generates seemingly-valid EC and RSA CSRs
This commit is contained in:
parent
07f75f8e43
commit
274e47b726
7
app.js
7
app.js
|
@ -58,8 +58,10 @@
|
||||||
, namedCurve: $('input[name="ec-crv"]:checked').value
|
, namedCurve: $('input[name="ec-crv"]:checked').value
|
||||||
, modulusLength: $('input[name="rsa-len"]:checked').value
|
, modulusLength: $('input[name="rsa-len"]:checked').value
|
||||||
};
|
};
|
||||||
|
var then = Date.now();
|
||||||
console.log('opts', opts);
|
console.log('opts', opts);
|
||||||
Keypairs.generate(opts).then(function (results) {
|
Keypairs.generate(opts).then(function (results) {
|
||||||
|
console.log("Key generation time:", (Date.now() - then) + "ms");
|
||||||
var pubDer;
|
var pubDer;
|
||||||
var privDer;
|
var privDer;
|
||||||
if (/EC/i.test(opts.kty)) {
|
if (/EC/i.test(opts.kty)) {
|
||||||
|
@ -165,8 +167,9 @@
|
||||||
var acme = accountStuff.acme;
|
var acme = accountStuff.acme;
|
||||||
|
|
||||||
return Keypairs.generate({
|
return Keypairs.generate({
|
||||||
kty: 'RSA'
|
kty: $('input[name="kty"]:checked').value
|
||||||
, modulusLength: 2048
|
, namedCurve: $('input[name="ec-crv"]:checked').value
|
||||||
|
, modulusLength: $('input[name="rsa-len"]:checked').value
|
||||||
}).then(function (pair) {
|
}).then(function (pair) {
|
||||||
console.log('domain keypair:', pair);
|
console.log('domain keypair:', pair);
|
||||||
var domains = ($('.js-domains').value||'example.com').split(/[, ]+/g);
|
var domains = ($('.js-domains').value||'example.com').split(/[, ]+/g);
|
||||||
|
|
157
lib/csr-ec.js
157
lib/csr-ec.js
|
@ -1,157 +0,0 @@
|
||||||
// 1.2.840.10045.3.1.7
|
|
||||||
// prime256v1 (ANSI X9.62 named elliptic curve)
|
|
||||||
var OBJ_ID_EC = '06 08 2A8648CE3D030107'.replace(/\s+/g, '').toLowerCase();
|
|
||||||
// 1.3.132.0.34
|
|
||||||
// secp384r1 (SECG (Certicom) named elliptic curve)
|
|
||||||
var OBJ_ID_EC_384 = '06 05 2B81040022'.replace(/\s+/g, '').toLowerCase();
|
|
||||||
|
|
||||||
var ECDSACSR = {};
|
|
||||||
var ECDSA = {};
|
|
||||||
var DER = {};
|
|
||||||
var PEM = {};
|
|
||||||
var ASN1;
|
|
||||||
var Hex = {};
|
|
||||||
var AB = {};
|
|
||||||
|
|
||||||
//
|
|
||||||
// CSR - the main event
|
|
||||||
//
|
|
||||||
|
|
||||||
ECDSACSR.create = function createEcCsr(keypem, domains) {
|
|
||||||
var pemblock = PEM.parseBlock(keypem);
|
|
||||||
var ecpub = PEM.parseEcPubkey(pemblock.der);
|
|
||||||
var request = ECDSACSR.request(ecpub, domains);
|
|
||||||
return AB.fromHex(ECDSACSR.sign(keypem, request));
|
|
||||||
};
|
|
||||||
|
|
||||||
ECDSACSR.request = function createCsrBodyEc(xy, domains) {
|
|
||||||
var publen = xy.x.byteLength;
|
|
||||||
var compression = '04';
|
|
||||||
var hxy = '';
|
|
||||||
// 04 == x+y, 02 == x-only
|
|
||||||
if (xy.y) {
|
|
||||||
publen += xy.y.byteLength;
|
|
||||||
} else {
|
|
||||||
// Note: I don't intend to support compression - it isn't used by most
|
|
||||||
// libraries and it requir more dependencies for bigint ops to deflate.
|
|
||||||
// This is more just a placeholder. It won't work right now anyway
|
|
||||||
// because compression requires an exta bit stored (odd vs even), which
|
|
||||||
// I haven't learned yet, and I'm not sure if it's allowed at all
|
|
||||||
compression = '02';
|
|
||||||
}
|
|
||||||
hxy += Hex.fromAB(xy.x);
|
|
||||||
if (xy.y) { hxy += Hex.fromAB(xy.y); }
|
|
||||||
|
|
||||||
// Sorry for the mess, but it is what it is
|
|
||||||
return ASN1('30'
|
|
||||||
|
|
||||||
// Version (0)
|
|
||||||
, ASN1.UInt('00')
|
|
||||||
|
|
||||||
// CN / Subject
|
|
||||||
, ASN1('30'
|
|
||||||
, ASN1('31'
|
|
||||||
, ASN1('30'
|
|
||||||
// object id (commonName)
|
|
||||||
, ASN1('06', '55 04 03')
|
|
||||||
, ASN1('0C', Hex.fromString(domains[0])))))
|
|
||||||
|
|
||||||
// EC P-256 Public Key
|
|
||||||
, ASN1('30'
|
|
||||||
, ASN1('30'
|
|
||||||
// 1.2.840.10045.2.1 ecPublicKey
|
|
||||||
// (ANSI X9.62 public key type)
|
|
||||||
, ASN1('06', '2A 86 48 CE 3D 02 01')
|
|
||||||
// 1.2.840.10045.3.1.7 prime256v1
|
|
||||||
// (ANSI X9.62 named elliptic curve)
|
|
||||||
, ASN1('06', '2A 86 48 CE 3D 03 01 07')
|
|
||||||
)
|
|
||||||
, ASN1.BitStr(compression + hxy))
|
|
||||||
|
|
||||||
// CSR Extension Subject Alternative Names
|
|
||||||
, ASN1('A0'
|
|
||||||
, ASN1('30'
|
|
||||||
// (extensionRequest (PKCS #9 via CRMF))
|
|
||||||
, ASN1('06', '2A 86 48 86 F7 0D 01 09 0E')
|
|
||||||
, ASN1('31'
|
|
||||||
, ASN1('30'
|
|
||||||
, ASN1('30'
|
|
||||||
// (subjectAltName (X.509 extension))
|
|
||||||
, ASN1('06', '55 1D 11')
|
|
||||||
, ASN1('04'
|
|
||||||
, ASN1('30', domains.map(function (d) {
|
|
||||||
return ASN1('82', Hex.fromString(d));
|
|
||||||
}).join(''))))))))
|
|
||||||
);
|
|
||||||
};
|
|
||||||
|
|
||||||
ECDSACSR.sign = function csrEcSig(keypem, request) {
|
|
||||||
var sig = ECDSA.sign(keypem, AB.fromHex(request));
|
|
||||||
var rLen = sig.r.byteLength;
|
|
||||||
var rc = '';
|
|
||||||
var sLen = sig.s.byteLength;
|
|
||||||
var sc = '';
|
|
||||||
|
|
||||||
if (0x80 & new Uint8Array(sig.r)[0]) { rc = '00'; rLen += 1; }
|
|
||||||
if (0x80 & new Uint8Array(sig.s)[0]) { sc = '00'; sLen += 1; }
|
|
||||||
|
|
||||||
return ASN1('30'
|
|
||||||
// The Full CSR Request Body
|
|
||||||
, request
|
|
||||||
|
|
||||||
// The Signature Type
|
|
||||||
, ASN1('30'
|
|
||||||
// 1.2.840.10045.4.3.2 ecdsaWithSHA256
|
|
||||||
// (ANSI X9.62 ECDSA algorithm with SHA256)
|
|
||||||
, ASN1('06', '2A 86 48 CE 3D 04 03 02')
|
|
||||||
)
|
|
||||||
|
|
||||||
// The Signature, embedded in a Bit Stream
|
|
||||||
, ASN1.BitStr(
|
|
||||||
// As far as I can tell this is a completely separate ASN.1 structure
|
|
||||||
// that just so happens to be embedded in a Bit String of another ASN.1
|
|
||||||
ASN1('30'
|
|
||||||
, ASN1.UInt(Hex.fromAB(sig.r))
|
|
||||||
, ASN1.UInt(Hex.fromAB(sig.s))))
|
|
||||||
);
|
|
||||||
};
|
|
||||||
|
|
||||||
//
|
|
||||||
// ECDSA
|
|
||||||
//
|
|
||||||
|
|
||||||
// Took some tips from https://gist.github.com/codermapuche/da4f96cdb6d5ff53b7ebc156ec46a10a
|
|
||||||
ECDSA.sign = function signEc(keypem, ab) {
|
|
||||||
// Signer is a stream
|
|
||||||
var sign = crypto.createSign('SHA256');
|
|
||||||
sign.write(new Uint8Array(ab));
|
|
||||||
sign.end();
|
|
||||||
|
|
||||||
// The signature is ASN1 encoded
|
|
||||||
var sig = sign.sign(keypem);
|
|
||||||
|
|
||||||
// Convert to a JavaScript ArrayBuffer just because
|
|
||||||
sig = new Uint8Array(sig.buffer.slice(sig.byteOffset, sig.byteOffset + sig.byteLength));
|
|
||||||
|
|
||||||
// The first two bytes '30 xx' signify SEQUENCE and LENGTH
|
|
||||||
// The sequence length byte will be a single byte because the signature is less that 128 bytes (0x80, 1024-bit)
|
|
||||||
// (this would not be true for P-521, but I'm not supporting that yet)
|
|
||||||
// The 3rd byte will be '02', signifying INTEGER
|
|
||||||
// The 4th byte will tell us the length of 'r' (which, on occassion, will be less than the full 255 bytes)
|
|
||||||
var rIndex = 3;
|
|
||||||
var rLen = sig[rIndex];
|
|
||||||
var rEnd = rIndex + 1 + rLen;
|
|
||||||
var sIndex = rEnd + 1;
|
|
||||||
var sLen = sig[sIndex];
|
|
||||||
var sEnd = sIndex + 1 + sLen;
|
|
||||||
var r = sig.slice(rIndex + 1, rEnd);
|
|
||||||
var s = sig.slice(sIndex + 1, sEnd); // this should be end-of-file
|
|
||||||
|
|
||||||
// ASN1 INTEGER types use the high-order bit to signify a negative number,
|
|
||||||
// hence a leading '00' is used for numbers that begin with '80' or greater
|
|
||||||
// which is why r length is sometimes a byte longer than its bit length
|
|
||||||
if (0 === s[0]) { s = s.slice(1); }
|
|
||||||
if (0 === r[0]) { r = r.slice(1); }
|
|
||||||
|
|
||||||
return { raw: sig.buffer, r: r.buffer, s: s.buffer };
|
|
||||||
};
|
|
132
lib/csr.js
132
lib/csr.js
|
@ -4,6 +4,7 @@
|
||||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||||
(function (exports) {
|
(function (exports) {
|
||||||
'use strict';
|
'use strict';
|
||||||
|
/*global Promise*/
|
||||||
|
|
||||||
var ASN1 = exports.ASN1;
|
var ASN1 = exports.ASN1;
|
||||||
var Enc = exports.Enc;
|
var Enc = exports.Enc;
|
||||||
|
@ -15,17 +16,17 @@ var Keypairs = exports.Keypairs;
|
||||||
var CSR = exports.CSR = function (opts) {
|
var CSR = exports.CSR = function (opts) {
|
||||||
// We're using a Promise here to be compatible with the browser version
|
// We're using a Promise here to be compatible with the browser version
|
||||||
// which will probably use the webcrypto API for some of the conversions
|
// which will probably use the webcrypto API for some of the conversions
|
||||||
opts = CSR._prepare(opts);
|
return CSR._prepare(opts).then(function (opts) {
|
||||||
|
|
||||||
return CSR.create(opts).then(function (bytes) {
|
return CSR.create(opts).then(function (bytes) {
|
||||||
return CSR._encode(opts, bytes);
|
return CSR._encode(opts, bytes);
|
||||||
});
|
});
|
||||||
|
});
|
||||||
};
|
};
|
||||||
|
|
||||||
CSR._prepare = function (opts) {
|
CSR._prepare = function (opts) {
|
||||||
var Rasha;
|
return Promise.resolve().then(function () {
|
||||||
|
var Keypairs;
|
||||||
opts = JSON.parse(JSON.stringify(opts));
|
opts = JSON.parse(JSON.stringify(opts));
|
||||||
var pem, jwk;
|
|
||||||
|
|
||||||
// We do a bit of extra error checking for user convenience
|
// We do a bit of extra error checking for user convenience
|
||||||
if (!opts) { throw new Error("You must pass options with key and domains to rsacsr"); }
|
if (!opts) { throw new Error("You must pass options with key and domains to rsacsr"); }
|
||||||
|
@ -43,35 +44,29 @@ CSR._prepare = function (opts) {
|
||||||
throw new Error("You must pass options.domains as strings");
|
throw new Error("You must pass options.domains as strings");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (opts.pem) {
|
if (opts.jwk) { return opts; }
|
||||||
pem = opts.pem;
|
if (opts.key && opts.key.kty) {
|
||||||
} else if (opts.jwk) {
|
opts.jwk = opts.key;
|
||||||
jwk = opts.jwk;
|
return opts;
|
||||||
} else {
|
|
||||||
if (!opts.key) {
|
|
||||||
throw new Error("You must pass options.key as a JSON web key");
|
|
||||||
} else if (opts.key.kty) {
|
|
||||||
jwk = opts.key;
|
|
||||||
} else {
|
|
||||||
pem = opts.key;
|
|
||||||
}
|
}
|
||||||
|
if (!opts.pem && !opts.key) {
|
||||||
|
throw new Error("You must pass options.key as a JSON web key");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (pem) {
|
Keypairs = exports.Keypairs;
|
||||||
try {
|
if (!exports.Keypairs) {
|
||||||
Rasha = require('rasha');
|
throw new Error("Keypairs.js is an optional dependency for PEM-to-JWK.\n"
|
||||||
} catch(e) {
|
|
||||||
throw new Error("Rasha.js is an optional dependency for PEM-to-JWK.\n"
|
|
||||||
+ "Install it if you'd like to use it:\n"
|
+ "Install it if you'd like to use it:\n"
|
||||||
+ "\tnpm install --save rasha\n"
|
+ "\tnpm install --save rasha\n"
|
||||||
+ "Otherwise supply a jwk as the private key."
|
+ "Otherwise supply a jwk as the private key."
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
jwk = Rasha.importSync({ pem: pem });
|
|
||||||
}
|
|
||||||
|
|
||||||
opts.jwk = jwk;
|
return Keypairs.import({ pem: opts.pem || opts.key }).then(function (pair) {
|
||||||
|
opts.jwk = pair.private;
|
||||||
return opts;
|
return opts;
|
||||||
|
});
|
||||||
|
});
|
||||||
};
|
};
|
||||||
|
|
||||||
CSR._encode = function (opts, bytes) {
|
CSR._encode = function (opts, bytes) {
|
||||||
|
@ -86,47 +81,56 @@ CSR._encode = function (opts, bytes) {
|
||||||
|
|
||||||
CSR.create = function createCsr(opts) {
|
CSR.create = function createCsr(opts) {
|
||||||
var hex = CSR.request(opts.jwk, opts.domains);
|
var hex = CSR.request(opts.jwk, opts.domains);
|
||||||
return CSR.sign(opts.jwk, hex).then(function (csr) {
|
return CSR._sign(opts.jwk, hex).then(function (csr) {
|
||||||
return Enc.hexToBuf(csr);
|
return Enc.hexToBuf(csr);
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
|
|
||||||
//
|
//
|
||||||
// RSA
|
// EC / RSA
|
||||||
//
|
|
||||||
//
|
//
|
||||||
CSR.request = function createCsrBodyEc(jwk, domains) {
|
CSR.request = function createCsrBodyEc(jwk, domains) {
|
||||||
var asn1pub = X509.packCsrRsaPublicKey(jwk);
|
var asn1pub;
|
||||||
return X509.packCsrRsa(asn1pub, domains);
|
if (/^EC/i.test(jwk.kty)) {
|
||||||
|
asn1pub = X509.packCsrEcPublicKey(jwk);
|
||||||
|
} else {
|
||||||
|
asn1pub = X509.packCsrRsaPublicKey(jwk);
|
||||||
|
}
|
||||||
|
return X509.packCsr(asn1pub, domains);
|
||||||
};
|
};
|
||||||
|
|
||||||
CSR.sign = function csrEcSig(jwk, request) {
|
CSR._sign = function csrEcSig(jwk, request) {
|
||||||
// Took some tips from https://gist.github.com/codermapuche/da4f96cdb6d5ff53b7ebc156ec46a10a
|
// Took some tips from https://gist.github.com/codermapuche/da4f96cdb6d5ff53b7ebc156ec46a10a
|
||||||
// TODO will have to convert web ECDSA signatures to PEM ECDSA signatures (but RSA should be the same)
|
// TODO will have to convert web ECDSA signatures to PEM ECDSA signatures (but RSA should be the same)
|
||||||
// TODO have a consistent non-private way to sign
|
// TODO have a consistent non-private way to sign
|
||||||
return Keypairs._sign({ jwk: jwk }, Enc.hexToBuf(request)).then(function (sig) {
|
return Keypairs._sign({ jwk: jwk, format: 'x509' }, Enc.hexToBuf(request)).then(function (sig) {
|
||||||
return CSR.toDer({ request: request, signature: sig });
|
return CSR._toDer({ request: request, signature: sig, kty: jwk.kty });
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
|
|
||||||
|
CSR._toDer = function encode(opts) {
|
||||||
CSR.toDer = function encode(opts) {
|
var sty;
|
||||||
var sty = ASN1('30'
|
var sig;
|
||||||
|
if (/^EC/i.test(opts.kty)) {
|
||||||
|
// 1.2.840.10045.4.3.2 ecdsaWithSHA256 (ANSI X9.62 ECDSA algorithm with SHA256)
|
||||||
|
sty = ASN1('30', ASN1('06', '2a8648ce3d040302'));
|
||||||
|
sig = ASN1.BitStr(ASN1('30', Enc.bufToHex(opts.signature)));
|
||||||
|
} else {
|
||||||
// 1.2.840.113549.1.1.11 sha256WithRSAEncryption (PKCS #1)
|
// 1.2.840.113549.1.1.11 sha256WithRSAEncryption (PKCS #1)
|
||||||
, ASN1('06', '2a864886f70d01010b')
|
sty = ASN1('30', ASN1('06', '2a864886f70d01010b'), ASN1('05'));
|
||||||
, ASN1('05')
|
sig = ASN1.BitStr(Enc.bufToHex(opts.signature));
|
||||||
);
|
}
|
||||||
return ASN1('30'
|
return ASN1('30'
|
||||||
// The Full CSR Request Body
|
// The Full CSR Request Body
|
||||||
, opts.request
|
, opts.request
|
||||||
// The Signature Type
|
// The Signature Type
|
||||||
, sty
|
, sty
|
||||||
// The Signature
|
// The Signature
|
||||||
, ASN1.BitStr(Enc.bufToHex(opts.signature))
|
, sig
|
||||||
);
|
);
|
||||||
};
|
};
|
||||||
|
|
||||||
X509.packCsrRsa = function (asn1pubkey, domains) {
|
X509.packCsr = function (asn1pubkey, domains) {
|
||||||
return ASN1('30'
|
return ASN1('30'
|
||||||
// Version (0)
|
// Version (0)
|
||||||
, ASN1.UInt('00')
|
, ASN1.UInt('00')
|
||||||
|
@ -154,36 +158,42 @@ X509.packCsrRsa = function (asn1pubkey, domains) {
|
||||||
);
|
);
|
||||||
};
|
};
|
||||||
|
|
||||||
X509.packPkcs1 = function (jwk) {
|
|
||||||
var n = ASN1.UInt(Enc.base64ToHex(jwk.n));
|
|
||||||
var e = ASN1.UInt(Enc.base64ToHex(jwk.e));
|
|
||||||
|
|
||||||
if (!jwk.d) {
|
|
||||||
return Enc.hexToBuf(ASN1('30', n, e));
|
|
||||||
}
|
|
||||||
|
|
||||||
return Enc.hexToBuf(ASN1('30'
|
|
||||||
, ASN1.UInt('00')
|
|
||||||
, n
|
|
||||||
, e
|
|
||||||
, ASN1.UInt(Enc.base64ToHex(jwk.d))
|
|
||||||
, ASN1.UInt(Enc.base64ToHex(jwk.p))
|
|
||||||
, ASN1.UInt(Enc.base64ToHex(jwk.q))
|
|
||||||
, ASN1.UInt(Enc.base64ToHex(jwk.dp))
|
|
||||||
, ASN1.UInt(Enc.base64ToHex(jwk.dq))
|
|
||||||
, ASN1.UInt(Enc.base64ToHex(jwk.qi))
|
|
||||||
));
|
|
||||||
};
|
|
||||||
|
|
||||||
X509.packCsrRsaPublicKey = function (jwk) {
|
X509.packCsrRsaPublicKey = function (jwk) {
|
||||||
// Sequence the key
|
// Sequence the key
|
||||||
var n = ASN1.UInt(Enc.base64ToHex(jwk.n));
|
var n = ASN1.UInt(Enc.base64ToHex(jwk.n));
|
||||||
var e = ASN1.UInt(Enc.base64ToHex(jwk.e));
|
var e = ASN1.UInt(Enc.base64ToHex(jwk.e));
|
||||||
var asn1pub = ASN1('30', n, e);
|
var asn1pub = ASN1('30', n, e);
|
||||||
//var asn1pub = X509.packPkcs1({ kty: jwk.kty, n: jwk.n, e: jwk.e });
|
|
||||||
|
|
||||||
// Add the CSR pub key header
|
// Add the CSR pub key header
|
||||||
return ASN1('30', ASN1('30', ASN1('06', '2a864886f70d010101'), ASN1('05')), ASN1.BitStr(asn1pub));
|
return ASN1('30', ASN1('30', ASN1('06', '2a864886f70d010101'), ASN1('05')), ASN1.BitStr(asn1pub));
|
||||||
};
|
};
|
||||||
|
|
||||||
|
X509.packCsrEcPublicKey = function (jwk) {
|
||||||
|
var ecOid = X509._oids[jwk.crv];
|
||||||
|
if (!ecOid) {
|
||||||
|
throw new Error("Unsupported namedCurve '" + jwk.crv + "'. Supported types are " + Object.keys(X509._oids));
|
||||||
|
}
|
||||||
|
var cmp = '04'; // 04 == x+y, 02 == x-only
|
||||||
|
var hxy = '';
|
||||||
|
// Placeholder. I'm not even sure if compression should be supported.
|
||||||
|
if (!jwk.y) { cmp = '02'; }
|
||||||
|
hxy += Enc.base64ToHex(jwk.x);
|
||||||
|
if (jwk.y) { hxy += Enc.base64ToHex(jwk.y); }
|
||||||
|
|
||||||
|
// 1.2.840.10045.2.1 ecPublicKey
|
||||||
|
return ASN1('30', ASN1('30', ASN1('06', '2a8648ce3d0201'), ASN1('06', ecOid)), ASN1.BitStr(cmp + hxy));
|
||||||
|
};
|
||||||
|
X509._oids = {
|
||||||
|
// 1.2.840.10045.3.1.7 prime256v1
|
||||||
|
// (ANSI X9.62 named elliptic curve) (06 08 - 2A 86 48 CE 3D 03 01 07)
|
||||||
|
'P-256': '2a8648ce3d030107'
|
||||||
|
// 1.3.132.0.34 P-384 (06 05 - 2B 81 04 00 22)
|
||||||
|
// (SEC 2 recommended EC domain secp256r1)
|
||||||
|
, 'P-384': '2b81040022'
|
||||||
|
// requires more logic and isn't a recommended standard
|
||||||
|
// 1.3.132.0.35 P-521 (06 05 - 2B 81 04 00 23)
|
||||||
|
// (SEC 2 alternate P-521)
|
||||||
|
//, 'P-521': '2B 81 04 00 23'
|
||||||
|
};
|
||||||
|
|
||||||
}('undefined' === typeof window ? module.exports : window));
|
}('undefined' === typeof window ? module.exports : window));
|
||||||
|
|
|
@ -180,14 +180,6 @@ Keypairs.signJws = function (opts) {
|
||||||
var msg = protected64 + '.' + payload64;
|
var msg = protected64 + '.' + payload64;
|
||||||
|
|
||||||
return Keypairs._sign(opts, msg).then(function (buf) {
|
return Keypairs._sign(opts, msg).then(function (buf) {
|
||||||
/*
|
|
||||||
* This will come back into play for CSRs, but not for JOSE
|
|
||||||
if ('EC' === opts.jwk.kty) {
|
|
||||||
// ECDSA JWT signatures differ from "normal" ECDSA signatures
|
|
||||||
// https://tools.ietf.org/html/rfc7518#section-3.4
|
|
||||||
binsig = convertIfEcdsa(binsig);
|
|
||||||
}
|
|
||||||
*/
|
|
||||||
var signedMsg = {
|
var signedMsg = {
|
||||||
protected: protected64
|
protected: protected64
|
||||||
, payload: payload64
|
, payload: payload64
|
||||||
|
@ -212,40 +204,6 @@ Keypairs.signJws = function (opts) {
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
Keypairs._convertIfEcdsa = function (binsig) {
|
|
||||||
// should have asn1 sequence header of 0x30
|
|
||||||
if (0x30 !== binsig[0]) { throw new Error("Impossible EC SHA head marker"); }
|
|
||||||
var index = 2; // first ecdsa "R" header byte
|
|
||||||
var len = binsig[1];
|
|
||||||
var lenlen = 0;
|
|
||||||
// Seek length of length if length is greater than 127 (i.e. two 512-bit / 64-byte R and S values)
|
|
||||||
if (0x80 & len) {
|
|
||||||
lenlen = len - 0x80; // should be exactly 1
|
|
||||||
len = binsig[2]; // should be <= 130 (two 64-bit SHA-512s, plus padding)
|
|
||||||
index += lenlen;
|
|
||||||
}
|
|
||||||
// should be of BigInt type
|
|
||||||
if (0x02 !== binsig[index]) { throw new Error("Impossible EC SHA R marker"); }
|
|
||||||
index += 1;
|
|
||||||
|
|
||||||
var rlen = binsig[index];
|
|
||||||
var bits = 32;
|
|
||||||
if (rlen > 49) {
|
|
||||||
bits = 64;
|
|
||||||
} else if (rlen > 33) {
|
|
||||||
bits = 48;
|
|
||||||
}
|
|
||||||
var r = binsig.slice(index + 1, index + 1 + rlen).toString('hex');
|
|
||||||
var slen = binsig[index + 1 + rlen + 1]; // skip header and read length
|
|
||||||
var s = binsig.slice(index + 1 + rlen + 1 + 1).toString('hex');
|
|
||||||
if (2 *slen !== s.length) { throw new Error("Impossible EC SHA S length"); }
|
|
||||||
// There may be one byte of padding on either
|
|
||||||
while (r.length < 2*bits) { r = '00' + r; }
|
|
||||||
while (s.length < 2*bits) { s = '00' + s; }
|
|
||||||
if (2*(bits+1) === r.length) { r = r.slice(2); }
|
|
||||||
if (2*(bits+1) === s.length) { s = s.slice(2); }
|
|
||||||
return Enc.hexToBuf(r + s);
|
|
||||||
};
|
|
||||||
|
|
||||||
Keypairs._sign = function (opts, payload) {
|
Keypairs._sign = function (opts, payload) {
|
||||||
return Keypairs._import(opts).then(function (privkey) {
|
return Keypairs._import(opts).then(function (privkey) {
|
||||||
|
@ -259,9 +217,12 @@ Keypairs._sign = function (opts, payload) {
|
||||||
, privkey
|
, privkey
|
||||||
, payload
|
, payload
|
||||||
).then(function (signature) {
|
).then(function (signature) {
|
||||||
// convert buffer to urlsafe base64
|
signature = new Uint8Array(signature); // ArrayBuffer -> u8
|
||||||
//return Enc.bufToUrlBase64(new Uint8Array(signature));
|
// This will come back into play for CSRs, but not for JOSE
|
||||||
return new Uint8Array(signature);
|
if ('EC' === opts.jwk.kty && /x509/i.test(opts.format)) {
|
||||||
|
signature = Keypairs._ecdsaJoseSigToAsn1Sig(signature);
|
||||||
|
}
|
||||||
|
return signature;
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
|
@ -287,7 +248,6 @@ Keypairs._getName = function (opts) {
|
||||||
return 'RSASSA-PKCS1-v1_5';
|
return 'RSASSA-PKCS1-v1_5';
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
Keypairs._import = function (opts) {
|
Keypairs._import = function (opts) {
|
||||||
return Promise.resolve().then(function () {
|
return Promise.resolve().then(function () {
|
||||||
var ops;
|
var ops;
|
||||||
|
@ -316,6 +276,30 @@ Keypairs._import = function (opts) {
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
|
// ECDSA JOSE / JWS / JWT signatures differ from "normal" ASN1/X509 ECDSA signatures
|
||||||
|
// https://tools.ietf.org/html/rfc7518#section-3.4
|
||||||
|
Keypairs._ecdsaJoseSigToAsn1Sig = function (bufsig) {
|
||||||
|
// it's easier to do the manipulation in the browser with an array
|
||||||
|
bufsig = Array.from(bufsig);
|
||||||
|
var hlen = bufsig.length / 2; // should be even
|
||||||
|
var r = bufsig.slice(0, hlen);
|
||||||
|
var s = bufsig.slice(hlen);
|
||||||
|
// unpad positive ints less than 32 bytes wide
|
||||||
|
while (!r[0]) { r = r.slice(1); }
|
||||||
|
while (!s[0]) { s = s.slice(1); }
|
||||||
|
// pad (or re-pad) ambiguously non-negative BigInts, up to 33 bytes wide
|
||||||
|
if (0x80 & r[0]) { r.unshift(0); }
|
||||||
|
if (0x80 & s[0]) { s.unshift(0); }
|
||||||
|
|
||||||
|
var len = 2 + r.length + 2 + s.length;
|
||||||
|
var head = [0x30];
|
||||||
|
// hard code 0x80 + 1 because it won't be longer than
|
||||||
|
// two SHA512 plus two pad bytes (130 bytes <= 256)
|
||||||
|
if (len >= 0x80) { head.push(0x81); }
|
||||||
|
head.push(len);
|
||||||
|
|
||||||
|
return Uint8Array.from(head.concat([0x02, r.length], r, [0x02, s.byteLength], s));
|
||||||
|
};
|
||||||
|
|
||||||
function setTime(time) {
|
function setTime(time) {
|
||||||
if ('number' === typeof time) { return time; }
|
if ('number' === typeof time) { return time; }
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
'use strict';
|
|
||||||
(function (exports) {
|
(function (exports) {
|
||||||
'use strict';
|
'use strict';
|
||||||
|
|
||||||
var x509 = exports.x509 = {};
|
var x509 = exports.x509 = {};
|
||||||
var ASN1 = exports.ASN1;
|
var ASN1 = exports.ASN1;
|
||||||
var Enc = exports.Enc;
|
var Enc = exports.Enc;
|
||||||
|
|
Loading…
Reference in New Issue