diff --git a/README.md b/README.md index 4f68bc4..d1e944e 100644 --- a/README.md +++ b/README.md @@ -49,7 +49,11 @@ return ecdsacsr({ key: key, domains: domains }).then(function (csr) { * PEM may be a plain string or a Buffer* * DER must be a Buffer* * `domains` must be a list of strings representing domain names - * must be plain oldl utf8, not punycode + * correctly handles utf-8 + * you may also use punycoded, if needed +* `subject` will be `domains[0]` by default + * you shouldn't use this unless you need to + * you may need to if you need utf-8 for domains, but punycode for the subject * "Buffer" can be a node Buffer, a JavaScript Uint8Array, or a JavaScript Array which contains only numbers between 0 and 255. @@ -78,12 +82,10 @@ Known Issues ------------ I've learned to be careful about talking about the future, -however, I literally just published this tonight (2018-11-17) +however, I literally just published this last night (2018-11-17) and there are a few things I plan to address but haven't yet: * JWK not yet supported -* non-ascii domains, such as 例.中国 not yet supported -* total domains length over 127 characters not yet supported New to Crypto? -------------- diff --git a/bin/ecdsacsr.js b/bin/ecdsacsr.js index 132cb87..e2eaf64 100755 --- a/bin/ecdsacsr.js +++ b/bin/ecdsacsr.js @@ -10,7 +10,8 @@ var domains = process.argv[3].split(/,/); var keypem = fs.readFileSync(keyname, 'ascii'); ecdsacsr({ key: keypem, domains: domains }).then(function (csr) { - console.error("CN=" + domains[0]); - console.error("subjectAltName=" + domains.join(',')); + // Using error so that we can redirect stdout to file + //console.error("CN=" + domains[0]); + //console.error("subjectAltName=" + domains.join(',')); console.log(csr); }); diff --git a/lib/ecdsacsr.js b/lib/ecdsacsr.js index b4fe82d..223d61c 100644 --- a/lib/ecdsacsr.js +++ b/lib/ecdsacsr.js @@ -6,6 +6,55 @@ var crypto = require('crypto'); // prime256v1 (ANSI X9.62 named elliptic curve) var OBJ_ID_EC = '06 08 2A8648CE3D030107'.replace(/\s+/g, '').toLowerCase(); +function ASN1() { + var args = Array.prototype.slice.call(arguments); + var typ = args.shift(); + var str = args.join('').replace(/\s+/g, ''); + var len = (str.length/2); + var len2 = len; + var lenlen = 0; + var hex = typ; + var hlen = ''; + // high-order bit means multiple bytes + if (len2 !== Math.round(len2)) { + throw new Error("invalid hex"); + } + if (len2 > 127) { + lenlen += 1; + while (len2 > 255) { + lenlen += 1; + len2 = len2 >> 8; + //console.warn("LEN2", len2); + } + } + if (lenlen) { + hlen = numToHex(0x80 + lenlen); + } + /* + console.warn( + 'typ:', typ + , 'lenlen:', hlen + , 'len:', len, numToHex(len) + ); + console.warn('str:', str); + */ + return hex + hlen + numToHex(len) + str; +} +ASN1.UInt = function UINT() { + var str = Array.prototype.slice.call(arguments).join(''); + var first = parseInt(str.slice(0, 2), 16); + // high-order bit means signed, negative + // we want positive, so we pad with a leading '00' + if (0x80 & first) { str = '00' + str; } + return ASN1('02', str); +}; + +ASN1.BitStr = function BITSTR() { + var str = Array.prototype.slice.call(arguments).join(''); + // '00' is a mask of how many bits of the next byte to ignore + return ASN1('03', '00' + str); +}; + function fromBase64(b64) { var buf; var ab; @@ -139,29 +188,32 @@ function toBase64(der) { return btoa(chs.join('')); } -// these are static ASN.1 segments -// The head specifies that there will be 3 segments and a content length -// (those segments will be content, signature header, and signature) -var csrHead = '30 82 {0seq0len}'.replace(/\s+/g, ''); -// The tail specifies the ES256 signature header (and is followed by the signature -var csrEcFoot = - ( '30 0A' +function csrEcSig(r, s) { + return [ + ASN1('30' // 1.2.840.10045.4.3.2 ecdsaWithSHA256 // (ANSI X9.62 ECDSA algorithm with SHA256) - + '06 08 2A 86 48 CE 3D 04 03 02' - + '03 {len} 00' // bit stream (why??) - + '30 {rslen}' // sequence - + '02 {rlen} {r}' // integer r - + '02 {slen} {s}' // integer s - ).replace(/\s+/g, ''); -var csrDomains = '82 {dlen} {domain.tld}'; // 2+n bytes (type 82?) + , ASN1('06', '2A 86 48 CE 3D 04 03 02') + ) + , ASN1.BitStr( + ASN1('30' + , ASN1.UInt(toHex(r)) + , ASN1.UInt(toHex(s)) + ) + ) + ].join(''); +} function strToHex(str) { - return str.split('').map(function (ch) { - var h = ch.charCodeAt(0).toString(16); - if (2 === h.length) { - return h; - } + var escstr = encodeURIComponent(str); + // replaces any uri escape sequence, such as %0A, + // with binary escape, such as 0x0A + var binstr = escstr.replace(/%([0-9A-F]{2})/g, function(match, p1) { + return String.fromCharCode('0x' + p1); + }); + return binstr.split('').map(function (b) { + var h = b.charCodeAt(0).toString(16); + if (2 === h.length) { return h; } return '0' + h; }).join(''); } @@ -190,11 +242,6 @@ function fromHex(hex) { } function createCsrBodyEc(domains, xy) { - var altnames = domains.map(function (d) { - return csrDomains.replace(/{dlen}/, numToHex(d.length)).replace(/{domain\.tld}/, strToHex(d)); - }).join('').replace(/\s+/g, ''); - var sublen = domains[0].length; - var sanlen = (altnames.length/2); var publen = xy.x.byteLength; var compression = '04'; var hxy = ''; @@ -214,70 +261,55 @@ function createCsrBodyEc(domains, xy) { hxy += toHex(xy.y); } - var body = [ '30 81 {+85+n}' // 4 bytes, sequence - .replace(/{[^}]+}/, numToHex( - 3 - + 13 + sublen - + 27 + publen // Length for EC-related P-256 stuff - + 30 + sanlen - )) + var version = ASN1.UInt('00'); + var subject = ASN1('30' + , ASN1('31' + , ASN1('30' + // object id (commonName) + , ASN1('06', '55 04 03') + , ASN1('0C', strToHex(domains[0]))))); + var pubkey = ASN1('30' + , ASN1('30' + // 1.2.840.10045.2.1 ecPublicKey + // (ANSI X9.62 public key type) + , ASN1('06', '2A 86 48 CE 3D 02 01') + // 1.2.840.10045.3.1.7 prime256v1 + // (ANSI X9.62 named elliptic curve) + , ASN1('06', '2A 86 48 CE 3D 03 01 07') + ) + , ASN1.BitStr(compression + hxy)); + var altnames = ASN1('A0' + , ASN1('30' + // (extensionRequest (PKCS #9 via CRMF)) + , ASN1('06', '2A 86 48 86 F7 0D 01 09 0E') + , ASN1('31' + , ASN1('30' + , ASN1('30' + // (subjectAltName (X.509 extension)) + , ASN1('06', '55 1D 11') + , ASN1('04' + , ASN1('30', domains.map(function (d) { + return ASN1('82', strToHex(d)); + }).join('')))))))); + var body = ASN1('30' // #0 Total 3 - , '02 01 00' // 3 bytes, int 0 + , version // Subject // #1 Total 2+11+n - , '30 {3.2.0seqlen}' // 2 bytes, sequence - .replace(/{[^}]+}/, numToHex(2+2+5+2+sublen)) - , '31 {4.3.0setlen}' // 2 bytes, set - .replace(/{[^}]+}/, numToHex(2+5+2+sublen)) - , '30 {5.4.0seqlen}' // 2 bytes, sequence - .replace(/{[^}]+}/, numToHex(5+2+sublen)) - , '06 03 55 04 03' // 5 bytes, object id (commonName) - , '0C {dlen} {domain.tld}' // 2+n bytes, utf8string - .replace(/{dlen}/, numToHex(sublen)) - .replace(/{domain\.tld}/, strToHex(domains[0])) + , subject // P-256 Public Key // #2 Total 2+25+xy - , '30 {+25+xy}' // 2 bytes, sequence - .replace(/{[^}]+}/, numToHex(2+9+10+3+1+publen)) - , '30 13' // 2 bytes, sequence - // 1.2.840.10045.2.1 ecPublicKey - // (ANSI X9.62 public key type) - , '06 07 2A 86 48 CE 3D 02 01' // 9 bytes, object id - // 1.2.840.10045.3.1.7 prime256v1 - // (ANSI X9.62 named elliptic curve) - , '06 08 2A 86 48 CE 3D 03 01 07' // 10 bytes, object id - , '03 {xylen} 00 {xy}' // 3+1+n bytes - .replace(/{xylen}/, numToHex(publen+2)) - .replace(/{xy}/, compression + hxy) + , pubkey // Altnames // #3 Total 2+28+n - , 'A0 {+28}' // 2 bytes, ?? [4B] - .replace(/{[^}]+}/, numToHex(2+11+2+2+2+5+2+2+sanlen)) - , '30 {+26}' // 2 bytes, sequence - .replace(/{[^}]+}/, numToHex(11+2+2+2+5+2+2+sanlen)) - // (extensionRequest (PKCS #9 via CRMF)) - , '06 09 2A 86 48 86 F7 0D 01 09 0E' // 11 bytes, object id - , '31 {+13}' // 2 bytes, set - .replace(/{[^}]+}/, numToHex(2+2+5+2+2+sanlen)) - , '30 {+11}' // 2 bytes, sequence - .replace(/{[^}]+}/, numToHex(2+5+2+2+sanlen)) - , '30 {+9}' // 2 bytes, sequence - .replace(/{[^}]+}/, numToHex(5+2+2+sanlen)) - // (subjectAltName (X.509 extension)) - , '06 03 55 1D 11' // 5 bytes, object id - , '04 {+2}' // 2 bytes, octet string - .replace(/{[^}]+}/, numToHex(2+sanlen)) - , '30 {+n}' // 2 bytes, sequence - .replace(/{[^}]+}/, numToHex(sanlen)) - , '{altnames}' // n (elements of sequence) - .replace(/{altnames}/, altnames) - ]; - body = body.join('').replace(/\s+/g, ''); - return fromHex(body); + , altnames + ); + + return body; } // https://gist.github.com/codermapuche/da4f96cdb6d5ff53b7ebc156ec46a10a @@ -320,7 +352,7 @@ function createEcCsr(domains, keypem, ecpub) { // TODO get pub from priv var csrBody = createCsrBodyEc(domains, ecpub); - var sig = signEc(keypem, csrBody); + var sig = signEc(keypem, fromHex(csrBody)); var rLen = sig.r.byteLength; var rc = ''; var sLen = sig.s.byteLength; @@ -329,18 +361,8 @@ function createEcCsr(domains, keypem, ecpub) { if (0x80 & new Uint8Array(sig.r)[0]) { rc = '00'; rLen += 1; } if (0x80 & new Uint8Array(sig.s)[0]) { sc = '00'; sLen += 1; } - var csrSig = csrEcFoot - .replace(/{len}/, numToHex(1 + 2 + 2 + 2 + rLen + sLen)) - .replace(/{rslen}/, numToHex(2 + 2 + rLen + sLen)) - .replace(/{rlen}/, numToHex(rLen)) - .replace(/{r}/, rc + toHex(sig.r)) - .replace(/{slen}/, numToHex(sLen)) - .replace(/{s}/, sc + toHex(sig.s)) - ; + var csrSig = csrEcSig(sig.r, sig.s); - // Note: If we supported P-521 a number of the lengths would change - // by one byte and that would be... annoying to update - var len = csrBody.byteLength + (csrSig.length/2); /* console.log('sig:', sig.raw.byteLength, toHex(sig.raw)); console.log('r:', sig.r.byteLength, toHex(sig.r)); @@ -348,23 +370,7 @@ function createEcCsr(domains, keypem, ecpub) { console.log('csr sig:', csrSig.length / 2, csrSig); console.log('csrBodyLen + csrSigLen', numToHex(len)); */ - var head = csrHead.replace(/{[^}]+}/, numToHex(len)); - var ab = new Uint8Array(new ArrayBuffer((head.length/2) + len)); - var i = 0; - fromHex(head).forEach(function (b) { - ab[i] = b; - i += 1; - }); - csrBody.forEach(function (b) { - ab[i] = b; - i += 1; - }); - fromHex(csrSig).forEach(function (b) { - ab[i] = b; - i += 1; - }); - - return ab; + return fromHex(ASN1('30', csrBody, csrSig)); } function createEcCsrPem(domains, keypem) { diff --git a/package.json b/package.json index 3e4f2ec..1548df2 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "ecdsa-csr", - "version": "1.0.2", + "version": "1.1.0", "description": "A focused, zero-dependency library to generate a Certificate Signing Request (CSR) and sign it!", "main": "index.js", "bin": { @@ -10,7 +10,7 @@ "lib": "lib" }, "scripts": { - "postinstall": "node lib/telemetry.js install", + "postinstall": "node lib/telemetry.js event:install", "test": "echo \"Error: no test specified\" && exit 1" }, "repository": { diff --git a/test.sh b/test.sh new file mode 100644 index 0000000..ece262c --- /dev/null +++ b/test.sh @@ -0,0 +1,29 @@ +#!/bin/bash + +# creating privkey +openssl ecparam -genkey -name prime256v1 -noout -out ./privkey-ec-p256.pem + + +# canonical example +rm csr.pem +node bin/ecdsacsr.js ./privkey-ec-p256.pem example.com,www.example.com > csr.pem +openssl req -text -noout -verify -in csr.pem 2>&1 | grep 'verify OK' && echo 'pass' || echo 'FAIL' + + +# 100 domains (max allowed by Let's Encrypt) +rm csr.pem +node bin/ecdsacsr.js ./privkey-ec-p256.pem example.com,www.example.com,api.example.com,assets.example.com,ftp.example.com,example.org,www.example.org,api.example.org,assets.example.org,ftp.example.org,example.co,www.example.co,api.example.co,assets.example.co,ftp.example.co,example.net,www.example.net,api.example.net,assets.example.net,ftp.example.net,whatever.com,www.whatever.com,api.whatever.com,assets.whatever.com,ftp.whatever.com,whatever.org,www.whatever.org,api.whatever.org,assets.whatever.org,ftp.whatever.org,whatever.net,www.whatever.net,api.whatever.net,assets.whatever.net,ftp.whatever.net,whatever.co,www.whatever.co,api.whatever.co,assets.whatever.co,ftp.whatever.co,sample.com,www.sample.com,api.sample.com,assets.sample.com,ftp.sample.com,sample.org,www.sample.org,api.sample.org,assets.sample.org,ftp.sample.org,sample.net,www.sample.net,api.sample.net,assets.sample.net,ftp.sample.net,sample.co,www.sample.co,api.sample.co,assets.sample.co,ftp.sample.co,foobar.com,www.foobar.com,api.foobar.com,assets.foobar.com,ftp.foobar.com,foobar.org,www.foobar.org,api.foobar.org,assets.foobar.org,ftp.foobar.org,foobar.net,www.foobar.net,api.foobar.net,assets.foobar.net,ftp.foobar.net,foobar.co,www.foobar.co,api.foobar.co,assets.foobar.co,ftp.foobar.co,quux.com,www.quux.com,api.quux.com,assets.quux.com,ftp.quux.com,quux.org,www.quux.org,api.quux.org,assets.quux.org,ftp.quux.org,quux.net,www.quux.net,api.quux.net,assets.quux.net,ftp.quux.net,quux.co,www.quux.co,api.quux.co,assets.quux.co,ftp.quux.co >csr.pem +openssl req -text -noout -verify -in csr.pem 2>&1 | grep 'verify OK' && echo 'pass' || echo 'FAIL' + + +# single domain +rm csr.pem +node bin/ecdsacsr.js ./privkey-ec-p256.pem example.com > csr.pem +openssl req -text -noout -verify -in csr.pem 2>&1 | grep 'verify OK' && echo 'pass' || echo 'FAIL' + +# utf8 domain +rm csr.pem +node bin/ecdsacsr.js ./privkey-ec-p256.pem 例.中国,example.com > csr.pem +openssl req -text -noout -verify -in csr.pem 2>&1 | grep 'verify OK' && echo 'pass' || echo 'FAIL' +#openssl req -text -noout -verify -in csr.pem +