diff --git a/lib/ecdsacsr.js b/lib/ecdsacsr.js index e16a0ab..ab4dad6 100644 --- a/lib/ecdsacsr.js +++ b/lib/ecdsacsr.js @@ -6,251 +6,26 @@ var crypto = require('crypto'); // prime256v1 (ANSI X9.62 named elliptic curve) var OBJ_ID_EC = '06 08 2A8648CE3D030107'.replace(/\s+/g, '').toLowerCase(); +var ECDSACSR = {}; +var ECDSA = {}; +var DER = {}; +var PEM = {}; +var ASN1; +var Hex = {}; +var AB = {}; + // -// A dumbed-down, minimal ASN.1 packer +// CSR - the main event // -// Almost every ASN.1 type that's important for CSR -// can be represented generically with only a few rules. -function ASN1(/*type, hexstrings...*/) { - var args = Array.prototype.slice.call(arguments); - var typ = args.shift(); - var str = args.join('').replace(/\s+/g, '').toLowerCase(); - var len = (str.length/2); - var lenlen = 0; - var hex = typ; - - // We can't have an odd number of hex chars - if (len !== Math.round(len)) { - throw new Error("invalid hex"); - } - - // The first byte of any ASN.1 sequence is the type (Sequence, Integer, etc) - // The second byte is either the size of the value, or the size of its size - - // 1. If the second byte is < 0x80 (128) it is considered the size - // 2. If it is > 0x80 then it describes the number of bytes of the size - // ex: 0x82 means the next 2 bytes describe the size of the value - // 3. The special case of exactly 0x80 is "indefinite" length (to end-of-file) - - if (len > 127) { - lenlen += 1; - while (len > 255) { - lenlen += 1; - len = len >> 8; - } - } - - if (lenlen) { hex += numToHex(0x80 + lenlen); } - return hex + numToHex(str.length/2) + str; -} - -// The Integer type has some special rules -ASN1.UInt = function UINT() { - var str = Array.prototype.slice.call(arguments).join(''); - var first = parseInt(str.slice(0, 2), 16); - - // If the first byte is 0x80 or greater, the number is considered negative - // Therefore we add a '00' prefix if the 0x80 bit is set - if (0x80 & first) { str = '00' + str; } - - return ASN1('02', str); +ECDSACSR.create = function createEcCsr(keypem, domains) { + var pemblock = PEM.parseBlock(keypem); + var ecpub = PEM.parseEcPubkey(pemblock.der); + var request = ECDSACSR.request(ecpub, domains); + return AB.fromHex(ECDSACSR.sign(keypem, request)); }; -// The Bit String type also has a special rule -ASN1.BitStr = function BITSTR() { - var str = Array.prototype.slice.call(arguments).join(''); - // '00' is a mask of how many bits of the next byte to ignore - return ASN1('03', '00' + str); -}; - -function fromBase64(b64) { - var buf; - var ab; - if ('undefined' === typeof atob) { - buf = Buffer.from(b64, 'base64'); - return buf.buffer.slice(buf.byteOffset, buf.byteOffset + buf.byteLength); - } - buf = atob(b64); - ab = new ArrayBuffer(buf.length); - ab = new Uint8Array(ab); - buf.split('').forEach(function (ch, i) { - ab[i] = ch.charCodeAt(0); - }); - return ab.buffer; -} - -function parsePem(pem) { - var typ; - var pub; - var crv; - var der = fromBase64(pem.split(/\n/).filter(function (line, i) { - if (0 === i) { - if (/ PUBLIC /.test(line)) { - pub = true; - } else if (/ PRIVATE /.test(line)) { - pub = false; - } - if (/ EC/.test(line)) { - typ = 'EC'; - } - } - return !/---/.test(line); - }).join('')); - - if (!typ || 'EC' === typ) { - var hex = toHex(der).toLowerCase(); - if (-1 !== hex.indexOf(OBJ_ID_EC)) { - typ = 'EC'; - crv = 'P-256'; - } else { - // TODO more than just P-256 - console.warn("unsupported ec curve"); - } - } - - return { typ: typ, pub: pub, der: der, crv: crv }; -} - -function toHex(ab) { - var hex = []; - var u8 = new Uint8Array(ab); - var size = u8.byteLength; - var i; - var h; - for (i = 0; i < size; i += 1) { - h = u8[i].toString(16); - if (2 === h.length) { - hex.push(h); - } else { - hex.push('0' + h); - } - } - return hex.join(''); -} - -function fromHex(hex) { - if ('undefined' !== typeof Buffer) { - return Buffer.from(hex, 'hex'); - } - var ab = new ArrayBuffer(hex.length/2); - var i; - var j; - ab = new Uint8Array(ab); - for (i = 0, j = 0; i < (hex.length/2); i += 1) { - ab[i] = parseInt(hex.slice(j, j+1), 16); - j += 2; - } - return ab.buffer; -} - -function readEcPubkey(der) { - // the key is the last 520 bits of both the private key and the public key - // he 3 bits prior identify the key as - var x, y; - var compressed; - var keylen = 32; - var offset = 64; - var headerSize = 4; - var header = toHex(der.slice(der.byteLength - (offset + headerSize), der.byteLength - offset)); - - if ('03420004' !== header) { - offset = 32; - header = toHex(der.slice(der.byteLength - (offset + headerSize), der.byteLength - offset)); - if ('03420002' !== header) { - throw new Error("not a valid EC P-256 key (expected 0x0342004 or 0x0342002 as pub key preamble, but found " + header + ")"); - } - } - - // The one good thing that came from the b***kchain hysteria: good EC documentation - // https://davidederosa.com/basic-blockchain-programming/elliptic-curve-keys/ - compressed = ('2' === header[header.byteLength -1]); - x = der.slice(der.byteLength - offset, (der.byteLength - offset) + keylen); - if (!compressed) { - y = der.slice(der.byteLength - keylen, der.byteLength); - } - - return { - x: x - , y: y || null - }; -} - -function formatAsPem(str) { - var finalString = ''; - - while (str.length > 0) { - finalString += str.substring(0, 64) + '\n'; - str = str.substring(64); - } - return finalString; -} - -function toBase64(der) { - if ('undefined' === typeof btoa) { - return Buffer.from(der).toString('base64'); - } - var chs = []; - der.forEach(function (b) { - chs.push(String.fromCharCode(b)); - }); - return btoa(chs.join('')); -} - -function csrEcSig(r, s) { - return [ - ASN1('30' - // 1.2.840.10045.4.3.2 ecdsaWithSHA256 - // (ANSI X9.62 ECDSA algorithm with SHA256) - , ASN1('06', '2A 86 48 CE 3D 04 03 02') - ) - , ASN1.BitStr( - ASN1('30' - , ASN1.UInt(toHex(r)) - , ASN1.UInt(toHex(s)) - ) - ) - ].join(''); -} - -function strToHex(str) { - var escstr = encodeURIComponent(str); - // replaces any uri escape sequence, such as %0A, - // with binary escape, such as 0x0A - var binstr = escstr.replace(/%([0-9A-F]{2})/g, function(match, p1) { - return String.fromCharCode('0x' + p1); - }); - return binstr.split('').map(function (b) { - var h = b.charCodeAt(0).toString(16); - if (2 === h.length) { return h; } - return '0' + h; - }).join(''); -} - -function numToHex(d) { - d = d.toString(16); - if (d.length % 2) { - return '0' + d; - } - return d; -} - -function fromHex(hex) { - if ('undefined' !== typeof Buffer) { - return Buffer.from(hex, 'hex'); - } - var ab = new ArrayBuffer(hex.length/2); - var i; - var j; - ab = new Uint8Array(ab); - for (i = 0, j = 0; i < (hex.length/2); i += 1) { - ab[i] = parseInt(hex.slice(j, j+1), 16); - j += 2; - } - return ab.buffer; -} - -function createCsrBodyEc(domains, xy) { +ECDSACSR.request = function createCsrBodyEc(xy, domains) { var publen = xy.x.byteLength; var compression = '04'; var hxy = ''; @@ -265,64 +40,89 @@ function createCsrBodyEc(domains, xy) { // I haven't learned yet, and I'm not sure if it's allowed at all compression = '02'; } - hxy += toHex(xy.x); - if (xy.y) { - hxy += toHex(xy.y); - } + hxy += Hex.fromAB(xy.x); + if (xy.y) { hxy += Hex.fromAB(xy.y); } - var version = ASN1.UInt('00'); - var subject = ASN1('30' - , ASN1('31' - , ASN1('30' - // object id (commonName) - , ASN1('06', '55 04 03') - , ASN1('0C', strToHex(domains[0]))))); - var pubkey = ASN1('30' + // Sorry for the mess, but it is what it is + return ASN1('30' + + // Version (0) + , ASN1.UInt('00') + + // CN / Subject , ASN1('30' - // 1.2.840.10045.2.1 ecPublicKey - // (ANSI X9.62 public key type) - , ASN1('06', '2A 86 48 CE 3D 02 01') - // 1.2.840.10045.3.1.7 prime256v1 - // (ANSI X9.62 named elliptic curve) - , ASN1('06', '2A 86 48 CE 3D 03 01 07') - ) - , ASN1.BitStr(compression + hxy)); - var altnames = ASN1('A0' - , ASN1('30' - // (extensionRequest (PKCS #9 via CRMF)) - , ASN1('06', '2A 86 48 86 F7 0D 01 09 0E') , ASN1('31' , ASN1('30' + // object id (commonName) + , ASN1('06', '55 04 03') + , ASN1('0C', Hex.fromString(domains[0]))))) + + // EC P-256 Public Key + , ASN1('30' + , ASN1('30' + // 1.2.840.10045.2.1 ecPublicKey + // (ANSI X9.62 public key type) + , ASN1('06', '2A 86 48 CE 3D 02 01') + // 1.2.840.10045.3.1.7 prime256v1 + // (ANSI X9.62 named elliptic curve) + , ASN1('06', '2A 86 48 CE 3D 03 01 07') + ) + , ASN1.BitStr(compression + hxy)) + + // CSR Extension Subject Alternative Names + , ASN1('A0' + , ASN1('30' + // (extensionRequest (PKCS #9 via CRMF)) + , ASN1('06', '2A 86 48 86 F7 0D 01 09 0E') + , ASN1('31' , ASN1('30' - // (subjectAltName (X.509 extension)) - , ASN1('06', '55 1D 11') - , ASN1('04' - , ASN1('30', domains.map(function (d) { - return ASN1('82', strToHex(d)); - }).join('')))))))); - var body = ASN1('30' - - // #0 Total 3 - , version - - // Subject - // #1 Total 2+11+n - , subject - - // P-256 Public Key - // #2 Total 2+25+xy - , pubkey - - // Altnames - // #3 Total 2+28+n - , altnames + , ASN1('30' + // (subjectAltName (X.509 extension)) + , ASN1('06', '55 1D 11') + , ASN1('04' + , ASN1('30', domains.map(function (d) { + return ASN1('82', Hex.fromString(d)); + }).join('')))))))) ); +}; - return body; -} +ECDSACSR.sign = function csrEcSig(keypem, request) { + var sig = ECDSA.sign(keypem, AB.fromHex(request)); + var rLen = sig.r.byteLength; + var rc = ''; + var sLen = sig.s.byteLength; + var sc = ''; -// https://gist.github.com/codermapuche/da4f96cdb6d5ff53b7ebc156ec46a10a -function signEc(keypem, ab) { + if (0x80 & new Uint8Array(sig.r)[0]) { rc = '00'; rLen += 1; } + if (0x80 & new Uint8Array(sig.s)[0]) { sc = '00'; sLen += 1; } + + return ASN1('30' + // The Full CSR Request Body + , request + + // The Signature Type + , ASN1('30' + // 1.2.840.10045.4.3.2 ecdsaWithSHA256 + // (ANSI X9.62 ECDSA algorithm with SHA256) + , ASN1('06', '2A 86 48 CE 3D 04 03 02') + ) + + // The Signature, embedded in a Bit Stream + , ASN1.BitStr( + // As far as I can tell this is a completely separate ASN.1 structure + // that just so happens to be embedded in a Bit String of another ASN.1 + ASN1('30' + , ASN1.UInt(Hex.fromAB(sig.r)) + , ASN1.UInt(Hex.fromAB(sig.s)))) + ); +}; + +// +// ECDSA +// + +// Took some tips from https://gist.github.com/codermapuche/da4f96cdb6d5ff53b7ebc156ec46a10a +ECDSA.sign = function signEc(keypem, ab) { // Signer is a stream var sign = crypto.createSign('SHA256'); sign.write(new Uint8Array(ab)); @@ -355,63 +155,26 @@ function signEc(keypem, ab) { if (0 === r[0]) { r = r.slice(1); } return { raw: sig.buffer, r: r.buffer, s: s.buffer }; -} +}; -function createEcCsr(domains, keypem, ecpub) { - // TODO get pub from priv +// +// DER +// - var csrBody = createCsrBodyEc(domains, ecpub); - var sig = signEc(keypem, fromHex(csrBody)); - var rLen = sig.r.byteLength; - var rc = ''; - var sLen = sig.s.byteLength; - var sc = ''; - - if (0x80 & new Uint8Array(sig.r)[0]) { rc = '00'; rLen += 1; } - if (0x80 & new Uint8Array(sig.s)[0]) { sc = '00'; sLen += 1; } - - var csrSig = csrEcSig(sig.r, sig.s); - - /* - console.log('sig:', sig.raw.byteLength, toHex(sig.raw)); - console.log('r:', sig.r.byteLength, toHex(sig.r)); - console.log('s:', sig.s.byteLength, toHex(sig.s)); - console.log('csr sig:', csrSig.length / 2, csrSig); - console.log('csrBodyLen + csrSigLen', numToHex(len)); - */ - return fromHex(ASN1('30', csrBody, csrSig)); -} - -function createEcCsrPem(domains, keypem) { - var pemblock = parsePem(keypem); - var ecpub = readEcPubkey(pemblock.der); - var ab = createEcCsr(domains, keypem, ecpub); - var pem = formatAsPem(toBase64(ab)); +DER.toCSR = function createEcCsrPem(der) { + var pem = PEM._format(AB.toBase64(der)); return '-----BEGIN CERTIFICATE REQUEST-----\n' + pem + '-----END CERTIFICATE REQUEST-----'; -} +}; -// Taken from Unibabel -// https://git.coolaj86.com/coolaj86/unibabel.js#readme -// https://coolaj86.com/articles/base64-unicode-utf-8-javascript-and-you/ -function utf8ToUint8Array(str) { - var escstr = encodeURIComponent(str); - // replaces any uri escape sequence, such as %0A, - // with binary escape, such as 0x0A - var binstr = escstr.replace(/%([0-9A-F]{2})/g, function(match, p1) { - return String.fromCharCode('0x' + p1); - }); - var buf = new Uint8Array(binstr.length); - binstr.split('').forEach(function (ch, i) { - buf[i] = ch.charCodeAt(0); - }); +// +// PEM +// - return buf; -} - -function ensurePem(key) { +// Just for error checking +PEM.from = function ensurePem(key) { if (!key) { throw new Error("no private key given"); } // whether PEM or DER, convert to Uint8Array - if ('string' === typeof key) { key = utf8ToUint8Array(key); } + if ('string' === typeof key) { key = AB.utf8ToUint8Array(key); } // for consistency if (key instanceof Buffer) { key = new Uint8Array(key.buffer.slice(key.byteOffset, key.byteOffset + key.byteLength)); } @@ -434,7 +197,7 @@ function ensurePem(key) { // if DER, convert to PEM if ((0x30 === key[0]) && (0x80 & key[1])) { - key = toBase64(key); + key = AB.toBase64(key); } key = [].map.call(key, function (i) { return String.fromCharCode(i); @@ -448,7 +211,224 @@ function ensurePem(key) { throw new Error("key does not appear to be in PEM formt (does not begin with either '-' or 'M')," + " nor DER format (does not begin with 0x308X)"); } -} +}; + +PEM.parseBlock = function parsePem(pem) { + var typ; + var pub; + var crv; + var der = AB.fromBase64(pem.split(/\n/).filter(function (line, i) { + if (0 === i) { + if (/ PUBLIC /.test(line)) { + pub = true; + } else if (/ PRIVATE /.test(line)) { + pub = false; + } + if (/ EC/.test(line)) { + typ = 'EC'; + } + } + return !/---/.test(line); + }).join('')); + + if (!typ || 'EC' === typ) { + var hex = Hex.fromAB(der).toLowerCase(); + if (-1 !== hex.indexOf(OBJ_ID_EC)) { + typ = 'EC'; + crv = 'P-256'; + } else { + // TODO support P-384 as well (but probably nothing else) + console.warn("unsupported ec curve"); + } + } + + return { typ: typ, pub: pub, der: der, crv: crv }; +}; + +PEM._format = function formatAsPem(str) { + var finalString = ''; + + while (str.length > 0) { + finalString += str.substring(0, 64) + '\n'; + str = str.substring(64); + } + return finalString; +}; + +PEM.parseEcPubkey = function readEcPubkey(der) { + // the key is the last 520 bits of both the private key and the public key + // he 3 bits prior identify the key as + var x, y; + var compressed; + var keylen = 32; + var offset = 64; + var headerSize = 4; + var header = Hex.fromAB(der.slice(der.byteLength - (offset + headerSize), der.byteLength - offset)); + + if ('03420004' !== header) { + offset = 32; + header = Hex.fromAB(der.slice(der.byteLength - (offset + headerSize), der.byteLength - offset)); + if ('03420002' !== header) { + throw new Error("not a valid EC P-256 key (expected 0x0342004 or 0x0342002 as pub key preamble, but found " + header + ")"); + } + } + + // The one good thing that came from the b***kchain hysteria: good EC documentation + // https://davidederosa.com/basic-blockchain-programming/elliptic-curve-keys/ + compressed = ('2' === header[header.byteLength -1]); + x = der.slice(der.byteLength - offset, (der.byteLength - offset) + keylen); + if (!compressed) { + y = der.slice(der.byteLength - keylen, der.byteLength); + } + + return { + x: x + , y: y || null + }; +}; + +// +// A dumbed-down, minimal ASN.1 packer +// + +// Almost every ASN.1 type that's important for CSR +// can be represented generically with only a few rules. +ASN1 = function ASN1(/*type, hexstrings...*/) { + var args = Array.prototype.slice.call(arguments); + var typ = args.shift(); + var str = args.join('').replace(/\s+/g, '').toLowerCase(); + var len = (str.length/2); + var lenlen = 0; + var hex = typ; + + // We can't have an odd number of hex chars + if (len !== Math.round(len)) { + throw new Error("invalid hex"); + } + + // The first byte of any ASN.1 sequence is the type (Sequence, Integer, etc) + // The second byte is either the size of the value, or the size of its size + + // 1. If the second byte is < 0x80 (128) it is considered the size + // 2. If it is > 0x80 then it describes the number of bytes of the size + // ex: 0x82 means the next 2 bytes describe the size of the value + // 3. The special case of exactly 0x80 is "indefinite" length (to end-of-file) + + if (len > 127) { + lenlen += 1; + while (len > 255) { + lenlen += 1; + len = len >> 8; + } + } + + if (lenlen) { hex += Hex.fromInt(0x80 + lenlen); } + return hex + Hex.fromInt(str.length/2) + str; +}; + +// The Integer type has some special rules +ASN1.UInt = function UINT() { + var str = Array.prototype.slice.call(arguments).join(''); + var first = parseInt(str.slice(0, 2), 16); + + // If the first byte is 0x80 or greater, the number is considered negative + // Therefore we add a '00' prefix if the 0x80 bit is set + if (0x80 & first) { str = '00' + str; } + + return ASN1('02', str); +}; + +// The Bit String type also has a special rule +ASN1.BitStr = function BITSTR() { + var str = Array.prototype.slice.call(arguments).join(''); + // '00' is a mask of how many bits of the next byte to ignore + return ASN1('03', '00' + str); +}; + +// +// Hex, Base64, Buffer, String +// + +Hex.fromAB = function toHex(ab) { + var hex = []; + var u8 = new Uint8Array(ab); + var size = u8.byteLength; + var i; + var h; + for (i = 0; i < size; i += 1) { + h = u8[i].toString(16); + if (2 === h.length) { + hex.push(h); + } else { + hex.push('0' + h); + } + } + return hex.join(''); +}; + +Hex.fromString = function strToHex(str) { + var escstr = encodeURIComponent(str); + // replaces any uri escape sequence, such as %0A, + // with binary escape, such as 0x0A + var binstr = escstr.replace(/%([0-9A-F]{2})/g, function(match, p1) { + return String.fromCharCode('0x' + p1); + }); + return binstr.split('').map(function (b) { + var h = b.charCodeAt(0).toString(16); + if (2 === h.length) { return h; } + return '0' + h; + }).join(''); +}; + +Hex.fromInt = function numToHex(d) { + d = d.toString(16); + if (d.length % 2) { + return '0' + d; + } + return d; +}; + +// Taken from Unibabel +// https://git.coolaj86.com/coolaj86/unibabel.js#readme +// https://coolaj86.com/articles/base64-unicode-utf-8-javascript-and-you/ +AB.utf8ToUint8Array = function (str) { + var escstr = encodeURIComponent(str); + // replaces any uri escape sequence, such as %0A, + // with binary escape, such as 0x0A + var binstr = escstr.replace(/%([0-9A-F]{2})/g, function(match, p1) { + return String.fromCharCode('0x' + p1); + }); + var buf = new Uint8Array(binstr.length); + binstr.split('').forEach(function (ch, i) { + buf[i] = ch.charCodeAt(0); + }); + + return buf; +}; + +AB.fromHex = function fromHex(hex) { + if ('undefined' !== typeof Buffer) { + return Buffer.from(hex, 'hex'); + } + var ab = new ArrayBuffer(hex.length/2); + var i; + var j; + ab = new Uint8Array(ab); + for (i = 0, j = 0; i < (hex.length/2); i += 1) { + ab[i] = parseInt(hex.slice(j, j+1), 16); + j += 2; + } + return ab.buffer; +}; + +AB.fromBase64 = function fromBase64(b64) { + var buf = Buffer.from(b64, 'base64'); + return buf.buffer.slice(buf.byteOffset, buf.byteOffset + buf.byteLength); +}; + +AB.toBase64 = function toBase64(der) { + return Buffer.from(der).toString('base64'); +}; /*global Promise*/ module.exports = function (opts) { @@ -471,8 +451,7 @@ module.exports = function (opts) { })) { throw new Error("You must pass options.domains as utf8 strings (not punycode)"); } - var key = ensurePem(opts.key); - - return createEcCsrPem(opts.domains, key); + var key = PEM.from(opts.key); + return DER.toCSR(ECDSACSR.create(key, opts.domains)); }); }; diff --git a/package.json b/package.json index 1548df2..1101539 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "ecdsa-csr", - "version": "1.1.0", + "version": "1.1.1", "description": "A focused, zero-dependency library to generate a Certificate Signing Request (CSR) and sign it!", "main": "index.js", "bin": {