mirror of
https://github.com/moparisthebest/mail
synced 2025-01-11 05:28:00 -05:00
upgrade to forge 0.2.6
This commit is contained in:
parent
429e4b75a6
commit
d02f61b4a8
@ -169,6 +169,22 @@
|
||||
}
|
||||
};
|
||||
|
||||
/**
|
||||
* Convert a UTF-16 encoded string to UTF8
|
||||
* @param str [String] a UTF-16 encoded string
|
||||
*/
|
||||
Util.prototype.encodeUtf8 = function(str) {
|
||||
return this._forge.util.encodeUtf8(str);
|
||||
};
|
||||
|
||||
/**
|
||||
* Convert a UTF-8 encoded string to UTF-16
|
||||
* @param str [String] a UTF-8 encoded string
|
||||
*/
|
||||
Util.prototype.decodeUtf8 = function(str) {
|
||||
return this._forge.util.decodeUtf8(str);
|
||||
};
|
||||
|
||||
/**
|
||||
* Validate an email address. This regex is taken from:
|
||||
* http://stackoverflow.com/questions/46155/validate-email-address-in-javascript
|
||||
|
1
src/lib/forge.min.js
vendored
Normal file
1
src/lib/forge.min.js
vendored
Normal file
File diff suppressed because one or more lines are too long
943
src/lib/pbe.js
Normal file
943
src/lib/pbe.js
Normal file
@ -0,0 +1,943 @@
|
||||
/**
|
||||
* Password-based encryption functions.
|
||||
*
|
||||
* @author Dave Longley
|
||||
* @author Stefan Siegl <stesie@brokenpipe.de>
|
||||
*
|
||||
* Copyright (c) 2010-2013 Digital Bazaar, Inc.
|
||||
* Copyright (c) 2012 Stefan Siegl <stesie@brokenpipe.de>
|
||||
*
|
||||
* An EncryptedPrivateKeyInfo:
|
||||
*
|
||||
* EncryptedPrivateKeyInfo ::= SEQUENCE {
|
||||
* encryptionAlgorithm EncryptionAlgorithmIdentifier,
|
||||
* encryptedData EncryptedData }
|
||||
*
|
||||
* EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
|
||||
*
|
||||
* EncryptedData ::= OCTET STRING
|
||||
*/
|
||||
(function() {
|
||||
/* ########## Begin module implementation ########## */
|
||||
function initModule(forge) {
|
||||
|
||||
if(typeof BigInteger === 'undefined') {
|
||||
var BigInteger = forge.jsbn.BigInteger;
|
||||
}
|
||||
|
||||
// shortcut for asn.1 API
|
||||
var asn1 = forge.asn1;
|
||||
|
||||
/* Password-based encryption implementation. */
|
||||
var pki = forge.pki = forge.pki || {};
|
||||
pki.pbe = forge.pbe = forge.pbe || {};
|
||||
var oids = pki.oids;
|
||||
|
||||
// validator for an EncryptedPrivateKeyInfo structure
|
||||
// Note: Currently only works w/algorithm params
|
||||
var encryptedPrivateKeyValidator = {
|
||||
name: 'EncryptedPrivateKeyInfo',
|
||||
tagClass: asn1.Class.UNIVERSAL,
|
||||
type: asn1.Type.SEQUENCE,
|
||||
constructed: true,
|
||||
value: [{
|
||||
name: 'EncryptedPrivateKeyInfo.encryptionAlgorithm',
|
||||
tagClass: asn1.Class.UNIVERSAL,
|
||||
type: asn1.Type.SEQUENCE,
|
||||
constructed: true,
|
||||
value: [{
|
||||
name: 'AlgorithmIdentifier.algorithm',
|
||||
tagClass: asn1.Class.UNIVERSAL,
|
||||
type: asn1.Type.OID,
|
||||
constructed: false,
|
||||
capture: 'encryptionOid'
|
||||
}, {
|
||||
name: 'AlgorithmIdentifier.parameters',
|
||||
tagClass: asn1.Class.UNIVERSAL,
|
||||
type: asn1.Type.SEQUENCE,
|
||||
constructed: true,
|
||||
captureAsn1: 'encryptionParams'
|
||||
}]
|
||||
}, {
|
||||
// encryptedData
|
||||
name: 'EncryptedPrivateKeyInfo.encryptedData',
|
||||
tagClass: asn1.Class.UNIVERSAL,
|
||||
type: asn1.Type.OCTETSTRING,
|
||||
constructed: false,
|
||||
capture: 'encryptedData'
|
||||
}]
|
||||
};
|
||||
|
||||
// validator for a PBES2Algorithms structure
|
||||
// Note: Currently only works w/PBKDF2 + AES encryption schemes
|
||||
var PBES2AlgorithmsValidator = {
|
||||
name: 'PBES2Algorithms',
|
||||
tagClass: asn1.Class.UNIVERSAL,
|
||||
type: asn1.Type.SEQUENCE,
|
||||
constructed: true,
|
||||
value: [{
|
||||
name: 'PBES2Algorithms.keyDerivationFunc',
|
||||
tagClass: asn1.Class.UNIVERSAL,
|
||||
type: asn1.Type.SEQUENCE,
|
||||
constructed: true,
|
||||
value: [{
|
||||
name: 'PBES2Algorithms.keyDerivationFunc.oid',
|
||||
tagClass: asn1.Class.UNIVERSAL,
|
||||
type: asn1.Type.OID,
|
||||
constructed: false,
|
||||
capture: 'kdfOid'
|
||||
}, {
|
||||
name: 'PBES2Algorithms.params',
|
||||
tagClass: asn1.Class.UNIVERSAL,
|
||||
type: asn1.Type.SEQUENCE,
|
||||
constructed: true,
|
||||
value: [{
|
||||
name: 'PBES2Algorithms.params.salt',
|
||||
tagClass: asn1.Class.UNIVERSAL,
|
||||
type: asn1.Type.OCTETSTRING,
|
||||
constructed: false,
|
||||
capture: 'kdfSalt'
|
||||
}, {
|
||||
name: 'PBES2Algorithms.params.iterationCount',
|
||||
tagClass: asn1.Class.UNIVERSAL,
|
||||
type: asn1.Type.INTEGER,
|
||||
onstructed: true,
|
||||
capture: 'kdfIterationCount'
|
||||
}]
|
||||
}]
|
||||
}, {
|
||||
name: 'PBES2Algorithms.encryptionScheme',
|
||||
tagClass: asn1.Class.UNIVERSAL,
|
||||
type: asn1.Type.SEQUENCE,
|
||||
constructed: true,
|
||||
value: [{
|
||||
name: 'PBES2Algorithms.encryptionScheme.oid',
|
||||
tagClass: asn1.Class.UNIVERSAL,
|
||||
type: asn1.Type.OID,
|
||||
constructed: false,
|
||||
capture: 'encOid'
|
||||
}, {
|
||||
name: 'PBES2Algorithms.encryptionScheme.iv',
|
||||
tagClass: asn1.Class.UNIVERSAL,
|
||||
type: asn1.Type.OCTETSTRING,
|
||||
constructed: false,
|
||||
capture: 'encIv'
|
||||
}]
|
||||
}]
|
||||
};
|
||||
|
||||
var pkcs12PbeParamsValidator = {
|
||||
name: 'pkcs-12PbeParams',
|
||||
tagClass: asn1.Class.UNIVERSAL,
|
||||
type: asn1.Type.SEQUENCE,
|
||||
constructed: true,
|
||||
value: [{
|
||||
name: 'pkcs-12PbeParams.salt',
|
||||
tagClass: asn1.Class.UNIVERSAL,
|
||||
type: asn1.Type.OCTETSTRING,
|
||||
constructed: false,
|
||||
capture: 'salt'
|
||||
}, {
|
||||
name: 'pkcs-12PbeParams.iterations',
|
||||
tagClass: asn1.Class.UNIVERSAL,
|
||||
type: asn1.Type.INTEGER,
|
||||
constructed: false,
|
||||
capture: 'iterations'
|
||||
}]
|
||||
};
|
||||
|
||||
/**
|
||||
* Encrypts a ASN.1 PrivateKeyInfo object, producing an EncryptedPrivateKeyInfo.
|
||||
*
|
||||
* PBES2Algorithms ALGORITHM-IDENTIFIER ::=
|
||||
* { {PBES2-params IDENTIFIED BY id-PBES2}, ...}
|
||||
*
|
||||
* id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13}
|
||||
*
|
||||
* PBES2-params ::= SEQUENCE {
|
||||
* keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}},
|
||||
* encryptionScheme AlgorithmIdentifier {{PBES2-Encs}}
|
||||
* }
|
||||
*
|
||||
* PBES2-KDFs ALGORITHM-IDENTIFIER ::=
|
||||
* { {PBKDF2-params IDENTIFIED BY id-PBKDF2}, ... }
|
||||
*
|
||||
* PBES2-Encs ALGORITHM-IDENTIFIER ::= { ... }
|
||||
*
|
||||
* PBKDF2-params ::= SEQUENCE {
|
||||
* salt CHOICE {
|
||||
* specified OCTET STRING,
|
||||
* otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}}
|
||||
* },
|
||||
* iterationCount INTEGER (1..MAX),
|
||||
* keyLength INTEGER (1..MAX) OPTIONAL,
|
||||
* prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1
|
||||
* }
|
||||
*
|
||||
* @param obj the ASN.1 PrivateKeyInfo object.
|
||||
* @param password the password to encrypt with.
|
||||
* @param options:
|
||||
* algorithm the encryption algorithm to use
|
||||
* ('aes128', 'aes192', 'aes256', '3des'), defaults to 'aes128'.
|
||||
* count the iteration count to use.
|
||||
* saltSize the salt size to use.
|
||||
*
|
||||
* @return the ASN.1 EncryptedPrivateKeyInfo.
|
||||
*/
|
||||
pki.encryptPrivateKeyInfo = function(obj, password, options) {
|
||||
// set default options
|
||||
options = options || {};
|
||||
options.saltSize = options.saltSize || 8;
|
||||
options.count = options.count || 2048;
|
||||
options.algorithm = options.algorithm || 'aes128';
|
||||
|
||||
// generate PBE params
|
||||
var salt = forge.random.getBytes(options.saltSize);
|
||||
var count = options.count;
|
||||
var countBytes = forge.util.createBuffer();
|
||||
countBytes.putInt16(count);
|
||||
var dkLen;
|
||||
var encryptionAlgorithm;
|
||||
var encryptedData;
|
||||
if(options.algorithm.indexOf('aes') === 0) {
|
||||
// Do PBES2
|
||||
var encOid;
|
||||
if(options.algorithm === 'aes128') {
|
||||
dkLen = 16;
|
||||
encOid = oids['aes128-CBC'];
|
||||
}
|
||||
else if(options.algorithm === 'aes192') {
|
||||
dkLen = 24;
|
||||
encOid = oids['aes192-CBC'];
|
||||
}
|
||||
else if(options.algorithm === 'aes256') {
|
||||
dkLen = 32;
|
||||
encOid = oids['aes256-CBC'];
|
||||
}
|
||||
else {
|
||||
throw {
|
||||
message: 'Cannot encrypt private key. Unknown encryption algorithm.',
|
||||
algorithm: options.algorithm
|
||||
};
|
||||
}
|
||||
|
||||
// encrypt private key using pbe SHA-1 and AES
|
||||
var dk = forge.pkcs5.pbkdf2(password, salt, count, dkLen);
|
||||
var iv = forge.random.getBytes(16);
|
||||
var cipher = forge.aes.createEncryptionCipher(dk);
|
||||
cipher.start(iv);
|
||||
cipher.update(asn1.toDer(obj));
|
||||
cipher.finish();
|
||||
encryptedData = cipher.output.getBytes();
|
||||
|
||||
encryptionAlgorithm = asn1.create(
|
||||
asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
|
||||
asn1.oidToDer(oids['pkcs5PBES2']).getBytes()),
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
|
||||
// keyDerivationFunc
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
|
||||
asn1.oidToDer(oids['pkcs5PBKDF2']).getBytes()),
|
||||
// PBKDF2-params
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
|
||||
// salt
|
||||
asn1.create(
|
||||
asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, salt),
|
||||
// iteration count
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
|
||||
countBytes.getBytes())
|
||||
])
|
||||
]),
|
||||
// encryptionScheme
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
|
||||
asn1.oidToDer(encOid).getBytes()),
|
||||
// iv
|
||||
asn1.create(
|
||||
asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, iv)
|
||||
])
|
||||
])
|
||||
]);
|
||||
}
|
||||
else if(options.algorithm === '3des') {
|
||||
// Do PKCS12 PBE
|
||||
dkLen = 24;
|
||||
|
||||
var saltBytes = new forge.util.ByteBuffer(salt);
|
||||
var dk = pki.pbe.generatePkcs12Key(password, saltBytes, 1, count, dkLen);
|
||||
var iv = pki.pbe.generatePkcs12Key(password, saltBytes, 2, count, dkLen);
|
||||
var cipher = forge.des.createEncryptionCipher(dk);
|
||||
cipher.start(iv);
|
||||
cipher.update(asn1.toDer(obj));
|
||||
cipher.finish();
|
||||
encryptedData = cipher.output.getBytes();
|
||||
|
||||
encryptionAlgorithm = asn1.create(
|
||||
asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
|
||||
asn1.oidToDer(oids['pbeWithSHAAnd3-KeyTripleDES-CBC']).getBytes()),
|
||||
// pkcs-12PbeParams
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
|
||||
// salt
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, salt),
|
||||
// iteration count
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
|
||||
countBytes.getBytes())
|
||||
])
|
||||
]);
|
||||
}
|
||||
else {
|
||||
throw {
|
||||
message: 'Cannot encrypt private key. Unknown encryption algorithm.',
|
||||
algorithm: options.algorithm
|
||||
};
|
||||
}
|
||||
|
||||
// EncryptedPrivateKeyInfo
|
||||
var rval = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
|
||||
// encryptionAlgorithm
|
||||
encryptionAlgorithm,
|
||||
// encryptedData
|
||||
asn1.create(
|
||||
asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, encryptedData)
|
||||
]);
|
||||
return rval;
|
||||
};
|
||||
|
||||
/**
|
||||
* Decrypts a ASN.1 PrivateKeyInfo object.
|
||||
*
|
||||
* @param obj the ASN.1 EncryptedPrivateKeyInfo object.
|
||||
* @param password the password to decrypt with.
|
||||
*
|
||||
* @return the ASN.1 PrivateKeyInfo on success, null on failure.
|
||||
*/
|
||||
pki.decryptPrivateKeyInfo = function(obj, password) {
|
||||
var rval = null;
|
||||
|
||||
// get PBE params
|
||||
var capture = {};
|
||||
var errors = [];
|
||||
if(!asn1.validate(obj, encryptedPrivateKeyValidator, capture, errors)) {
|
||||
throw {
|
||||
message: 'Cannot read encrypted private key. ' +
|
||||
'ASN.1 object is not a supported EncryptedPrivateKeyInfo.',
|
||||
errors: errors
|
||||
};
|
||||
}
|
||||
|
||||
// get cipher
|
||||
var oid = asn1.derToOid(capture.encryptionOid);
|
||||
var cipher = pki.pbe.getCipher(oid, capture.encryptionParams, password);
|
||||
|
||||
// get encrypted data
|
||||
var encrypted = forge.util.createBuffer(capture.encryptedData);
|
||||
|
||||
cipher.update(encrypted);
|
||||
if(cipher.finish()) {
|
||||
rval = asn1.fromDer(cipher.output);
|
||||
}
|
||||
|
||||
return rval;
|
||||
};
|
||||
|
||||
/**
|
||||
* Converts a EncryptedPrivateKeyInfo to PEM format.
|
||||
*
|
||||
* @param epki the EncryptedPrivateKeyInfo.
|
||||
* @param maxline the maximum characters per line, defaults to 64.
|
||||
*
|
||||
* @return the PEM-formatted encrypted private key.
|
||||
*/
|
||||
pki.encryptedPrivateKeyToPem = function(epki, maxline) {
|
||||
// convert to DER, then PEM-encode
|
||||
var msg = {
|
||||
type: 'ENCRYPTED PRIVATE KEY',
|
||||
body: asn1.toDer(epki).getBytes()
|
||||
};
|
||||
return forge.pem.encode(msg, {maxline: maxline});
|
||||
};
|
||||
|
||||
/**
|
||||
* Converts a PEM-encoded EncryptedPrivateKeyInfo to ASN.1 format. Decryption
|
||||
* is not performed.
|
||||
*
|
||||
* @param pem the EncryptedPrivateKeyInfo in PEM-format.
|
||||
*
|
||||
* @return the ASN.1 EncryptedPrivateKeyInfo.
|
||||
*/
|
||||
pki.encryptedPrivateKeyFromPem = function(pem) {
|
||||
var msg = forge.pem.decode(pem)[0];
|
||||
|
||||
if(msg.type !== 'ENCRYPTED PRIVATE KEY') {
|
||||
throw {
|
||||
message: 'Could not convert encrypted private key from PEM; PEM header ' +
|
||||
'type is "ENCRYPTED PRIVATE KEY".',
|
||||
headerType: msg.type
|
||||
};
|
||||
}
|
||||
if(msg.procType && msg.procType.type === 'ENCRYPTED') {
|
||||
throw {
|
||||
message: 'Could not convert encrypted private key from PEM; ' +
|
||||
'PEM is encrypted.'
|
||||
};
|
||||
}
|
||||
|
||||
// convert DER to ASN.1 object
|
||||
return asn1.fromDer(msg.body);
|
||||
};
|
||||
|
||||
/**
|
||||
* Encrypts an RSA private key. By default, the key will be wrapped in
|
||||
* a PrivateKeyInfo and encrypted to produce a PKCS#8 EncryptedPrivateKeyInfo.
|
||||
* This is the standard, preferred way to encrypt a private key.
|
||||
*
|
||||
* To produce a non-standard PEM-encrypted private key that uses encapsulated
|
||||
* headers to indicate the encryption algorithm (old-style non-PKCS#8 OpenSSL
|
||||
* private key encryption), set the 'legacy' option to true. Note: Using this
|
||||
* option will cause the iteration count to be forced to 1.
|
||||
*
|
||||
* @param rsaKey the RSA key to encrypt.
|
||||
* @param password the password to use.
|
||||
* @param options:
|
||||
* algorithm: the encryption algorithm to use
|
||||
* ('aes128', 'aes192', 'aes256', '3des').
|
||||
* count: the iteration count to use.
|
||||
* saltSize: the salt size to use.
|
||||
* legacy: output an old non-PKCS#8 PEM-encrypted+encapsulated
|
||||
* headers (DEK-Info) private key.
|
||||
*
|
||||
* @return the PEM-encoded ASN.1 EncryptedPrivateKeyInfo.
|
||||
*/
|
||||
pki.encryptRsaPrivateKey = function(rsaKey, password, options) {
|
||||
// standard PKCS#8
|
||||
options = options || {};
|
||||
if(!options.legacy) {
|
||||
// encrypt PrivateKeyInfo
|
||||
var rval = pki.wrapRsaPrivateKey(pki.privateKeyToAsn1(rsaKey));
|
||||
rval = pki.encryptPrivateKeyInfo(rval, password, options);
|
||||
return pki.encryptedPrivateKeyToPem(rval);
|
||||
}
|
||||
|
||||
// legacy non-PKCS#8
|
||||
var algorithm;
|
||||
var iv;
|
||||
var dkLen;
|
||||
var cipherFn;
|
||||
switch(options.algorithm) {
|
||||
case 'aes128':
|
||||
algorithm = 'AES-128-CBC';
|
||||
dkLen = 16;
|
||||
iv = forge.random.getBytes(16);
|
||||
cipherFn = forge.aes.createEncryptionCipher;
|
||||
break;
|
||||
case 'aes192':
|
||||
algorithm = 'AES-192-CBC';
|
||||
dkLen = 24;
|
||||
iv = forge.random.getBytes(16);
|
||||
cipherFn = forge.aes.createEncryptionCipher;
|
||||
break;
|
||||
case 'aes256':
|
||||
algorithm = 'AES-256-CBC';
|
||||
dkLen = 32;
|
||||
iv = forge.random.getBytes(16);
|
||||
cipherFn = forge.aes.createEncryptionCipher;
|
||||
break;
|
||||
case '3des':
|
||||
algorithm = 'DES-EDE3-CBC';
|
||||
dkLen = 24;
|
||||
iv = forge.random.getBytes(8);
|
||||
cipherFn = forge.des.createEncryptionCipher;
|
||||
break;
|
||||
default:
|
||||
throw {
|
||||
message: 'Could not encrypt RSA private key; unsupported encryption ' +
|
||||
'algorithm "' + options.algorithm + '".',
|
||||
algorithm: options.algorithm
|
||||
};
|
||||
}
|
||||
|
||||
// encrypt private key using OpenSSL legacy key derivation
|
||||
var dk = evpBytesToKey(password, iv.substr(0, 8), dkLen);
|
||||
var cipher = cipherFn(dk);
|
||||
cipher.start(iv);
|
||||
cipher.update(asn1.toDer(pki.privateKeyToAsn1(rsaKey)));
|
||||
cipher.finish();
|
||||
|
||||
var msg = {
|
||||
type: 'RSA PRIVATE KEY',
|
||||
procType: {
|
||||
version: '4',
|
||||
type: 'ENCRYPTED'
|
||||
},
|
||||
dekInfo: {
|
||||
algorithm: algorithm,
|
||||
parameters: forge.util.bytesToHex(iv).toUpperCase()
|
||||
},
|
||||
body: cipher.output.getBytes()
|
||||
};
|
||||
return forge.pem.encode(msg);
|
||||
};
|
||||
|
||||
/**
|
||||
* Decrypts an RSA private key.
|
||||
*
|
||||
* @param pem the PEM-formatted EncryptedPrivateKeyInfo to decrypt.
|
||||
* @param password the password to use.
|
||||
*
|
||||
* @return the RSA key on success, null on failure.
|
||||
*/
|
||||
pki.decryptRsaPrivateKey = function(pem, password) {
|
||||
var rval = null;
|
||||
|
||||
var msg = forge.pem.decode(pem)[0];
|
||||
|
||||
if(msg.type !== 'ENCRYPTED PRIVATE KEY' &&
|
||||
msg.type !== 'PRIVATE KEY' &&
|
||||
msg.type !== 'RSA PRIVATE KEY') {
|
||||
throw {
|
||||
message: 'Could not convert private key from PEM; PEM header type is ' +
|
||||
'not "ENCRYPTED PRIVATE KEY", "PRIVATE KEY", or "RSA PRIVATE KEY".',
|
||||
headerType: msg.type
|
||||
};
|
||||
}
|
||||
|
||||
if(msg.procType && msg.procType.type === 'ENCRYPTED') {
|
||||
var dkLen;
|
||||
var cipherFn;
|
||||
switch(msg.dekInfo.algorithm) {
|
||||
case 'DES-EDE3-CBC':
|
||||
dkLen = 24;
|
||||
cipherFn = forge.des.createDecryptionCipher;
|
||||
break;
|
||||
case 'AES-128-CBC':
|
||||
dkLen = 16;
|
||||
cipherFn = forge.aes.createDecryptionCipher;
|
||||
break;
|
||||
case 'AES-192-CBC':
|
||||
dkLen = 24;
|
||||
cipherFn = forge.aes.createDecryptionCipher;
|
||||
break;
|
||||
case 'AES-256-CBC':
|
||||
dkLen = 32;
|
||||
cipherFn = forge.aes.createDecryptionCipher;
|
||||
break;
|
||||
case 'RC2-40-CBC':
|
||||
dkLen = 5;
|
||||
cipherFn = function(key) {
|
||||
return forge.rc2.createDecryptionCipher(key, 40);
|
||||
};
|
||||
break;
|
||||
case 'RC2-64-CBC':
|
||||
dkLen = 8;
|
||||
cipherFn = function(key) {
|
||||
return forge.rc2.createDecryptionCipher(key, 64);
|
||||
};
|
||||
break;
|
||||
case 'RC2-128-CBC':
|
||||
dkLen = 16;
|
||||
cipherFn = function(key) {
|
||||
return forge.rc2.createDecryptionCipher(key, 128);
|
||||
};
|
||||
break;
|
||||
default:
|
||||
throw {
|
||||
message: 'Could not decrypt private key; unsupported encryption ' +
|
||||
'algorithm "' + msg.dekInfo.algorithm + '".',
|
||||
algorithm: msg.dekInfo.algorithm
|
||||
};
|
||||
}
|
||||
|
||||
// use OpenSSL legacy key derivation
|
||||
var iv = forge.util.hexToBytes(msg.dekInfo.parameters);
|
||||
var dk = evpBytesToKey(password, iv.substr(0, 8), dkLen);
|
||||
var cipher = cipherFn(dk);
|
||||
cipher.start(iv);
|
||||
cipher.update(forge.util.createBuffer(msg.body));
|
||||
if(cipher.finish()) {
|
||||
rval = cipher.output.getBytes();
|
||||
}
|
||||
else {
|
||||
return rval;
|
||||
}
|
||||
}
|
||||
else {
|
||||
rval = msg.body;
|
||||
}
|
||||
|
||||
if(msg.type === 'ENCRYPTED PRIVATE KEY') {
|
||||
rval = pki.decryptPrivateKeyInfo(asn1.fromDer(rval), password);
|
||||
}
|
||||
else {
|
||||
// decryption already performed above
|
||||
rval = asn1.fromDer(rval);
|
||||
}
|
||||
|
||||
if(rval !== null) {
|
||||
rval = pki.privateKeyFromAsn1(rval);
|
||||
}
|
||||
|
||||
return rval;
|
||||
};
|
||||
|
||||
/**
|
||||
* Derives a PKCS#12 key.
|
||||
*
|
||||
* @param password the password to derive the key material from.
|
||||
* @param salt the salt, as a ByteBuffer, to use.
|
||||
* @param id the PKCS#12 ID byte (1 = key material, 2 = IV, 3 = MAC).
|
||||
* @param iter the iteration count.
|
||||
* @param n the number of bytes to derive from the password.
|
||||
* @param md the message digest to use, defaults to SHA-1.
|
||||
*
|
||||
* @return a ByteBuffer with the bytes derived from the password.
|
||||
*/
|
||||
pki.pbe.generatePkcs12Key = function(password, salt, id, iter, n, md) {
|
||||
var j, l;
|
||||
|
||||
if(typeof md === 'undefined' || md === null) {
|
||||
md = forge.md.sha1.create();
|
||||
}
|
||||
|
||||
var u = md.digestLength;
|
||||
var v = md.blockLength;
|
||||
var result = new forge.util.ByteBuffer();
|
||||
|
||||
/* Convert password to Unicode byte buffer + trailing 0-byte. */
|
||||
var passBuf = new forge.util.ByteBuffer();
|
||||
for(l = 0; l < password.length; l++) {
|
||||
passBuf.putInt16(password.charCodeAt(l));
|
||||
}
|
||||
passBuf.putInt16(0);
|
||||
|
||||
/* Length of salt and password in BYTES. */
|
||||
var p = passBuf.length();
|
||||
var s = salt.length();
|
||||
|
||||
/* 1. Construct a string, D (the "diversifier"), by concatenating
|
||||
v copies of ID. */
|
||||
var D = new forge.util.ByteBuffer();
|
||||
D.fillWithByte(id, v);
|
||||
|
||||
/* 2. Concatenate copies of the salt together to create a string S of length
|
||||
v * ceil(s / v) bytes (the final copy of the salt may be trunacted
|
||||
to create S).
|
||||
Note that if the salt is the empty string, then so is S. */
|
||||
var Slen = v * Math.ceil(s / v);
|
||||
var S = new forge.util.ByteBuffer();
|
||||
for(l = 0; l < Slen; l ++) {
|
||||
S.putByte(salt.at(l % s));
|
||||
}
|
||||
|
||||
/* 3. Concatenate copies of the password together to create a string P of
|
||||
length v * ceil(p / v) bytes (the final copy of the password may be
|
||||
truncated to create P).
|
||||
Note that if the password is the empty string, then so is P. */
|
||||
var Plen = v * Math.ceil(p / v);
|
||||
var P = new forge.util.ByteBuffer();
|
||||
for(l = 0; l < Plen; l ++) {
|
||||
P.putByte(passBuf.at(l % p));
|
||||
}
|
||||
|
||||
/* 4. Set I=S||P to be the concatenation of S and P. */
|
||||
var I = S;
|
||||
I.putBuffer(P);
|
||||
|
||||
/* 5. Set c=ceil(n / u). */
|
||||
var c = Math.ceil(n / u);
|
||||
|
||||
/* 6. For i=1, 2, ..., c, do the following: */
|
||||
for(var i = 1; i <= c; i ++) {
|
||||
/* a) Set Ai=H^r(D||I). (l.e. the rth hash of D||I, H(H(H(...H(D||I)))) */
|
||||
var buf = new forge.util.ByteBuffer();
|
||||
buf.putBytes(D.bytes());
|
||||
buf.putBytes(I.bytes());
|
||||
for(var round = 0; round < iter; round ++) {
|
||||
md.start();
|
||||
md.update(buf.getBytes());
|
||||
buf = md.digest();
|
||||
}
|
||||
|
||||
/* b) Concatenate copies of Ai to create a string B of length v bytes (the
|
||||
final copy of Ai may be truncated to create B). */
|
||||
var B = new forge.util.ByteBuffer();
|
||||
for(l = 0; l < v; l ++) {
|
||||
B.putByte(buf.at(l % u));
|
||||
}
|
||||
|
||||
/* c) Treating I as a concatenation I0, I1, ..., Ik-1 of v-byte blocks,
|
||||
where k=ceil(s / v) + ceil(p / v), modify I by setting
|
||||
Ij=(Ij+B+1) mod 2v for each j. */
|
||||
var k = Math.ceil(s / v) + Math.ceil(p / v);
|
||||
var Inew = new forge.util.ByteBuffer();
|
||||
for(j = 0; j < k; j ++) {
|
||||
var chunk = new forge.util.ByteBuffer(I.getBytes(v));
|
||||
var x = 0x1ff;
|
||||
for(l = B.length() - 1; l >= 0; l --) {
|
||||
x = x >> 8;
|
||||
x += B.at(l) + chunk.at(l);
|
||||
chunk.setAt(l, x & 0xff);
|
||||
}
|
||||
Inew.putBuffer(chunk);
|
||||
}
|
||||
I = Inew;
|
||||
|
||||
/* Add Ai to A. */
|
||||
result.putBuffer(buf);
|
||||
}
|
||||
|
||||
result.truncate(result.length() - n);
|
||||
return result;
|
||||
};
|
||||
|
||||
/**
|
||||
* Get new Forge cipher object instance.
|
||||
*
|
||||
* @param oid the OID (in string notation).
|
||||
* @param params the ASN.1 params object.
|
||||
* @param password the password to decrypt with.
|
||||
*
|
||||
* @return new cipher object instance.
|
||||
*/
|
||||
pki.pbe.getCipher = function(oid, params, password) {
|
||||
switch(oid) {
|
||||
case pki.oids['pkcs5PBES2']:
|
||||
return pki.pbe.getCipherForPBES2(oid, params, password);
|
||||
|
||||
case pki.oids['pbeWithSHAAnd3-KeyTripleDES-CBC']:
|
||||
case pki.oids['pbewithSHAAnd40BitRC2-CBC']:
|
||||
return pki.pbe.getCipherForPKCS12PBE(oid, params, password);
|
||||
|
||||
default:
|
||||
throw {
|
||||
message: 'Cannot read encrypted PBE data block. Unsupported OID.',
|
||||
oid: oid,
|
||||
supportedOids: [
|
||||
'pkcs5PBES2',
|
||||
'pbeWithSHAAnd3-KeyTripleDES-CBC',
|
||||
'pbewithSHAAnd40BitRC2-CBC'
|
||||
]
|
||||
};
|
||||
}
|
||||
};
|
||||
|
||||
/**
|
||||
* Get new Forge cipher object instance according to PBES2 params block.
|
||||
*
|
||||
* The returned cipher instance is already started using the IV
|
||||
* from PBES2 parameter block.
|
||||
*
|
||||
* @param oid the PKCS#5 PBKDF2 OID (in string notation).
|
||||
* @param params the ASN.1 PBES2-params object.
|
||||
* @param password the password to decrypt with.
|
||||
*
|
||||
* @return new cipher object instance.
|
||||
*/
|
||||
pki.pbe.getCipherForPBES2 = function(oid, params, password) {
|
||||
// get PBE params
|
||||
var capture = {};
|
||||
var errors = [];
|
||||
if(!asn1.validate(params, PBES2AlgorithmsValidator, capture, errors)) {
|
||||
throw {
|
||||
message: 'Cannot read password-based-encryption algorithm ' +
|
||||
'parameters. ASN.1 object is not a supported ' +
|
||||
'EncryptedPrivateKeyInfo.',
|
||||
errors: errors
|
||||
};
|
||||
}
|
||||
|
||||
// check oids
|
||||
oid = asn1.derToOid(capture.kdfOid);
|
||||
if(oid !== pki.oids['pkcs5PBKDF2']) {
|
||||
throw {
|
||||
message: 'Cannot read encrypted private key. ' +
|
||||
'Unsupported key derivation function OID.',
|
||||
oid: oid,
|
||||
supportedOids: ['pkcs5PBKDF2']
|
||||
};
|
||||
}
|
||||
oid = asn1.derToOid(capture.encOid);
|
||||
if(oid !== pki.oids['aes128-CBC'] &&
|
||||
oid !== pki.oids['aes192-CBC'] &&
|
||||
oid !== pki.oids['aes256-CBC']) {
|
||||
throw {
|
||||
message: 'Cannot read encrypted private key. ' +
|
||||
'Unsupported encryption scheme OID.',
|
||||
oid: oid,
|
||||
supportedOids: ['aes128-CBC', 'aes192-CBC', 'aes256-CBC']
|
||||
};
|
||||
}
|
||||
|
||||
// set PBE params
|
||||
var salt = capture.kdfSalt;
|
||||
var count = forge.util.createBuffer(capture.kdfIterationCount);
|
||||
count = count.getInt(count.length() << 3);
|
||||
var dkLen;
|
||||
if(oid === pki.oids['aes128-CBC']) {
|
||||
dkLen = 16;
|
||||
}
|
||||
else if(oid === pki.oids['aes192-CBC']) {
|
||||
dkLen = 24;
|
||||
}
|
||||
else if(oid === pki.oids['aes256-CBC']) {
|
||||
dkLen = 32;
|
||||
}
|
||||
|
||||
// decrypt private key using pbe SHA-1 and AES
|
||||
var dk = forge.pkcs5.pbkdf2(password, salt, count, dkLen);
|
||||
var iv = capture.encIv;
|
||||
var cipher = forge.aes.createDecryptionCipher(dk);
|
||||
cipher.start(iv);
|
||||
|
||||
return cipher;
|
||||
};
|
||||
|
||||
/**
|
||||
* Get new Forge cipher object instance for PKCS#12 PBE.
|
||||
*
|
||||
* The returned cipher instance is already started using the key & IV
|
||||
* derived from the provided password and PKCS#12 PBE salt.
|
||||
*
|
||||
* @param oid The PKCS#12 PBE OID (in string notation).
|
||||
* @param params The ASN.1 PKCS#12 PBE-params object.
|
||||
* @param password The password to decrypt with.
|
||||
* @return New cipher object instance.
|
||||
*/
|
||||
pki.pbe.getCipherForPKCS12PBE = function(oid, params, password) {
|
||||
// get PBE params
|
||||
var capture = {};
|
||||
var errors = [];
|
||||
if(!asn1.validate(params, pkcs12PbeParamsValidator, capture, errors)) {
|
||||
throw {
|
||||
message: 'Cannot read password-based-encryption algorithm ' +
|
||||
'parameters. ASN.1 object is not a supported ' +
|
||||
'EncryptedPrivateKeyInfo.',
|
||||
errors: errors
|
||||
};
|
||||
}
|
||||
|
||||
var salt = forge.util.createBuffer(capture.salt);
|
||||
var count = forge.util.createBuffer(capture.iterations);
|
||||
count = count.getInt(count.length() << 3);
|
||||
|
||||
var dkLen, dIvLen, cipherFn;
|
||||
switch(oid) {
|
||||
case pki.oids['pbeWithSHAAnd3-KeyTripleDES-CBC']:
|
||||
dkLen = 24;
|
||||
dIvLen = 8;
|
||||
cipherFn = forge.des.startDecrypting;
|
||||
break;
|
||||
|
||||
case pki.oids['pbewithSHAAnd40BitRC2-CBC']:
|
||||
dkLen = 5;
|
||||
dIvLen = 8;
|
||||
cipherFn = function(key, iv) {
|
||||
var cipher = forge.rc2.createDecryptionCipher(key, 40);
|
||||
cipher.start(iv, null);
|
||||
return cipher;
|
||||
};
|
||||
break;
|
||||
|
||||
default:
|
||||
throw {
|
||||
message: 'Cannot read PKCS #12 PBE data block. Unsupported OID.',
|
||||
oid: oid
|
||||
};
|
||||
}
|
||||
|
||||
var key = pki.pbe.generatePkcs12Key(password, salt, 1, count, dkLen);
|
||||
var iv = pki.pbe.generatePkcs12Key(password, salt, 2, count, dIvLen);
|
||||
|
||||
return cipherFn(key, iv);
|
||||
};
|
||||
|
||||
/**
|
||||
* OpenSSL's legacy key derivation function.
|
||||
*
|
||||
* See: http://www.openssl.org/docs/crypto/EVP_BytesToKey.html
|
||||
*
|
||||
* @param password the password to derive the key from.
|
||||
* @param salt the salt to use.
|
||||
* @param dkLen the number of bytes needed for the derived key.
|
||||
*/
|
||||
function evpBytesToKey(password, salt, dkLen) {
|
||||
var digests = [md5(password + salt)];
|
||||
for(var length = 16, i = 1; length < dkLen; ++i, length += 16) {
|
||||
digests.push(md5(digests[i - 1] + password + salt));
|
||||
}
|
||||
return digests.join('').substr(0, dkLen);
|
||||
}
|
||||
|
||||
function md5(bytes) {
|
||||
return forge.md.md5.create().update(bytes).digest().getBytes();
|
||||
}
|
||||
|
||||
} // end module implementation
|
||||
|
||||
/* ########## Begin module wrapper ########## */
|
||||
var name = 'pbe';
|
||||
if(typeof define !== 'function') {
|
||||
// NodeJS -> AMD
|
||||
if(typeof module === 'object' && module.exports) {
|
||||
var nodeJS = true;
|
||||
define = function(ids, factory) {
|
||||
factory(require, module);
|
||||
};
|
||||
}
|
||||
// <script>
|
||||
else {
|
||||
if(typeof forge === 'undefined') {
|
||||
forge = {};
|
||||
}
|
||||
return initModule(forge);
|
||||
}
|
||||
}
|
||||
// AMD
|
||||
var deps;
|
||||
var defineFunc = function(require, module) {
|
||||
module.exports = function(forge) {
|
||||
var mods = deps.map(function(dep) {
|
||||
return require(dep);
|
||||
}).concat(initModule);
|
||||
// handle circular dependencies
|
||||
forge = forge || {};
|
||||
forge.defined = forge.defined || {};
|
||||
if(forge.defined[name]) {
|
||||
return forge[name];
|
||||
}
|
||||
forge.defined[name] = true;
|
||||
for(var i = 0; i < mods.length; ++i) {
|
||||
mods[i](forge);
|
||||
}
|
||||
return forge[name];
|
||||
};
|
||||
};
|
||||
var tmpDefine = define;
|
||||
define = function(ids, factory) {
|
||||
deps = (typeof ids === 'string') ? factory.slice(2) : ids.slice(2);
|
||||
if(nodeJS) {
|
||||
delete define;
|
||||
return tmpDefine.apply(null, Array.prototype.slice.call(arguments, 0));
|
||||
}
|
||||
define = tmpDefine;
|
||||
return define.apply(null, Array.prototype.slice.call(arguments, 0));
|
||||
};
|
||||
define([
|
||||
'require',
|
||||
'module',
|
||||
'./aes',
|
||||
'./asn1',
|
||||
'./des',
|
||||
'./md',
|
||||
'./oids',
|
||||
'./pem',
|
||||
'./pbkdf2',
|
||||
'./random',
|
||||
'./rc2',
|
||||
'./rsa',
|
||||
'./util'
|
||||
], function() {
|
||||
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
|
||||
});
|
||||
})();
|
@ -27,7 +27,7 @@ var pkcs5 = forge.pkcs5 = forge.pkcs5 || {};
|
||||
*/
|
||||
forge.pbkdf2 = pkcs5.pbkdf2 = function(p, s, c, dkLen, md) {
|
||||
// default prf to SHA-1
|
||||
if(typeof(md) === 'undefined' || md === null) {
|
||||
if(typeof md === 'undefined' || md === null) {
|
||||
md = forge.md.sha1.create();
|
||||
}
|
||||
|
||||
@ -81,6 +81,7 @@ forge.pbkdf2 = pkcs5.pbkdf2 = function(p, s, c, dkLen, md) {
|
||||
var xor, u_c, u_c1;
|
||||
for(var i = 1; i <= len; ++i) {
|
||||
// PRF(P, S || INT(i)) (first iteration)
|
||||
prf.start(null, null);
|
||||
prf.update(s);
|
||||
prf.update(forge.util.int32ToBytes(i));
|
||||
xor = u_c1 = prf.digest().getBytes();
|
||||
|
@ -573,7 +573,7 @@ function _decryptSafeContents(data, password) {
|
||||
var cipher = pki.pbe.getCipher(oid, capture.encParameter, password);
|
||||
|
||||
// get encrypted data
|
||||
var encrypted = forge.util.createBuffer(capture.encContent);
|
||||
var encrypted = forge.util.createBuffer(capture.encryptedContent);
|
||||
|
||||
cipher.update(encrypted);
|
||||
if(!cipher.finish()) {
|
||||
@ -726,7 +726,7 @@ function _decodeBagAttributes(attributes) {
|
||||
// unsupported attribute type, ignore.
|
||||
continue;
|
||||
}
|
||||
|
||||
|
||||
decodedAttrs[pki.oids[oid]] = [];
|
||||
for(var j = 0; j < capture.values.length; ++j) {
|
||||
decodedAttrs[pki.oids[oid]].push(capture.values[j].value);
|
||||
@ -783,7 +783,7 @@ p12.toPkcs12Asn1 = function(key, cert, password, options) {
|
||||
}
|
||||
|
||||
var localKeyId = options.localKeyId;
|
||||
var bagAttrs = undefined;
|
||||
var bagAttrs;
|
||||
if(localKeyId !== null) {
|
||||
localKeyId = forge.util.hexToBytes(localKeyId);
|
||||
}
|
||||
@ -799,7 +799,7 @@ p12.toPkcs12Asn1 = function(key, cert, password, options) {
|
||||
localKeyId = sha1.digest().getBytes();
|
||||
}
|
||||
// FIXME: consider using SHA-1 of public key (which can be generated
|
||||
// from private key components)
|
||||
// from private key components), see: cert.generateSubjectKeyIdentifier
|
||||
// generate random bytes
|
||||
else {
|
||||
localKeyId = forge.random.getBytes(20);
|
||||
@ -813,7 +813,7 @@ p12.toPkcs12Asn1 = function(key, cert, password, options) {
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
|
||||
// attrId
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
|
||||
asn1.oidToDer(pki.oids['localKeyId']).getBytes()),
|
||||
asn1.oidToDer(pki.oids.localKeyId).getBytes()),
|
||||
// attrValues
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, [
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,
|
||||
@ -827,7 +827,7 @@ p12.toPkcs12Asn1 = function(key, cert, password, options) {
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
|
||||
// attrId
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
|
||||
asn1.oidToDer(pki.oids['friendlyName']).getBytes()),
|
||||
asn1.oidToDer(pki.oids.friendlyName).getBytes()),
|
||||
// attrValues
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, [
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.BMPSTRING, false,
|
||||
@ -869,14 +869,14 @@ p12.toPkcs12Asn1 = function(key, cert, password, options) {
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
|
||||
// bagId
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
|
||||
asn1.oidToDer(pki.oids['certBag']).getBytes()),
|
||||
asn1.oidToDer(pki.oids.certBag).getBytes()),
|
||||
// bagValue
|
||||
asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [
|
||||
// CertBag
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
|
||||
// certId
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
|
||||
asn1.oidToDer(pki.oids['x509Certificate']).getBytes()),
|
||||
asn1.oidToDer(pki.oids.x509Certificate).getBytes()),
|
||||
// certValue (x509Certificate)
|
||||
asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [
|
||||
asn1.create(
|
||||
@ -901,7 +901,7 @@ p12.toPkcs12Asn1 = function(key, cert, password, options) {
|
||||
// contentType
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
|
||||
// OID for the content type is 'data'
|
||||
asn1.oidToDer(pki.oids['data']).getBytes()),
|
||||
asn1.oidToDer(pki.oids.data).getBytes()),
|
||||
// content
|
||||
asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [
|
||||
asn1.create(
|
||||
@ -922,7 +922,7 @@ p12.toPkcs12Asn1 = function(key, cert, password, options) {
|
||||
keyBag = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
|
||||
// bagId
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
|
||||
asn1.oidToDer(pki.oids['keyBag']).getBytes()),
|
||||
asn1.oidToDer(pki.oids.keyBag).getBytes()),
|
||||
// bagValue
|
||||
asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [
|
||||
// PrivateKeyInfo
|
||||
@ -937,7 +937,7 @@ p12.toPkcs12Asn1 = function(key, cert, password, options) {
|
||||
keyBag = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
|
||||
// bagId
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
|
||||
asn1.oidToDer(pki.oids['pkcs8ShroudedKeyBag']).getBytes()),
|
||||
asn1.oidToDer(pki.oids.pkcs8ShroudedKeyBag).getBytes()),
|
||||
// bagValue
|
||||
asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [
|
||||
// EncryptedPrivateKeyInfo
|
||||
@ -959,7 +959,7 @@ p12.toPkcs12Asn1 = function(key, cert, password, options) {
|
||||
// contentType
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
|
||||
// OID for the content type is 'data'
|
||||
asn1.oidToDer(pki.oids['data']).getBytes()),
|
||||
asn1.oidToDer(pki.oids.data).getBytes()),
|
||||
// content
|
||||
asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [
|
||||
asn1.create(
|
||||
@ -974,7 +974,7 @@ p12.toPkcs12Asn1 = function(key, cert, password, options) {
|
||||
var safe = asn1.create(
|
||||
asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, contents);
|
||||
|
||||
var macData = undefined;
|
||||
var macData;
|
||||
if(options.useMac) {
|
||||
// MacData
|
||||
var sha1 = forge.md.sha1.create();
|
||||
@ -1023,7 +1023,7 @@ p12.toPkcs12Asn1 = function(key, cert, password, options) {
|
||||
// contentType
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
|
||||
// OID for the content type is 'data'
|
||||
asn1.oidToDer(pki.oids['data']).getBytes()),
|
||||
asn1.oidToDer(pki.oids.data).getBytes()),
|
||||
// content
|
||||
asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [
|
||||
asn1.create(
|
||||
@ -1038,112 +1038,16 @@ p12.toPkcs12Asn1 = function(key, cert, password, options) {
|
||||
/**
|
||||
* Derives a PKCS#12 key.
|
||||
*
|
||||
* @param {String} password the password to derive the key material from.
|
||||
* @param {ByteBuffer} salt the salt to use.
|
||||
* @param {int} id the PKCS#12 ID byte (1 = key material, 2 = IV, 3 = MAC).
|
||||
* @param {int} iter the iteration count.
|
||||
* @param {int} n the number of bytes to derive from the password.
|
||||
* @param password the password to derive the key material from.
|
||||
* @param salt the salt, as a ByteBuffer, to use.
|
||||
* @param id the PKCS#12 ID byte (1 = key material, 2 = IV, 3 = MAC).
|
||||
* @param iter the iteration count.
|
||||
* @param n the number of bytes to derive from the password.
|
||||
* @param md the message digest to use, defaults to SHA-1.
|
||||
*
|
||||
* @return {ByteBuffer} The bytes derived from the password.
|
||||
* @return a ByteBuffer with the bytes derived from the password.
|
||||
*/
|
||||
p12.generateKey = function(password, salt, id, iter, n, md) {
|
||||
var j, l;
|
||||
|
||||
if(typeof md === 'undefined' || md === null) {
|
||||
md = forge.md.sha1.create();
|
||||
}
|
||||
|
||||
var u = md.digestLength;
|
||||
var v = md.blockLength;
|
||||
var result = new forge.util.ByteBuffer();
|
||||
|
||||
/* Convert password to Unicode byte buffer + trailing 0-byte. */
|
||||
var passBuf = new forge.util.ByteBuffer();
|
||||
for(l = 0; l < password.length; l++) {
|
||||
passBuf.putInt16(password.charCodeAt(l));
|
||||
}
|
||||
passBuf.putInt16(0);
|
||||
|
||||
/* Length of salt and password in BYTES. */
|
||||
var p = passBuf.length();
|
||||
var s = salt.length();
|
||||
|
||||
/* 1. Construct a string, D (the "diversifier"), by concatenating
|
||||
v copies of ID. */
|
||||
var D = new forge.util.ByteBuffer();
|
||||
D.fillWithByte(id, v);
|
||||
|
||||
/* 2. Concatenate copies of the salt together to create a string S of length
|
||||
v * ceil(s / v) bytes (the final copy of the salt may be trunacted
|
||||
to create S).
|
||||
Note that if the salt is the empty string, then so is S. */
|
||||
var Slen = v * Math.ceil(s / v);
|
||||
var S = new forge.util.ByteBuffer();
|
||||
for(l = 0; l < Slen; l ++) {
|
||||
S.putByte(salt.at(l % s));
|
||||
}
|
||||
|
||||
/* 3. Concatenate copies of the password together to create a string P of
|
||||
length v * ceil(p / v) bytes (the final copy of the password may be
|
||||
truncated to create P).
|
||||
Note that if the password is the empty string, then so is P. */
|
||||
var Plen = v * Math.ceil(p / v);
|
||||
var P = new forge.util.ByteBuffer();
|
||||
for(l = 0; l < Plen; l ++) {
|
||||
P.putByte(passBuf.at(l % p));
|
||||
}
|
||||
|
||||
/* 4. Set I=S||P to be the concatenation of S and P. */
|
||||
var I = S;
|
||||
I.putBuffer(P);
|
||||
|
||||
/* 5. Set c=ceil(n / u). */
|
||||
var c = Math.ceil(n / u);
|
||||
|
||||
/* 6. For i=1, 2, ..., c, do the following: */
|
||||
for(var i = 1; i <= c; i ++) {
|
||||
/* a) Set Ai=H^r(D||I). (l.e. the rth hash of D||I, H(H(H(...H(D||I)))) */
|
||||
var buf = new forge.util.ByteBuffer();
|
||||
buf.putBytes(D.bytes());
|
||||
buf.putBytes(I.bytes());
|
||||
for(var round = 0; round < iter; round ++) {
|
||||
md.start();
|
||||
md.update(buf.getBytes());
|
||||
buf = md.digest();
|
||||
}
|
||||
|
||||
/* b) Concatenate copies of Ai to create a string B of length v bytes (the
|
||||
final copy of Ai may be truncated to create B). */
|
||||
var B = new forge.util.ByteBuffer();
|
||||
for(l = 0; l < v; l ++) {
|
||||
B.putByte(buf.at(l % u));
|
||||
}
|
||||
|
||||
/* c) Treating I as a concatenation I0, I1, ..., Ik-1 of v-byte blocks,
|
||||
where k=ceil(s / v) + ceil(p / v), modify I by setting
|
||||
Ij=(Ij+B+1) mod 2v for each j. */
|
||||
var k = Math.ceil(s / v) + Math.ceil(p / v);
|
||||
var Inew = new forge.util.ByteBuffer();
|
||||
for(j = 0; j < k; j ++) {
|
||||
var chunk = new forge.util.ByteBuffer(I.getBytes(v));
|
||||
var x = 0x1ff;
|
||||
for(l = B.length() - 1; l >= 0; l --) {
|
||||
x = x >> 8;
|
||||
x += B.at(l) + chunk.at(l);
|
||||
chunk.setAt(l, x & 0xff);
|
||||
}
|
||||
Inew.putBuffer(chunk);
|
||||
}
|
||||
I = Inew;
|
||||
|
||||
/* Add Ai to A. */
|
||||
result.putBuffer(buf);
|
||||
}
|
||||
|
||||
result.truncate(result.length() - n);
|
||||
return result;
|
||||
};
|
||||
p12.generateKey = forge.pbe.generatePkcs12Key;
|
||||
|
||||
} // end module implementation
|
||||
|
||||
@ -1199,12 +1103,15 @@ define([
|
||||
'require',
|
||||
'module',
|
||||
'./asn1',
|
||||
'./sha1',
|
||||
'./hmac',
|
||||
'./oids',
|
||||
'./pkcs7asn1',
|
||||
'./pki',
|
||||
'./util',
|
||||
'./pbe',
|
||||
'./random',
|
||||
'./hmac'
|
||||
'./rsa',
|
||||
'./sha1',
|
||||
'./util',
|
||||
'./x509'
|
||||
], function() {
|
||||
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
|
||||
});
|
||||
|
260
src/lib/pkcs7.js
260
src/lib/pkcs7.js
@ -142,7 +142,7 @@ var _recipientInfoFromAsn1 = function(obj) {
|
||||
version: capture.version.charCodeAt(0),
|
||||
issuer: forge.pki.RDNAttributesAsArray(capture.issuer),
|
||||
serialNumber: forge.util.createBuffer(capture.serial).toHex(),
|
||||
encContent: {
|
||||
encryptedContent: {
|
||||
algorithm: asn1.derToOid(capture.encAlgorithm),
|
||||
parameter: capture.encParameter.value,
|
||||
content: capture.encKey
|
||||
@ -174,13 +174,13 @@ var _recipientInfoToAsn1 = function(obj) {
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
|
||||
// Algorithm
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
|
||||
asn1.oidToDer(obj.encContent.algorithm).getBytes()),
|
||||
asn1.oidToDer(obj.encryptedContent.algorithm).getBytes()),
|
||||
// Parameter, force NULL, only RSA supported for now.
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '')
|
||||
]),
|
||||
// EncryptedKey
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,
|
||||
obj.encContent.content)
|
||||
obj.encryptedContent.content)
|
||||
]);
|
||||
};
|
||||
|
||||
@ -217,11 +217,11 @@ var _recipientInfosToAsn1 = function(recipientsArr) {
|
||||
/**
|
||||
* Map messages encrypted content to ASN.1 objects.
|
||||
*
|
||||
* @param ec The encContent object of the message.
|
||||
* @param ec The encryptedContent object of the message.
|
||||
*
|
||||
* @return ASN.1 representation of the encContent object (SEQUENCE).
|
||||
* @return ASN.1 representation of the encryptedContent object (SEQUENCE).
|
||||
*/
|
||||
var _encContentToAsn1 = function(ec) {
|
||||
var _encryptedContentToAsn1 = function(ec) {
|
||||
return [
|
||||
// ContentType, always Data for the moment
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
|
||||
@ -254,19 +254,19 @@ var _encContentToAsn1 = function(ec) {
|
||||
* to allow the caller to extract further data, e.g. the list of recipients
|
||||
* in case of a EnvelopedData object.
|
||||
*
|
||||
* @param msg The PKCS#7 object to read the data to
|
||||
* @param obj The ASN.1 representation of the content block
|
||||
* @param validator The ASN.1 structure validator object to use
|
||||
* @return Map with values captured by validator object
|
||||
* @param msg the PKCS#7 object to read the data to.
|
||||
* @param obj the ASN.1 representation of the content block.
|
||||
* @param validator the ASN.1 structure validator object to use.
|
||||
*
|
||||
* @return the value map captured by validator object.
|
||||
*/
|
||||
var _fromAsn1 = function(msg, obj, validator) {
|
||||
var capture = {};
|
||||
var errors = [];
|
||||
if(!asn1.validate(obj, validator, capture, errors))
|
||||
{
|
||||
if(!asn1.validate(obj, validator, capture, errors)) {
|
||||
throw {
|
||||
message: 'Cannot read PKCS#7 message. ' +
|
||||
'ASN.1 object is not an PKCS#7 EnvelopedData.',
|
||||
'ASN.1 object is not a supported PKCS#7 message.',
|
||||
errors: errors
|
||||
};
|
||||
}
|
||||
@ -276,27 +276,27 @@ var _fromAsn1 = function(msg, obj, validator) {
|
||||
if(contentType !== forge.pki.oids.data) {
|
||||
throw {
|
||||
message: 'Unsupported PKCS#7 message. ' +
|
||||
'Only contentType Data supported within EnvelopedData.'
|
||||
'Only wrapped ContentType Data supported.'
|
||||
};
|
||||
}
|
||||
|
||||
if(capture.encContent) {
|
||||
if(capture.encryptedContent) {
|
||||
var content = '';
|
||||
if(forge.util.isArray(capture.encContent)) {
|
||||
for(var i = 0; i < capture.encContent.length; ++i) {
|
||||
if(capture.encContent[i].type !== asn1.Type.OCTETSTRING) {
|
||||
if(forge.util.isArray(capture.encryptedContent)) {
|
||||
for(var i = 0; i < capture.encryptedContent.length; ++i) {
|
||||
if(capture.encryptedContent[i].type !== asn1.Type.OCTETSTRING) {
|
||||
throw {
|
||||
message: 'Malformed PKCS#7 message, expecting encrypted ' +
|
||||
'content constructed of only OCTET STRING objects.'
|
||||
};
|
||||
}
|
||||
content += capture.encContent[i].value;
|
||||
content += capture.encryptedContent[i].value;
|
||||
}
|
||||
}
|
||||
else {
|
||||
content = capture.encContent;
|
||||
content = capture.encryptedContent;
|
||||
}
|
||||
msg.encContent = {
|
||||
msg.encryptedContent = {
|
||||
algorithm: asn1.derToOid(capture.encAlgorithm),
|
||||
parameter: forge.util.createBuffer(capture.encParameter.value),
|
||||
content: forge.util.createBuffer(content)
|
||||
@ -333,13 +333,13 @@ var _fromAsn1 = function(msg, obj, validator) {
|
||||
*
|
||||
* Decryption is skipped in case the PKCS#7 message object already has a
|
||||
* (decrypted) content attribute. The algorithm, key and cipher parameters
|
||||
* (probably the iv) are taken from the encContent attribute of the message
|
||||
* object.
|
||||
* (probably the iv) are taken from the encryptedContent attribute of the
|
||||
* message object.
|
||||
*
|
||||
* @param The PKCS#7 message object.
|
||||
*/
|
||||
var _decryptContent = function (msg) {
|
||||
if(msg.encContent.key === undefined) {
|
||||
if(msg.encryptedContent.key === undefined) {
|
||||
throw {
|
||||
message: 'Symmetric key not available.'
|
||||
};
|
||||
@ -348,26 +348,26 @@ var _decryptContent = function (msg) {
|
||||
if(msg.content === undefined) {
|
||||
var ciph;
|
||||
|
||||
switch(msg.encContent.algorithm) {
|
||||
switch(msg.encryptedContent.algorithm) {
|
||||
case forge.pki.oids['aes128-CBC']:
|
||||
case forge.pki.oids['aes192-CBC']:
|
||||
case forge.pki.oids['aes256-CBC']:
|
||||
ciph = forge.aes.createDecryptionCipher(msg.encContent.key);
|
||||
ciph = forge.aes.createDecryptionCipher(msg.encryptedContent.key);
|
||||
break;
|
||||
|
||||
case forge.pki.oids['des-EDE3-CBC']:
|
||||
ciph = forge.des.createDecryptionCipher(msg.encContent.key);
|
||||
ciph = forge.des.createDecryptionCipher(msg.encryptedContent.key);
|
||||
break;
|
||||
|
||||
default:
|
||||
throw {
|
||||
message: 'Unsupported symmetric cipher, '
|
||||
+ 'OID ' + msg.encContent.algorithm
|
||||
message: 'Unsupported symmetric cipher, OID ' +
|
||||
msg.encryptedContent.algorithm
|
||||
};
|
||||
}
|
||||
|
||||
ciph.start(msg.encContent.parameter);
|
||||
ciph.update(msg.encContent.content);
|
||||
ciph.start(msg.encryptedContent.parameter);
|
||||
ciph.update(msg.encryptedContent.content);
|
||||
|
||||
if(!ciph.finish()) {
|
||||
throw {
|
||||
@ -384,9 +384,140 @@ p7.createSignedData = function() {
|
||||
msg = {
|
||||
type: forge.pki.oids.signedData,
|
||||
version: 1,
|
||||
certificates: [],
|
||||
crls: [],
|
||||
// populated during sign()
|
||||
digestAlgorithmIdentifiers: [],
|
||||
contentInfo: null,
|
||||
signerInfos: [],
|
||||
|
||||
fromAsn1: function(obj) {
|
||||
// validate SignedData content block and capture data.
|
||||
_fromAsn1(msg, obj, p7.asn1.signedDataValidator);
|
||||
msg.certificates = [];
|
||||
msg.crls = [];
|
||||
msg.digestAlgorithmIdentifiers = [];
|
||||
msg.contentInfo = null;
|
||||
msg.signerInfos = [];
|
||||
|
||||
var certs = msg.rawCapture.certificates.value;
|
||||
for(var i = 0; i < certs.length; ++i) {
|
||||
msg.certificates.push(forge.pki.certificateFromAsn1(certs[i]));
|
||||
}
|
||||
|
||||
// TODO: parse crls
|
||||
},
|
||||
|
||||
toAsn1: function() {
|
||||
// TODO: add support for more data types here
|
||||
if('content' in msg) {
|
||||
throw 'Signing PKCS#7 content not yet implemented.';
|
||||
}
|
||||
|
||||
// degenerate case with no content
|
||||
if(!msg.contentInfo) {
|
||||
msg.sign();
|
||||
}
|
||||
|
||||
var certs = [];
|
||||
for(var i = 0; i < msg.certificates.length; ++i) {
|
||||
certs.push(forge.pki.certificateToAsn1(msg.certificates[0]));
|
||||
}
|
||||
|
||||
var crls = [];
|
||||
// TODO: implement CRLs
|
||||
|
||||
// ContentInfo
|
||||
return asn1.create(
|
||||
asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
|
||||
// ContentType
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
|
||||
asn1.oidToDer(msg.type).getBytes()),
|
||||
// [0] SignedData
|
||||
asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
|
||||
// Version
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
|
||||
String.fromCharCode(msg.version)),
|
||||
// DigestAlgorithmIdentifiers
|
||||
asn1.create(
|
||||
asn1.Class.UNIVERSAL, asn1.Type.SET, true,
|
||||
msg.digestAlgorithmIdentifiers),
|
||||
// ContentInfo
|
||||
msg.contentInfo,
|
||||
// [0] IMPLICIT ExtendedCertificatesAndCertificates
|
||||
asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, certs),
|
||||
// [1] IMPLICIT CertificateRevocationLists
|
||||
asn1.create(asn1.Class.CONTEXT_SPECIFIC, 1, true, crls),
|
||||
// SignerInfos
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true,
|
||||
msg.signerInfos)
|
||||
])
|
||||
])
|
||||
]);
|
||||
},
|
||||
|
||||
/**
|
||||
* Signs the content.
|
||||
*
|
||||
* @param signer the signer (or array of signers) to sign as, for each:
|
||||
* key the private key to sign with.
|
||||
* [md] the message digest to use, defaults to sha-1.
|
||||
*/
|
||||
sign: function(signer) {
|
||||
if('content' in msg) {
|
||||
throw 'PKCS#7 signing not yet implemented.';
|
||||
}
|
||||
|
||||
if(typeof msg.content !== 'object') {
|
||||
// use Data ContentInfo
|
||||
msg.contentInfo = asn1.create(
|
||||
asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
|
||||
// ContentType
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
|
||||
asn1.oidToDer(forge.pki.oids.data).getBytes())
|
||||
]);
|
||||
|
||||
// add actual content, if present
|
||||
if('content' in msg) {
|
||||
msg.contentInfo.value.push(
|
||||
// [0] EXPLICIT content
|
||||
asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,
|
||||
msg.content)
|
||||
]));
|
||||
}
|
||||
}
|
||||
|
||||
// TODO: generate digest algorithm identifiers
|
||||
|
||||
// TODO: generate signerInfos
|
||||
},
|
||||
|
||||
verify: function() {
|
||||
throw 'PKCS#7 signature verification not yet implemented.';
|
||||
},
|
||||
|
||||
/**
|
||||
* Add a certificate.
|
||||
*
|
||||
* @param cert the certificate to add.
|
||||
*/
|
||||
addCertificate: function(cert) {
|
||||
// convert from PEM
|
||||
if(typeof cert === 'string') {
|
||||
cert = forge.pki.certificateFromPem(cert);
|
||||
}
|
||||
msg.certificates.push(cert);
|
||||
},
|
||||
|
||||
/**
|
||||
* Add a certificate revokation list.
|
||||
*
|
||||
* @param crl the certificate revokation list to add.
|
||||
*/
|
||||
addCertificateRevokationList: function(crl) {
|
||||
throw 'PKCS#7 CRL support not yet implemented.';
|
||||
}
|
||||
};
|
||||
return msg;
|
||||
@ -402,7 +533,7 @@ p7.createEncryptedData = function() {
|
||||
msg = {
|
||||
type: forge.pki.oids.encryptedData,
|
||||
version: 0,
|
||||
encContent: {
|
||||
encryptedContent: {
|
||||
algorithm: forge.pki.oids['aes256-CBC']
|
||||
},
|
||||
|
||||
@ -423,7 +554,7 @@ p7.createEncryptedData = function() {
|
||||
*/
|
||||
decrypt: function(key) {
|
||||
if(key !== undefined) {
|
||||
msg.encContent.key = key;
|
||||
msg.encryptedContent.key = key;
|
||||
}
|
||||
_decryptContent(msg);
|
||||
}
|
||||
@ -442,17 +573,17 @@ p7.createEnvelopedData = function() {
|
||||
type: forge.pki.oids.envelopedData,
|
||||
version: 0,
|
||||
recipients: [],
|
||||
encContent: {
|
||||
encryptedContent: {
|
||||
algorithm: forge.pki.oids['aes256-CBC']
|
||||
},
|
||||
|
||||
/**
|
||||
* Reads an EnvelopedData content block (in ASN.1 format)
|
||||
*
|
||||
* @param obj The ASN.1 representation of the EnvelopedData content block
|
||||
* @param obj the ASN.1 representation of the EnvelopedData content block.
|
||||
*/
|
||||
fromAsn1: function(obj) {
|
||||
// Validate EnvelopedData content block and capture data.
|
||||
// validate EnvelopedData content block and capture data
|
||||
var capture = _fromAsn1(msg, obj, p7.asn1.envelopedDataValidator);
|
||||
msg.recipients = _recipientInfosFromAsn1(capture.recipientInfos.value);
|
||||
},
|
||||
@ -474,7 +605,7 @@ p7.createEnvelopedData = function() {
|
||||
_recipientInfosToAsn1(msg.recipients)),
|
||||
// EncryptedContentInfo
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true,
|
||||
_encContentToAsn1(msg.encContent))
|
||||
_encryptedContentToAsn1(msg.encryptedContent))
|
||||
])
|
||||
])
|
||||
]);
|
||||
@ -526,18 +657,18 @@ p7.createEnvelopedData = function() {
|
||||
* @param privKey The (RSA) private key object
|
||||
*/
|
||||
decrypt: function(recipient, privKey) {
|
||||
if(msg.encContent.key === undefined && recipient !== undefined
|
||||
if(msg.encryptedContent.key === undefined && recipient !== undefined
|
||||
&& privKey !== undefined) {
|
||||
switch(recipient.encContent.algorithm) {
|
||||
switch(recipient.encryptedContent.algorithm) {
|
||||
case forge.pki.oids.rsaEncryption:
|
||||
var key = privKey.decrypt(recipient.encContent.content);
|
||||
msg.encContent.key = forge.util.createBuffer(key);
|
||||
var key = privKey.decrypt(recipient.encryptedContent.content);
|
||||
msg.encryptedContent.key = forge.util.createBuffer(key);
|
||||
break;
|
||||
|
||||
default:
|
||||
throw {
|
||||
message: 'Unsupported asymmetric cipher, '
|
||||
+ 'OID ' + recipient.encContent.algorithm
|
||||
+ 'OID ' + recipient.encryptedContent.algorithm
|
||||
};
|
||||
}
|
||||
}
|
||||
@ -555,7 +686,7 @@ p7.createEnvelopedData = function() {
|
||||
version: 0,
|
||||
issuer: cert.subject.attributes,
|
||||
serialNumber: cert.serialNumber,
|
||||
encContent: {
|
||||
encryptedContent: {
|
||||
// We simply assume rsaEncryption here, since forge.pki only
|
||||
// supports RSA so far. If the PKI module supports other
|
||||
// ciphers one day, we need to modify this one as well.
|
||||
@ -570,8 +701,8 @@ p7.createEnvelopedData = function() {
|
||||
*
|
||||
* This function supports two optional arguments, cipher and key, which
|
||||
* can be used to influence symmetric encryption. Unless cipher is
|
||||
* provided, the cipher specified in encContent.algorithm is used
|
||||
* (defaults to AES-256-CBC). If no key is provided, encContent.key
|
||||
* provided, the cipher specified in encryptedContent.algorithm is used
|
||||
* (defaults to AES-256-CBC). If no key is provided, encryptedContent.key
|
||||
* is (re-)used. If that one's not set, a random key will be generated
|
||||
* automatically.
|
||||
*
|
||||
@ -580,9 +711,9 @@ p7.createEnvelopedData = function() {
|
||||
*/
|
||||
encrypt: function(key, cipher) {
|
||||
// Part 1: Symmetric encryption
|
||||
if(msg.encContent.content === undefined) {
|
||||
cipher = cipher || msg.encContent.algorithm;
|
||||
key = key || msg.encContent.key;
|
||||
if(msg.encryptedContent.content === undefined) {
|
||||
cipher = cipher || msg.encryptedContent.algorithm;
|
||||
key = key || msg.encryptedContent.key;
|
||||
|
||||
var keyLen, ivLen, ciphFn;
|
||||
switch(cipher) {
|
||||
@ -627,13 +758,13 @@ p7.createEnvelopedData = function() {
|
||||
|
||||
// Keep a copy of the key & IV in the object, so the caller can
|
||||
// use it for whatever reason.
|
||||
msg.encContent.algorithm = cipher;
|
||||
msg.encContent.key = key;
|
||||
msg.encContent.parameter
|
||||
= forge.util.createBuffer(forge.random.getBytes(ivLen));
|
||||
msg.encryptedContent.algorithm = cipher;
|
||||
msg.encryptedContent.key = key;
|
||||
msg.encryptedContent.parameter = forge.util.createBuffer(
|
||||
forge.random.getBytes(ivLen));
|
||||
|
||||
var ciph = ciphFn(key);
|
||||
ciph.start(msg.encContent.parameter.copy());
|
||||
ciph.start(msg.encryptedContent.parameter.copy());
|
||||
ciph.update(msg.content);
|
||||
|
||||
// The finish function does PKCS#7 padding by default, therefore
|
||||
@ -644,27 +775,29 @@ p7.createEnvelopedData = function() {
|
||||
};
|
||||
}
|
||||
|
||||
msg.encContent.content = ciph.output;
|
||||
msg.encryptedContent.content = ciph.output;
|
||||
}
|
||||
|
||||
// Part 2: asymmetric encryption for each recipient
|
||||
for(var i = 0; i < msg.recipients.length; i ++) {
|
||||
var recipient = msg.recipients[i];
|
||||
|
||||
if(recipient.encContent.content !== undefined) {
|
||||
continue; // Nothing to do, encryption already done.
|
||||
// Nothing to do, encryption already done.
|
||||
if(recipient.encryptedContent.content !== undefined) {
|
||||
continue;
|
||||
}
|
||||
|
||||
switch(recipient.encContent.algorithm) {
|
||||
switch(recipient.encryptedContent.algorithm) {
|
||||
case forge.pki.oids.rsaEncryption:
|
||||
recipient.encContent.content =
|
||||
recipient.encContent.key.encrypt(msg.encContent.key.data);
|
||||
recipient.encryptedContent.content =
|
||||
recipient.encryptedContent.key.encrypt(
|
||||
msg.encryptedContent.key.data);
|
||||
break;
|
||||
|
||||
default:
|
||||
throw {
|
||||
message: 'Unsupported asymmetric cipher, OID '
|
||||
+ recipient.encContent.algorithm
|
||||
message: 'Unsupported asymmetric cipher, OID ' +
|
||||
recipient.encryptedContent.algorithm
|
||||
};
|
||||
}
|
||||
}
|
||||
@ -729,11 +862,12 @@ define([
|
||||
'./aes',
|
||||
'./asn1',
|
||||
'./des',
|
||||
'./oids',
|
||||
'./pem',
|
||||
'./pkcs7asn1',
|
||||
'./pki',
|
||||
'./random',
|
||||
'./util'
|
||||
'./util',
|
||||
'./x509'
|
||||
], function() {
|
||||
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
|
||||
});
|
||||
|
@ -162,7 +162,7 @@ var encryptedContentInfoValidator = {
|
||||
* In order to support both, we just capture the context specific
|
||||
* field here. The OCTET STRING bit is removed below.
|
||||
*/
|
||||
capture: 'encContent'
|
||||
capture: 'encryptedContent'
|
||||
}]
|
||||
};
|
||||
|
||||
@ -283,6 +283,7 @@ p7v.signedDataValidator = {
|
||||
tagClass: asn1.Class.UNIVERSAL,
|
||||
type: asn1.Type.SET,
|
||||
capture: 'signerInfos',
|
||||
optional: true,
|
||||
value: [signerValidator]
|
||||
}]
|
||||
};
|
||||
|
4210
src/lib/pki.js
4210
src/lib/pki.js
File diff suppressed because it is too large
Load Diff
516
src/lib/rsa.js
516
src/lib/rsa.js
@ -4,13 +4,69 @@
|
||||
* @author Dave Longley
|
||||
*
|
||||
* Copyright (c) 2010-2013 Digital Bazaar, Inc.
|
||||
*
|
||||
* The only algorithm currently supported for PKI is RSA.
|
||||
*
|
||||
* An RSA key is often stored in ASN.1 DER format. The SubjectPublicKeyInfo
|
||||
* ASN.1 structure is composed of an algorithm of type AlgorithmIdentifier
|
||||
* and a subjectPublicKey of type bit string.
|
||||
*
|
||||
* The AlgorithmIdentifier contains an Object Identifier (OID) and parameters
|
||||
* for the algorithm, if any. In the case of RSA, there aren't any.
|
||||
*
|
||||
* SubjectPublicKeyInfo ::= SEQUENCE {
|
||||
* algorithm AlgorithmIdentifier,
|
||||
* subjectPublicKey BIT STRING
|
||||
* }
|
||||
*
|
||||
* AlgorithmIdentifer ::= SEQUENCE {
|
||||
* algorithm OBJECT IDENTIFIER,
|
||||
* parameters ANY DEFINED BY algorithm OPTIONAL
|
||||
* }
|
||||
*
|
||||
* For an RSA public key, the subjectPublicKey is:
|
||||
*
|
||||
* RSAPublicKey ::= SEQUENCE {
|
||||
* modulus INTEGER, -- n
|
||||
* publicExponent INTEGER -- e
|
||||
* }
|
||||
*
|
||||
* PrivateKeyInfo ::= SEQUENCE {
|
||||
* version Version,
|
||||
* privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
|
||||
* privateKey PrivateKey,
|
||||
* attributes [0] IMPLICIT Attributes OPTIONAL
|
||||
* }
|
||||
*
|
||||
* Version ::= INTEGER
|
||||
* PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
|
||||
* PrivateKey ::= OCTET STRING
|
||||
* Attributes ::= SET OF Attribute
|
||||
*
|
||||
* An RSA private key as the following structure:
|
||||
*
|
||||
* RSAPrivateKey ::= SEQUENCE {
|
||||
* version Version,
|
||||
* modulus INTEGER, -- n
|
||||
* publicExponent INTEGER, -- e
|
||||
* privateExponent INTEGER, -- d
|
||||
* prime1 INTEGER, -- p
|
||||
* prime2 INTEGER, -- q
|
||||
* exponent1 INTEGER, -- d mod (p-1)
|
||||
* exponent2 INTEGER, -- d mod (q-1)
|
||||
* coefficient INTEGER -- (inverse of q) mod p
|
||||
* }
|
||||
*
|
||||
* Version ::= INTEGER
|
||||
*
|
||||
* The OID for the RSA key algorithm is: 1.2.840.113549.1.1.1
|
||||
*/
|
||||
(function() {
|
||||
function initModule(forge) {
|
||||
/* ########## Begin module implementation ########## */
|
||||
|
||||
if(typeof BigInteger === 'undefined') {
|
||||
BigInteger = forge.jsbn.BigInteger;
|
||||
var BigInteger = forge.jsbn.BigInteger;
|
||||
}
|
||||
|
||||
// shortcut for asn.1 API
|
||||
@ -26,6 +82,178 @@ var pki = forge.pki;
|
||||
// for finding primes, which are 30k+i for i = 1, 7, 11, 13, 17, 19, 23, 29
|
||||
var GCD_30_DELTA = [6, 4, 2, 4, 2, 4, 6, 2];
|
||||
|
||||
// validator for a PrivateKeyInfo structure
|
||||
var privateKeyValidator = {
|
||||
// PrivateKeyInfo
|
||||
name: 'PrivateKeyInfo',
|
||||
tagClass: asn1.Class.UNIVERSAL,
|
||||
type: asn1.Type.SEQUENCE,
|
||||
constructed: true,
|
||||
value: [{
|
||||
// Version (INTEGER)
|
||||
name: 'PrivateKeyInfo.version',
|
||||
tagClass: asn1.Class.UNIVERSAL,
|
||||
type: asn1.Type.INTEGER,
|
||||
constructed: false,
|
||||
capture: 'privateKeyVersion'
|
||||
}, {
|
||||
// privateKeyAlgorithm
|
||||
name: 'PrivateKeyInfo.privateKeyAlgorithm',
|
||||
tagClass: asn1.Class.UNIVERSAL,
|
||||
type: asn1.Type.SEQUENCE,
|
||||
constructed: true,
|
||||
value: [{
|
||||
name: 'AlgorithmIdentifier.algorithm',
|
||||
tagClass: asn1.Class.UNIVERSAL,
|
||||
type: asn1.Type.OID,
|
||||
constructed: false,
|
||||
capture: 'privateKeyOid'
|
||||
}]
|
||||
}, {
|
||||
// PrivateKey
|
||||
name: 'PrivateKeyInfo',
|
||||
tagClass: asn1.Class.UNIVERSAL,
|
||||
type: asn1.Type.OCTETSTRING,
|
||||
constructed: false,
|
||||
capture: 'privateKey'
|
||||
}]
|
||||
};
|
||||
|
||||
// validator for an RSA private key
|
||||
var rsaPrivateKeyValidator = {
|
||||
// RSAPrivateKey
|
||||
name: 'RSAPrivateKey',
|
||||
tagClass: asn1.Class.UNIVERSAL,
|
||||
type: asn1.Type.SEQUENCE,
|
||||
constructed: true,
|
||||
value: [{
|
||||
// Version (INTEGER)
|
||||
name: 'RSAPrivateKey.version',
|
||||
tagClass: asn1.Class.UNIVERSAL,
|
||||
type: asn1.Type.INTEGER,
|
||||
constructed: false,
|
||||
capture: 'privateKeyVersion'
|
||||
}, {
|
||||
// modulus (n)
|
||||
name: 'RSAPrivateKey.modulus',
|
||||
tagClass: asn1.Class.UNIVERSAL,
|
||||
type: asn1.Type.INTEGER,
|
||||
constructed: false,
|
||||
capture: 'privateKeyModulus'
|
||||
}, {
|
||||
// publicExponent (e)
|
||||
name: 'RSAPrivateKey.publicExponent',
|
||||
tagClass: asn1.Class.UNIVERSAL,
|
||||
type: asn1.Type.INTEGER,
|
||||
constructed: false,
|
||||
capture: 'privateKeyPublicExponent'
|
||||
}, {
|
||||
// privateExponent (d)
|
||||
name: 'RSAPrivateKey.privateExponent',
|
||||
tagClass: asn1.Class.UNIVERSAL,
|
||||
type: asn1.Type.INTEGER,
|
||||
constructed: false,
|
||||
capture: 'privateKeyPrivateExponent'
|
||||
}, {
|
||||
// prime1 (p)
|
||||
name: 'RSAPrivateKey.prime1',
|
||||
tagClass: asn1.Class.UNIVERSAL,
|
||||
type: asn1.Type.INTEGER,
|
||||
constructed: false,
|
||||
capture: 'privateKeyPrime1'
|
||||
}, {
|
||||
// prime2 (q)
|
||||
name: 'RSAPrivateKey.prime2',
|
||||
tagClass: asn1.Class.UNIVERSAL,
|
||||
type: asn1.Type.INTEGER,
|
||||
constructed: false,
|
||||
capture: 'privateKeyPrime2'
|
||||
}, {
|
||||
// exponent1 (d mod (p-1))
|
||||
name: 'RSAPrivateKey.exponent1',
|
||||
tagClass: asn1.Class.UNIVERSAL,
|
||||
type: asn1.Type.INTEGER,
|
||||
constructed: false,
|
||||
capture: 'privateKeyExponent1'
|
||||
}, {
|
||||
// exponent2 (d mod (q-1))
|
||||
name: 'RSAPrivateKey.exponent2',
|
||||
tagClass: asn1.Class.UNIVERSAL,
|
||||
type: asn1.Type.INTEGER,
|
||||
constructed: false,
|
||||
capture: 'privateKeyExponent2'
|
||||
}, {
|
||||
// coefficient ((inverse of q) mod p)
|
||||
name: 'RSAPrivateKey.coefficient',
|
||||
tagClass: asn1.Class.UNIVERSAL,
|
||||
type: asn1.Type.INTEGER,
|
||||
constructed: false,
|
||||
capture: 'privateKeyCoefficient'
|
||||
}]
|
||||
};
|
||||
|
||||
// validator for an RSA public key
|
||||
var rsaPublicKeyValidator = {
|
||||
// RSAPublicKey
|
||||
name: 'RSAPublicKey',
|
||||
tagClass: asn1.Class.UNIVERSAL,
|
||||
type: asn1.Type.SEQUENCE,
|
||||
constructed: true,
|
||||
value: [{
|
||||
// modulus (n)
|
||||
name: 'RSAPublicKey.modulus',
|
||||
tagClass: asn1.Class.UNIVERSAL,
|
||||
type: asn1.Type.INTEGER,
|
||||
constructed: false,
|
||||
capture: 'publicKeyModulus'
|
||||
}, {
|
||||
// publicExponent (e)
|
||||
name: 'RSAPublicKey.exponent',
|
||||
tagClass: asn1.Class.UNIVERSAL,
|
||||
type: asn1.Type.INTEGER,
|
||||
constructed: false,
|
||||
capture: 'publicKeyExponent'
|
||||
}]
|
||||
};
|
||||
|
||||
// validator for an SubjectPublicKeyInfo structure
|
||||
// Note: Currently only works with an RSA public key
|
||||
var publicKeyValidator = forge.pki.rsa.publicKeyValidator = {
|
||||
name: 'SubjectPublicKeyInfo',
|
||||
tagClass: asn1.Class.UNIVERSAL,
|
||||
type: asn1.Type.SEQUENCE,
|
||||
constructed: true,
|
||||
captureAsn1: 'subjectPublicKeyInfo',
|
||||
value: [{
|
||||
name: 'SubjectPublicKeyInfo.AlgorithmIdentifier',
|
||||
tagClass: asn1.Class.UNIVERSAL,
|
||||
type: asn1.Type.SEQUENCE,
|
||||
constructed: true,
|
||||
value: [{
|
||||
name: 'AlgorithmIdentifier.algorithm',
|
||||
tagClass: asn1.Class.UNIVERSAL,
|
||||
type: asn1.Type.OID,
|
||||
constructed: false,
|
||||
capture: 'publicKeyOid'
|
||||
}]
|
||||
}, {
|
||||
// subjectPublicKey
|
||||
name: 'SubjectPublicKeyInfo.subjectPublicKey',
|
||||
tagClass: asn1.Class.UNIVERSAL,
|
||||
type: asn1.Type.BITSTRING,
|
||||
constructed: false,
|
||||
value: [{
|
||||
// RSAPublicKey
|
||||
name: 'SubjectPublicKeyInfo.subjectPublicKey.RSAPublicKey',
|
||||
tagClass: asn1.Class.UNIVERSAL,
|
||||
type: asn1.Type.SEQUENCE,
|
||||
constructed: true,
|
||||
optional: true,
|
||||
captureAsn1: 'rsaPublicKey'
|
||||
}]
|
||||
}]
|
||||
};
|
||||
|
||||
/**
|
||||
* Wrap digest in DigestInfo object.
|
||||
*
|
||||
@ -46,8 +274,8 @@ var GCD_30_DELTA = [6, 4, 2, 4, 2, 4, 6, 2];
|
||||
var emsaPkcs1v15encode = function(md) {
|
||||
// get the oid for the algorithm
|
||||
var oid;
|
||||
if(md.algorithm in forge.pki.oids) {
|
||||
oid = forge.pki.oids[md.algorithm];
|
||||
if(md.algorithm in pki.oids) {
|
||||
oid = pki.oids[md.algorithm];
|
||||
}
|
||||
else {
|
||||
throw {
|
||||
@ -91,6 +319,10 @@ var _modPow = function(x, key, pub) {
|
||||
if(pub) {
|
||||
y = x.modPow(key.e, key.n);
|
||||
}
|
||||
else if(!key.p || !key.q) {
|
||||
// allow calculation without CRT params (slow)
|
||||
y = x.modPow(key.d, key.n);
|
||||
}
|
||||
else {
|
||||
// pre-compute dP, dQ, and qInv if necessary
|
||||
if(!key.dP) {
|
||||
@ -539,11 +771,11 @@ pki.rsa.stepKeyPairGenerationState = function(state, n) {
|
||||
else if(state.state === 5) {
|
||||
var d = state.e.modInverse(state.phi);
|
||||
state.keys = {
|
||||
privateKey: forge.pki.rsa.setPrivateKey(
|
||||
privateKey: pki.rsa.setPrivateKey(
|
||||
state.n, state.e, d, state.p, state.q,
|
||||
d.mod(state.p1), d.mod(state.q1),
|
||||
state.q.modInverse(state.p)),
|
||||
publicKey: forge.pki.rsa.setPublicKey(state.n, state.e)
|
||||
publicKey: pki.rsa.setPublicKey(state.n, state.e)
|
||||
};
|
||||
}
|
||||
|
||||
@ -650,7 +882,7 @@ pki.rsa.generateKeyPair = function(bits, e, options, callback) {
|
||||
*
|
||||
* @return the public key.
|
||||
*/
|
||||
pki.rsa.setPublicKey = function(n, e) {
|
||||
pki.setRsaPublicKey = pki.rsa.setPublicKey = function(n, e) {
|
||||
var key = {
|
||||
n: n,
|
||||
e: e
|
||||
@ -789,7 +1021,8 @@ pki.rsa.setPublicKey = function(n, e) {
|
||||
*
|
||||
* @return the private key.
|
||||
*/
|
||||
pki.rsa.setPrivateKey = function(n, e, d, p, q, dP, dQ, qInv) {
|
||||
pki.setRsaPrivateKey = pki.rsa.setPrivateKey = function(
|
||||
n, e, d, p, q, dP, dQ, qInv) {
|
||||
var key = {
|
||||
n: n,
|
||||
e: e,
|
||||
@ -897,6 +1130,236 @@ pki.rsa.setPrivateKey = function(n, e, d, p, q, dP, dQ, qInv) {
|
||||
return key;
|
||||
};
|
||||
|
||||
|
||||
/**
|
||||
* Wraps an RSAPrivateKey ASN.1 object in an ASN.1 PrivateKeyInfo object.
|
||||
*
|
||||
* @param rsaKey the ASN.1 RSAPrivateKey.
|
||||
*
|
||||
* @return the ASN.1 PrivateKeyInfo.
|
||||
*/
|
||||
pki.wrapRsaPrivateKey = function(rsaKey) {
|
||||
// PrivateKeyInfo
|
||||
return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
|
||||
// version (0)
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false, '\x00'),
|
||||
// privateKeyAlgorithm
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
|
||||
asn1.create(
|
||||
asn1.Class.UNIVERSAL, asn1.Type.OID, false,
|
||||
asn1.oidToDer(pki.oids.rsaEncryption).getBytes()),
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '')
|
||||
]),
|
||||
// PrivateKey
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,
|
||||
asn1.toDer(rsaKey).getBytes())
|
||||
]);
|
||||
};
|
||||
|
||||
/**
|
||||
* Wraps an RSAPrivateKey ASN.1 object in an ASN.1 PrivateKeyInfo object.
|
||||
*
|
||||
* @param rsaKey the ASN.1 RSAPrivateKey.
|
||||
*
|
||||
* @return the ASN.1 PrivateKeyInfo.
|
||||
*/
|
||||
pki.wrapRsaPrivateKey = function(rsaKey) {
|
||||
// PrivateKeyInfo
|
||||
return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
|
||||
// version (0)
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false, '\x00'),
|
||||
// privateKeyAlgorithm
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
|
||||
asn1.create(
|
||||
asn1.Class.UNIVERSAL, asn1.Type.OID, false,
|
||||
asn1.oidToDer(pki.oids.rsaEncryption).getBytes()),
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '')
|
||||
]),
|
||||
// PrivateKey
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,
|
||||
asn1.toDer(rsaKey).getBytes())
|
||||
]);
|
||||
};
|
||||
|
||||
/**
|
||||
* Converts a private key from an ASN.1 object.
|
||||
*
|
||||
* @param obj the ASN.1 representation of a PrivateKeyInfo containing an
|
||||
* RSAPrivateKey or an RSAPrivateKey.
|
||||
*
|
||||
* @return the private key.
|
||||
*/
|
||||
pki.privateKeyFromAsn1 = function(obj) {
|
||||
// get PrivateKeyInfo
|
||||
var capture = {};
|
||||
var errors = [];
|
||||
if(asn1.validate(obj, privateKeyValidator, capture, errors)) {
|
||||
obj = asn1.fromDer(forge.util.createBuffer(capture.privateKey));
|
||||
}
|
||||
|
||||
// get RSAPrivateKey
|
||||
capture = {};
|
||||
errors = [];
|
||||
if(!asn1.validate(obj, rsaPrivateKeyValidator, capture, errors)) {
|
||||
throw {
|
||||
message: 'Cannot read private key. ' +
|
||||
'ASN.1 object does not contain an RSAPrivateKey.',
|
||||
errors: errors
|
||||
};
|
||||
}
|
||||
|
||||
// Note: Version is currently ignored.
|
||||
// capture.privateKeyVersion
|
||||
// FIXME: inefficient, get a BigInteger that uses byte strings
|
||||
var n, e, d, p, q, dP, dQ, qInv;
|
||||
n = forge.util.createBuffer(capture.privateKeyModulus).toHex();
|
||||
e = forge.util.createBuffer(capture.privateKeyPublicExponent).toHex();
|
||||
d = forge.util.createBuffer(capture.privateKeyPrivateExponent).toHex();
|
||||
p = forge.util.createBuffer(capture.privateKeyPrime1).toHex();
|
||||
q = forge.util.createBuffer(capture.privateKeyPrime2).toHex();
|
||||
dP = forge.util.createBuffer(capture.privateKeyExponent1).toHex();
|
||||
dQ = forge.util.createBuffer(capture.privateKeyExponent2).toHex();
|
||||
qInv = forge.util.createBuffer(capture.privateKeyCoefficient).toHex();
|
||||
|
||||
// set private key
|
||||
return pki.setRsaPrivateKey(
|
||||
new BigInteger(n, 16),
|
||||
new BigInteger(e, 16),
|
||||
new BigInteger(d, 16),
|
||||
new BigInteger(p, 16),
|
||||
new BigInteger(q, 16),
|
||||
new BigInteger(dP, 16),
|
||||
new BigInteger(dQ, 16),
|
||||
new BigInteger(qInv, 16));
|
||||
};
|
||||
|
||||
/**
|
||||
* Converts a private key to an ASN.1 RSAPrivateKey.
|
||||
*
|
||||
* @param key the private key.
|
||||
*
|
||||
* @return the ASN.1 representation of an RSAPrivateKey.
|
||||
*/
|
||||
pki.privateKeyToAsn1 = pki.privateKeyToRSAPrivateKey = function(key) {
|
||||
// RSAPrivateKey
|
||||
return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
|
||||
// version (0 = only 2 primes, 1 multiple primes)
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
|
||||
String.fromCharCode(0x00)),
|
||||
// modulus (n)
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
|
||||
_bnToBytes(key.n)),
|
||||
// publicExponent (e)
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
|
||||
_bnToBytes(key.e)),
|
||||
// privateExponent (d)
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
|
||||
_bnToBytes(key.d)),
|
||||
// privateKeyPrime1 (p)
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
|
||||
_bnToBytes(key.p)),
|
||||
// privateKeyPrime2 (q)
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
|
||||
_bnToBytes(key.q)),
|
||||
// privateKeyExponent1 (dP)
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
|
||||
_bnToBytes(key.dP)),
|
||||
// privateKeyExponent2 (dQ)
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
|
||||
_bnToBytes(key.dQ)),
|
||||
// coefficient (qInv)
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
|
||||
_bnToBytes(key.qInv))
|
||||
]);
|
||||
};
|
||||
|
||||
/**
|
||||
* Converts a public key from an ASN.1 SubjectPublicKeyInfo or RSAPublicKey.
|
||||
*
|
||||
* @param obj the asn1 representation of a SubjectPublicKeyInfo or RSAPublicKey.
|
||||
*
|
||||
* @return the public key.
|
||||
*/
|
||||
pki.publicKeyFromAsn1 = function(obj) {
|
||||
// get SubjectPublicKeyInfo
|
||||
var capture = {};
|
||||
var errors = [];
|
||||
if(asn1.validate(obj, publicKeyValidator, capture, errors)) {
|
||||
// get oid
|
||||
var oid = asn1.derToOid(capture.publicKeyOid);
|
||||
if(oid !== pki.oids.rsaEncryption) {
|
||||
throw {
|
||||
message: 'Cannot read public key. Unknown OID.',
|
||||
oid: oid
|
||||
};
|
||||
}
|
||||
obj = capture.rsaPublicKey;
|
||||
}
|
||||
|
||||
// get RSA params
|
||||
errors = [];
|
||||
if(!asn1.validate(obj, rsaPublicKeyValidator, capture, errors)) {
|
||||
throw {
|
||||
message: 'Cannot read public key. ' +
|
||||
'ASN.1 object does not contain an RSAPublicKey.',
|
||||
errors: errors
|
||||
};
|
||||
}
|
||||
|
||||
// FIXME: inefficient, get a BigInteger that uses byte strings
|
||||
var n = forge.util.createBuffer(capture.publicKeyModulus).toHex();
|
||||
var e = forge.util.createBuffer(capture.publicKeyExponent).toHex();
|
||||
|
||||
// set public key
|
||||
return pki.setRsaPublicKey(
|
||||
new BigInteger(n, 16),
|
||||
new BigInteger(e, 16));
|
||||
};
|
||||
|
||||
/**
|
||||
* Converts a public key to an ASN.1 SubjectPublicKeyInfo.
|
||||
*
|
||||
* @param key the public key.
|
||||
*
|
||||
* @return the asn1 representation of a SubjectPublicKeyInfo.
|
||||
*/
|
||||
pki.publicKeyToAsn1 = pki.publicKeyToSubjectPublicKeyInfo = function(key) {
|
||||
// SubjectPublicKeyInfo
|
||||
return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
|
||||
// AlgorithmIdentifier
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
|
||||
// algorithm
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
|
||||
asn1.oidToDer(pki.oids.rsaEncryption).getBytes()),
|
||||
// parameters (null)
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '')
|
||||
]),
|
||||
// subjectPublicKey
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.BITSTRING, false, [
|
||||
pki.publicKeyToRSAPublicKey(key)
|
||||
])
|
||||
]);
|
||||
};
|
||||
|
||||
/**
|
||||
* Converts a public key to an ASN.1 RSAPublicKey.
|
||||
*
|
||||
* @param key the public key.
|
||||
*
|
||||
* @return the asn1 representation of a RSAPublicKey.
|
||||
*/
|
||||
pki.publicKeyToRSAPublicKey = function(key) {
|
||||
// RSAPublicKey
|
||||
return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
|
||||
// modulus (n)
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
|
||||
_bnToBytes(key.n)),
|
||||
// publicExponent (e)
|
||||
asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
|
||||
_bnToBytes(key.e))
|
||||
]);
|
||||
};
|
||||
|
||||
/**
|
||||
* Encodes a message using PKCS#1 v1.5 padding.
|
||||
*
|
||||
@ -954,9 +1417,20 @@ function _encodePkcs1_v1_5(m, key, bt) {
|
||||
}
|
||||
// public key op
|
||||
else {
|
||||
for(var i = 0; i < padNum; ++i) {
|
||||
padByte = Math.floor(Math.random() * 255) + 1;
|
||||
eb.putByte(padByte);
|
||||
// pad with random non-zero values
|
||||
while(padNum > 0) {
|
||||
var numZeros = 0;
|
||||
var padBytes = forge.random.getBytes(padNum);
|
||||
for(var i = 0; i < padNum; ++i) {
|
||||
padByte = padBytes.charCodeAt(i);
|
||||
if(padByte === 0) {
|
||||
++numZeros;
|
||||
}
|
||||
else {
|
||||
eb.putByte(padByte);
|
||||
}
|
||||
}
|
||||
padNum = numZeros;
|
||||
}
|
||||
}
|
||||
|
||||
@ -1076,7 +1550,7 @@ function _generateKeyPair(state, options, callback) {
|
||||
// 10 ms gives 5ms of leeway for other calculations before dropping
|
||||
// below 60fps (1000/60 == 16.67), but in reality, the number will
|
||||
// likely be higher due to an 'atomic' big int modPow
|
||||
if(forge.pki.rsa.stepKeyPairGenerationState(state, 10)) {
|
||||
if(pki.rsa.stepKeyPairGenerationState(state, 10)) {
|
||||
return callback(null, state.keys);
|
||||
}
|
||||
forge.util.setImmediate(step);
|
||||
@ -1226,17 +1700,33 @@ function _generateKeyPair(state, options, callback) {
|
||||
// set keys
|
||||
var d = state.e.modInverse(state.phi);
|
||||
state.keys = {
|
||||
privateKey: forge.pki.rsa.setPrivateKey(
|
||||
privateKey: pki.rsa.setPrivateKey(
|
||||
state.n, state.e, d, state.p, state.q,
|
||||
d.mod(state.p1), d.mod(state.q1),
|
||||
state.q.modInverse(state.p)),
|
||||
publicKey: forge.pki.rsa.setPublicKey(state.n, state.e)
|
||||
publicKey: pki.rsa.setPublicKey(state.n, state.e)
|
||||
};
|
||||
|
||||
callback(null, state.keys);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Converts a positive BigInteger into 2's-complement big-endian bytes.
|
||||
*
|
||||
* @param b the big integer to convert.
|
||||
*
|
||||
* @return the bytes.
|
||||
*/
|
||||
function _bnToBytes(b) {
|
||||
// prepend 0x00 if first byte >= 0x80
|
||||
var hex = b.toString(16);
|
||||
if(hex[0] >= '8') {
|
||||
hex = '00' + hex;
|
||||
}
|
||||
return forge.util.hexToBytes(hex);
|
||||
}
|
||||
|
||||
} // end module implementation
|
||||
|
||||
/* ########## Begin module wrapper ########## */
|
||||
|
3018
src/lib/x509.js
Normal file
3018
src/lib/x509.js
Normal file
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user