodyWriter.buffer;
|
||||
} else {
|
||||
return PUBLIC_OPENING_BOUNDARY + '\n' + utils.linebrk(bodyWriter.buffer.toString('base64'), 64) + '\n' + PUBLIC_CLOSING_BOUNDARY;
|
||||
}
|
||||
},
|
||||
|
||||
publicImport: function (key, data, options) {
|
||||
options = options || {};
|
||||
var buffer;
|
||||
|
||||
if (options.type !== 'der') {
|
||||
if (Buffer.isBuffer(data)) {
|
||||
data = data.toString('utf8');
|
||||
}
|
||||
|
||||
if (_.isString(data)) {
|
||||
var pem = utils.trimSurroundingText(data, PUBLIC_OPENING_BOUNDARY, PUBLIC_CLOSING_BOUNDARY)
|
||||
.replace(/\s+|\n\r|\n|\r$/gm, '');
|
||||
buffer = Buffer.from(pem, 'base64');
|
||||
}
|
||||
} else if (Buffer.isBuffer(data)) {
|
||||
buffer = data;
|
||||
} else {
|
||||
throw Error('Unsupported key format');
|
||||
}
|
||||
|
||||
var body = new ber.Reader(buffer);
|
||||
body.readSequence();
|
||||
key.setPublic(
|
||||
body.readString(0x02, true), // modulus
|
||||
body.readString(0x02, true) // publicExponent
|
||||
);
|
||||
},
|
||||
|
||||
/**
|
||||
* Trying autodetect and import key
|
||||
* @param key
|
||||
* @param data
|
||||
*/
|
||||
autoImport: function (key, data) {
|
||||
// [\S\s]* matches zero or more of any character
|
||||
if (/^[\S\s]*-----BEGIN RSA PRIVATE KEY-----\s*(?=(([A-Za-z0-9+/=]+\s*)+))\1-----END RSA PRIVATE KEY-----[\S\s]*$/g.test(data)) {
|
||||
module.exports.privateImport(key, data);
|
||||
return true;
|
||||
}
|
||||
|
||||
if (/^[\S\s]*-----BEGIN RSA PUBLIC KEY-----\s*(?=(([A-Za-z0-9+/=]+\s*)+))\1-----END RSA PUBLIC KEY-----[\S\s]*$/g.test(data)) {
|
||||
module.exports.publicImport(key, data);
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
};
|
|
@ -0,0 +1,187 @@
|
|||
var ber = require('asn1').Ber;
|
||||
var _ = require('../utils')._;
|
||||
var PUBLIC_RSA_OID = '1.2.840.113549.1.1.1';
|
||||
var utils = require('../utils');
|
||||
|
||||
const PRIVATE_OPENING_BOUNDARY = '-----BEGIN PRIVATE KEY-----';
|
||||
const PRIVATE_CLOSING_BOUNDARY = '-----END PRIVATE KEY-----';
|
||||
|
||||
const PUBLIC_OPENING_BOUNDARY = '-----BEGIN PUBLIC KEY-----';
|
||||
const PUBLIC_CLOSING_BOUNDARY = '-----END PUBLIC KEY-----';
|
||||
|
||||
module.exports = {
|
||||
privateExport: function (key, options) {
|
||||
options = options || {};
|
||||
|
||||
var n = key.n.toBuffer();
|
||||
var d = key.d.toBuffer();
|
||||
var p = key.p.toBuffer();
|
||||
var q = key.q.toBuffer();
|
||||
var dmp1 = key.dmp1.toBuffer();
|
||||
var dmq1 = key.dmq1.toBuffer();
|
||||
var coeff = key.coeff.toBuffer();
|
||||
|
||||
var length = n.length + d.length + p.length + q.length + dmp1.length + dmq1.length + coeff.length + 512; // magic
|
||||
var bodyWriter = new ber.Writer({size: length});
|
||||
|
||||
bodyWriter.startSequence();
|
||||
bodyWriter.writeInt(0);
|
||||
bodyWriter.writeBuffer(n, 2);
|
||||
bodyWriter.writeInt(key.e);
|
||||
bodyWriter.writeBuffer(d, 2);
|
||||
bodyWriter.writeBuffer(p, 2);
|
||||
bodyWriter.writeBuffer(q, 2);
|
||||
bodyWriter.writeBuffer(dmp1, 2);
|
||||
bodyWriter.writeBuffer(dmq1, 2);
|
||||
bodyWriter.writeBuffer(coeff, 2);
|
||||
bodyWriter.endSequence();
|
||||
|
||||
var writer = new ber.Writer({size: length});
|
||||
writer.startSequence();
|
||||
writer.writeInt(0);
|
||||
writer.startSequence();
|
||||
writer.writeOID(PUBLIC_RSA_OID);
|
||||
writer.writeNull();
|
||||
writer.endSequence();
|
||||
writer.writeBuffer(bodyWriter.buffer, 4);
|
||||
writer.endSequence();
|
||||
|
||||
if (options.type === 'der') {
|
||||
return writer.buffer;
|
||||
} else {
|
||||
return PRIVATE_OPENING_BOUNDARY + '\n' + utils.linebrk(writer.buffer.toString('base64'), 64) + '\n' + PRIVATE_CLOSING_BOUNDARY;
|
||||
}
|
||||
},
|
||||
|
||||
privateImport: function (key, data, options) {
|
||||
options = options || {};
|
||||
var buffer;
|
||||
|
||||
if (options.type !== 'der') {
|
||||
if (Buffer.isBuffer(data)) {
|
||||
data = data.toString('utf8');
|
||||
}
|
||||
|
||||
if (_.isString(data)) {
|
||||
var pem = utils.trimSurroundingText(data, PRIVATE_OPENING_BOUNDARY, PRIVATE_CLOSING_BOUNDARY)
|
||||
.replace('-----END PRIVATE KEY-----', '')
|
||||
.replace(/\s+|\n\r|\n|\r$/gm, '');
|
||||
buffer = Buffer.from(pem, 'base64');
|
||||
} else {
|
||||
throw Error('Unsupported key format');
|
||||
}
|
||||
} else if (Buffer.isBuffer(data)) {
|
||||
buffer = data;
|
||||
} else {
|
||||
throw Error('Unsupported key format');
|
||||
}
|
||||
|
||||
var reader = new ber.Reader(buffer);
|
||||
reader.readSequence();
|
||||
reader.readInt(0);
|
||||
var header = new ber.Reader(reader.readString(0x30, true));
|
||||
|
||||
if (header.readOID(0x06, true) !== PUBLIC_RSA_OID) {
|
||||
throw Error('Invalid Public key format');
|
||||
}
|
||||
|
||||
var body = new ber.Reader(reader.readString(0x04, true));
|
||||
body.readSequence();
|
||||
body.readString(2, true); // just zero
|
||||
key.setPrivate(
|
||||
body.readString(2, true), // modulus
|
||||
body.readString(2, true), // publicExponent
|
||||
body.readString(2, true), // privateExponent
|
||||
body.readString(2, true), // prime1
|
||||
body.readString(2, true), // prime2
|
||||
body.readString(2, true), // exponent1 -- d mod (p1)
|
||||
body.readString(2, true), // exponent2 -- d mod (q-1)
|
||||
body.readString(2, true) // coefficient -- (inverse of q) mod p
|
||||
);
|
||||
},
|
||||
|
||||
publicExport: function (key, options) {
|
||||
options = options || {};
|
||||
|
||||
var n = key.n.toBuffer();
|
||||
var length = n.length + 512; // magic
|
||||
|
||||
var bodyWriter = new ber.Writer({size: length});
|
||||
bodyWriter.writeByte(0);
|
||||
bodyWriter.startSequence();
|
||||
bodyWriter.writeBuffer(n, 2);
|
||||
bodyWriter.writeInt(key.e);
|
||||
bodyWriter.endSequence();
|
||||
|
||||
var writer = new ber.Writer({size: length});
|
||||
writer.startSequence();
|
||||
writer.startSequence();
|
||||
writer.writeOID(PUBLIC_RSA_OID);
|
||||
writer.writeNull();
|
||||
writer.endSequence();
|
||||
writer.writeBuffer(bodyWriter.buffer, 3);
|
||||
writer.endSequence();
|
||||
|
||||
if (options.type === 'der') {
|
||||
return writer.buffer;
|
||||
} else {
|
||||
return PUBLIC_OPENING_BOUNDARY + '\n' + utils.linebrk(writer.buffer.toString('base64'), 64) + '\n' + PUBLIC_CLOSING_BOUNDARY;
|
||||
}
|
||||
},
|
||||
|
||||
publicImport: function (key, data, options) {
|
||||
options = options || {};
|
||||
var buffer;
|
||||
|
||||
if (options.type !== 'der') {
|
||||
if (Buffer.isBuffer(data)) {
|
||||
data = data.toString('utf8');
|
||||
}
|
||||
|
||||
if (_.isString(data)) {
|
||||
var pem = utils.trimSurroundingText(data, PUBLIC_OPENING_BOUNDARY, PUBLIC_CLOSING_BOUNDARY)
|
||||
.replace(/\s+|\n\r|\n|\r$/gm, '');
|
||||
buffer = Buffer.from(pem, 'base64');
|
||||
}
|
||||
} else if (Buffer.isBuffer(data)) {
|
||||
buffer = data;
|
||||
} else {
|
||||
throw Error('Unsupported key format');
|
||||
}
|
||||
|
||||
var reader = new ber.Reader(buffer);
|
||||
reader.readSequence();
|
||||
var header = new ber.Reader(reader.readString(0x30, true));
|
||||
|
||||
if (header.readOID(0x06, true) !== PUBLIC_RSA_OID) {
|
||||
throw Error('Invalid Public key format');
|
||||
}
|
||||
|
||||
var body = new ber.Reader(reader.readString(0x03, true));
|
||||
body.readByte();
|
||||
body.readSequence();
|
||||
key.setPublic(
|
||||
body.readString(0x02, true), // modulus
|
||||
body.readString(0x02, true) // publicExponent
|
||||
);
|
||||
},
|
||||
|
||||
/**
|
||||
* Trying autodetect and import key
|
||||
* @param key
|
||||
* @param data
|
||||
*/
|
||||
autoImport: function (key, data) {
|
||||
if (/^[\S\s]*-----BEGIN PRIVATE KEY-----\s*(?=(([A-Za-z0-9+/=]+\s*)+))\1-----END PRIVATE KEY-----[\S\s]*$/g.test(data)) {
|
||||
module.exports.privateImport(key, data);
|
||||
return true;
|
||||
}
|
||||
|
||||
if (/^[\S\s]*-----BEGIN PUBLIC KEY-----\s*(?=(([A-Za-z0-9+/=]+\s*)+))\1-----END PUBLIC KEY-----[\S\s]*$/g.test(data)) {
|
||||
module.exports.publicImport(key, data);
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
};
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,316 @@
|
|||
/*
|
||||
* RSA Encryption / Decryption with PKCS1 v2 Padding.
|
||||
*
|
||||
* Copyright (c) 2003-2005 Tom Wu
|
||||
* All Rights Reserved.
|
||||
*
|
||||
* Permission is hereby granted, free of charge, to any person obtaining
|
||||
* a copy of this software and associated documentation files (the
|
||||
* "Software"), to deal in the Software without restriction, including
|
||||
* without limitation the rights to use, copy, modify, merge, publish,
|
||||
* distribute, sublicense, and/or sell copies of the Software, and to
|
||||
* permit persons to whom the Software is furnished to do so, subject to
|
||||
* the following conditions:
|
||||
*
|
||||
* The above copyright notice and this permission notice shall be
|
||||
* included in all copies or substantial portions of the Software.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND,
|
||||
* EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY
|
||||
* WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||||
*
|
||||
* IN NO EVENT SHALL TOM WU BE LIABLE FOR ANY SPECIAL, INCIDENTAL,
|
||||
* INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER
|
||||
* RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF
|
||||
* THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT
|
||||
* OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*
|
||||
* In addition, the following condition applies:
|
||||
*
|
||||
* All redistributions must retain an intact copy of this copyright notice
|
||||
* and disclaimer.
|
||||
*/
|
||||
|
||||
/*
|
||||
* Node.js adaptation
|
||||
* long message support implementation
|
||||
* signing/verifying
|
||||
*
|
||||
* 2014 rzcoder
|
||||
*/
|
||||
|
||||
var _ = require('../utils')._;
|
||||
var crypt = require('crypto');
|
||||
var BigInteger = require('./jsbn.js');
|
||||
var utils = require('../utils.js');
|
||||
var schemes = require('../schemes/schemes.js');
|
||||
var encryptEngines = require('../encryptEngines/encryptEngines.js');
|
||||
|
||||
exports.BigInteger = BigInteger;
|
||||
module.exports.Key = (function () {
|
||||
/**
|
||||
* RSA key constructor
|
||||
*
|
||||
* n - modulus
|
||||
* e - publicExponent
|
||||
* d - privateExponent
|
||||
* p - prime1
|
||||
* q - prime2
|
||||
* dmp1 - exponent1 -- d mod (p1)
|
||||
* dmq1 - exponent2 -- d mod (q-1)
|
||||
* coeff - coefficient -- (inverse of q) mod p
|
||||
*/
|
||||
function RSAKey() {
|
||||
this.n = null;
|
||||
this.e = 0;
|
||||
this.d = null;
|
||||
this.p = null;
|
||||
this.q = null;
|
||||
this.dmp1 = null;
|
||||
this.dmq1 = null;
|
||||
this.coeff = null;
|
||||
}
|
||||
|
||||
RSAKey.prototype.setOptions = function (options) {
|
||||
var signingSchemeProvider = schemes[options.signingScheme];
|
||||
var encryptionSchemeProvider = schemes[options.encryptionScheme];
|
||||
|
||||
if (signingSchemeProvider === encryptionSchemeProvider) {
|
||||
this.signingScheme = this.encryptionScheme = encryptionSchemeProvider.makeScheme(this, options);
|
||||
} else {
|
||||
this.encryptionScheme = encryptionSchemeProvider.makeScheme(this, options);
|
||||
this.signingScheme = signingSchemeProvider.makeScheme(this, options);
|
||||
}
|
||||
|
||||
this.encryptEngine = encryptEngines.getEngine(this, options);
|
||||
};
|
||||
|
||||
/**
|
||||
* Generate a new random private key B bits long, using public expt E
|
||||
* @param B
|
||||
* @param E
|
||||
*/
|
||||
RSAKey.prototype.generate = function (B, E) {
|
||||
var qs = B >> 1;
|
||||
this.e = parseInt(E, 16);
|
||||
var ee = new BigInteger(E, 16);
|
||||
while (true) {
|
||||
while (true) {
|
||||
this.p = new BigInteger(B - qs, 1);
|
||||
if (this.p.subtract(BigInteger.ONE).gcd(ee).compareTo(BigInteger.ONE) === 0 && this.p.isProbablePrime(10))
|
||||
break;
|
||||
}
|
||||
while (true) {
|
||||
this.q = new BigInteger(qs, 1);
|
||||
if (this.q.subtract(BigInteger.ONE).gcd(ee).compareTo(BigInteger.ONE) === 0 && this.q.isProbablePrime(10))
|
||||
break;
|
||||
}
|
||||
if (this.p.compareTo(this.q) <= 0) {
|
||||
var t = this.p;
|
||||
this.p = this.q;
|
||||
this.q = t;
|
||||
}
|
||||
var p1 = this.p.subtract(BigInteger.ONE);
|
||||
var q1 = this.q.subtract(BigInteger.ONE);
|
||||
var phi = p1.multiply(q1);
|
||||
if (phi.gcd(ee).compareTo(BigInteger.ONE) === 0) {
|
||||
this.n = this.p.multiply(this.q);
|
||||
if (this.n.bitLength() < B) {
|
||||
continue;
|
||||
}
|
||||
this.d = ee.modInverse(phi);
|
||||
this.dmp1 = this.d.mod(p1);
|
||||
this.dmq1 = this.d.mod(q1);
|
||||
this.coeff = this.q.modInverse(this.p);
|
||||
break;
|
||||
}
|
||||
}
|
||||
this.$$recalculateCache();
|
||||
};
|
||||
|
||||
/**
|
||||
* Set the private key fields N, e, d and CRT params from buffers
|
||||
*
|
||||
* @param N
|
||||
* @param E
|
||||
* @param D
|
||||
* @param P
|
||||
* @param Q
|
||||
* @param DP
|
||||
* @param DQ
|
||||
* @param C
|
||||
*/
|
||||
RSAKey.prototype.setPrivate = function (N, E, D, P, Q, DP, DQ, C) {
|
||||
if (N && E && D && N.length > 0 && (_.isNumber(E) || E.length > 0) && D.length > 0) {
|
||||
this.n = new BigInteger(N);
|
||||
this.e = _.isNumber(E) ? E : utils.get32IntFromBuffer(E, 0);
|
||||
this.d = new BigInteger(D);
|
||||
|
||||
if (P && Q && DP && DQ && C) {
|
||||
this.p = new BigInteger(P);
|
||||
this.q = new BigInteger(Q);
|
||||
this.dmp1 = new BigInteger(DP);
|
||||
this.dmq1 = new BigInteger(DQ);
|
||||
this.coeff = new BigInteger(C);
|
||||
} else {
|
||||
// TODO: re-calculate any missing CRT params
|
||||
}
|
||||
this.$$recalculateCache();
|
||||
} else {
|
||||
throw Error("Invalid RSA private key");
|
||||
}
|
||||
};
|
||||
|
||||
/**
|
||||
* Set the public key fields N and e from hex strings
|
||||
* @param N
|
||||
* @param E
|
||||
*/
|
||||
RSAKey.prototype.setPublic = function (N, E) {
|
||||
if (N && E && N.length > 0 && (_.isNumber(E) || E.length > 0)) {
|
||||
this.n = new BigInteger(N);
|
||||
this.e = _.isNumber(E) ? E : utils.get32IntFromBuffer(E, 0);
|
||||
this.$$recalculateCache();
|
||||
} else {
|
||||
throw Error("Invalid RSA public key");
|
||||
}
|
||||
};
|
||||
|
||||
/**
|
||||
* private
|
||||
* Perform raw private operation on "x": return x^d (mod n)
|
||||
*
|
||||
* @param x
|
||||
* @returns {*}
|
||||
*/
|
||||
RSAKey.prototype.$doPrivate = function (x) {
|
||||
if (this.p || this.q) {
|
||||
return x.modPow(this.d, this.n);
|
||||
}
|
||||
|
||||
// TODO: re-calculate any missing CRT params
|
||||
var xp = x.mod(this.p).modPow(this.dmp1, this.p);
|
||||
var xq = x.mod(this.q).modPow(this.dmq1, this.q);
|
||||
|
||||
while (xp.compareTo(xq) < 0) {
|
||||
xp = xp.add(this.p);
|
||||
}
|
||||
return xp.subtract(xq).multiply(this.coeff).mod(this.p).multiply(this.q).add(xq);
|
||||
};
|
||||
|
||||
/**
|
||||
* private
|
||||
* Perform raw public operation on "x": return x^e (mod n)
|
||||
*
|
||||
* @param x
|
||||
* @returns {*}
|
||||
*/
|
||||
RSAKey.prototype.$doPublic = function (x) {
|
||||
return x.modPowInt(this.e, this.n);
|
||||
};
|
||||
|
||||
/**
|
||||
* Return the PKCS#1 RSA encryption of buffer
|
||||
* @param buffer {Buffer}
|
||||
* @returns {Buffer}
|
||||
*/
|
||||
RSAKey.prototype.encrypt = function (buffer, usePrivate) {
|
||||
var buffers = [];
|
||||
var results = [];
|
||||
var bufferSize = buffer.length;
|
||||
var buffersCount = Math.ceil(bufferSize / this.maxMessageLength) || 1; // total buffers count for encrypt
|
||||
var dividedSize = Math.ceil(bufferSize / buffersCount || 1); // each buffer size
|
||||
|
||||
if (buffersCount == 1) {
|
||||
buffers.push(buffer);
|
||||
} else {
|
||||
for (var bufNum = 0; bufNum < buffersCount; bufNum++) {
|
||||
buffers.push(buffer.slice(bufNum * dividedSize, (bufNum + 1) * dividedSize));
|
||||
}
|
||||
}
|
||||
|
||||
for (var i = 0; i < buffers.length; i++) {
|
||||
results.push(this.encryptEngine.encrypt(buffers[i], usePrivate));
|
||||
}
|
||||
|
||||
return Buffer.concat(results);
|
||||
};
|
||||
|
||||
/**
|
||||
* Return the PKCS#1 RSA decryption of buffer
|
||||
* @param buffer {Buffer}
|
||||
* @returns {Buffer}
|
||||
*/
|
||||
RSAKey.prototype.decrypt = function (buffer, usePublic) {
|
||||
if (buffer.length % this.encryptedDataLength > 0) {
|
||||
throw Error('Incorrect data or key');
|
||||
}
|
||||
|
||||
var result = [];
|
||||
var offset = 0;
|
||||
var length = 0;
|
||||
var buffersCount = buffer.length / this.encryptedDataLength;
|
||||
|
||||
for (var i = 0; i < buffersCount; i++) {
|
||||
offset = i * this.encryptedDataLength;
|
||||
length = offset + this.encryptedDataLength;
|
||||
result.push(this.encryptEngine.decrypt(buffer.slice(offset, Math.min(length, buffer.length)), usePublic));
|
||||
}
|
||||
|
||||
return Buffer.concat(result);
|
||||
};
|
||||
|
||||
RSAKey.prototype.sign = function (buffer) {
|
||||
return this.signingScheme.sign.apply(this.signingScheme, arguments);
|
||||
};
|
||||
|
||||
RSAKey.prototype.verify = function (buffer, signature, signature_encoding) {
|
||||
return this.signingScheme.verify.apply(this.signingScheme, arguments);
|
||||
};
|
||||
|
||||
/**
|
||||
* Check if key pair contains private key
|
||||
*/
|
||||
RSAKey.prototype.isPrivate = function () {
|
||||
return this.n && this.e && this.d || false;
|
||||
};
|
||||
|
||||
/**
|
||||
* Check if key pair contains public key
|
||||
* @param strict {boolean} - public key only, return false if have private exponent
|
||||
*/
|
||||
RSAKey.prototype.isPublic = function (strict) {
|
||||
return this.n && this.e && !(strict && this.d) || false;
|
||||
};
|
||||
|
||||
Object.defineProperty(RSAKey.prototype, 'keySize', {
|
||||
get: function () {
|
||||
return this.cache.keyBitLength;
|
||||
}
|
||||
});
|
||||
|
||||
Object.defineProperty(RSAKey.prototype, 'encryptedDataLength', {
|
||||
get: function () {
|
||||
return this.cache.keyByteLength;
|
||||
}
|
||||
});
|
||||
|
||||
Object.defineProperty(RSAKey.prototype, 'maxMessageLength', {
|
||||
get: function () {
|
||||
return this.encryptionScheme.maxMessageLength();
|
||||
}
|
||||
});
|
||||
|
||||
/**
|
||||
* Caching key data
|
||||
*/
|
||||
RSAKey.prototype.$$recalculateCache = function () {
|
||||
this.cache = this.cache || {};
|
||||
// Bit & byte length
|
||||
this.cache.keyBitLength = this.n.bitLength();
|
||||
this.cache.keyByteLength = (this.cache.keyBitLength + 6) >> 3;
|
||||
};
|
||||
|
||||
return RSAKey;
|
||||
})();
|
||||
|
|
@ -0,0 +1,179 @@
|
|||
/**
|
||||
* PKCS_OAEP signature scheme
|
||||
*/
|
||||
|
||||
var BigInteger = require('../libs/jsbn');
|
||||
var crypt = require('crypto');
|
||||
|
||||
module.exports = {
|
||||
isEncryption: true,
|
||||
isSignature: false
|
||||
};
|
||||
|
||||
module.exports.digestLength = {
|
||||
md4: 16,
|
||||
md5: 16,
|
||||
ripemd160: 20,
|
||||
rmd160: 20,
|
||||
sha1: 20,
|
||||
sha224: 28,
|
||||
sha256: 32,
|
||||
sha384: 48,
|
||||
sha512: 64
|
||||
};
|
||||
|
||||
var DEFAULT_HASH_FUNCTION = 'sha1';
|
||||
|
||||
/*
|
||||
* OAEP Mask Generation Function 1
|
||||
* Generates a buffer full of pseudorandom bytes given seed and maskLength.
|
||||
* Giving the same seed, maskLength, and hashFunction will result in the same exact byte values in the buffer.
|
||||
*
|
||||
* https://tools.ietf.org/html/rfc3447#appendix-B.2.1
|
||||
*
|
||||
* Parameters:
|
||||
* seed [Buffer] The pseudo random seed for this function
|
||||
* maskLength [int] The length of the output
|
||||
* hashFunction [String] The hashing function to use. Will accept any valid crypto hash. Default "sha1"
|
||||
* Supports "sha1" and "sha256".
|
||||
* To add another algorythm the algorythem must be accepted by crypto.createHash, and then the length of the output of the hash function (the digest) must be added to the digestLength object below.
|
||||
* Most RSA implementations will be expecting sha1
|
||||
*/
|
||||
module.exports.eme_oaep_mgf1 = function (seed, maskLength, hashFunction) {
|
||||
hashFunction = hashFunction || DEFAULT_HASH_FUNCTION;
|
||||
var hLen = module.exports.digestLength[hashFunction];
|
||||
var count = Math.ceil(maskLength / hLen);
|
||||
var T = Buffer.alloc(hLen * count);
|
||||
var c = Buffer.alloc(4);
|
||||
for (var i = 0; i < count; ++i) {
|
||||
var hash = crypt.createHash(hashFunction);
|
||||
hash.update(seed);
|
||||
c.writeUInt32BE(i, 0);
|
||||
hash.update(c);
|
||||
hash.digest().copy(T, i * hLen);
|
||||
}
|
||||
return T.slice(0, maskLength);
|
||||
};
|
||||
|
||||
module.exports.makeScheme = function (key, options) {
|
||||
function Scheme(key, options) {
|
||||
this.key = key;
|
||||
this.options = options;
|
||||
}
|
||||
|
||||
Scheme.prototype.maxMessageLength = function () {
|
||||
return this.key.encryptedDataLength - 2 * module.exports.digestLength[this.options.encryptionSchemeOptions.hash || DEFAULT_HASH_FUNCTION] - 2;
|
||||
};
|
||||
|
||||
/**
|
||||
* Pad input
|
||||
* alg: PKCS1_OAEP
|
||||
*
|
||||
* https://tools.ietf.org/html/rfc3447#section-7.1.1
|
||||
*/
|
||||
Scheme.prototype.encPad = function (buffer) {
|
||||
var hash = this.options.encryptionSchemeOptions.hash || DEFAULT_HASH_FUNCTION;
|
||||
var mgf = this.options.encryptionSchemeOptions.mgf || module.exports.eme_oaep_mgf1;
|
||||
var label = this.options.encryptionSchemeOptions.label || Buffer.alloc(0);
|
||||
var emLen = this.key.encryptedDataLength;
|
||||
|
||||
var hLen = module.exports.digestLength[hash];
|
||||
|
||||
// Make sure we can put message into an encoded message of emLen bytes
|
||||
if (buffer.length > emLen - 2 * hLen - 2) {
|
||||
throw new Error("Message is too long to encode into an encoded message with a length of " + emLen + " bytes, increase" +
|
||||
"emLen to fix this error (minimum value for given parameters and options: " + (emLen - 2 * hLen - 2) + ")");
|
||||
}
|
||||
|
||||
var lHash = crypt.createHash(hash);
|
||||
lHash.update(label);
|
||||
lHash = lHash.digest();
|
||||
|
||||
var PS = Buffer.alloc(emLen - buffer.length - 2 * hLen - 1); // Padding "String"
|
||||
PS.fill(0); // Fill the buffer with octets of 0
|
||||
PS[PS.length - 1] = 1;
|
||||
|
||||
var DB = Buffer.concat([lHash, PS, buffer]);
|
||||
var seed = crypt.randomBytes(hLen);
|
||||
|
||||
// mask = dbMask
|
||||
var mask = mgf(seed, DB.length, hash);
|
||||
// XOR DB and dbMask together.
|
||||
for (var i = 0; i < DB.length; i++) {
|
||||
DB[i] ^= mask[i];
|
||||
}
|
||||
// DB = maskedDB
|
||||
|
||||
// mask = seedMask
|
||||
mask = mgf(DB, hLen, hash);
|
||||
// XOR seed and seedMask together.
|
||||
for (i = 0; i < seed.length; i++) {
|
||||
seed[i] ^= mask[i];
|
||||
}
|
||||
// seed = maskedSeed
|
||||
|
||||
var em = Buffer.alloc(1 + seed.length + DB.length);
|
||||
em[0] = 0;
|
||||
seed.copy(em, 1);
|
||||
DB.copy(em, 1 + seed.length);
|
||||
|
||||
return em;
|
||||
};
|
||||
|
||||
/**
|
||||
* Unpad input
|
||||
* alg: PKCS1_OAEP
|
||||
*
|
||||
* Note: This method works within the buffer given and modifies the values. It also returns a slice of the EM as the return Message.
|
||||
* If the implementation requires that the EM parameter be unmodified then the implementation should pass in a clone of the EM buffer.
|
||||
*
|
||||
* https://tools.ietf.org/html/rfc3447#section-7.1.2
|
||||
*/
|
||||
Scheme.prototype.encUnPad = function (buffer) {
|
||||
var hash = this.options.encryptionSchemeOptions.hash || DEFAULT_HASH_FUNCTION;
|
||||
var mgf = this.options.encryptionSchemeOptions.mgf || module.exports.eme_oaep_mgf1;
|
||||
var label = this.options.encryptionSchemeOptions.label || Buffer.alloc(0);
|
||||
|
||||
var hLen = module.exports.digestLength[hash];
|
||||
|
||||
// Check to see if buffer is a properly encoded OAEP message
|
||||
if (buffer.length < 2 * hLen + 2) {
|
||||
throw new Error("Error decoding message, the supplied message is not long enough to be a valid OAEP encoded message");
|
||||
}
|
||||
|
||||
var seed = buffer.slice(1, hLen + 1); // seed = maskedSeed
|
||||
var DB = buffer.slice(1 + hLen); // DB = maskedDB
|
||||
|
||||
var mask = mgf(DB, hLen, hash); // seedMask
|
||||
// XOR maskedSeed and seedMask together to get the original seed.
|
||||
for (var i = 0; i < seed.length; i++) {
|
||||
seed[i] ^= mask[i];
|
||||
}
|
||||
|
||||
mask = mgf(seed, DB.length, hash); // dbMask
|
||||
// XOR DB and dbMask together to get the original data block.
|
||||
for (i = 0; i < DB.length; i++) {
|
||||
DB[i] ^= mask[i];
|
||||
}
|
||||
|
||||
var lHash = crypt.createHash(hash);
|
||||
lHash.update(label);
|
||||
lHash = lHash.digest();
|
||||
|
||||
var lHashEM = DB.slice(0, hLen);
|
||||
if (lHashEM.toString("hex") != lHash.toString("hex")) {
|
||||
throw new Error("Error decoding message, the lHash calculated from the label provided and the lHash in the encrypted data do not match.");
|
||||
}
|
||||
|
||||
// Filter out padding
|
||||
i = hLen;
|
||||
while (DB[i++] === 0 && i < DB.length);
|
||||
if (DB[i - 1] != 1) {
|
||||
throw new Error("Error decoding message, there is no padding message separator byte");
|
||||
}
|
||||
|
||||
return DB.slice(i); // Message
|
||||
};
|
||||
|
||||
return new Scheme(key, options);
|
||||
};
|
|
@ -0,0 +1,238 @@
|
|||
/**
|
||||
* PKCS1 padding and signature scheme
|
||||
*/
|
||||
|
||||
var BigInteger = require('../libs/jsbn');
|
||||
var crypt = require('crypto');
|
||||
var constants = require('constants');
|
||||
var SIGN_INFO_HEAD = {
|
||||
md2: Buffer.from('3020300c06082a864886f70d020205000410', 'hex'),
|
||||
md5: Buffer.from('3020300c06082a864886f70d020505000410', 'hex'),
|
||||
sha1: Buffer.from('3021300906052b0e03021a05000414', 'hex'),
|
||||
sha224: Buffer.from('302d300d06096086480165030402040500041c', 'hex'),
|
||||
sha256: Buffer.from('3031300d060960864801650304020105000420', 'hex'),
|
||||
sha384: Buffer.from('3041300d060960864801650304020205000430', 'hex'),
|
||||
sha512: Buffer.from('3051300d060960864801650304020305000440', 'hex'),
|
||||
ripemd160: Buffer.from('3021300906052b2403020105000414', 'hex'),
|
||||
rmd160: Buffer.from('3021300906052b2403020105000414', 'hex')
|
||||
};
|
||||
|
||||
var SIGN_ALG_TO_HASH_ALIASES = {
|
||||
'ripemd160': 'rmd160'
|
||||
};
|
||||
|
||||
var DEFAULT_HASH_FUNCTION = 'sha256';
|
||||
|
||||
module.exports = {
|
||||
isEncryption: true,
|
||||
isSignature: true
|
||||
};
|
||||
|
||||
module.exports.makeScheme = function (key, options) {
|
||||
function Scheme(key, options) {
|
||||
this.key = key;
|
||||
this.options = options;
|
||||
}
|
||||
|
||||
Scheme.prototype.maxMessageLength = function () {
|
||||
if (this.options.encryptionSchemeOptions && this.options.encryptionSchemeOptions.padding == constants.RSA_NO_PADDING) {
|
||||
return this.key.encryptedDataLength;
|
||||
}
|
||||
return this.key.encryptedDataLength - 11;
|
||||
};
|
||||
|
||||
/**
|
||||
* Pad input Buffer to encryptedDataLength bytes, and return Buffer.from
|
||||
* alg: PKCS#1
|
||||
* @param buffer
|
||||
* @returns {Buffer}
|
||||
*/
|
||||
Scheme.prototype.encPad = function (buffer, options) {
|
||||
options = options || {};
|
||||
var filled;
|
||||
if (buffer.length > this.key.maxMessageLength) {
|
||||
throw new Error("Message too long for RSA (n=" + this.key.encryptedDataLength + ", l=" + buffer.length + ")");
|
||||
}
|
||||
if (this.options.encryptionSchemeOptions && this.options.encryptionSchemeOptions.padding == constants.RSA_NO_PADDING) {
|
||||
//RSA_NO_PADDING treated like JAVA left pad with zero character
|
||||
filled = Buffer.alloc(this.key.maxMessageLength - buffer.length);
|
||||
filled.fill(0);
|
||||
return Buffer.concat([filled, buffer]);
|
||||
}
|
||||
|
||||
/* Type 1: zeros padding for private key encrypt */
|
||||
if (options.type === 1) {
|
||||
filled = Buffer.alloc(this.key.encryptedDataLength - buffer.length - 1);
|
||||
filled.fill(0xff, 0, filled.length - 1);
|
||||
filled[0] = 1;
|
||||
filled[filled.length - 1] = 0;
|
||||
|
||||
return Buffer.concat([filled, buffer]);
|
||||
} else {
|
||||
/* random padding for public key encrypt */
|
||||
filled = Buffer.alloc(this.key.encryptedDataLength - buffer.length);
|
||||
filled[0] = 0;
|
||||
filled[1] = 2;
|
||||
var rand = crypt.randomBytes(filled.length - 3);
|
||||
for (var i = 0; i < rand.length; i++) {
|
||||
var r = rand[i];
|
||||
while (r === 0) { // non-zero only
|
||||
r = crypt.randomBytes(1)[0];
|
||||
}
|
||||
filled[i + 2] = r;
|
||||
}
|
||||
filled[filled.length - 1] = 0;
|
||||
return Buffer.concat([filled, buffer]);
|
||||
}
|
||||
};
|
||||
|
||||
/**
|
||||
* Unpad input Buffer and, if valid, return the Buffer object
|
||||
* alg: PKCS#1 (type 2, random)
|
||||
* @param buffer
|
||||
* @returns {Buffer}
|
||||
*/
|
||||
Scheme.prototype.encUnPad = function (buffer, options) {
|
||||
options = options || {};
|
||||
var i = 0;
|
||||
|
||||
if (this.options.encryptionSchemeOptions && this.options.encryptionSchemeOptions.padding == constants.RSA_NO_PADDING) {
|
||||
//RSA_NO_PADDING treated like JAVA left pad with zero character
|
||||
var unPad;
|
||||
if (typeof buffer.lastIndexOf == "function") { //patch for old node version
|
||||
unPad = buffer.slice(buffer.lastIndexOf('\0') + 1, buffer.length);
|
||||
} else {
|
||||
unPad = buffer.slice(String.prototype.lastIndexOf.call(buffer, '\0') + 1, buffer.length);
|
||||
}
|
||||
return unPad;
|
||||
}
|
||||
|
||||
if (buffer.length < 4) {
|
||||
return null;
|
||||
}
|
||||
|
||||
/* Type 1: zeros padding for private key decrypt */
|
||||
if (options.type === 1) {
|
||||
if (buffer[0] !== 0 && buffer[1] !== 1) {
|
||||
return null;
|
||||
}
|
||||
i = 3;
|
||||
while (buffer[i] !== 0) {
|
||||
if (buffer[i] != 0xFF || ++i >= buffer.length) {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
/* random padding for public key decrypt */
|
||||
if (buffer[0] !== 0 && buffer[1] !== 2) {
|
||||
return null;
|
||||
}
|
||||
i = 3;
|
||||
while (buffer[i] !== 0) {
|
||||
if (++i >= buffer.length) {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
}
|
||||
return buffer.slice(i + 1, buffer.length);
|
||||
};
|
||||
|
||||
Scheme.prototype.sign = function (buffer) {
|
||||
var hashAlgorithm = this.options.signingSchemeOptions.hash || DEFAULT_HASH_FUNCTION;
|
||||
if (this.options.environment === 'browser') {
|
||||
hashAlgorithm = SIGN_ALG_TO_HASH_ALIASES[hashAlgorithm] || hashAlgorithm;
|
||||
|
||||
var hasher = crypt.createHash(hashAlgorithm);
|
||||
hasher.update(buffer);
|
||||
var hash = this.pkcs1pad(hasher.digest(), hashAlgorithm);
|
||||
var res = this.key.$doPrivate(new BigInteger(hash)).toBuffer(this.key.encryptedDataLength);
|
||||
|
||||
return res;
|
||||
} else {
|
||||
var signer = crypt.createSign('RSA-' + hashAlgorithm.toUpperCase());
|
||||
signer.update(buffer);
|
||||
return signer.sign(this.options.rsaUtils.exportKey('private'));
|
||||
}
|
||||
};
|
||||
|
||||
Scheme.prototype.verify = function (buffer, signature, signature_encoding) {
|
||||
if (this.options.encryptionSchemeOptions && this.options.encryptionSchemeOptions.padding == constants.RSA_NO_PADDING) {
|
||||
//RSA_NO_PADDING has no verify data
|
||||
return false;
|
||||
}
|
||||
var hashAlgorithm = this.options.signingSchemeOptions.hash || DEFAULT_HASH_FUNCTION;
|
||||
if (this.options.environment === 'browser') {
|
||||
hashAlgorithm = SIGN_ALG_TO_HASH_ALIASES[hashAlgorithm] || hashAlgorithm;
|
||||
|
||||
if (signature_encoding) {
|
||||
signature = Buffer.from(signature, signature_encoding);
|
||||
}
|
||||
|
||||
var hasher = crypt.createHash(hashAlgorithm);
|
||||
hasher.update(buffer);
|
||||
var hash = this.pkcs1pad(hasher.digest(), hashAlgorithm);
|
||||
var m = this.key.$doPublic(new BigInteger(signature));
|
||||
|
||||
return m.toBuffer().toString('hex') == hash.toString('hex');
|
||||
} else {
|
||||
var verifier = crypt.createVerify('RSA-' + hashAlgorithm.toUpperCase());
|
||||
verifier.update(buffer);
|
||||
return verifier.verify(this.options.rsaUtils.exportKey('public'), signature, signature_encoding);
|
||||
}
|
||||
};
|
||||
|
||||
/**
|
||||
* PKCS#1 zero pad input buffer to max data length
|
||||
* @param hashBuf
|
||||
* @param hashAlgorithm
|
||||
* @returns {*}
|
||||
*/
|
||||
Scheme.prototype.pkcs0pad = function (buffer) {
|
||||
var filled = Buffer.alloc(this.key.maxMessageLength - buffer.length);
|
||||
filled.fill(0);
|
||||
return Buffer.concat([filled, buffer]);
|
||||
};
|
||||
|
||||
Scheme.prototype.pkcs0unpad = function (buffer) {
|
||||
var unPad;
|
||||
if (typeof buffer.lastIndexOf == "function") { //patch for old node version
|
||||
unPad = buffer.slice(buffer.lastIndexOf('\0') + 1, buffer.length);
|
||||
} else {
|
||||
unPad = buffer.slice(String.prototype.lastIndexOf.call(buffer, '\0') + 1, buffer.length);
|
||||
}
|
||||
|
||||
return unPad;
|
||||
};
|
||||
|
||||
/**
|
||||
* PKCS#1 pad input buffer to max data length
|
||||
* @param hashBuf
|
||||
* @param hashAlgorithm
|
||||
* @returns {*}
|
||||
*/
|
||||
Scheme.prototype.pkcs1pad = function (hashBuf, hashAlgorithm) {
|
||||
var digest = SIGN_INFO_HEAD[hashAlgorithm];
|
||||
if (!digest) {
|
||||
throw Error('Unsupported hash algorithm');
|
||||
}
|
||||
|
||||
var data = Buffer.concat([digest, hashBuf]);
|
||||
|
||||
if (data.length + 10 > this.key.encryptedDataLength) {
|
||||
throw Error('Key is too short for signing algorithm (' + hashAlgorithm + ')');
|
||||
}
|
||||
|
||||
var filled = Buffer.alloc(this.key.encryptedDataLength - data.length - 1);
|
||||
filled.fill(0xff, 0, filled.length - 1);
|
||||
filled[0] = 1;
|
||||
filled[filled.length - 1] = 0;
|
||||
|
||||
var res = Buffer.concat([filled, data]);
|
||||
|
||||
return res;
|
||||
};
|
||||
|
||||
return new Scheme(key, options);
|
||||
};
|
||||
|
||||
|
|
@ -0,0 +1,183 @@
|
|||
/**
|
||||
* PSS signature scheme
|
||||
*/
|
||||
|
||||
var BigInteger = require('../libs/jsbn');
|
||||
var crypt = require('crypto');
|
||||
|
||||
module.exports = {
|
||||
isEncryption: false,
|
||||
isSignature: true
|
||||
};
|
||||
|
||||
var DEFAULT_HASH_FUNCTION = 'sha1';
|
||||
var DEFAULT_SALT_LENGTH = 20;
|
||||
|
||||
module.exports.makeScheme = function (key, options) {
|
||||
var OAEP = require('./schemes').pkcs1_oaep;
|
||||
|
||||
/**
|
||||
* @param key
|
||||
* @param options
|
||||
* options [Object] An object that contains the following keys that specify certain options for encoding.
|
||||
* └>signingSchemeOptions
|
||||
* ├>hash [String] Hash function to use when encoding and generating masks. Must be a string accepted by node's crypto.createHash function. (default = "sha1")
|
||||
* ├>mgf [function] The mask generation function to use when encoding. (default = mgf1SHA1)
|
||||
* └>sLen [uint] The length of the salt to generate. (default = 20)
|
||||
* @constructor
|
||||
*/
|
||||
function Scheme(key, options) {
|
||||
this.key = key;
|
||||
this.options = options;
|
||||
}
|
||||
|
||||
Scheme.prototype.sign = function (buffer) {
|
||||
var mHash = crypt.createHash(this.options.signingSchemeOptions.hash || DEFAULT_HASH_FUNCTION);
|
||||
mHash.update(buffer);
|
||||
|
||||
var encoded = this.emsa_pss_encode(mHash.digest(), this.key.keySize - 1);
|
||||
return this.key.$doPrivate(new BigInteger(encoded)).toBuffer(this.key.encryptedDataLength);
|
||||
};
|
||||
|
||||
Scheme.prototype.verify = function (buffer, signature, signature_encoding) {
|
||||
if (signature_encoding) {
|
||||
signature = Buffer.from(signature, signature_encoding);
|
||||
}
|
||||
signature = new BigInteger(signature);
|
||||
|
||||
var emLen = Math.ceil((this.key.keySize - 1) / 8);
|
||||
var m = this.key.$doPublic(signature).toBuffer(emLen);
|
||||
|
||||
var mHash = crypt.createHash(this.options.signingSchemeOptions.hash || DEFAULT_HASH_FUNCTION);
|
||||
mHash.update(buffer);
|
||||
|
||||
return this.emsa_pss_verify(mHash.digest(), m, this.key.keySize - 1);
|
||||
};
|
||||
|
||||
/*
|
||||
* https://tools.ietf.org/html/rfc3447#section-9.1.1
|
||||
*
|
||||
* mHash [Buffer] Hashed message to encode
|
||||
* emBits [uint] Maximum length of output in bits. Must be at least 8hLen + 8sLen + 9 (hLen = Hash digest length in bytes | sLen = length of salt in bytes)
|
||||
* @returns {Buffer} The encoded message
|
||||
*/
|
||||
Scheme.prototype.emsa_pss_encode = function (mHash, emBits) {
|
||||
var hash = this.options.signingSchemeOptions.hash || DEFAULT_HASH_FUNCTION;
|
||||
var mgf = this.options.signingSchemeOptions.mgf || OAEP.eme_oaep_mgf1;
|
||||
var sLen = this.options.signingSchemeOptions.saltLength || DEFAULT_SALT_LENGTH;
|
||||
|
||||
var hLen = OAEP.digestLength[hash];
|
||||
var emLen = Math.ceil(emBits / 8);
|
||||
|
||||
if (emLen < hLen + sLen + 2) {
|
||||
throw new Error("Output length passed to emBits(" + emBits + ") is too small for the options " +
|
||||
"specified(" + hash + ", " + sLen + "). To fix this issue increase the value of emBits. (minimum size: " +
|
||||
(8 * hLen + 8 * sLen + 9) + ")"
|
||||
);
|
||||
}
|
||||
|
||||
var salt = crypt.randomBytes(sLen);
|
||||
|
||||
var Mapostrophe = Buffer.alloc(8 + hLen + sLen);
|
||||
Mapostrophe.fill(0, 0, 8);
|
||||
mHash.copy(Mapostrophe, 8);
|
||||
salt.copy(Mapostrophe, 8 + mHash.length);
|
||||
|
||||
var H = crypt.createHash(hash);
|
||||
H.update(Mapostrophe);
|
||||
H = H.digest();
|
||||
|
||||
var PS = Buffer.alloc(emLen - salt.length - hLen - 2);
|
||||
PS.fill(0);
|
||||
|
||||
var DB = Buffer.alloc(PS.length + 1 + salt.length);
|
||||
PS.copy(DB);
|
||||
DB[PS.length] = 0x01;
|
||||
salt.copy(DB, PS.length + 1);
|
||||
|
||||
var dbMask = mgf(H, DB.length, hash);
|
||||
|
||||
// XOR DB and dbMask together
|
||||
var maskedDB = Buffer.alloc(DB.length);
|
||||
for (var i = 0; i < dbMask.length; i++) {
|
||||
maskedDB[i] = DB[i] ^ dbMask[i];
|
||||
}
|
||||
|
||||
var bits = 8 * emLen - emBits;
|
||||
var mask = 255 ^ (255 >> 8 - bits << 8 - bits);
|
||||
maskedDB[0] = maskedDB[0] & mask;
|
||||
|
||||
var EM = Buffer.alloc(maskedDB.length + H.length + 1);
|
||||
maskedDB.copy(EM, 0);
|
||||
H.copy(EM, maskedDB.length);
|
||||
EM[EM.length - 1] = 0xbc;
|
||||
|
||||
return EM;
|
||||
};
|
||||
|
||||
/*
|
||||
* https://tools.ietf.org/html/rfc3447#section-9.1.2
|
||||
*
|
||||
* mHash [Buffer] Hashed message
|
||||
* EM [Buffer] Signature
|
||||
* emBits [uint] Length of EM in bits. Must be at least 8hLen + 8sLen + 9 to be a valid signature. (hLen = Hash digest length in bytes | sLen = length of salt in bytes)
|
||||
* @returns {Boolean} True if signature(EM) matches message(M)
|
||||
*/
|
||||
Scheme.prototype.emsa_pss_verify = function (mHash, EM, emBits) {
|
||||
var hash = this.options.signingSchemeOptions.hash || DEFAULT_HASH_FUNCTION;
|
||||
var mgf = this.options.signingSchemeOptions.mgf || OAEP.eme_oaep_mgf1;
|
||||
var sLen = this.options.signingSchemeOptions.saltLength || DEFAULT_SALT_LENGTH;
|
||||
|
||||
var hLen = OAEP.digestLength[hash];
|
||||
var emLen = Math.ceil(emBits / 8);
|
||||
|
||||
if (emLen < hLen + sLen + 2 || EM[EM.length - 1] != 0xbc) {
|
||||
return false;
|
||||
}
|
||||
|
||||
var DB = Buffer.alloc(emLen - hLen - 1);
|
||||
EM.copy(DB, 0, 0, emLen - hLen - 1);
|
||||
|
||||
var mask = 0;
|
||||
for (var i = 0, bits = 8 * emLen - emBits; i < bits; i++) {
|
||||
mask |= 1 << (7 - i);
|
||||
}
|
||||
|
||||
if ((DB[0] & mask) !== 0) {
|
||||
return false;
|
||||
}
|
||||
|
||||
var H = EM.slice(emLen - hLen - 1, emLen - 1);
|
||||
var dbMask = mgf(H, DB.length, hash);
|
||||
|
||||
// Unmask DB
|
||||
for (i = 0; i < DB.length; i++) {
|
||||
DB[i] ^= dbMask[i];
|
||||
}
|
||||
|
||||
bits = 8 * emLen - emBits;
|
||||
mask = 255 ^ (255 >> 8 - bits << 8 - bits);
|
||||
DB[0] = DB[0] & mask;
|
||||
|
||||
// Filter out padding
|
||||
for (i = 0; DB[i] === 0 && i < DB.length; i++);
|
||||
if (DB[i] != 1) {
|
||||
return false;
|
||||
}
|
||||
|
||||
var salt = DB.slice(DB.length - sLen);
|
||||
|
||||
var Mapostrophe = Buffer.alloc(8 + hLen + sLen);
|
||||
Mapostrophe.fill(0, 0, 8);
|
||||
mHash.copy(Mapostrophe, 8);
|
||||
salt.copy(Mapostrophe, 8 + mHash.length);
|
||||
|
||||
var Hapostrophe = crypt.createHash(hash);
|
||||
Hapostrophe.update(Mapostrophe);
|
||||
Hapostrophe = Hapostrophe.digest();
|
||||
|
||||
return H.toString("hex") === Hapostrophe.toString("hex");
|
||||
};
|
||||
|
||||
return new Scheme(key, options);
|
||||
};
|
|
@ -0,0 +1,23 @@
|
|||
module.exports = {
|
||||
pkcs1: require('./pkcs1'),
|
||||
pkcs1_oaep: require('./oaep'),
|
||||
pss: require('./pss'),
|
||||
|
||||
/**
|
||||
* Check if scheme has padding methods
|
||||
* @param scheme {string}
|
||||
* @returns {Boolean}
|
||||
*/
|
||||
isEncryption: function (scheme) {
|
||||
return module.exports[scheme] && module.exports[scheme].isEncryption;
|
||||
},
|
||||
|
||||
/**
|
||||
* Check if scheme has sign/verify methods
|
||||
* @param scheme {string}
|
||||
* @returns {Boolean}
|
||||
*/
|
||||
isSignature: function (scheme) {
|
||||
return module.exports[scheme] && module.exports[scheme].isSignature;
|
||||
}
|
||||
};
|
|
@ -0,0 +1,108 @@
|
|||
/*
|
||||
* Utils functions
|
||||
*
|
||||
*/
|
||||
|
||||
var crypt = require('crypto');
|
||||
|
||||
/**
|
||||
* Break string str each maxLen symbols
|
||||
* @param str
|
||||
* @param maxLen
|
||||
* @returns {string}
|
||||
*/
|
||||
module.exports.linebrk = function (str, maxLen) {
|
||||
var res = '';
|
||||
var i = 0;
|
||||
while (i + maxLen < str.length) {
|
||||
res += str.substring(i, i + maxLen) + "\n";
|
||||
i += maxLen;
|
||||
}
|
||||
return res + str.substring(i, str.length);
|
||||
};
|
||||
|
||||
module.exports.detectEnvironment = function () {
|
||||
if (typeof(window) !== 'undefined' && window && !(process && process.title === 'node')) {
|
||||
return 'browser';
|
||||
}
|
||||
|
||||
return 'node';
|
||||
};
|
||||
|
||||
/**
|
||||
* Trying get a 32-bit unsigned integer from the partial buffer
|
||||
* @param buffer
|
||||
* @param offset
|
||||
* @returns {Number}
|
||||
*/
|
||||
module.exports.get32IntFromBuffer = function (buffer, offset) {
|
||||
offset = offset || 0;
|
||||
var size = 0;
|
||||
if ((size = buffer.length - offset) > 0) {
|
||||
if (size >= 4) {
|
||||
return buffer.readUInt32BE(offset);
|
||||
} else {
|
||||
var res = 0;
|
||||
for (var i = offset + size, d = 0; i > offset; i--, d += 2) {
|
||||
res += buffer[i - 1] * Math.pow(16, d);
|
||||
}
|
||||
return res;
|
||||
}
|
||||
} else {
|
||||
return NaN;
|
||||
}
|
||||
};
|
||||
|
||||
module.exports._ = {
|
||||
isObject: function (value) {
|
||||
var type = typeof value;
|
||||
return !!value && (type == 'object' || type == 'function');
|
||||
},
|
||||
|
||||
isString: function (value) {
|
||||
return typeof value == 'string' || value instanceof String;
|
||||
},
|
||||
|
||||
isNumber: function (value) {
|
||||
return typeof value == 'number' || !isNaN(parseFloat(value)) && isFinite(value);
|
||||
},
|
||||
|
||||
/**
|
||||
* Returns copy of `obj` without `removeProp` field.
|
||||
* @param obj
|
||||
* @param removeProp
|
||||
* @returns Object
|
||||
*/
|
||||
omit: function (obj, removeProp) {
|
||||
var newObj = {};
|
||||
for (var prop in obj) {
|
||||
if (!obj.hasOwnProperty(prop) || prop === removeProp) {
|
||||
continue;
|
||||
}
|
||||
newObj[prop] = obj[prop];
|
||||
}
|
||||
|
||||
return newObj;
|
||||
}
|
||||
};
|
||||
|
||||
/**
|
||||
* Strips everything around the opening and closing lines, including the lines
|
||||
* themselves.
|
||||
*/
|
||||
module.exports.trimSurroundingText = function (data, opening, closing) {
|
||||
var trimStartIndex = 0;
|
||||
var trimEndIndex = data.length;
|
||||
|
||||
var openingBoundaryIndex = data.indexOf(opening);
|
||||
if (openingBoundaryIndex >= 0) {
|
||||
trimStartIndex = openingBoundaryIndex + opening.length;
|
||||
}
|
||||
|
||||
var closingBoundaryIndex = data.indexOf(closing, openingBoundaryIndex);
|
||||
if (closingBoundaryIndex >= 0) {
|
||||
trimEndIndex = closingBoundaryIndex;
|
||||
}
|
||||
|
||||
return data.substring(trimStartIndex, trimEndIndex);
|
||||
}
|
|
@ -0,0 +1,21 @@
|
|||
MIT License
|
||||
|
||||
Copyright (c) 2018 Nikita Skovoroda <chalkerx@gmail.com>
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
|
@ -0,0 +1,268 @@
|
|||
# Porting to the Buffer.from/Buffer.alloc API
|
||||
|
||||
<a id="overview"></a>
|
||||
## Overview
|
||||
|
||||
- [Variant 1: Drop support for Node.js ≤ 4.4.x and 5.0.0 — 5.9.x.](#variant-1) (*recommended*)
|
||||
- [Variant 2: Use a polyfill](#variant-2)
|
||||
- [Variant 3: manual detection, with safeguards](#variant-3)
|
||||
|
||||
### Finding problematic bits of code using grep
|
||||
|
||||
Just run `grep -nrE '[^a-zA-Z](Slow)?Buffer\s*\(' --exclude-dir node_modules`.
|
||||
|
||||
It will find all the potentially unsafe places in your own code (with some considerably unlikely
|
||||
exceptions).
|
||||
|
||||
### Finding problematic bits of code using Node.js 8
|
||||
|
||||
If you’re using Node.js ≥ 8.0.0 (which is recommended), Node.js exposes multiple options that help with finding the relevant pieces of code:
|
||||
|
||||
- `--trace-warnings` will make Node.js show a stack trace for this warning and other warnings that are printed by Node.js.
|
||||
- `--trace-deprecation` does the same thing, but only for deprecation warnings.
|
||||
- `--pending-deprecation` will show more types of deprecation warnings. In particular, it will show the `Buffer()` deprecation warning, even on Node.js 8.
|
||||
|
||||
You can set these flags using an environment variable:
|
||||
|
||||
```console
|
||||
$ export NODE_OPTIONS='--trace-warnings --pending-deprecation'
|
||||
$ cat example.js
|
||||
'use strict';
|
||||
const foo = new Buffer('foo');
|
||||
$ node example.js
|
||||
(node:7147) [DEP0005] DeprecationWarning: The Buffer() and new Buffer() constructors are not recommended for use due to security and usability concerns. Please use the new Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() construction methods instead.
|
||||
at showFlaggedDeprecation (buffer.js:127:13)
|
||||
at new Buffer (buffer.js:148:3)
|
||||
at Object.<anonymous> (/path/to/example.js:2:13)
|
||||
[... more stack trace lines ...]
|
||||
```
|
||||
|
||||
### Finding problematic bits of code using linters
|
||||
|
||||
Eslint rules [no-buffer-constructor](https://eslint.org/docs/rules/no-buffer-constructor)
|
||||
or
|
||||
[node/no-deprecated-api](https://github.com/mysticatea/eslint-plugin-node/blob/master/docs/rules/no-deprecated-api.md)
|
||||
also find calls to deprecated `Buffer()` API. Those rules are included in some pre-sets.
|
||||
|
||||
There is a drawback, though, that it doesn't always
|
||||
[work correctly](https://github.com/chalker/safer-buffer#why-not-safe-buffer) when `Buffer` is
|
||||
overriden e.g. with a polyfill, so recommended is a combination of this and some other method
|
||||
described above.
|
||||
|
||||
<a id="variant-1"></a>
|
||||
## Variant 1: Drop support for Node.js ≤ 4.4.x and 5.0.0 — 5.9.x.
|
||||
|
||||
This is the recommended solution nowadays that would imply only minimal overhead.
|
||||
|
||||
The Node.js 5.x release line has been unsupported since July 2016, and the Node.js 4.x release line reaches its End of Life in April 2018 (→ [Schedule](https://github.com/nodejs/Release#release-schedule)). This means that these versions of Node.js will *not* receive any updates, even in case of security issues, so using these release lines should be avoided, if at all possible.
|
||||
|
||||
What you would do in this case is to convert all `new Buffer()` or `Buffer()` calls to use `Buffer.alloc()` or `Buffer.from()`, in the following way:
|
||||
|
||||
- For `new Buffer(number)`, replace it with `Buffer.alloc(number)`.
|
||||
- For `new Buffer(string)` (or `new Buffer(string, encoding)`), replace it with `Buffer.from(string)` (or `Buffer.from(string, encoding)`).
|
||||
- For all other combinations of arguments (these are much rarer), also replace `new Buffer(...arguments)` with `Buffer.from(...arguments)`.
|
||||
|
||||
Note that `Buffer.alloc()` is also _faster_ on the current Node.js versions than
|
||||
`new Buffer(size).fill(0)`, which is what you would otherwise need to ensure zero-filling.
|
||||
|
||||
Enabling eslint rule [no-buffer-constructor](https://eslint.org/docs/rules/no-buffer-constructor)
|
||||
or
|
||||
[node/no-deprecated-api](https://github.com/mysticatea/eslint-plugin-node/blob/master/docs/rules/no-deprecated-api.md)
|
||||
is recommended to avoid accidential unsafe Buffer API usage.
|
||||
|
||||
There is also a [JSCodeshift codemod](https://github.com/joyeecheung/node-dep-codemod#dep005)
|
||||
for automatically migrating Buffer constructors to `Buffer.alloc()` or `Buffer.from()`.
|
||||
Note that it currently only works with cases where the arguments are literals or where the
|
||||
constructor is invoked with two arguments.
|
||||
|
||||
_If you currently support those older Node.js versions and dropping them would be a semver-major change
|
||||
for you, or if you support older branches of your packages, consider using [Variant 2](#variant-2)
|
||||
or [Variant 3](#variant-3) on older branches, so people using those older branches will also receive
|
||||
the fix. That way, you will eradicate potential issues caused by unguarded Buffer API usage and
|
||||
your users will not observe a runtime deprecation warning when running your code on Node.js 10._
|
||||
|
||||
<a id="variant-2"></a>
|
||||
## Variant 2: Use a polyfill
|
||||
|
||||
Utilize [safer-buffer](https://www.npmjs.com/package/safer-buffer) as a polyfill to support older
|
||||
Node.js versions.
|
||||
|
||||
You would take exacly the same steps as in [Variant 1](#variant-1), but with a polyfill
|
||||
`const Buffer = require('safer-buffer').Buffer` in all files where you use the new `Buffer` api.
|
||||
|
||||
Make sure that you do not use old `new Buffer` API — in any files where the line above is added,
|
||||
using old `new Buffer()` API will _throw_. It will be easy to notice that in CI, though.
|
||||
|
||||
Alternatively, you could use [buffer-from](https://www.npmjs.com/package/buffer-from) and/or
|
||||
[buffer-alloc](https://www.npmjs.com/package/buffer-alloc) [ponyfills](https://ponyfill.com/) —
|
||||
those are great, the only downsides being 4 deps in the tree and slightly more code changes to
|
||||
migrate off them (as you would be using e.g. `Buffer.from` under a different name). If you need only
|
||||
`Buffer.from` polyfilled — `buffer-from` alone which comes with no extra dependencies.
|
||||
|
||||
_Alternatively, you could use [safe-buffer](https://www.npmjs.com/package/safe-buffer) — it also
|
||||
provides a polyfill, but takes a different approach which has
|
||||
[it's drawbacks](https://github.com/chalker/safer-buffer#why-not-safe-buffer). It will allow you
|
||||
to also use the older `new Buffer()` API in your code, though — but that's arguably a benefit, as
|
||||
it is problematic, can cause issues in your code, and will start emitting runtime deprecation
|
||||
warnings starting with Node.js 10._
|
||||
|
||||
Note that in either case, it is important that you also remove all calls to the old Buffer
|
||||
API manually — just throwing in `safe-buffer` doesn't fix the problem by itself, it just provides
|
||||
a polyfill for the new API. I have seen people doing that mistake.
|
||||
|
||||
Enabling eslint rule [no-buffer-constructor](https://eslint.org/docs/rules/no-buffer-constructor)
|
||||
or
|
||||
[node/no-deprecated-api](https://github.com/mysticatea/eslint-plugin-node/blob/master/docs/rules/no-deprecated-api.md)
|
||||
is recommended.
|
||||
|
||||
_Don't forget to drop the polyfill usage once you drop support for Node.js < 4.5.0._
|
||||
|
||||
<a id="variant-3"></a>
|
||||
## Variant 3 — manual detection, with safeguards
|
||||
|
||||
This is useful if you create Buffer instances in only a few places (e.g. one), or you have your own
|
||||
wrapper around them.
|
||||
|
||||
### Buffer(0)
|
||||
|
||||
This special case for creating empty buffers can be safely replaced with `Buffer.concat([])`, which
|
||||
returns the same result all the way down to Node.js 0.8.x.
|
||||
|
||||
### Buffer(notNumber)
|
||||
|
||||
Before:
|
||||
|
||||
```js
|
||||
var buf = new Buffer(notNumber, encoding);
|
||||
```
|
||||
|
||||
After:
|
||||
|
||||
```js
|
||||
var buf;
|
||||
if (Buffer.from && Buffer.from !== Uint8Array.from) {
|
||||
buf = Buffer.from(notNumber, encoding);
|
||||
} else {
|
||||
if (typeof notNumber === 'number')
|
||||
throw new Error('The "size" argument must be of type number.');
|
||||
buf = new Buffer(notNumber, encoding);
|
||||
}
|
||||
```
|
||||
|
||||
`encoding` is optional.
|
||||
|
||||
Note that the `typeof notNumber` before `new Buffer` is required (for cases when `notNumber` argument is not
|
||||
hard-coded) and _is not caused by the deprecation of Buffer constructor_ — it's exactly _why_ the
|
||||
Buffer constructor is deprecated. Ecosystem packages lacking this type-check caused numereous
|
||||
security issues — situations when unsanitized user input could end up in the `Buffer(arg)` create
|
||||
problems ranging from DoS to leaking sensitive information to the attacker from the process memory.
|
||||
|
||||
When `notNumber` argument is hardcoded (e.g. literal `"abc"` or `[0,1,2]`), the `typeof` check can
|
||||
be omitted.
|
||||
|
||||
Also note that using TypeScript does not fix this problem for you — when libs written in
|
||||
`TypeScript` are used from JS, or when user input ends up there — it behaves exactly as pure JS, as
|
||||
all type checks are translation-time only and are not present in the actual JS code which TS
|
||||
compiles to.
|
||||
|
||||
### Buffer(number)
|
||||
|
||||
For Node.js 0.10.x (and below) support:
|
||||
|
||||
```js
|
||||
var buf;
|
||||
if (Buffer.alloc) {
|
||||
buf = Buffer.alloc(number);
|
||||
} else {
|
||||
buf = new Buffer(number);
|
||||
buf.fill(0);
|
||||
}
|
||||
```
|
||||
|
||||
Otherwise (Node.js ≥ 0.12.x):
|
||||
|
||||
```js
|
||||
const buf = Buffer.alloc ? Buffer.alloc(number) : new Buffer(number).fill(0);
|
||||
```
|
||||
|
||||
## Regarding Buffer.allocUnsafe
|
||||
|
||||
Be extra cautious when using `Buffer.allocUnsafe`:
|
||||
* Don't use it if you don't have a good reason to
|
||||
* e.g. you probably won't ever see a performance difference for small buffers, in fact, those
|
||||
might be even faster with `Buffer.alloc()`,
|
||||
* if your code is not in the hot code path — you also probably won't notice a difference,
|
||||
* keep in mind that zero-filling minimizes the potential risks.
|
||||
* If you use it, make sure that you never return the buffer in a partially-filled state,
|
||||
* if you are writing to it sequentially — always truncate it to the actuall written length
|
||||
|
||||
Errors in handling buffers allocated with `Buffer.allocUnsafe` could result in various issues,
|
||||
ranged from undefined behaviour of your code to sensitive data (user input, passwords, certs)
|
||||
leaking to the remote attacker.
|
||||
|
||||
_Note that the same applies to `new Buffer` usage without zero-filling, depending on the Node.js
|
||||
version (and lacking type checks also adds DoS to the list of potential problems)._
|
||||
|
||||
<a id="faq"></a>
|
||||
## FAQ
|
||||
|
||||
<a id="design-flaws"></a>
|
||||
### What is wrong with the `Buffer` constructor?
|
||||
|
||||
The `Buffer` constructor could be used to create a buffer in many different ways:
|
||||
|
||||
- `new Buffer(42)` creates a `Buffer` of 42 bytes. Before Node.js 8, this buffer contained
|
||||
*arbitrary memory* for performance reasons, which could include anything ranging from
|
||||
program source code to passwords and encryption keys.
|
||||
- `new Buffer('abc')` creates a `Buffer` that contains the UTF-8-encoded version of
|
||||
the string `'abc'`. A second argument could specify another encoding: For example,
|
||||
`new Buffer(string, 'base64')` could be used to convert a Base64 string into the original
|
||||
sequence of bytes that it represents.
|
||||
- There are several other combinations of arguments.
|
||||
|
||||
This meant that, in code like `var buffer = new Buffer(foo);`, *it is not possible to tell
|
||||
what exactly the contents of the generated buffer are* without knowing the type of `foo`.
|
||||
|
||||
Sometimes, the value of `foo` comes from an external source. For example, this function
|
||||
could be exposed as a service on a web server, converting a UTF-8 string into its Base64 form:
|
||||
|
||||
```
|
||||
function stringToBase64(req, res) {
|
||||
// The request body should have the format of `{ string: 'foobar' }`
|
||||
const rawBytes = new Buffer(req.body.string)
|
||||
const encoded = rawBytes.toString('base64')
|
||||
res.end({ encoded: encoded })
|
||||
}
|
||||
```
|
||||
|
||||
Note that this code does *not* validate the type of `req.body.string`:
|
||||
|
||||
- `req.body.string` is expected to be a string. If this is the case, all goes well.
|
||||
- `req.body.string` is controlled by the client that sends the request.
|
||||
- If `req.body.string` is the *number* `50`, the `rawBytes` would be 50 bytes:
|
||||
- Before Node.js 8, the content would be uninitialized
|
||||
- After Node.js 8, the content would be `50` bytes with the value `0`
|
||||
|
||||
Because of the missing type check, an attacker could intentionally send a number
|
||||
as part of the request. Using this, they can either:
|
||||
|
||||
- Read uninitialized memory. This **will** leak passwords, encryption keys and other
|
||||
kinds of sensitive information. (Information leak)
|
||||
- Force the program to allocate a large amount of memory. For example, when specifying
|
||||
`500000000` as the input value, each request will allocate 500MB of memory.
|
||||
This can be used to either exhaust the memory available of a program completely
|
||||
and make it crash, or slow it down significantly. (Denial of Service)
|
||||
|
||||
Both of these scenarios are considered serious security issues in a real-world
|
||||
web server context.
|
||||
|
||||
when using `Buffer.from(req.body.string)` instead, passing a number will always
|
||||
throw an exception instead, giving a controlled behaviour that can always be
|
||||
handled by the program.
|
||||
|
||||
<a id="ecosystem-usage"></a>
|
||||
### The `Buffer()` constructor has been deprecated for a while. Is this really an issue?
|
||||
|
||||
Surveys of code in the `npm` ecosystem have shown that the `Buffer()` constructor is still
|
||||
widely used. This includes new code, and overall usage of such code has actually been
|
||||
*increasing*.
|
|
@ -0,0 +1,156 @@
|
|||
# safer-buffer [![travis][travis-image]][travis-url] [![npm][npm-image]][npm-url] [![javascript style guide][standard-image]][standard-url] [![Security Responsible Disclosure][secuirty-image]][secuirty-url]
|
||||
|
||||
[travis-image]: https://travis-ci.org/ChALkeR/safer-buffer.svg?branch=master
|
||||
[travis-url]: https://travis-ci.org/ChALkeR/safer-buffer
|
||||
[npm-image]: https://img.shields.io/npm/v/safer-buffer.svg
|
||||
[npm-url]: https://npmjs.org/package/safer-buffer
|
||||
[standard-image]: https://img.shields.io/badge/code_style-standard-brightgreen.svg
|
||||
[standard-url]: https://standardjs.com
|
||||
[secuirty-image]: https://img.shields.io/badge/Security-Responsible%20Disclosure-green.svg
|
||||
[secuirty-url]: https://github.com/nodejs/security-wg/blob/master/processes/responsible_disclosure_template.md
|
||||
|
||||
Modern Buffer API polyfill without footguns, working on Node.js from 0.8 to current.
|
||||
|
||||
## How to use?
|
||||
|
||||
First, port all `Buffer()` and `new Buffer()` calls to `Buffer.alloc()` and `Buffer.from()` API.
|
||||
|
||||
Then, to achieve compatibility with outdated Node.js versions (`<4.5.0` and 5.x `<5.9.0`), use
|
||||
`const Buffer = require('safer-buffer').Buffer` in all files where you make calls to the new
|
||||
Buffer API. _Use `var` instead of `const` if you need that for your Node.js version range support._
|
||||
|
||||
Also, see the
|
||||
[porting Buffer](https://github.com/ChALkeR/safer-buffer/blob/master/Porting-Buffer.md) guide.
|
||||
|
||||
## Do I need it?
|
||||
|
||||
Hopefully, not — dropping support for outdated Node.js versions should be fine nowdays, and that
|
||||
is the recommended path forward. You _do_ need to port to the `Buffer.alloc()` and `Buffer.from()`
|
||||
though.
|
||||
|
||||
See the [porting guide](https://github.com/ChALkeR/safer-buffer/blob/master/Porting-Buffer.md)
|
||||
for a better description.
|
||||
|
||||
## Why not [safe-buffer](https://npmjs.com/safe-buffer)?
|
||||
|
||||
_In short: while `safe-buffer` serves as a polyfill for the new API, it allows old API usage and
|
||||
itself contains footguns._
|
||||
|
||||
`safe-buffer` could be used safely to get the new API while still keeping support for older
|
||||
Node.js versions (like this module), but while analyzing ecosystem usage of the old Buffer API
|
||||
I found out that `safe-buffer` is itself causing problems in some cases.
|
||||
|
||||
For example, consider the following snippet:
|
||||
|
||||
```console
|
||||
$ cat example.unsafe.js
|
||||
console.log(Buffer(20))
|
||||
$ ./node-v6.13.0-linux-x64/bin/node example.unsafe.js
|
||||
<Buffer 0a 00 00 00 00 00 00 00 28 13 de 02 00 00 00 00 05 00 00 00>
|
||||
$ standard example.unsafe.js
|
||||
standard: Use JavaScript Standard Style (https://standardjs.com)
|
||||
/home/chalker/repo/safer-buffer/example.unsafe.js:2:13: 'Buffer()' was deprecated since v6. Use 'Buffer.alloc()' or 'Buffer.from()' (use 'https://www.npmjs.com/package/safe-buffer' for '<4.5.0') instead.
|
||||
```
|
||||
|
||||
This is allocates and writes to console an uninitialized chunk of memory.
|
||||
[standard](https://www.npmjs.com/package/standard) linter (among others) catch that and warn people
|
||||
to avoid using unsafe API.
|
||||
|
||||
Let's now throw in `safe-buffer`!
|
||||
|
||||
```console
|
||||
$ cat example.safe-buffer.js
|
||||
const Buffer = require('safe-buffer').Buffer
|
||||
console.log(Buffer(20))
|
||||
$ standard example.safe-buffer.js
|
||||
$ ./node-v6.13.0-linux-x64/bin/node example.safe-buffer.js
|
||||
<Buffer 08 00 00 00 00 00 00 00 28 58 01 82 fe 7f 00 00 00 00 00 00>
|
||||
```
|
||||
|
||||
See the problem? Adding in `safe-buffer` _magically removes the lint warning_, but the behavior
|
||||
remains identiсal to what we had before, and when launched on Node.js 6.x LTS — this dumps out
|
||||
chunks of uninitialized memory.
|
||||
_And this code will still emit runtime warnings on Node.js 10.x and above._
|
||||
|
||||
That was done by design. I first considered changing `safe-buffer`, prohibiting old API usage or
|
||||
emitting warnings on it, but that significantly diverges from `safe-buffer` design. After some
|
||||
discussion, it was decided to move my approach into a separate package, and _this is that separate
|
||||
package_.
|
||||
|
||||
This footgun is not imaginary — I observed top-downloaded packages doing that kind of thing,
|
||||
«fixing» the lint warning by blindly including `safe-buffer` without any actual changes.
|
||||
|
||||
Also in some cases, even if the API _was_ migrated to use of safe Buffer API — a random pull request
|
||||
can bring unsafe Buffer API usage back to the codebase by adding new calls — and that could go
|
||||
unnoticed even if you have a linter prohibiting that (becase of the reason stated above), and even
|
||||
pass CI. _I also observed that being done in popular packages._
|
||||
|
||||
Some examples:
|
||||
* [webdriverio](https://github.com/webdriverio/webdriverio/commit/05cbd3167c12e4930f09ef7cf93b127ba4effae4#diff-124380949022817b90b622871837d56cR31)
|
||||
(a module with 548 759 downloads/month),
|
||||
* [websocket-stream](https://github.com/maxogden/websocket-stream/commit/c9312bd24d08271687d76da0fe3c83493871cf61)
|
||||
(218 288 d/m, fix in [maxogden/websocket-stream#142](https://github.com/maxogden/websocket-stream/pull/142)),
|
||||
* [node-serialport](https://github.com/node-serialport/node-serialport/commit/e8d9d2b16c664224920ce1c895199b1ce2def48c)
|
||||
(113 138 d/m, fix in [node-serialport/node-serialport#1510](https://github.com/node-serialport/node-serialport/pull/1510)),
|
||||
* [karma](https://github.com/karma-runner/karma/commit/3d94b8cf18c695104ca195334dc75ff054c74eec)
|
||||
(3 973 193 d/m, fix in [karma-runner/karma#2947](https://github.com/karma-runner/karma/pull/2947)),
|
||||
* [spdy-transport](https://github.com/spdy-http2/spdy-transport/commit/5375ac33f4a62a4f65bcfc2827447d42a5dbe8b1)
|
||||
(5 970 727 d/m, fix in [spdy-http2/spdy-transport#53](https://github.com/spdy-http2/spdy-transport/pull/53)).
|
||||
* And there are a lot more over the ecosystem.
|
||||
|
||||
I filed a PR at
|
||||
[mysticatea/eslint-plugin-node#110](https://github.com/mysticatea/eslint-plugin-node/pull/110) to
|
||||
partially fix that (for cases when that lint rule is used), but it is a semver-major change for
|
||||
linter rules and presets, so it would take significant time for that to reach actual setups.
|
||||
_It also hasn't been released yet (2018-03-20)._
|
||||
|
||||
Also, `safer-buffer` discourages the usage of `.allocUnsafe()`, which is often done by a mistake.
|
||||
It still supports it with an explicit concern barier, by placing it under
|
||||
`require('safer-buffer/dangereous')`.
|
||||
|
||||
## But isn't throwing bad?
|
||||
|
||||
Not really. It's an error that could be noticed and fixed early, instead of causing havoc later like
|
||||
unguarded `new Buffer()` calls that end up receiving user input can do.
|
||||
|
||||
This package affects only the files where `var Buffer = require('safer-buffer').Buffer` was done, so
|
||||
it is really simple to keep track of things and make sure that you don't mix old API usage with that.
|
||||
Also, CI should hint anything that you might have missed.
|
||||
|
||||
New commits, if tested, won't land new usage of unsafe Buffer API this way.
|
||||
_Node.js 10.x also deals with that by printing a runtime depecation warning._
|
||||
|
||||
### Would it affect third-party modules?
|
||||
|
||||
No, unless you explicitly do an awful thing like monkey-patching or overriding the built-in `Buffer`.
|
||||
Don't do that.
|
||||
|
||||
### But I don't want throwing…
|
||||
|
||||
That is also fine!
|
||||
|
||||
Also, it could be better in some cases when you don't comprehensive enough test coverage.
|
||||
|
||||
In that case — just don't override `Buffer` and use
|
||||
`var SaferBuffer = require('safer-buffer').Buffer` instead.
|
||||
|
||||
That way, everything using `Buffer` natively would still work, but there would be two drawbacks:
|
||||
|
||||
* `Buffer.from`/`Buffer.alloc` won't be polyfilled — use `SaferBuffer.from` and
|
||||
`SaferBuffer.alloc` instead.
|
||||
* You are still open to accidentally using the insecure deprecated API — use a linter to catch that.
|
||||
|
||||
Note that using a linter to catch accidential `Buffer` constructor usage in this case is strongly
|
||||
recommended. `Buffer` is not overriden in this usecase, so linters won't get confused.
|
||||
|
||||
## «Without footguns»?
|
||||
|
||||
Well, it is still possible to do _some_ things with `Buffer` API, e.g. accessing `.buffer` property
|
||||
on older versions and duping things from there. You shouldn't do that in your code, probabably.
|
||||
|
||||
The intention is to remove the most significant footguns that affect lots of packages in the
|
||||
ecosystem, and to do it in the proper way.
|
||||
|
||||
Also, this package doesn't protect against security issues affecting some Node.js versions, so for
|
||||
usage in your own production code, it is still recommended to update to a Node.js version
|
||||
[supported by upstream](https://github.com/nodejs/release#release-schedule).
|
|
@ -0,0 +1,58 @@
|
|||
/* eslint-disable node/no-deprecated-api */
|
||||
|
||||
'use strict'
|
||||
|
||||
var buffer = require('buffer')
|
||||
var Buffer = buffer.Buffer
|
||||
var safer = require('./safer.js')
|
||||
var Safer = safer.Buffer
|
||||
|
||||
var dangerous = {}
|
||||
|
||||
var key
|
||||
|
||||
for (key in safer) {
|
||||
if (!safer.hasOwnProperty(key)) continue
|
||||
dangerous[key] = safer[key]
|
||||
}
|
||||
|
||||
var Dangereous = dangerous.Buffer = {}
|
||||
|
||||
// Copy Safer API
|
||||
for (key in Safer) {
|
||||
if (!Safer.hasOwnProperty(key)) continue
|
||||
Dangereous[key] = Safer[key]
|
||||
}
|
||||
|
||||
// Copy those missing unsafe methods, if they are present
|
||||
for (key in Buffer) {
|
||||
if (!Buffer.hasOwnProperty(key)) continue
|
||||
if (Dangereous.hasOwnProperty(key)) continue
|
||||
Dangereous[key] = Buffer[key]
|
||||
}
|
||||
|
||||
if (!Dangereous.allocUnsafe) {
|
||||
Dangereous.allocUnsafe = function (size) {
|
||||
if (typeof size !== 'number') {
|
||||
throw new TypeError('The "size" argument must be of type number. Received type ' + typeof size)
|
||||
}
|
||||
if (size < 0 || size >= 2 * (1 << 30)) {
|
||||
throw new RangeError('The value "' + size + '" is invalid for option "size"')
|
||||
}
|
||||
return Buffer(size)
|
||||
}
|
||||
}
|
||||
|
||||
if (!Dangereous.allocUnsafeSlow) {
|
||||
Dangereous.allocUnsafeSlow = function (size) {
|
||||
if (typeof size !== 'number') {
|
||||
throw new TypeError('The "size" argument must be of type number. Received type ' + typeof size)
|
||||
}
|
||||
if (size < 0 || size >= 2 * (1 << 30)) {
|
||||
throw new RangeError('The value "' + size + '" is invalid for option "size"')
|
||||
}
|
||||
return buffer.SlowBuffer(size)
|
||||
}
|
||||
}
|
||||
|
||||
module.exports = dangerous
|
|
@ -0,0 +1,91 @@
|
|||
{
|
||||
"_args": [
|
||||
[
|
||||
"safer-buffer@~2.1.0",
|
||||
"/mnt/c/Users/Josua/Desktop/data/nodejs/electron/chat-project/chat-server/node_modules/asn1"
|
||||
]
|
||||
],
|
||||
"_from": "safer-buffer@>=2.1.0 <2.2.0",
|
||||
"_id": "safer-buffer@2.1.2",
|
||||
"_inCache": true,
|
||||
"_installable": true,
|
||||
"_location": "/safer-buffer",
|
||||
"_nodeVersion": "9.11.1",
|
||||
"_npmOperationalInternal": {
|
||||
"host": "s3://npm-registry-packages",
|
||||
"tmp": "tmp/safer-buffer_2.1.2_1523184162015_0.8333925439572323"
|
||||
},
|
||||
"_npmUser": {
|
||||
"email": "chalkerx@gmail.com",
|
||||
"name": "chalker"
|
||||
},
|
||||
"_npmVersion": "5.8.0",
|
||||
"_phantomChildren": {},
|
||||
"_requested": {
|
||||
"name": "safer-buffer",
|
||||
"raw": "safer-buffer@~2.1.0",
|
||||
"rawSpec": "~2.1.0",
|
||||
"scope": null,
|
||||
"spec": ">=2.1.0 <2.2.0",
|
||||
"type": "range"
|
||||
},
|
||||
"_requiredBy": [
|
||||
"/asn1"
|
||||
],
|
||||
"_resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
|
||||
"_shasum": "44fa161b0187b9549dd84bb91802f9bd8385cd6a",
|
||||
"_shrinkwrap": null,
|
||||
"_spec": "safer-buffer@~2.1.0",
|
||||
"_where": "/mnt/c/Users/Josua/Desktop/data/nodejs/electron/chat-project/chat-server/node_modules/asn1",
|
||||
"author": {
|
||||
"email": "chalkerx@gmail.com",
|
||||
"name": "Nikita Skovoroda",
|
||||
"url": "https://github.com/ChALkeR"
|
||||
},
|
||||
"bugs": {
|
||||
"url": "https://github.com/ChALkeR/safer-buffer/issues"
|
||||
},
|
||||
"dependencies": {},
|
||||
"description": "Modern Buffer API polyfill without footguns",
|
||||
"devDependencies": {
|
||||
"standard": "^11.0.1",
|
||||
"tape": "^4.9.0"
|
||||
},
|
||||
"directories": {},
|
||||
"dist": {
|
||||
"fileCount": 7,
|
||||
"integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==",
|
||||
"shasum": "44fa161b0187b9549dd84bb91802f9bd8385cd6a",
|
||||
"tarball": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
|
||||
"unpackedSize": 42299
|
||||
},
|
||||
"files": [
|
||||
"Porting-Buffer.md",
|
||||
"Readme.md",
|
||||
"dangerous.js",
|
||||
"safer.js",
|
||||
"tests.js"
|
||||
],
|
||||
"gitHead": "e8ac214944eda30e1e6c6b7d7e7f6a21cf7dce7c",
|
||||
"homepage": "https://github.com/ChALkeR/safer-buffer#readme",
|
||||
"license": "MIT",
|
||||
"main": "safer.js",
|
||||
"maintainers": [
|
||||
{
|
||||
"name": "chalker",
|
||||
"email": "chalkerx@gmail.com"
|
||||
}
|
||||
],
|
||||
"name": "safer-buffer",
|
||||
"optionalDependencies": {},
|
||||
"readme": "ERROR: No README data found!",
|
||||
"repository": {
|
||||
"type": "git",
|
||||
"url": "git+https://github.com/ChALkeR/safer-buffer.git"
|
||||
},
|
||||
"scripts": {
|
||||
"browserify-test": "browserify --external tape tests.js > browserify-tests.js && tape browserify-tests.js",
|
||||
"test": "standard && tape tests.js"
|
||||
},
|
||||
"version": "2.1.2"
|
||||
}
|
|
@ -0,0 +1,77 @@
|
|||
/* eslint-disable node/no-deprecated-api */
|
||||
|
||||
'use strict'
|
||||
|
||||
var buffer = require('buffer')
|
||||
var Buffer = buffer.Buffer
|
||||
|
||||
var safer = {}
|
||||
|
||||
var key
|
||||
|
||||
for (key in buffer) {
|
||||
if (!buffer.hasOwnProperty(key)) continue
|
||||
if (key === 'SlowBuffer' || key === 'Buffer') continue
|
||||
safer[key] = buffer[key]
|
||||
}
|
||||
|
||||
var Safer = safer.Buffer = {}
|
||||
for (key in Buffer) {
|
||||
if (!Buffer.hasOwnProperty(key)) continue
|
||||
if (key === 'allocUnsafe' || key === 'allocUnsafeSlow') continue
|
||||
Safer[key] = Buffer[key]
|
||||
}
|
||||
|
||||
safer.Buffer.prototype = Buffer.prototype
|
||||
|
||||
if (!Safer.from || Safer.from === Uint8Array.from) {
|
||||
Safer.from = function (value, encodingOrOffset, length) {
|
||||
if (typeof value === 'number') {
|
||||
throw new TypeError('The "value" argument must not be of type number. Received type ' + typeof value)
|
||||
}
|
||||
if (value && typeof value.length === 'undefined') {
|
||||
throw new TypeError('The first argument must be one of type string, Buffer, ArrayBuffer, Array, or Array-like Object. Received type ' + typeof value)
|
||||
}
|
||||
return Buffer(value, encodingOrOffset, length)
|
||||
}
|
||||
}
|
||||
|
||||
if (!Safer.alloc) {
|
||||
Safer.alloc = function (size, fill, encoding) {
|
||||
if (typeof size !== 'number') {
|
||||
throw new TypeError('The "size" argument must be of type number. Received type ' + typeof size)
|
||||
}
|
||||
if (size < 0 || size >= 2 * (1 << 30)) {
|
||||
throw new RangeError('The value "' + size + '" is invalid for option "size"')
|
||||
}
|
||||
var buf = Buffer(size)
|
||||
if (!fill || fill.length === 0) {
|
||||
buf.fill(0)
|
||||
} else if (typeof encoding === 'string') {
|
||||
buf.fill(fill, encoding)
|
||||
} else {
|
||||
buf.fill(fill)
|
||||
}
|
||||
return buf
|
||||
}
|
||||
}
|
||||
|
||||
if (!safer.kStringMaxLength) {
|
||||
try {
|
||||
safer.kStringMaxLength = process.binding('buffer').kStringMaxLength
|
||||
} catch (e) {
|
||||
// we can't determine kStringMaxLength in environments where process.binding
|
||||
// is unsupported, so let's not set it
|
||||
}
|
||||
}
|
||||
|
||||
if (!safer.constants) {
|
||||
safer.constants = {
|
||||
MAX_LENGTH: safer.kMaxLength
|
||||
}
|
||||
if (safer.kStringMaxLength) {
|
||||
safer.constants.MAX_STRING_LENGTH = safer.kStringMaxLength
|
||||
}
|
||||
}
|
||||
|
||||
module.exports = safer
|
|
@ -0,0 +1,406 @@
|
|||
/* eslint-disable node/no-deprecated-api */
|
||||
|
||||
'use strict'
|
||||
|
||||
var test = require('tape')
|
||||
|
||||
var buffer = require('buffer')
|
||||
|
||||
var index = require('./')
|
||||
var safer = require('./safer')
|
||||
var dangerous = require('./dangerous')
|
||||
|
||||
/* Inheritance tests */
|
||||
|
||||
test('Default is Safer', function (t) {
|
||||
t.equal(index, safer)
|
||||
t.notEqual(safer, dangerous)
|
||||
t.notEqual(index, dangerous)
|
||||
t.end()
|
||||
})
|
||||
|
||||
test('Is not a function', function (t) {
|
||||
[index, safer, dangerous].forEach(function (impl) {
|
||||
t.equal(typeof impl, 'object')
|
||||
t.equal(typeof impl.Buffer, 'object')
|
||||
});
|
||||
[buffer].forEach(function (impl) {
|
||||
t.equal(typeof impl, 'object')
|
||||
t.equal(typeof impl.Buffer, 'function')
|
||||
})
|
||||
t.end()
|
||||
})
|
||||
|
||||
test('Constructor throws', function (t) {
|
||||
[index, safer, dangerous].forEach(function (impl) {
|
||||
t.throws(function () { impl.Buffer() })
|
||||
t.throws(function () { impl.Buffer(0) })
|
||||
t.throws(function () { impl.Buffer('a') })
|
||||
t.throws(function () { impl.Buffer('a', 'utf-8') })
|
||||
t.throws(function () { return new impl.Buffer() })
|
||||
t.throws(function () { return new impl.Buffer(0) })
|
||||
t.throws(function () { return new impl.Buffer('a') })
|
||||
t.throws(function () { return new impl.Buffer('a', 'utf-8') })
|
||||
})
|
||||
t.end()
|
||||
})
|
||||
|
||||
test('Safe methods exist', function (t) {
|
||||
[index, safer, dangerous].forEach(function (impl) {
|
||||
t.equal(typeof impl.Buffer.alloc, 'function', 'alloc')
|
||||
t.equal(typeof impl.Buffer.from, 'function', 'from')
|
||||
})
|
||||
t.end()
|
||||
})
|
||||
|
||||
test('Unsafe methods exist only in Dangerous', function (t) {
|
||||
[index, safer].forEach(function (impl) {
|
||||
t.equal(typeof impl.Buffer.allocUnsafe, 'undefined')
|
||||
t.equal(typeof impl.Buffer.allocUnsafeSlow, 'undefined')
|
||||
});
|
||||
[dangerous].forEach(function (impl) {
|
||||
t.equal(typeof impl.Buffer.allocUnsafe, 'function')
|
||||
t.equal(typeof impl.Buffer.allocUnsafeSlow, 'function')
|
||||
})
|
||||
t.end()
|
||||
})
|
||||
|
||||
test('Generic methods/properties are defined and equal', function (t) {
|
||||
['poolSize', 'isBuffer', 'concat', 'byteLength'].forEach(function (method) {
|
||||
[index, safer, dangerous].forEach(function (impl) {
|
||||
t.equal(impl.Buffer[method], buffer.Buffer[method], method)
|
||||
t.notEqual(typeof impl.Buffer[method], 'undefined', method)
|
||||
})
|
||||
})
|
||||
t.end()
|
||||
})
|
||||
|
||||
test('Built-in buffer static methods/properties are inherited', function (t) {
|
||||
Object.keys(buffer).forEach(function (method) {
|
||||
if (method === 'SlowBuffer' || method === 'Buffer') return;
|
||||
[index, safer, dangerous].forEach(function (impl) {
|
||||
t.equal(impl[method], buffer[method], method)
|
||||
t.notEqual(typeof impl[method], 'undefined', method)
|
||||
})
|
||||
})
|
||||
t.end()
|
||||
})
|
||||
|
||||
test('Built-in Buffer static methods/properties are inherited', function (t) {
|
||||
Object.keys(buffer.Buffer).forEach(function (method) {
|
||||
if (method === 'allocUnsafe' || method === 'allocUnsafeSlow') return;
|
||||
[index, safer, dangerous].forEach(function (impl) {
|
||||
t.equal(impl.Buffer[method], buffer.Buffer[method], method)
|
||||
t.notEqual(typeof impl.Buffer[method], 'undefined', method)
|
||||
})
|
||||
})
|
||||
t.end()
|
||||
})
|
||||
|
||||
test('.prototype property of Buffer is inherited', function (t) {
|
||||
[index, safer, dangerous].forEach(function (impl) {
|
||||
t.equal(impl.Buffer.prototype, buffer.Buffer.prototype, 'prototype')
|
||||
t.notEqual(typeof impl.Buffer.prototype, 'undefined', 'prototype')
|
||||
})
|
||||
t.end()
|
||||
})
|
||||
|
||||
test('All Safer methods are present in Dangerous', function (t) {
|
||||
Object.keys(safer).forEach(function (method) {
|
||||
if (method === 'Buffer') return;
|
||||
[index, safer, dangerous].forEach(function (impl) {
|
||||
t.equal(impl[method], safer[method], method)
|
||||
if (method !== 'kStringMaxLength') {
|
||||
t.notEqual(typeof impl[method], 'undefined', method)
|
||||
}
|
||||
})
|
||||
})
|
||||
Object.keys(safer.Buffer).forEach(function (method) {
|
||||
[index, safer, dangerous].forEach(function (impl) {
|
||||
t.equal(impl.Buffer[method], safer.Buffer[method], method)
|
||||
t.notEqual(typeof impl.Buffer[method], 'undefined', method)
|
||||
})
|
||||
})
|
||||
t.end()
|
||||
})
|
||||
|
||||
test('Safe methods from Dangerous methods are present in Safer', function (t) {
|
||||
Object.keys(dangerous).forEach(function (method) {
|
||||
if (method === 'Buffer') return;
|
||||
[index, safer, dangerous].forEach(function (impl) {
|
||||
t.equal(impl[method], dangerous[method], method)
|
||||
if (method !== 'kStringMaxLength') {
|
||||
t.notEqual(typeof impl[method], 'undefined', method)
|
||||
}
|
||||
})
|
||||
})
|
||||
Object.keys(dangerous.Buffer).forEach(function (method) {
|
||||
if (method === 'allocUnsafe' || method === 'allocUnsafeSlow') return;
|
||||
[index, safer, dangerous].forEach(function (impl) {
|
||||
t.equal(impl.Buffer[method], dangerous.Buffer[method], method)
|
||||
t.notEqual(typeof impl.Buffer[method], 'undefined', method)
|
||||
})
|
||||
})
|
||||
t.end()
|
||||
})
|
||||
|
||||
/* Behaviour tests */
|
||||
|
||||
test('Methods return Buffers', function (t) {
|
||||
[index, safer, dangerous].forEach(function (impl) {
|
||||
t.ok(buffer.Buffer.isBuffer(impl.Buffer.alloc(0)))
|
||||
t.ok(buffer.Buffer.isBuffer(impl.Buffer.alloc(0, 10)))
|
||||
t.ok(buffer.Buffer.isBuffer(impl.Buffer.alloc(0, 'a')))
|
||||
t.ok(buffer.Buffer.isBuffer(impl.Buffer.alloc(10)))
|
||||
t.ok(buffer.Buffer.isBuffer(impl.Buffer.alloc(10, 'x')))
|
||||
t.ok(buffer.Buffer.isBuffer(impl.Buffer.alloc(9, 'ab')))
|
||||
t.ok(buffer.Buffer.isBuffer(impl.Buffer.from('')))
|
||||
t.ok(buffer.Buffer.isBuffer(impl.Buffer.from('string')))
|
||||
t.ok(buffer.Buffer.isBuffer(impl.Buffer.from('string', 'utf-8')))
|
||||
t.ok(buffer.Buffer.isBuffer(impl.Buffer.from('b25ldHdvdGhyZWU=', 'base64')))
|
||||
t.ok(buffer.Buffer.isBuffer(impl.Buffer.from([0, 42, 3])))
|
||||
t.ok(buffer.Buffer.isBuffer(impl.Buffer.from(new Uint8Array([0, 42, 3]))))
|
||||
t.ok(buffer.Buffer.isBuffer(impl.Buffer.from([])))
|
||||
});
|
||||
['allocUnsafe', 'allocUnsafeSlow'].forEach(function (method) {
|
||||
t.ok(buffer.Buffer.isBuffer(dangerous.Buffer[method](0)))
|
||||
t.ok(buffer.Buffer.isBuffer(dangerous.Buffer[method](10)))
|
||||
})
|
||||
t.end()
|
||||
})
|
||||
|
||||
test('Constructor is buffer.Buffer', function (t) {
|
||||
[index, safer, dangerous].forEach(function (impl) {
|
||||
t.equal(impl.Buffer.alloc(0).constructor, buffer.Buffer)
|
||||
t.equal(impl.Buffer.alloc(0, 10).constructor, buffer.Buffer)
|
||||
t.equal(impl.Buffer.alloc(0, 'a').constructor, buffer.Buffer)
|
||||
t.equal(impl.Buffer.alloc(10).constructor, buffer.Buffer)
|
||||
t.equal(impl.Buffer.alloc(10, 'x').constructor, buffer.Buffer)
|
||||
t.equal(impl.Buffer.alloc(9, 'ab').constructor, buffer.Buffer)
|
||||
t.equal(impl.Buffer.from('').constructor, buffer.Buffer)
|
||||
t.equal(impl.Buffer.from('string').constructor, buffer.Buffer)
|
||||
t.equal(impl.Buffer.from('string', 'utf-8').constructor, buffer.Buffer)
|
||||
t.equal(impl.Buffer.from('b25ldHdvdGhyZWU=', 'base64').constructor, buffer.Buffer)
|
||||
t.equal(impl.Buffer.from([0, 42, 3]).constructor, buffer.Buffer)
|
||||
t.equal(impl.Buffer.from(new Uint8Array([0, 42, 3])).constructor, buffer.Buffer)
|
||||
t.equal(impl.Buffer.from([]).constructor, buffer.Buffer)
|
||||
});
|
||||
[0, 10, 100].forEach(function (arg) {
|
||||
t.equal(dangerous.Buffer.allocUnsafe(arg).constructor, buffer.Buffer)
|
||||
t.equal(dangerous.Buffer.allocUnsafeSlow(arg).constructor, buffer.SlowBuffer(0).constructor)
|
||||
})
|
||||
t.end()
|
||||
})
|
||||
|
||||
test('Invalid calls throw', function (t) {
|
||||
[index, safer, dangerous].forEach(function (impl) {
|
||||
t.throws(function () { impl.Buffer.from(0) })
|
||||
t.throws(function () { impl.Buffer.from(10) })
|
||||
t.throws(function () { impl.Buffer.from(10, 'utf-8') })
|
||||
t.throws(function () { impl.Buffer.from('string', 'invalid encoding') })
|
||||
t.throws(function () { impl.Buffer.from(-10) })
|
||||
t.throws(function () { impl.Buffer.from(1e90) })
|
||||
t.throws(function () { impl.Buffer.from(Infinity) })
|
||||
t.throws(function () { impl.Buffer.from(-Infinity) })
|
||||
t.throws(function () { impl.Buffer.from(NaN) })
|
||||
t.throws(function () { impl.Buffer.from(null) })
|
||||
t.throws(function () { impl.Buffer.from(undefined) })
|
||||
t.throws(function () { impl.Buffer.from() })
|
||||
t.throws(function () { impl.Buffer.from({}) })
|
||||
t.throws(function () { impl.Buffer.alloc('') })
|
||||
t.throws(function () { impl.Buffer.alloc('string') })
|
||||
t.throws(function () { impl.Buffer.alloc('string', 'utf-8') })
|
||||
t.throws(function () { impl.Buffer.alloc('b25ldHdvdGhyZWU=', 'base64') })
|
||||
t.throws(function () { impl.Buffer.alloc(-10) })
|
||||
t.throws(function () { impl.Buffer.alloc(1e90) })
|
||||
t.throws(function () { impl.Buffer.alloc(2 * (1 << 30)) })
|
||||
t.throws(function () { impl.Buffer.alloc(Infinity) })
|
||||
t.throws(function () { impl.Buffer.alloc(-Infinity) })
|
||||
t.throws(function () { impl.Buffer.alloc(null) })
|
||||
t.throws(function () { impl.Buffer.alloc(undefined) })
|
||||
t.throws(function () { impl.Buffer.alloc() })
|
||||
t.throws(function () { impl.Buffer.alloc([]) })
|
||||
t.throws(function () { impl.Buffer.alloc([0, 42, 3]) })
|
||||
t.throws(function () { impl.Buffer.alloc({}) })
|
||||
});
|
||||
['allocUnsafe', 'allocUnsafeSlow'].forEach(function (method) {
|
||||
t.throws(function () { dangerous.Buffer[method]('') })
|
||||
t.throws(function () { dangerous.Buffer[method]('string') })
|
||||
t.throws(function () { dangerous.Buffer[method]('string', 'utf-8') })
|
||||
t.throws(function () { dangerous.Buffer[method](2 * (1 << 30)) })
|
||||
t.throws(function () { dangerous.Buffer[method](Infinity) })
|
||||
if (dangerous.Buffer[method] === buffer.Buffer.allocUnsafe) {
|
||||
t.skip('Skipping, older impl of allocUnsafe coerced negative sizes to 0')
|
||||
} else {
|
||||
t.throws(function () { dangerous.Buffer[method](-10) })
|
||||
t.throws(function () { dangerous.Buffer[method](-1e90) })
|
||||
t.throws(function () { dangerous.Buffer[method](-Infinity) })
|
||||
}
|
||||
t.throws(function () { dangerous.Buffer[method](null) })
|
||||
t.throws(function () { dangerous.Buffer[method](undefined) })
|
||||
t.throws(function () { dangerous.Buffer[method]() })
|
||||
t.throws(function () { dangerous.Buffer[method]([]) })
|
||||
t.throws(function () { dangerous.Buffer[method]([0, 42, 3]) })
|
||||
t.throws(function () { dangerous.Buffer[method]({}) })
|
||||
})
|
||||
t.end()
|
||||
})
|
||||
|
||||
test('Buffers have appropriate lengths', function (t) {
|
||||
[index, safer, dangerous].forEach(function (impl) {
|
||||
t.equal(impl.Buffer.alloc(0).length, 0)
|
||||
t.equal(impl.Buffer.alloc(10).length, 10)
|
||||
t.equal(impl.Buffer.from('').length, 0)
|
||||
t.equal(impl.Buffer.from('string').length, 6)
|
||||
t.equal(impl.Buffer.from('string', 'utf-8').length, 6)
|
||||
t.equal(impl.Buffer.from('b25ldHdvdGhyZWU=', 'base64').length, 11)
|
||||
t.equal(impl.Buffer.from([0, 42, 3]).length, 3)
|
||||
t.equal(impl.Buffer.from(new Uint8Array([0, 42, 3])).length, 3)
|
||||
t.equal(impl.Buffer.from([]).length, 0)
|
||||
});
|
||||
['allocUnsafe', 'allocUnsafeSlow'].forEach(function (method) {
|
||||
t.equal(dangerous.Buffer[method](0).length, 0)
|
||||
t.equal(dangerous.Buffer[method](10).length, 10)
|
||||
})
|
||||
t.end()
|
||||
})
|
||||
|
||||
test('Buffers have appropriate lengths (2)', function (t) {
|
||||
t.equal(index.Buffer.alloc, safer.Buffer.alloc)
|
||||
t.equal(index.Buffer.alloc, dangerous.Buffer.alloc)
|
||||
var ok = true;
|
||||
[ safer.Buffer.alloc,
|
||||
dangerous.Buffer.allocUnsafe,
|
||||
dangerous.Buffer.allocUnsafeSlow
|
||||
].forEach(function (method) {
|
||||
for (var i = 0; i < 1e2; i++) {
|
||||
var length = Math.round(Math.random() * 1e5)
|
||||
var buf = method(length)
|
||||
if (!buffer.Buffer.isBuffer(buf)) ok = false
|
||||
if (buf.length !== length) ok = false
|
||||
}
|
||||
})
|
||||
t.ok(ok)
|
||||
t.end()
|
||||
})
|
||||
|
||||
test('.alloc(size) is zero-filled and has correct length', function (t) {
|
||||
t.equal(index.Buffer.alloc, safer.Buffer.alloc)
|
||||
t.equal(index.Buffer.alloc, dangerous.Buffer.alloc)
|
||||
var ok = true
|
||||
for (var i = 0; i < 1e2; i++) {
|
||||
var length = Math.round(Math.random() * 2e6)
|
||||
var buf = index.Buffer.alloc(length)
|
||||
if (!buffer.Buffer.isBuffer(buf)) ok = false
|
||||
if (buf.length !== length) ok = false
|
||||
var j
|
||||
for (j = 0; j < length; j++) {
|
||||
if (buf[j] !== 0) ok = false
|
||||
}
|
||||
buf.fill(1)
|
||||
for (j = 0; j < length; j++) {
|
||||
if (buf[j] !== 1) ok = false
|
||||
}
|
||||
}
|
||||
t.ok(ok)
|
||||
t.end()
|
||||
})
|
||||
|
||||
test('.allocUnsafe / .allocUnsafeSlow are fillable and have correct lengths', function (t) {
|
||||
['allocUnsafe', 'allocUnsafeSlow'].forEach(function (method) {
|
||||
var ok = true
|
||||
for (var i = 0; i < 1e2; i++) {
|
||||
var length = Math.round(Math.random() * 2e6)
|
||||
var buf = dangerous.Buffer[method](length)
|
||||
if (!buffer.Buffer.isBuffer(buf)) ok = false
|
||||
if (buf.length !== length) ok = false
|
||||
buf.fill(0, 0, length)
|
||||
var j
|
||||
for (j = 0; j < length; j++) {
|
||||
if (buf[j] !== 0) ok = false
|
||||
}
|
||||
buf.fill(1, 0, length)
|
||||
for (j = 0; j < length; j++) {
|
||||
if (buf[j] !== 1) ok = false
|
||||
}
|
||||
}
|
||||
t.ok(ok, method)
|
||||
})
|
||||
t.end()
|
||||
})
|
||||
|
||||
test('.alloc(size, fill) is `fill`-filled', function (t) {
|
||||
t.equal(index.Buffer.alloc, safer.Buffer.alloc)
|
||||
t.equal(index.Buffer.alloc, dangerous.Buffer.alloc)
|
||||
var ok = true
|
||||
for (var i = 0; i < 1e2; i++) {
|
||||
var length = Math.round(Math.random() * 2e6)
|
||||
var fill = Math.round(Math.random() * 255)
|
||||
var buf = index.Buffer.alloc(length, fill)
|
||||
if (!buffer.Buffer.isBuffer(buf)) ok = false
|
||||
if (buf.length !== length) ok = false
|
||||
for (var j = 0; j < length; j++) {
|
||||
if (buf[j] !== fill) ok = false
|
||||
}
|
||||
}
|
||||
t.ok(ok)
|
||||
t.end()
|
||||
})
|
||||
|
||||
test('.alloc(size, fill) is `fill`-filled', function (t) {
|
||||
t.equal(index.Buffer.alloc, safer.Buffer.alloc)
|
||||
t.equal(index.Buffer.alloc, dangerous.Buffer.alloc)
|
||||
var ok = true
|
||||
for (var i = 0; i < 1e2; i++) {
|
||||
var length = Math.round(Math.random() * 2e6)
|
||||
var fill = Math.round(Math.random() * 255)
|
||||
var buf = index.Buffer.alloc(length, fill)
|
||||
if (!buffer.Buffer.isBuffer(buf)) ok = false
|
||||
if (buf.length !== length) ok = false
|
||||
for (var j = 0; j < length; j++) {
|
||||
if (buf[j] !== fill) ok = false
|
||||
}
|
||||
}
|
||||
t.ok(ok)
|
||||
t.deepEqual(index.Buffer.alloc(9, 'a'), index.Buffer.alloc(9, 97))
|
||||
t.notDeepEqual(index.Buffer.alloc(9, 'a'), index.Buffer.alloc(9, 98))
|
||||
|
||||
var tmp = new buffer.Buffer(2)
|
||||
tmp.fill('ok')
|
||||
if (tmp[1] === tmp[0]) {
|
||||
// Outdated Node.js
|
||||
t.deepEqual(index.Buffer.alloc(5, 'ok'), index.Buffer.from('ooooo'))
|
||||
} else {
|
||||
t.deepEqual(index.Buffer.alloc(5, 'ok'), index.Buffer.from('okoko'))
|
||||
}
|
||||
t.notDeepEqual(index.Buffer.alloc(5, 'ok'), index.Buffer.from('kokok'))
|
||||
|
||||
t.end()
|
||||
})
|
||||
|
||||
test('safer.Buffer.from returns results same as Buffer constructor', function (t) {
|
||||
[index, safer, dangerous].forEach(function (impl) {
|
||||
t.deepEqual(impl.Buffer.from(''), new buffer.Buffer(''))
|
||||
t.deepEqual(impl.Buffer.from('string'), new buffer.Buffer('string'))
|
||||
t.deepEqual(impl.Buffer.from('string', 'utf-8'), new buffer.Buffer('string', 'utf-8'))
|
||||
t.deepEqual(impl.Buffer.from('b25ldHdvdGhyZWU=', 'base64'), new buffer.Buffer('b25ldHdvdGhyZWU=', 'base64'))
|
||||
t.deepEqual(impl.Buffer.from([0, 42, 3]), new buffer.Buffer([0, 42, 3]))
|
||||
t.deepEqual(impl.Buffer.from(new Uint8Array([0, 42, 3])), new buffer.Buffer(new Uint8Array([0, 42, 3])))
|
||||
t.deepEqual(impl.Buffer.from([]), new buffer.Buffer([]))
|
||||
})
|
||||
t.end()
|
||||
})
|
||||
|
||||
test('safer.Buffer.from returns consistent results', function (t) {
|
||||
[index, safer, dangerous].forEach(function (impl) {
|
||||
t.deepEqual(impl.Buffer.from(''), impl.Buffer.alloc(0))
|
||||
t.deepEqual(impl.Buffer.from([]), impl.Buffer.alloc(0))
|
||||
t.deepEqual(impl.Buffer.from(new Uint8Array([])), impl.Buffer.alloc(0))
|
||||
t.deepEqual(impl.Buffer.from('string', 'utf-8'), impl.Buffer.from('string'))
|
||||
t.deepEqual(impl.Buffer.from('string'), impl.Buffer.from([115, 116, 114, 105, 110, 103]))
|
||||
t.deepEqual(impl.Buffer.from('string'), impl.Buffer.from(impl.Buffer.from('string')))
|
||||
t.deepEqual(impl.Buffer.from('b25ldHdvdGhyZWU=', 'base64'), impl.Buffer.from('onetwothree'))
|
||||
t.notDeepEqual(impl.Buffer.from('b25ldHdvdGhyZWU='), impl.Buffer.from('onetwothree'))
|
||||
})
|
||||
t.end()
|
||||
})
|
|
@ -0,0 +1,21 @@
|
|||
{
|
||||
"name": "chat-server",
|
||||
"version": "1.0.0",
|
||||
"description": "Part of the open source chat project, this is used as the server for the client to connect to.",
|
||||
"main": "main.js",
|
||||
"dependencies": {
|
||||
"fs": "^0.0.1-security",
|
||||
"net": "^1.0.2",
|
||||
"node-rsa": "^1.0.5"
|
||||
},
|
||||
"devDependencies": {},
|
||||
"scripts": {
|
||||
"test": "echo \"Error: no test specified\" && exit 1"
|
||||
},
|
||||
"repository": {
|
||||
"type": "git",
|
||||
"url": "ssh://git@onewaycoding.ddns.net:8000/jsrobson10/chat-server.git"
|
||||
},
|
||||
"author": "Josua",
|
||||
"license": "MIT"
|
||||
}
|
Loading…
Reference in New Issue