moparisthebest
/
mail
mirror of https://github.com/moparisthebest/mail
1
0
Fork 0
Code Issues Releases Wiki Activity

upgrade to forge 0.2.6

This commit is contained in:
Tankred Hase 2013-09-15 22:35:59 +02:00
parent 429e4b75a6
commit d02f61b4a8
10 changed files with 4713 additions and 4406 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/js/crypto/util.js
View File

@ -169,6 +169,22 @@
}
};
/**
* Convert a UTF-16 encoded string to UTF8
* @param str [String] a UTF-16 encoded string
*/
Util.prototype.encodeUtf8 = function(str) {
return this._forge.util.encodeUtf8(str);
};
/**
* Convert a UTF-8 encoded string to UTF-16
* @param str [String] a UTF-8 encoded string
*/
Util.prototype.decodeUtf8 = function(str) {
return this._forge.util.decodeUtf8(str);
};
/**
* Validate an email address. This regex is taken from:
* http://stackoverflow.com/questions/46155/validate-email-address-in-javascript

1
src/lib/forge.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

943
src/lib/pbe.js Normal file
View File

@ -0,0 +1,943 @@
/**
* Password-based encryption functions.
*
* @author Dave Longley
* @author Stefan Siegl <stesie@brokenpipe.de>
*
* Copyright (c) 2010-2013 Digital Bazaar, Inc.
* Copyright (c) 2012 Stefan Siegl <stesie@brokenpipe.de>
*
* An EncryptedPrivateKeyInfo:
*
* EncryptedPrivateKeyInfo ::= SEQUENCE {
* encryptionAlgorithm EncryptionAlgorithmIdentifier,
* encryptedData EncryptedData }
*
* EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
*
* EncryptedData ::= OCTET STRING
*/
(function() {
/* ########## Begin module implementation ########## */
function initModule(forge) {
if(typeof BigInteger === 'undefined') {
var BigInteger = forge.jsbn.BigInteger;
}
// shortcut for asn.1 API
var asn1 = forge.asn1;
/* Password-based encryption implementation. */
var pki = forge.pki = forge.pki || {};
pki.pbe = forge.pbe = forge.pbe || {};
var oids = pki.oids;
// validator for an EncryptedPrivateKeyInfo structure
// Note: Currently only works w/algorithm params
var encryptedPrivateKeyValidator = {
name: 'EncryptedPrivateKeyInfo',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
name: 'EncryptedPrivateKeyInfo.encryptionAlgorithm',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
name: 'AlgorithmIdentifier.algorithm',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.OID,
constructed: false,
capture: 'encryptionOid'
}, {
name: 'AlgorithmIdentifier.parameters',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
captureAsn1: 'encryptionParams'
}]
}, {
// encryptedData
name: 'EncryptedPrivateKeyInfo.encryptedData',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.OCTETSTRING,
constructed: false,
capture: 'encryptedData'
}]
};
// validator for a PBES2Algorithms structure
// Note: Currently only works w/PBKDF2 + AES encryption schemes
var PBES2AlgorithmsValidator = {
name: 'PBES2Algorithms',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
name: 'PBES2Algorithms.keyDerivationFunc',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
name: 'PBES2Algorithms.keyDerivationFunc.oid',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.OID,
constructed: false,
capture: 'kdfOid'
}, {
name: 'PBES2Algorithms.params',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
name: 'PBES2Algorithms.params.salt',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.OCTETSTRING,
constructed: false,
capture: 'kdfSalt'
}, {
name: 'PBES2Algorithms.params.iterationCount',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.INTEGER,
onstructed: true,
capture: 'kdfIterationCount'
}]
}]
}, {
name: 'PBES2Algorithms.encryptionScheme',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
name: 'PBES2Algorithms.encryptionScheme.oid',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.OID,
constructed: false,
capture: 'encOid'
}, {
name: 'PBES2Algorithms.encryptionScheme.iv',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.OCTETSTRING,
constructed: false,
capture: 'encIv'
}]
}]
};
var pkcs12PbeParamsValidator = {
name: 'pkcs-12PbeParams',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
name: 'pkcs-12PbeParams.salt',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.OCTETSTRING,
constructed: false,
capture: 'salt'
}, {
name: 'pkcs-12PbeParams.iterations',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.INTEGER,
constructed: false,
capture: 'iterations'
}]
};
/**
* Encrypts a ASN.1 PrivateKeyInfo object, producing an EncryptedPrivateKeyInfo.
*
* PBES2Algorithms ALGORITHM-IDENTIFIER ::=
* { {PBES2-params IDENTIFIED BY id-PBES2}, ...}
*
* id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13}
*
* PBES2-params ::= SEQUENCE {
* keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}},
* encryptionScheme AlgorithmIdentifier {{PBES2-Encs}}
* }
*
* PBES2-KDFs ALGORITHM-IDENTIFIER ::=
* { {PBKDF2-params IDENTIFIED BY id-PBKDF2}, ... }
*
* PBES2-Encs ALGORITHM-IDENTIFIER ::= { ... }
*
* PBKDF2-params ::= SEQUENCE {
* salt CHOICE {
* specified OCTET STRING,
* otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}}
* },
* iterationCount INTEGER (1..MAX),
* keyLength INTEGER (1..MAX) OPTIONAL,
* prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1
* }
*
* @param obj the ASN.1 PrivateKeyInfo object.
* @param password the password to encrypt with.
* @param options:
* algorithm the encryption algorithm to use
* ('aes128', 'aes192', 'aes256', '3des'), defaults to 'aes128'.
* count the iteration count to use.
* saltSize the salt size to use.
*
* @return the ASN.1 EncryptedPrivateKeyInfo.
*/
pki.encryptPrivateKeyInfo = function(obj, password, options) {
// set default options
options = options || {};
options.saltSize = options.saltSize || 8;
options.count = options.count || 2048;
options.algorithm = options.algorithm || 'aes128';
// generate PBE params
var salt = forge.random.getBytes(options.saltSize);
var count = options.count;
var countBytes = forge.util.createBuffer();
countBytes.putInt16(count);
var dkLen;
var encryptionAlgorithm;
var encryptedData;
if(options.algorithm.indexOf('aes') === 0) {
// Do PBES2
var encOid;
if(options.algorithm === 'aes128') {
dkLen = 16;
encOid = oids['aes128-CBC'];
}
else if(options.algorithm === 'aes192') {
dkLen = 24;
encOid = oids['aes192-CBC'];
}
else if(options.algorithm === 'aes256') {
dkLen = 32;
encOid = oids['aes256-CBC'];
}
else {
throw {
message: 'Cannot encrypt private key. Unknown encryption algorithm.',
algorithm: options.algorithm
};
}
// encrypt private key using pbe SHA-1 and AES
var dk = forge.pkcs5.pbkdf2(password, salt, count, dkLen);
var iv = forge.random.getBytes(16);
var cipher = forge.aes.createEncryptionCipher(dk);
cipher.start(iv);
cipher.update(asn1.toDer(obj));
cipher.finish();
encryptedData = cipher.output.getBytes();
encryptionAlgorithm = asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(oids['pkcs5PBES2']).getBytes()),
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// keyDerivationFunc
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(oids['pkcs5PBKDF2']).getBytes()),
// PBKDF2-params
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// salt
asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, salt),
// iteration count
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
countBytes.getBytes())
])
]),
// encryptionScheme
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(encOid).getBytes()),
// iv
asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, iv)
])
])
]);
}
else if(options.algorithm === '3des') {
// Do PKCS12 PBE
dkLen = 24;
var saltBytes = new forge.util.ByteBuffer(salt);
var dk = pki.pbe.generatePkcs12Key(password, saltBytes, 1, count, dkLen);
var iv = pki.pbe.generatePkcs12Key(password, saltBytes, 2, count, dkLen);
var cipher = forge.des.createEncryptionCipher(dk);
cipher.start(iv);
cipher.update(asn1.toDer(obj));
cipher.finish();
encryptedData = cipher.output.getBytes();
encryptionAlgorithm = asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(oids['pbeWithSHAAnd3-KeyTripleDES-CBC']).getBytes()),
// pkcs-12PbeParams
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// salt
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, salt),
// iteration count
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
countBytes.getBytes())
])
]);
}
else {
throw {
message: 'Cannot encrypt private key. Unknown encryption algorithm.',
algorithm: options.algorithm
};
}
// EncryptedPrivateKeyInfo
var rval = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// encryptionAlgorithm
encryptionAlgorithm,
// encryptedData
asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, encryptedData)
]);
return rval;
};
/**
* Decrypts a ASN.1 PrivateKeyInfo object.
*
* @param obj the ASN.1 EncryptedPrivateKeyInfo object.
* @param password the password to decrypt with.
*
* @return the ASN.1 PrivateKeyInfo on success, null on failure.
*/
pki.decryptPrivateKeyInfo = function(obj, password) {
var rval = null;
// get PBE params
var capture = {};
var errors = [];
if(!asn1.validate(obj, encryptedPrivateKeyValidator, capture, errors)) {
throw {
message: 'Cannot read encrypted private key. ' +
'ASN.1 object is not a supported EncryptedPrivateKeyInfo.',
errors: errors
};
}
// get cipher
var oid = asn1.derToOid(capture.encryptionOid);
var cipher = pki.pbe.getCipher(oid, capture.encryptionParams, password);
// get encrypted data
var encrypted = forge.util.createBuffer(capture.encryptedData);
cipher.update(encrypted);
if(cipher.finish()) {
rval = asn1.fromDer(cipher.output);
}
return rval;
};
/**
* Converts a EncryptedPrivateKeyInfo to PEM format.
*
* @param epki the EncryptedPrivateKeyInfo.
* @param maxline the maximum characters per line, defaults to 64.
*
* @return the PEM-formatted encrypted private key.
*/
pki.encryptedPrivateKeyToPem = function(epki, maxline) {
// convert to DER, then PEM-encode
var msg = {
type: 'ENCRYPTED PRIVATE KEY',
body: asn1.toDer(epki).getBytes()
};
return forge.pem.encode(msg, {maxline: maxline});
};
/**
* Converts a PEM-encoded EncryptedPrivateKeyInfo to ASN.1 format. Decryption
* is not performed.
*
* @param pem the EncryptedPrivateKeyInfo in PEM-format.
*
* @return the ASN.1 EncryptedPrivateKeyInfo.
*/
pki.encryptedPrivateKeyFromPem = function(pem) {
var msg = forge.pem.decode(pem)[0];
if(msg.type !== 'ENCRYPTED PRIVATE KEY') {
throw {
message: 'Could not convert encrypted private key from PEM; PEM header ' +
'type is "ENCRYPTED PRIVATE KEY".',
headerType: msg.type
};
}
if(msg.procType && msg.procType.type === 'ENCRYPTED') {
throw {
message: 'Could not convert encrypted private key from PEM; ' +
'PEM is encrypted.'
};
}
// convert DER to ASN.1 object
return asn1.fromDer(msg.body);
};
/**
* Encrypts an RSA private key. By default, the key will be wrapped in
* a PrivateKeyInfo and encrypted to produce a PKCS#8 EncryptedPrivateKeyInfo.
* This is the standard, preferred way to encrypt a private key.
*
* To produce a non-standard PEM-encrypted private key that uses encapsulated
* headers to indicate the encryption algorithm (old-style non-PKCS#8 OpenSSL
* private key encryption), set the 'legacy' option to true. Note: Using this
* option will cause the iteration count to be forced to 1.
*
* @param rsaKey the RSA key to encrypt.
* @param password the password to use.
* @param options:
* algorithm: the encryption algorithm to use
* ('aes128', 'aes192', 'aes256', '3des').
* count: the iteration count to use.
* saltSize: the salt size to use.
* legacy: output an old non-PKCS#8 PEM-encrypted+encapsulated
* headers (DEK-Info) private key.
*
* @return the PEM-encoded ASN.1 EncryptedPrivateKeyInfo.
*/
pki.encryptRsaPrivateKey = function(rsaKey, password, options) {
// standard PKCS#8
options = options || {};
if(!options.legacy) {
// encrypt PrivateKeyInfo
var rval = pki.wrapRsaPrivateKey(pki.privateKeyToAsn1(rsaKey));
rval = pki.encryptPrivateKeyInfo(rval, password, options);
return pki.encryptedPrivateKeyToPem(rval);
}
// legacy non-PKCS#8
var algorithm;
var iv;
var dkLen;
var cipherFn;
switch(options.algorithm) {
case 'aes128':
algorithm = 'AES-128-CBC';
dkLen = 16;
iv = forge.random.getBytes(16);
cipherFn = forge.aes.createEncryptionCipher;
break;
case 'aes192':
algorithm = 'AES-192-CBC';
dkLen = 24;
iv = forge.random.getBytes(16);
cipherFn = forge.aes.createEncryptionCipher;
break;
case 'aes256':
algorithm = 'AES-256-CBC';
dkLen = 32;
iv = forge.random.getBytes(16);
cipherFn = forge.aes.createEncryptionCipher;
break;
case '3des':
algorithm = 'DES-EDE3-CBC';
dkLen = 24;
iv = forge.random.getBytes(8);
cipherFn = forge.des.createEncryptionCipher;
break;
default:
throw {
message: 'Could not encrypt RSA private key; unsupported encryption ' +
'algorithm "' + options.algorithm + '".',
algorithm: options.algorithm
};
}
// encrypt private key using OpenSSL legacy key derivation
var dk = evpBytesToKey(password, iv.substr(0, 8), dkLen);
var cipher = cipherFn(dk);
cipher.start(iv);
cipher.update(asn1.toDer(pki.privateKeyToAsn1(rsaKey)));
cipher.finish();
var msg = {
type: 'RSA PRIVATE KEY',
procType: {
version: '4',
type: 'ENCRYPTED'
},
dekInfo: {
algorithm: algorithm,
parameters: forge.util.bytesToHex(iv).toUpperCase()
},
body: cipher.output.getBytes()
};
return forge.pem.encode(msg);
};
/**
* Decrypts an RSA private key.
*
* @param pem the PEM-formatted EncryptedPrivateKeyInfo to decrypt.
* @param password the password to use.
*
* @return the RSA key on success, null on failure.
*/
pki.decryptRsaPrivateKey = function(pem, password) {
var rval = null;
var msg = forge.pem.decode(pem)[0];
if(msg.type !== 'ENCRYPTED PRIVATE KEY' &&
msg.type !== 'PRIVATE KEY' &&
msg.type !== 'RSA PRIVATE KEY') {
throw {
message: 'Could not convert private key from PEM; PEM header type is ' +
'not "ENCRYPTED PRIVATE KEY", "PRIVATE KEY", or "RSA PRIVATE KEY".',
headerType: msg.type
};
}
if(msg.procType && msg.procType.type === 'ENCRYPTED') {
var dkLen;
var cipherFn;
switch(msg.dekInfo.algorithm) {
case 'DES-EDE3-CBC':
dkLen = 24;
cipherFn = forge.des.createDecryptionCipher;
break;
case 'AES-128-CBC':
dkLen = 16;
cipherFn = forge.aes.createDecryptionCipher;
break;
case 'AES-192-CBC':
dkLen = 24;
cipherFn = forge.aes.createDecryptionCipher;
break;
case 'AES-256-CBC':
dkLen = 32;
cipherFn = forge.aes.createDecryptionCipher;
break;
case 'RC2-40-CBC':
dkLen = 5;
cipherFn = function(key) {
return forge.rc2.createDecryptionCipher(key, 40);
};
break;
case 'RC2-64-CBC':
dkLen = 8;
cipherFn = function(key) {
return forge.rc2.createDecryptionCipher(key, 64);
};
break;
case 'RC2-128-CBC':
dkLen = 16;
cipherFn = function(key) {
return forge.rc2.createDecryptionCipher(key, 128);
};
break;
default:
throw {
message: 'Could not decrypt private key; unsupported encryption ' +
'algorithm "' + msg.dekInfo.algorithm + '".',
algorithm: msg.dekInfo.algorithm
};
}
// use OpenSSL legacy key derivation
var iv = forge.util.hexToBytes(msg.dekInfo.parameters);
var dk = evpBytesToKey(password, iv.substr(0, 8), dkLen);
var cipher = cipherFn(dk);
cipher.start(iv);
cipher.update(forge.util.createBuffer(msg.body));
if(cipher.finish()) {
rval = cipher.output.getBytes();
}
else {
return rval;
}
}
else {
rval = msg.body;
}
if(msg.type === 'ENCRYPTED PRIVATE KEY') {
rval = pki.decryptPrivateKeyInfo(asn1.fromDer(rval), password);
}
else {
// decryption already performed above
rval = asn1.fromDer(rval);
}
if(rval !== null) {
rval = pki.privateKeyFromAsn1(rval);
}
return rval;
};
/**
* Derives a PKCS#12 key.
*
* @param password the password to derive the key material from.
* @param salt the salt, as a ByteBuffer, to use.
* @param id the PKCS#12 ID byte (1 = key material, 2 = IV, 3 = MAC).
* @param iter the iteration count.
* @param n the number of bytes to derive from the password.
* @param md the message digest to use, defaults to SHA-1.
*
* @return a ByteBuffer with the bytes derived from the password.
*/
pki.pbe.generatePkcs12Key = function(password, salt, id, iter, n, md) {
var j, l;
if(typeof md === 'undefined' || md === null) {
md = forge.md.sha1.create();
}
var u = md.digestLength;
var v = md.blockLength;
var result = new forge.util.ByteBuffer();
/* Convert password to Unicode byte buffer + trailing 0-byte. */
var passBuf = new forge.util.ByteBuffer();
for(l = 0; l < password.length; l++) {
passBuf.putInt16(password.charCodeAt(l));
}
passBuf.putInt16(0);
/* Length of salt and password in BYTES. */
var p = passBuf.length();
var s = salt.length();
/* 1. Construct a string, D (the "diversifier"), by concatenating
v copies of ID. */
var D = new forge.util.ByteBuffer();
D.fillWithByte(id, v);
/* 2. Concatenate copies of the salt together to create a string S of length
v * ceil(s / v) bytes (the final copy of the salt may be trunacted
to create S).
Note that if the salt is the empty string, then so is S. */
var Slen = v * Math.ceil(s / v);
var S = new forge.util.ByteBuffer();
for(l = 0; l < Slen; l ++) {
S.putByte(salt.at(l % s));
}
/* 3. Concatenate copies of the password together to create a string P of
length v * ceil(p / v) bytes (the final copy of the password may be
truncated to create P).
Note that if the password is the empty string, then so is P. */
var Plen = v * Math.ceil(p / v);
var P = new forge.util.ByteBuffer();
for(l = 0; l < Plen; l ++) {
P.putByte(passBuf.at(l % p));
}
/* 4. Set I=S||P to be the concatenation of S and P. */
var I = S;
I.putBuffer(P);
/* 5. Set c=ceil(n / u). */
var c = Math.ceil(n / u);
/* 6. For i=1, 2, ..., c, do the following: */
for(var i = 1; i <= c; i ++) {
/* a) Set Ai=H^r(D||I). (l.e. the rth hash of D||I, H(H(H(...H(D||I)))) */
var buf = new forge.util.ByteBuffer();
buf.putBytes(D.bytes());
buf.putBytes(I.bytes());
for(var round = 0; round < iter; round ++) {
md.start();
md.update(buf.getBytes());
buf = md.digest();
}
/* b) Concatenate copies of Ai to create a string B of length v bytes (the
final copy of Ai may be truncated to create B). */
var B = new forge.util.ByteBuffer();
for(l = 0; l < v; l ++) {
B.putByte(buf.at(l % u));
}
/* c) Treating I as a concatenation I0, I1, ..., Ik-1 of v-byte blocks,
where k=ceil(s / v) + ceil(p / v), modify I by setting
Ij=(Ij+B+1) mod 2v for each j. */
var k = Math.ceil(s / v) + Math.ceil(p / v);
var Inew = new forge.util.ByteBuffer();
for(j = 0; j < k; j ++) {
var chunk = new forge.util.ByteBuffer(I.getBytes(v));
var x = 0x1ff;
for(l = B.length() - 1; l >= 0; l --) {
x = x >> 8;
x += B.at(l) + chunk.at(l);
chunk.setAt(l, x & 0xff);
}
Inew.putBuffer(chunk);
}
I = Inew;
/* Add Ai to A. */
result.putBuffer(buf);
}
result.truncate(result.length() - n);
return result;
};
/**
* Get new Forge cipher object instance.
*
* @param oid the OID (in string notation).
* @param params the ASN.1 params object.
* @param password the password to decrypt with.
*
* @return new cipher object instance.
*/
pki.pbe.getCipher = function(oid, params, password) {
switch(oid) {
case pki.oids['pkcs5PBES2']:
return pki.pbe.getCipherForPBES2(oid, params, password);
case pki.oids['pbeWithSHAAnd3-KeyTripleDES-CBC']:
case pki.oids['pbewithSHAAnd40BitRC2-CBC']:
return pki.pbe.getCipherForPKCS12PBE(oid, params, password);
default:
throw {
message: 'Cannot read encrypted PBE data block. Unsupported OID.',
oid: oid,
supportedOids: [
'pkcs5PBES2',
'pbeWithSHAAnd3-KeyTripleDES-CBC',
'pbewithSHAAnd40BitRC2-CBC'
]
};
}
};
/**
* Get new Forge cipher object instance according to PBES2 params block.
*
* The returned cipher instance is already started using the IV
* from PBES2 parameter block.
*
* @param oid the PKCS#5 PBKDF2 OID (in string notation).
* @param params the ASN.1 PBES2-params object.
* @param password the password to decrypt with.
*
* @return new cipher object instance.
*/
pki.pbe.getCipherForPBES2 = function(oid, params, password) {
// get PBE params
var capture = {};
var errors = [];
if(!asn1.validate(params, PBES2AlgorithmsValidator, capture, errors)) {
throw {
message: 'Cannot read password-based-encryption algorithm ' +
'parameters. ASN.1 object is not a supported ' +
'EncryptedPrivateKeyInfo.',
errors: errors
};
}
// check oids
oid = asn1.derToOid(capture.kdfOid);
if(oid !== pki.oids['pkcs5PBKDF2']) {
throw {
message: 'Cannot read encrypted private key. ' +
'Unsupported key derivation function OID.',
oid: oid,
supportedOids: ['pkcs5PBKDF2']
};
}
oid = asn1.derToOid(capture.encOid);
if(oid !== pki.oids['aes128-CBC'] &&
oid !== pki.oids['aes192-CBC'] &&
oid !== pki.oids['aes256-CBC']) {
throw {
message: 'Cannot read encrypted private key. ' +
'Unsupported encryption scheme OID.',
oid: oid,
supportedOids: ['aes128-CBC', 'aes192-CBC', 'aes256-CBC']
};
}
// set PBE params
var salt = capture.kdfSalt;
var count = forge.util.createBuffer(capture.kdfIterationCount);
count = count.getInt(count.length() << 3);
var dkLen;
if(oid === pki.oids['aes128-CBC']) {
dkLen = 16;
}
else if(oid === pki.oids['aes192-CBC']) {
dkLen = 24;
}
else if(oid === pki.oids['aes256-CBC']) {
dkLen = 32;
}
// decrypt private key using pbe SHA-1 and AES
var dk = forge.pkcs5.pbkdf2(password, salt, count, dkLen);
var iv = capture.encIv;
var cipher = forge.aes.createDecryptionCipher(dk);
cipher.start(iv);
return cipher;
};
/**
* Get new Forge cipher object instance for PKCS#12 PBE.
*
* The returned cipher instance is already started using the key & IV
* derived from the provided password and PKCS#12 PBE salt.
*
* @param oid The PKCS#12 PBE OID (in string notation).
* @param params The ASN.1 PKCS#12 PBE-params object.
* @param password The password to decrypt with.
* @return New cipher object instance.
*/
pki.pbe.getCipherForPKCS12PBE = function(oid, params, password) {
// get PBE params
var capture = {};
var errors = [];
if(!asn1.validate(params, pkcs12PbeParamsValidator, capture, errors)) {
throw {
message: 'Cannot read password-based-encryption algorithm ' +
'parameters. ASN.1 object is not a supported ' +
'EncryptedPrivateKeyInfo.',
errors: errors
};
}
var salt = forge.util.createBuffer(capture.salt);
var count = forge.util.createBuffer(capture.iterations);
count = count.getInt(count.length() << 3);
var dkLen, dIvLen, cipherFn;
switch(oid) {
case pki.oids['pbeWithSHAAnd3-KeyTripleDES-CBC']:
dkLen = 24;
dIvLen = 8;
cipherFn = forge.des.startDecrypting;
break;
case pki.oids['pbewithSHAAnd40BitRC2-CBC']:
dkLen = 5;
dIvLen = 8;
cipherFn = function(key, iv) {
var cipher = forge.rc2.createDecryptionCipher(key, 40);
cipher.start(iv, null);
return cipher;
};
break;
default:
throw {
message: 'Cannot read PKCS #12 PBE data block. Unsupported OID.',
oid: oid
};
}
var key = pki.pbe.generatePkcs12Key(password, salt, 1, count, dkLen);
var iv = pki.pbe.generatePkcs12Key(password, salt, 2, count, dIvLen);
return cipherFn(key, iv);
};
/**
* OpenSSL's legacy key derivation function.
*
* See: http://www.openssl.org/docs/crypto/EVP_BytesToKey.html
*
* @param password the password to derive the key from.
* @param salt the salt to use.
* @param dkLen the number of bytes needed for the derived key.
*/
function evpBytesToKey(password, salt, dkLen) {
var digests = [md5(password + salt)];
for(var length = 16, i = 1; length < dkLen; ++i, length += 16) {
digests.push(md5(digests[i - 1] + password + salt));
}
return digests.join('').substr(0, dkLen);
}
function md5(bytes) {
return forge.md.md5.create().update(bytes).digest().getBytes();
}
} // end module implementation
/* ########## Begin module wrapper ########## */
var name = 'pbe';
if(typeof define !== 'function') {
// NodeJS -> AMD
if(typeof module === 'object' && module.exports) {
var nodeJS = true;
define = function(ids, factory) {
factory(require, module);
};
}
// <script>
else {
if(typeof forge === 'undefined') {
forge = {};
}
return initModule(forge);
}
}
// AMD
var deps;
var defineFunc = function(require, module) {
module.exports = function(forge) {
var mods = deps.map(function(dep) {
return require(dep);
}).concat(initModule);
// handle circular dependencies
forge = forge || {};
forge.defined = forge.defined || {};
if(forge.defined[name]) {
return forge[name];
}
forge.defined[name] = true;
for(var i = 0; i < mods.length; ++i) {
mods[i](forge);
}
return forge[name];
};
};
var tmpDefine = define;
define = function(ids, factory) {
deps = (typeof ids === 'string') ? factory.slice(2) : ids.slice(2);
if(nodeJS) {
delete define;
return tmpDefine.apply(null, Array.prototype.slice.call(arguments, 0));
}
define = tmpDefine;
return define.apply(null, Array.prototype.slice.call(arguments, 0));
};
define([
'require',
'module',
'./aes',
'./asn1',
'./des',
'./md',
'./oids',
'./pem',
'./pbkdf2',
'./random',
'./rc2',
'./rsa',
'./util'
], function() {
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
});
})();

3
src/lib/pbkdf2.js
View File

@ -27,7 +27,7 @@ var pkcs5 = forge.pkcs5 = forge.pkcs5 || {};
*/
forge.pbkdf2 = pkcs5.pbkdf2 = function(p, s, c, dkLen, md) {
// default prf to SHA-1
if(typeof(md) === 'undefined' || md === null) {
if(typeof md === 'undefined' || md === null) {
md = forge.md.sha1.create();
}
@ -81,6 +81,7 @@ forge.pbkdf2 = pkcs5.pbkdf2 = function(p, s, c, dkLen, md) {
var xor, u_c, u_c1;
for(var i = 1; i <= len; ++i) {
// PRF(P, S || INT(i)) (first iteration)
prf.start(null, null);
prf.update(s);
prf.update(forge.util.int32ToBytes(i));
xor = u_c1 = prf.digest().getBytes();

149
src/lib/pkcs12.js
View File

@ -573,7 +573,7 @@ function _decryptSafeContents(data, password) {
var cipher = pki.pbe.getCipher(oid, capture.encParameter, password);
// get encrypted data
var encrypted = forge.util.createBuffer(capture.encContent);
var encrypted = forge.util.createBuffer(capture.encryptedContent);
cipher.update(encrypted);
if(!cipher.finish()) {
@ -726,7 +726,7 @@ function _decodeBagAttributes(attributes) {
// unsupported attribute type, ignore.
continue;
}
decodedAttrs[pki.oids[oid]] = [];
for(var j = 0; j < capture.values.length; ++j) {
decodedAttrs[pki.oids[oid]].push(capture.values[j].value);
@ -783,7 +783,7 @@ p12.toPkcs12Asn1 = function(key, cert, password, options) {
}
var localKeyId = options.localKeyId;
var bagAttrs = undefined;
var bagAttrs;
if(localKeyId !== null) {
localKeyId = forge.util.hexToBytes(localKeyId);
}
@ -799,7 +799,7 @@ p12.toPkcs12Asn1 = function(key, cert, password, options) {
localKeyId = sha1.digest().getBytes();
}
// FIXME: consider using SHA-1 of public key (which can be generated
// from private key components)
// from private key components), see: cert.generateSubjectKeyIdentifier
// generate random bytes
else {
localKeyId = forge.random.getBytes(20);
@ -813,7 +813,7 @@ p12.toPkcs12Asn1 = function(key, cert, password, options) {
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// attrId
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(pki.oids['localKeyId']).getBytes()),
asn1.oidToDer(pki.oids.localKeyId).getBytes()),
// attrValues
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, [
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,
@ -827,7 +827,7 @@ p12.toPkcs12Asn1 = function(key, cert, password, options) {
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// attrId
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(pki.oids['friendlyName']).getBytes()),
asn1.oidToDer(pki.oids.friendlyName).getBytes()),
// attrValues
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, [
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.BMPSTRING, false,
@ -869,14 +869,14 @@ p12.toPkcs12Asn1 = function(key, cert, password, options) {
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// bagId
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(pki.oids['certBag']).getBytes()),
asn1.oidToDer(pki.oids.certBag).getBytes()),
// bagValue
asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [
// CertBag
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// certId
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(pki.oids['x509Certificate']).getBytes()),
asn1.oidToDer(pki.oids.x509Certificate).getBytes()),
// certValue (x509Certificate)
asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [
asn1.create(
@ -901,7 +901,7 @@ p12.toPkcs12Asn1 = function(key, cert, password, options) {
// contentType
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
// OID for the content type is 'data'
asn1.oidToDer(pki.oids['data']).getBytes()),
asn1.oidToDer(pki.oids.data).getBytes()),
// content
asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [
asn1.create(
@ -922,7 +922,7 @@ p12.toPkcs12Asn1 = function(key, cert, password, options) {
keyBag = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// bagId
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(pki.oids['keyBag']).getBytes()),
asn1.oidToDer(pki.oids.keyBag).getBytes()),
// bagValue
asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [
// PrivateKeyInfo
@ -937,7 +937,7 @@ p12.toPkcs12Asn1 = function(key, cert, password, options) {
keyBag = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// bagId
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(pki.oids['pkcs8ShroudedKeyBag']).getBytes()),
asn1.oidToDer(pki.oids.pkcs8ShroudedKeyBag).getBytes()),
// bagValue
asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [
// EncryptedPrivateKeyInfo
@ -959,7 +959,7 @@ p12.toPkcs12Asn1 = function(key, cert, password, options) {
// contentType
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
// OID for the content type is 'data'
asn1.oidToDer(pki.oids['data']).getBytes()),
asn1.oidToDer(pki.oids.data).getBytes()),
// content
asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [
asn1.create(
@ -974,7 +974,7 @@ p12.toPkcs12Asn1 = function(key, cert, password, options) {
var safe = asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, contents);
var macData = undefined;
var macData;
if(options.useMac) {
// MacData
var sha1 = forge.md.sha1.create();
@ -1023,7 +1023,7 @@ p12.toPkcs12Asn1 = function(key, cert, password, options) {
// contentType
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
// OID for the content type is 'data'
asn1.oidToDer(pki.oids['data']).getBytes()),
asn1.oidToDer(pki.oids.data).getBytes()),
// content
asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [
asn1.create(
@ -1038,112 +1038,16 @@ p12.toPkcs12Asn1 = function(key, cert, password, options) {
/**
* Derives a PKCS#12 key.
*
* @param {String} password the password to derive the key material from.
* @param {ByteBuffer} salt the salt to use.
* @param {int} id the PKCS#12 ID byte (1 = key material, 2 = IV, 3 = MAC).
* @param {int} iter the iteration count.
* @param {int} n the number of bytes to derive from the password.
* @param password the password to derive the key material from.
* @param salt the salt, as a ByteBuffer, to use.
* @param id the PKCS#12 ID byte (1 = key material, 2 = IV, 3 = MAC).
* @param iter the iteration count.
* @param n the number of bytes to derive from the password.
* @param md the message digest to use, defaults to SHA-1.
*
* @return {ByteBuffer} The bytes derived from the password.
* @return a ByteBuffer with the bytes derived from the password.
*/
p12.generateKey = function(password, salt, id, iter, n, md) {
var j, l;
if(typeof md === 'undefined' || md === null) {
md = forge.md.sha1.create();
}
var u = md.digestLength;
var v = md.blockLength;
var result = new forge.util.ByteBuffer();
/* Convert password to Unicode byte buffer + trailing 0-byte. */
var passBuf = new forge.util.ByteBuffer();
for(l = 0; l < password.length; l++) {
passBuf.putInt16(password.charCodeAt(l));
}
passBuf.putInt16(0);
/* Length of salt and password in BYTES. */
var p = passBuf.length();
var s = salt.length();
/* 1. Construct a string, D (the "diversifier"), by concatenating
v copies of ID. */
var D = new forge.util.ByteBuffer();
D.fillWithByte(id, v);
/* 2. Concatenate copies of the salt together to create a string S of length
v * ceil(s / v) bytes (the final copy of the salt may be trunacted
to create S).
Note that if the salt is the empty string, then so is S. */
var Slen = v * Math.ceil(s / v);
var S = new forge.util.ByteBuffer();
for(l = 0; l < Slen; l ++) {
S.putByte(salt.at(l % s));
}
/* 3. Concatenate copies of the password together to create a string P of
length v * ceil(p / v) bytes (the final copy of the password may be
truncated to create P).
Note that if the password is the empty string, then so is P. */
var Plen = v * Math.ceil(p / v);
var P = new forge.util.ByteBuffer();
for(l = 0; l < Plen; l ++) {
P.putByte(passBuf.at(l % p));
}
/* 4. Set I=S||P to be the concatenation of S and P. */
var I = S;
I.putBuffer(P);
/* 5. Set c=ceil(n / u). */
var c = Math.ceil(n / u);
/* 6. For i=1, 2, ..., c, do the following: */
for(var i = 1; i <= c; i ++) {
/* a) Set Ai=H^r(D||I). (l.e. the rth hash of D||I, H(H(H(...H(D||I)))) */
var buf = new forge.util.ByteBuffer();
buf.putBytes(D.bytes());
buf.putBytes(I.bytes());
for(var round = 0; round < iter; round ++) {
md.start();
md.update(buf.getBytes());
buf = md.digest();
}
/* b) Concatenate copies of Ai to create a string B of length v bytes (the
final copy of Ai may be truncated to create B). */
var B = new forge.util.ByteBuffer();
for(l = 0; l < v; l ++) {
B.putByte(buf.at(l % u));
}
/* c) Treating I as a concatenation I0, I1, ..., Ik-1 of v-byte blocks,
where k=ceil(s / v) + ceil(p / v), modify I by setting
Ij=(Ij+B+1) mod 2v for each j. */
var k = Math.ceil(s / v) + Math.ceil(p / v);
var Inew = new forge.util.ByteBuffer();
for(j = 0; j < k; j ++) {
var chunk = new forge.util.ByteBuffer(I.getBytes(v));
var x = 0x1ff;
for(l = B.length() - 1; l >= 0; l --) {
x = x >> 8;
x += B.at(l) + chunk.at(l);
chunk.setAt(l, x & 0xff);
}
Inew.putBuffer(chunk);
}
I = Inew;
/* Add Ai to A. */
result.putBuffer(buf);
}
result.truncate(result.length() - n);
return result;
};
p12.generateKey = forge.pbe.generatePkcs12Key;
} // end module implementation
@ -1199,12 +1103,15 @@ define([
'require',
'module',
'./asn1',
'./sha1',
'./hmac',
'./oids',
'./pkcs7asn1',
'./pki',
'./util',
'./pbe',
'./random',
'./hmac'
'./rsa',
'./sha1',
'./util',
'./x509'
], function() {
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
});

260
src/lib/pkcs7.js
View File

@ -142,7 +142,7 @@ var _recipientInfoFromAsn1 = function(obj) {
version: capture.version.charCodeAt(0),
issuer: forge.pki.RDNAttributesAsArray(capture.issuer),
serialNumber: forge.util.createBuffer(capture.serial).toHex(),
encContent: {
encryptedContent: {
algorithm: asn1.derToOid(capture.encAlgorithm),
parameter: capture.encParameter.value,
content: capture.encKey
@ -174,13 +174,13 @@ var _recipientInfoToAsn1 = function(obj) {
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// Algorithm
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(obj.encContent.algorithm).getBytes()),
asn1.oidToDer(obj.encryptedContent.algorithm).getBytes()),
// Parameter, force NULL, only RSA supported for now.
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '')
]),
// EncryptedKey
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,
obj.encContent.content)
obj.encryptedContent.content)
]);
};
@ -217,11 +217,11 @@ var _recipientInfosToAsn1 = function(recipientsArr) {
/**
* Map messages encrypted content to ASN.1 objects.
*
* @param ec The encContent object of the message.
* @param ec The encryptedContent object of the message.
*
* @return ASN.1 representation of the encContent object (SEQUENCE).
* @return ASN.1 representation of the encryptedContent object (SEQUENCE).
*/
var _encContentToAsn1 = function(ec) {
var _encryptedContentToAsn1 = function(ec) {
return [
// ContentType, always Data for the moment
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
@ -254,19 +254,19 @@ var _encContentToAsn1 = function(ec) {
* to allow the caller to extract further data, e.g. the list of recipients
* in case of a EnvelopedData object.
*
* @param msg The PKCS#7 object to read the data to
* @param obj The ASN.1 representation of the content block
* @param validator The ASN.1 structure validator object to use
* @return Map with values captured by validator object
* @param msg the PKCS#7 object to read the data to.
* @param obj the ASN.1 representation of the content block.
* @param validator the ASN.1 structure validator object to use.
*
* @return the value map captured by validator object.
*/
var _fromAsn1 = function(msg, obj, validator) {
var capture = {};
var errors = [];
if(!asn1.validate(obj, validator, capture, errors))
{
if(!asn1.validate(obj, validator, capture, errors)) {
throw {
message: 'Cannot read PKCS#7 message. ' +
'ASN.1 object is not an PKCS#7 EnvelopedData.',
'ASN.1 object is not a supported PKCS#7 message.',
errors: errors
};
}
@ -276,27 +276,27 @@ var _fromAsn1 = function(msg, obj, validator) {
if(contentType !== forge.pki.oids.data) {
throw {
message: 'Unsupported PKCS#7 message. ' +
'Only contentType Data supported within EnvelopedData.'
'Only wrapped ContentType Data supported.'
};
}
if(capture.encContent) {
if(capture.encryptedContent) {
var content = '';
if(forge.util.isArray(capture.encContent)) {
for(var i = 0; i < capture.encContent.length; ++i) {
if(capture.encContent[i].type !== asn1.Type.OCTETSTRING) {
if(forge.util.isArray(capture.encryptedContent)) {
for(var i = 0; i < capture.encryptedContent.length; ++i) {
if(capture.encryptedContent[i].type !== asn1.Type.OCTETSTRING) {
throw {
message: 'Malformed PKCS#7 message, expecting encrypted ' +
'content constructed of only OCTET STRING objects.'
};
}
content += capture.encContent[i].value;
content += capture.encryptedContent[i].value;
}
}
else {
content = capture.encContent;
content = capture.encryptedContent;
}
msg.encContent = {
msg.encryptedContent = {
algorithm: asn1.derToOid(capture.encAlgorithm),
parameter: forge.util.createBuffer(capture.encParameter.value),
content: forge.util.createBuffer(content)
@ -333,13 +333,13 @@ var _fromAsn1 = function(msg, obj, validator) {
*
* Decryption is skipped in case the PKCS#7 message object already has a
* (decrypted) content attribute. The algorithm, key and cipher parameters
* (probably the iv) are taken from the encContent attribute of the message
* object.
* (probably the iv) are taken from the encryptedContent attribute of the
* message object.
*
* @param The PKCS#7 message object.
*/
var _decryptContent = function (msg) {
if(msg.encContent.key === undefined) {
if(msg.encryptedContent.key === undefined) {
throw {
message: 'Symmetric key not available.'
};
@ -348,26 +348,26 @@ var _decryptContent = function (msg) {
if(msg.content === undefined) {
var ciph;
switch(msg.encContent.algorithm) {
switch(msg.encryptedContent.algorithm) {
case forge.pki.oids['aes128-CBC']:
case forge.pki.oids['aes192-CBC']:
case forge.pki.oids['aes256-CBC']:
ciph = forge.aes.createDecryptionCipher(msg.encContent.key);
ciph = forge.aes.createDecryptionCipher(msg.encryptedContent.key);
break;
case forge.pki.oids['des-EDE3-CBC']:
ciph = forge.des.createDecryptionCipher(msg.encContent.key);
ciph = forge.des.createDecryptionCipher(msg.encryptedContent.key);
break;
default:
throw {
message: 'Unsupported symmetric cipher, '
+ 'OID ' + msg.encContent.algorithm
message: 'Unsupported symmetric cipher, OID ' +
msg.encryptedContent.algorithm
};
}
ciph.start(msg.encContent.parameter);
ciph.update(msg.encContent.content);
ciph.start(msg.encryptedContent.parameter);
ciph.update(msg.encryptedContent.content);
if(!ciph.finish()) {
throw {
@ -384,9 +384,140 @@ p7.createSignedData = function() {
msg = {
type: forge.pki.oids.signedData,
version: 1,
certificates: [],
crls: [],
// populated during sign()
digestAlgorithmIdentifiers: [],
contentInfo: null,
signerInfos: [],
fromAsn1: function(obj) {
// validate SignedData content block and capture data.
_fromAsn1(msg, obj, p7.asn1.signedDataValidator);
msg.certificates = [];
msg.crls = [];
msg.digestAlgorithmIdentifiers = [];
msg.contentInfo = null;
msg.signerInfos = [];
var certs = msg.rawCapture.certificates.value;
for(var i = 0; i < certs.length; ++i) {
msg.certificates.push(forge.pki.certificateFromAsn1(certs[i]));
}
// TODO: parse crls
},
toAsn1: function() {
// TODO: add support for more data types here
if('content' in msg) {
throw 'Signing PKCS#7 content not yet implemented.';
}
// degenerate case with no content
if(!msg.contentInfo) {
msg.sign();
}
var certs = [];
for(var i = 0; i < msg.certificates.length; ++i) {
certs.push(forge.pki.certificateToAsn1(msg.certificates[0]));
}
var crls = [];
// TODO: implement CRLs
// ContentInfo
return asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// ContentType
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(msg.type).getBytes()),
// [0] SignedData
asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// Version
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
String.fromCharCode(msg.version)),
// DigestAlgorithmIdentifiers
asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.SET, true,
msg.digestAlgorithmIdentifiers),
// ContentInfo
msg.contentInfo,
// [0] IMPLICIT ExtendedCertificatesAndCertificates
asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, certs),
// [1] IMPLICIT CertificateRevocationLists
asn1.create(asn1.Class.CONTEXT_SPECIFIC, 1, true, crls),
// SignerInfos
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true,
msg.signerInfos)
])
])
]);
},
/**
* Signs the content.
*
* @param signer the signer (or array of signers) to sign as, for each:
* key the private key to sign with.
* [md] the message digest to use, defaults to sha-1.
*/
sign: function(signer) {
if('content' in msg) {
throw 'PKCS#7 signing not yet implemented.';
}
if(typeof msg.content !== 'object') {
// use Data ContentInfo
msg.contentInfo = asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// ContentType
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(forge.pki.oids.data).getBytes())
]);
// add actual content, if present
if('content' in msg) {
msg.contentInfo.value.push(
// [0] EXPLICIT content
asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,
msg.content)
]));
}
}
// TODO: generate digest algorithm identifiers
// TODO: generate signerInfos
},
verify: function() {
throw 'PKCS#7 signature verification not yet implemented.';
},
/**
* Add a certificate.
*
* @param cert the certificate to add.
*/
addCertificate: function(cert) {
// convert from PEM
if(typeof cert === 'string') {
cert = forge.pki.certificateFromPem(cert);
}
msg.certificates.push(cert);
},
/**
* Add a certificate revokation list.
*
* @param crl the certificate revokation list to add.
*/
addCertificateRevokationList: function(crl) {
throw 'PKCS#7 CRL support not yet implemented.';
}
};
return msg;
@ -402,7 +533,7 @@ p7.createEncryptedData = function() {
msg = {
type: forge.pki.oids.encryptedData,
version: 0,
encContent: {
encryptedContent: {
algorithm: forge.pki.oids['aes256-CBC']
},
@ -423,7 +554,7 @@ p7.createEncryptedData = function() {
*/
decrypt: function(key) {
if(key !== undefined) {
msg.encContent.key = key;
msg.encryptedContent.key = key;
}
_decryptContent(msg);
}
@ -442,17 +573,17 @@ p7.createEnvelopedData = function() {
type: forge.pki.oids.envelopedData,
version: 0,
recipients: [],
encContent: {
encryptedContent: {
algorithm: forge.pki.oids['aes256-CBC']
},
/**
* Reads an EnvelopedData content block (in ASN.1 format)
*
* @param obj The ASN.1 representation of the EnvelopedData content block
* @param obj the ASN.1 representation of the EnvelopedData content block.
*/
fromAsn1: function(obj) {
// Validate EnvelopedData content block and capture data.
// validate EnvelopedData content block and capture data
var capture = _fromAsn1(msg, obj, p7.asn1.envelopedDataValidator);
msg.recipients = _recipientInfosFromAsn1(capture.recipientInfos.value);
},
@ -474,7 +605,7 @@ p7.createEnvelopedData = function() {
_recipientInfosToAsn1(msg.recipients)),
// EncryptedContentInfo
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true,
_encContentToAsn1(msg.encContent))
_encryptedContentToAsn1(msg.encryptedContent))
])
])
]);
@ -526,18 +657,18 @@ p7.createEnvelopedData = function() {
* @param privKey The (RSA) private key object
*/
decrypt: function(recipient, privKey) {
if(msg.encContent.key === undefined && recipient !== undefined
if(msg.encryptedContent.key === undefined && recipient !== undefined
&& privKey !== undefined) {
switch(recipient.encContent.algorithm) {
switch(recipient.encryptedContent.algorithm) {
case forge.pki.oids.rsaEncryption:
var key = privKey.decrypt(recipient.encContent.content);
msg.encContent.key = forge.util.createBuffer(key);
var key = privKey.decrypt(recipient.encryptedContent.content);
msg.encryptedContent.key = forge.util.createBuffer(key);
break;
default:
throw {
message: 'Unsupported asymmetric cipher, '
+ 'OID ' + recipient.encContent.algorithm
+ 'OID ' + recipient.encryptedContent.algorithm
};
}
}
@ -555,7 +686,7 @@ p7.createEnvelopedData = function() {
version: 0,
issuer: cert.subject.attributes,
serialNumber: cert.serialNumber,
encContent: {
encryptedContent: {
// We simply assume rsaEncryption here, since forge.pki only
// supports RSA so far. If the PKI module supports other
// ciphers one day, we need to modify this one as well.
@ -570,8 +701,8 @@ p7.createEnvelopedData = function() {
*
* This function supports two optional arguments, cipher and key, which
* can be used to influence symmetric encryption. Unless cipher is
* provided, the cipher specified in encContent.algorithm is used
* (defaults to AES-256-CBC). If no key is provided, encContent.key
* provided, the cipher specified in encryptedContent.algorithm is used
* (defaults to AES-256-CBC). If no key is provided, encryptedContent.key
* is (re-)used. If that one's not set, a random key will be generated
* automatically.
*
@ -580,9 +711,9 @@ p7.createEnvelopedData = function() {
*/
encrypt: function(key, cipher) {
// Part 1: Symmetric encryption
if(msg.encContent.content === undefined) {
cipher = cipher || msg.encContent.algorithm;
key = key || msg.encContent.key;
if(msg.encryptedContent.content === undefined) {
cipher = cipher || msg.encryptedContent.algorithm;
key = key || msg.encryptedContent.key;
var keyLen, ivLen, ciphFn;
switch(cipher) {
@ -627,13 +758,13 @@ p7.createEnvelopedData = function() {
// Keep a copy of the key & IV in the object, so the caller can
// use it for whatever reason.
msg.encContent.algorithm = cipher;
msg.encContent.key = key;
msg.encContent.parameter
= forge.util.createBuffer(forge.random.getBytes(ivLen));
msg.encryptedContent.algorithm = cipher;
msg.encryptedContent.key = key;
msg.encryptedContent.parameter = forge.util.createBuffer(
forge.random.getBytes(ivLen));
var ciph = ciphFn(key);
ciph.start(msg.encContent.parameter.copy());
ciph.start(msg.encryptedContent.parameter.copy());
ciph.update(msg.content);
// The finish function does PKCS#7 padding by default, therefore
@ -644,27 +775,29 @@ p7.createEnvelopedData = function() {
};
}
msg.encContent.content = ciph.output;
msg.encryptedContent.content = ciph.output;
}
// Part 2: asymmetric encryption for each recipient
for(var i = 0; i < msg.recipients.length; i ++) {
var recipient = msg.recipients[i];
if(recipient.encContent.content !== undefined) {
continue; // Nothing to do, encryption already done.
// Nothing to do, encryption already done.
if(recipient.encryptedContent.content !== undefined) {
continue;
}
switch(recipient.encContent.algorithm) {
switch(recipient.encryptedContent.algorithm) {
case forge.pki.oids.rsaEncryption:
recipient.encContent.content =
recipient.encContent.key.encrypt(msg.encContent.key.data);
recipient.encryptedContent.content =
recipient.encryptedContent.key.encrypt(
msg.encryptedContent.key.data);
break;
default:
throw {
message: 'Unsupported asymmetric cipher, OID '
+ recipient.encContent.algorithm
message: 'Unsupported asymmetric cipher, OID ' +
recipient.encryptedContent.algorithm
};
}
}
@ -729,11 +862,12 @@ define([
'./aes',
'./asn1',
'./des',
'./oids',
'./pem',
'./pkcs7asn1',
'./pki',
'./random',
'./util'
'./util',
'./x509'
], function() {
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
});

3
src/lib/pkcs7asn1.js
View File

@ -162,7 +162,7 @@ var encryptedContentInfoValidator = {
* In order to support both, we just capture the context specific
* field here. The OCTET STRING bit is removed below.
*/
capture: 'encContent'
capture: 'encryptedContent'
}]
};
@ -283,6 +283,7 @@ p7v.signedDataValidator = {
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SET,
capture: 'signerInfos',
optional: true,
value: [signerValidator]
}]
};

4210
src/lib/pki.js
View File

File diff suppressed because it is too large Load Diff

516
src/lib/rsa.js
View File

@ -4,13 +4,69 @@
* @author Dave Longley
*
* Copyright (c) 2010-2013 Digital Bazaar, Inc.
*
* The only algorithm currently supported for PKI is RSA.
*
* An RSA key is often stored in ASN.1 DER format. The SubjectPublicKeyInfo
* ASN.1 structure is composed of an algorithm of type AlgorithmIdentifier
* and a subjectPublicKey of type bit string.
*
* The AlgorithmIdentifier contains an Object Identifier (OID) and parameters
* for the algorithm, if any. In the case of RSA, there aren't any.
*
* SubjectPublicKeyInfo ::= SEQUENCE {
* algorithm AlgorithmIdentifier,
* subjectPublicKey BIT STRING
* }
*
* AlgorithmIdentifer ::= SEQUENCE {
* algorithm OBJECT IDENTIFIER,
* parameters ANY DEFINED BY algorithm OPTIONAL
* }
*
* For an RSA public key, the subjectPublicKey is:
*
* RSAPublicKey ::= SEQUENCE {
* modulus INTEGER, -- n
* publicExponent INTEGER -- e
* }
*
* PrivateKeyInfo ::= SEQUENCE {
* version Version,
* privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
* privateKey PrivateKey,
* attributes [0] IMPLICIT Attributes OPTIONAL
* }
*
* Version ::= INTEGER
* PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
* PrivateKey ::= OCTET STRING
* Attributes ::= SET OF Attribute
*
* An RSA private key as the following structure:
*
* RSAPrivateKey ::= SEQUENCE {
* version Version,
* modulus INTEGER, -- n
* publicExponent INTEGER, -- e
* privateExponent INTEGER, -- d
* prime1 INTEGER, -- p
* prime2 INTEGER, -- q
* exponent1 INTEGER, -- d mod (p-1)
* exponent2 INTEGER, -- d mod (q-1)
* coefficient INTEGER -- (inverse of q) mod p
* }
*
* Version ::= INTEGER
*
* The OID for the RSA key algorithm is: 1.2.840.113549.1.1.1
*/
(function() {
function initModule(forge) {
/* ########## Begin module implementation ########## */
if(typeof BigInteger === 'undefined') {
BigInteger = forge.jsbn.BigInteger;
var BigInteger = forge.jsbn.BigInteger;
}
// shortcut for asn.1 API
@ -26,6 +82,178 @@ var pki = forge.pki;
// for finding primes, which are 30k+i for i = 1, 7, 11, 13, 17, 19, 23, 29
var GCD_30_DELTA = [6, 4, 2, 4, 2, 4, 6, 2];
// validator for a PrivateKeyInfo structure
var privateKeyValidator = {
// PrivateKeyInfo
name: 'PrivateKeyInfo',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
// Version (INTEGER)
name: 'PrivateKeyInfo.version',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.INTEGER,
constructed: false,
capture: 'privateKeyVersion'
}, {
// privateKeyAlgorithm
name: 'PrivateKeyInfo.privateKeyAlgorithm',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
name: 'AlgorithmIdentifier.algorithm',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.OID,
constructed: false,
capture: 'privateKeyOid'
}]
}, {
// PrivateKey
name: 'PrivateKeyInfo',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.OCTETSTRING,
constructed: false,
capture: 'privateKey'
}]
};
// validator for an RSA private key
var rsaPrivateKeyValidator = {
// RSAPrivateKey
name: 'RSAPrivateKey',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
// Version (INTEGER)
name: 'RSAPrivateKey.version',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.INTEGER,
constructed: false,
capture: 'privateKeyVersion'
}, {
// modulus (n)
name: 'RSAPrivateKey.modulus',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.INTEGER,
constructed: false,
capture: 'privateKeyModulus'
}, {
// publicExponent (e)
name: 'RSAPrivateKey.publicExponent',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.INTEGER,
constructed: false,
capture: 'privateKeyPublicExponent'
}, {
// privateExponent (d)
name: 'RSAPrivateKey.privateExponent',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.INTEGER,
constructed: false,
capture: 'privateKeyPrivateExponent'
}, {
// prime1 (p)
name: 'RSAPrivateKey.prime1',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.INTEGER,
constructed: false,
capture: 'privateKeyPrime1'
}, {
// prime2 (q)
name: 'RSAPrivateKey.prime2',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.INTEGER,
constructed: false,
capture: 'privateKeyPrime2'
}, {
// exponent1 (d mod (p-1))
name: 'RSAPrivateKey.exponent1',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.INTEGER,
constructed: false,
capture: 'privateKeyExponent1'
}, {
// exponent2 (d mod (q-1))
name: 'RSAPrivateKey.exponent2',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.INTEGER,
constructed: false,
capture: 'privateKeyExponent2'
}, {
// coefficient ((inverse of q) mod p)
name: 'RSAPrivateKey.coefficient',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.INTEGER,
constructed: false,
capture: 'privateKeyCoefficient'
}]
};
// validator for an RSA public key
var rsaPublicKeyValidator = {
// RSAPublicKey
name: 'RSAPublicKey',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
// modulus (n)
name: 'RSAPublicKey.modulus',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.INTEGER,
constructed: false,
capture: 'publicKeyModulus'
}, {
// publicExponent (e)
name: 'RSAPublicKey.exponent',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.INTEGER,
constructed: false,
capture: 'publicKeyExponent'
}]
};
// validator for an SubjectPublicKeyInfo structure
// Note: Currently only works with an RSA public key
var publicKeyValidator = forge.pki.rsa.publicKeyValidator = {
name: 'SubjectPublicKeyInfo',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
captureAsn1: 'subjectPublicKeyInfo',
value: [{
name: 'SubjectPublicKeyInfo.AlgorithmIdentifier',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
value: [{
name: 'AlgorithmIdentifier.algorithm',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.OID,
constructed: false,
capture: 'publicKeyOid'
}]
}, {
// subjectPublicKey
name: 'SubjectPublicKeyInfo.subjectPublicKey',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.BITSTRING,
constructed: false,
value: [{
// RSAPublicKey
name: 'SubjectPublicKeyInfo.subjectPublicKey.RSAPublicKey',
tagClass: asn1.Class.UNIVERSAL,
type: asn1.Type.SEQUENCE,
constructed: true,
optional: true,
captureAsn1: 'rsaPublicKey'
}]
}]
};
/**
* Wrap digest in DigestInfo object.
*
@ -46,8 +274,8 @@ var GCD_30_DELTA = [6, 4, 2, 4, 2, 4, 6, 2];
var emsaPkcs1v15encode = function(md) {
// get the oid for the algorithm
var oid;
if(md.algorithm in forge.pki.oids) {
oid = forge.pki.oids[md.algorithm];
if(md.algorithm in pki.oids) {
oid = pki.oids[md.algorithm];
}
else {
throw {
@ -91,6 +319,10 @@ var _modPow = function(x, key, pub) {
if(pub) {
y = x.modPow(key.e, key.n);
}
else if(!key.p || !key.q) {
// allow calculation without CRT params (slow)
y = x.modPow(key.d, key.n);
}
else {
// pre-compute dP, dQ, and qInv if necessary
if(!key.dP) {
@ -539,11 +771,11 @@ pki.rsa.stepKeyPairGenerationState = function(state, n) {
else if(state.state === 5) {
var d = state.e.modInverse(state.phi);
state.keys = {
privateKey: forge.pki.rsa.setPrivateKey(
privateKey: pki.rsa.setPrivateKey(
state.n, state.e, d, state.p, state.q,
d.mod(state.p1), d.mod(state.q1),
state.q.modInverse(state.p)),
publicKey: forge.pki.rsa.setPublicKey(state.n, state.e)
publicKey: pki.rsa.setPublicKey(state.n, state.e)
};
}
@ -650,7 +882,7 @@ pki.rsa.generateKeyPair = function(bits, e, options, callback) {
*
* @return the public key.
*/
pki.rsa.setPublicKey = function(n, e) {
pki.setRsaPublicKey = pki.rsa.setPublicKey = function(n, e) {
var key = {
n: n,
e: e
@ -789,7 +1021,8 @@ pki.rsa.setPublicKey = function(n, e) {
*
* @return the private key.
*/
pki.rsa.setPrivateKey = function(n, e, d, p, q, dP, dQ, qInv) {
pki.setRsaPrivateKey = pki.rsa.setPrivateKey = function(
n, e, d, p, q, dP, dQ, qInv) {
var key = {
n: n,
e: e,
@ -897,6 +1130,236 @@ pki.rsa.setPrivateKey = function(n, e, d, p, q, dP, dQ, qInv) {
return key;
};
/**
* Wraps an RSAPrivateKey ASN.1 object in an ASN.1 PrivateKeyInfo object.
*
* @param rsaKey the ASN.1 RSAPrivateKey.
*
* @return the ASN.1 PrivateKeyInfo.
*/
pki.wrapRsaPrivateKey = function(rsaKey) {
// PrivateKeyInfo
return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// version (0)
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false, '\x00'),
// privateKeyAlgorithm
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(pki.oids.rsaEncryption).getBytes()),
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '')
]),
// PrivateKey
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,
asn1.toDer(rsaKey).getBytes())
]);
};
/**
* Wraps an RSAPrivateKey ASN.1 object in an ASN.1 PrivateKeyInfo object.
*
* @param rsaKey the ASN.1 RSAPrivateKey.
*
* @return the ASN.1 PrivateKeyInfo.
*/
pki.wrapRsaPrivateKey = function(rsaKey) {
// PrivateKeyInfo
return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// version (0)
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false, '\x00'),
// privateKeyAlgorithm
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
asn1.create(
asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(pki.oids.rsaEncryption).getBytes()),
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '')
]),
// PrivateKey
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,
asn1.toDer(rsaKey).getBytes())
]);
};
/**
* Converts a private key from an ASN.1 object.
*
* @param obj the ASN.1 representation of a PrivateKeyInfo containing an
* RSAPrivateKey or an RSAPrivateKey.
*
* @return the private key.
*/
pki.privateKeyFromAsn1 = function(obj) {
// get PrivateKeyInfo
var capture = {};
var errors = [];
if(asn1.validate(obj, privateKeyValidator, capture, errors)) {
obj = asn1.fromDer(forge.util.createBuffer(capture.privateKey));
}
// get RSAPrivateKey
capture = {};
errors = [];
if(!asn1.validate(obj, rsaPrivateKeyValidator, capture, errors)) {
throw {
message: 'Cannot read private key. ' +
'ASN.1 object does not contain an RSAPrivateKey.',
errors: errors
};
}
// Note: Version is currently ignored.
// capture.privateKeyVersion
// FIXME: inefficient, get a BigInteger that uses byte strings
var n, e, d, p, q, dP, dQ, qInv;
n = forge.util.createBuffer(capture.privateKeyModulus).toHex();
e = forge.util.createBuffer(capture.privateKeyPublicExponent).toHex();
d = forge.util.createBuffer(capture.privateKeyPrivateExponent).toHex();
p = forge.util.createBuffer(capture.privateKeyPrime1).toHex();
q = forge.util.createBuffer(capture.privateKeyPrime2).toHex();
dP = forge.util.createBuffer(capture.privateKeyExponent1).toHex();
dQ = forge.util.createBuffer(capture.privateKeyExponent2).toHex();
qInv = forge.util.createBuffer(capture.privateKeyCoefficient).toHex();
// set private key
return pki.setRsaPrivateKey(
new BigInteger(n, 16),
new BigInteger(e, 16),
new BigInteger(d, 16),
new BigInteger(p, 16),
new BigInteger(q, 16),
new BigInteger(dP, 16),
new BigInteger(dQ, 16),
new BigInteger(qInv, 16));
};
/**
* Converts a private key to an ASN.1 RSAPrivateKey.
*
* @param key the private key.
*
* @return the ASN.1 representation of an RSAPrivateKey.
*/
pki.privateKeyToAsn1 = pki.privateKeyToRSAPrivateKey = function(key) {
// RSAPrivateKey
return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// version (0 = only 2 primes, 1 multiple primes)
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
String.fromCharCode(0x00)),
// modulus (n)
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
_bnToBytes(key.n)),
// publicExponent (e)
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
_bnToBytes(key.e)),
// privateExponent (d)
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
_bnToBytes(key.d)),
// privateKeyPrime1 (p)
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
_bnToBytes(key.p)),
// privateKeyPrime2 (q)
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
_bnToBytes(key.q)),
// privateKeyExponent1 (dP)
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
_bnToBytes(key.dP)),
// privateKeyExponent2 (dQ)
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
_bnToBytes(key.dQ)),
// coefficient (qInv)
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
_bnToBytes(key.qInv))
]);
};
/**
* Converts a public key from an ASN.1 SubjectPublicKeyInfo or RSAPublicKey.
*
* @param obj the asn1 representation of a SubjectPublicKeyInfo or RSAPublicKey.
*
* @return the public key.
*/
pki.publicKeyFromAsn1 = function(obj) {
// get SubjectPublicKeyInfo
var capture = {};
var errors = [];
if(asn1.validate(obj, publicKeyValidator, capture, errors)) {
// get oid
var oid = asn1.derToOid(capture.publicKeyOid);
if(oid !== pki.oids.rsaEncryption) {
throw {
message: 'Cannot read public key. Unknown OID.',
oid: oid
};
}
obj = capture.rsaPublicKey;
}
// get RSA params
errors = [];
if(!asn1.validate(obj, rsaPublicKeyValidator, capture, errors)) {
throw {
message: 'Cannot read public key. ' +
'ASN.1 object does not contain an RSAPublicKey.',
errors: errors
};
}
// FIXME: inefficient, get a BigInteger that uses byte strings
var n = forge.util.createBuffer(capture.publicKeyModulus).toHex();
var e = forge.util.createBuffer(capture.publicKeyExponent).toHex();
// set public key
return pki.setRsaPublicKey(
new BigInteger(n, 16),
new BigInteger(e, 16));
};
/**
* Converts a public key to an ASN.1 SubjectPublicKeyInfo.
*
* @param key the public key.
*
* @return the asn1 representation of a SubjectPublicKeyInfo.
*/
pki.publicKeyToAsn1 = pki.publicKeyToSubjectPublicKeyInfo = function(key) {
// SubjectPublicKeyInfo
return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// AlgorithmIdentifier
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// algorithm
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
asn1.oidToDer(pki.oids.rsaEncryption).getBytes()),
// parameters (null)
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '')
]),
// subjectPublicKey
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.BITSTRING, false, [
pki.publicKeyToRSAPublicKey(key)
])
]);
};
/**
* Converts a public key to an ASN.1 RSAPublicKey.
*
* @param key the public key.
*
* @return the asn1 representation of a RSAPublicKey.
*/
pki.publicKeyToRSAPublicKey = function(key) {
// RSAPublicKey
return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
// modulus (n)
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
_bnToBytes(key.n)),
// publicExponent (e)
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
_bnToBytes(key.e))
]);
};
/**
* Encodes a message using PKCS#1 v1.5 padding.
*
@ -954,9 +1417,20 @@ function _encodePkcs1_v1_5(m, key, bt) {
}
// public key op
else {
for(var i = 0; i < padNum; ++i) {
padByte = Math.floor(Math.random() * 255) + 1;
eb.putByte(padByte);
// pad with random non-zero values
while(padNum > 0) {
var numZeros = 0;
var padBytes = forge.random.getBytes(padNum);
for(var i = 0; i < padNum; ++i) {
padByte = padBytes.charCodeAt(i);
if(padByte === 0) {
++numZeros;
}
else {
eb.putByte(padByte);
}
}
padNum = numZeros;
}
}
@ -1076,7 +1550,7 @@ function _generateKeyPair(state, options, callback) {
// 10 ms gives 5ms of leeway for other calculations before dropping
// below 60fps (1000/60 == 16.67), but in reality, the number will
// likely be higher due to an 'atomic' big int modPow
if(forge.pki.rsa.stepKeyPairGenerationState(state, 10)) {
if(pki.rsa.stepKeyPairGenerationState(state, 10)) {
return callback(null, state.keys);
}
forge.util.setImmediate(step);
@ -1226,17 +1700,33 @@ function _generateKeyPair(state, options, callback) {
// set keys
var d = state.e.modInverse(state.phi);
state.keys = {
privateKey: forge.pki.rsa.setPrivateKey(
privateKey: pki.rsa.setPrivateKey(
state.n, state.e, d, state.p, state.q,
d.mod(state.p1), d.mod(state.q1),
state.q.modInverse(state.p)),
publicKey: forge.pki.rsa.setPublicKey(state.n, state.e)
publicKey: pki.rsa.setPublicKey(state.n, state.e)
};
callback(null, state.keys);
}
}
/**
* Converts a positive BigInteger into 2's-complement big-endian bytes.
*
* @param b the big integer to convert.
*
* @return the bytes.
*/
function _bnToBytes(b) {
// prepend 0x00 if first byte >= 0x80
var hex = b.toString(16);
if(hex[0] >= '8') {
hex = '00' + hex;
}
return forge.util.hexToBytes(hex);
}
} // end module implementation
/* ########## Begin module wrapper ########## */

3018
src/lib/x509.js Normal file
View File

File diff suppressed because it is too large Load Diff