coolaj86/eckles.js
1
2
Fork 1
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: coolaj86:24aeb19774e0c25ef250efa78fa364aaef114794
Branches Tags
coolaj86:master
coolaj86:v1.4.0
coolaj86:v1.3.3
coolaj86:v1.3.2
coolaj86:v1.3.1
coolaj86:v1.3.0
coolaj86:v1.2.1
coolaj86:v1.2.0
coolaj86:v1.1.1
coolaj86:v1.1.0
coolaj86:v1.0.1
coolaj86:v1.0.0
coolaj86:v0.7.2
coolaj86:v0.7.1
coolaj86:v0.7.0
coolaj86:v0.1.1
coolaj86:v0.1.0
..
compare: coolaj86:1d050b5991a36f1b495059ad77465c7d1d2c6818
Branches Tags
coolaj86:master
coolaj86:v1.4.0
coolaj86:v1.3.3
coolaj86:v1.3.2
coolaj86:v1.3.1
coolaj86:v1.3.0
coolaj86:v1.2.1
coolaj86:v1.2.0
coolaj86:v1.1.1
coolaj86:v1.1.0
coolaj86:v1.0.1
coolaj86:v1.0.0
coolaj86:v0.7.2
coolaj86:v0.7.1
coolaj86:v0.7.0
coolaj86:v0.1.1
coolaj86:v0.1.0

No commits in common. "24aeb19774e0c25ef250efa78fa364aaef114794" and "1d050b5991a36f1b495059ad77465c7d1d2c6818" have entirely different histories.
24aeb19774 ... 1d050b5991

8 changed files with 43 additions and 275 deletions
Show Stats Expand all files Collapse all files

24
bin/eckles.js
View File

@ -5,28 +5,10 @@ var fs = require('fs');
var eckles = require('../index.js');
var infile = process.argv[2];
var format = process.argv[3];
//var outfile = process.argv[3];
var key = fs.readFileSync(infile, 'ascii');
var keypem = fs.readFileSync(infile, 'ascii');
try {
key = JSON.parse(key);
} catch(e) {
// ignore
}
if ('string' === typeof key) {
eckles.import({ pem: key }).then(function (jwk) {
eckles.import({ pem: keypem }).then(function (jwk) {
console.log(JSON.stringify(jwk, null, 2));
}).catch(function (err) {
console.error(err);
process.exit(1);
});
} else {
eckles.export({ jwk: key, format: format }).then(function (pem) {
console.log(pem);
}).catch(function (err) {
console.error(err);
process.exit(2);
});
}

7
fixtures/privkey-ec-p256.jwk
View File

@ -1,7 +0,0 @@
{
"kty": "EC",
"crv": "P-256",
"d": "iYydo27aNGO9DBUWeGEPD8oNi1LZDqfxPmQlieLBjVQ",
"x": "IT1SWLxsacPiE5Z16jkopAn8_-85rMjgyCokrnjDft4",
"y": "mP2JwOAOdMmXuwpxbKng3KZz27mz-nKWIlXJ3rzSGMo"
}

7
fixtures/privkey-ec-p384.jwk
View File

@ -1,7 +0,0 @@
{
"kty": "EC",
"crv": "P-384",
"d": "XlyuCEWSTTS8U79O_Mz05z18vh4kb10szvu_7pdXuGWV6lfEyPExyUYWsA6A2kdV",
"x": "2zEU0bKCa7ejKLIJ8oPGnLhqhxyiv4_w38K2a0SPC6dsSd9_glNJ8lcqv0sff5Gb",
"y": "VD4jnu83S6scn6_TeAj3EZOREGbOs6dzoVpaugn-XQMMyC9O4VLbDDFGBZTJlMsb"
}

6
fixtures/pub-ec-p256.jwk
View File

@ -1,6 +0,0 @@
{
"kty": "EC",
"crv": "P-256",
"x": "IT1SWLxsacPiE5Z16jkopAn8_-85rMjgyCokrnjDft4",
"y": "mP2JwOAOdMmXuwpxbKng3KZz27mz-nKWIlXJ3rzSGMo"
}

6
fixtures/pub-ec-p384.jwk
View File

@ -1,6 +0,0 @@
{
"kty": "EC",
"crv": "P-384",
"x": "2zEU0bKCa7ejKLIJ8oPGnLhqhxyiv4_w38K2a0SPC6dsSd9_glNJ8lcqv0sff5Gb",
"y": "VD4jnu83S6scn6_TeAj3EZOREGbOs6dzoVpaugn-XQMMyC9O4VLbDDFGBZTJlMsb"
}

247
lib/eckles.js
View File

@ -1,9 +1,6 @@
'use strict';
var ASN1;
var EC = module.exports;
var Hex = {};
var PEM = {};
// 1.2.840.10045.3.1.7
// prime256v1 (ANSI X9.62 named elliptic curve)
@ -12,21 +9,36 @@ var OBJ_ID_EC = '06 08 2A8648CE3D030107'.replace(/\s+/g, '').toLowerCase();
// secp384r1 (SECG (Certicom) named elliptic curve)
var OBJ_ID_EC_384 = '06 05 2B81040022'.replace(/\s+/g, '').toLowerCase();
// 1.2.840.10045.2.1
// ecPublicKey (ANSI X9.62 public key type)
//var OBJ_ID_EC_PUB = '06 07 2A8648CE3D0201'.replace(/\s+/g, '').toLowerCase();
// The one good thing that came from the b***kchain hysteria: good EC documentation
// https://davidederosa.com/basic-blockchain-programming/elliptic-curve-keys/
var PEM = {};
PEM._toUrlSafeBase64 = function (u8) {
//console.log('Len:', u8.byteLength);
return Buffer.from(u8).toString('base64')
.replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
};
PEM.parseBlock = function pemToDer(pem) {
function toHex(ab) {
var hex = [];
var u8 = new Uint8Array(ab);
var size = u8.byteLength;
var i;
var h;
for (i = 0; i < size; i += 1) {
h = u8[i].toString(16);
if (2 === h.length) {
hex.push(h);
} else {
hex.push('0' + h);
}
}
return hex.join('').replace(/\s+/g, '').toLowerCase();
}
Hex.fromAB = toHex;
function parsePem(pem) {
var typ;
var pub;
var crv;
@ -58,67 +70,10 @@ PEM.parseBlock = function pemToDer(pem) {
}
}
return { kty: typ, pub: pub, der: der, crv: crv };
};
PEM.packBlock = function (opts) {
// TODO allow for headers?
return '-----BEGIN ' + opts.type + '-----\n'
+ toBase64(opts.bytes).match(/.{1,64}/g).join('\n') + '\n'
+ '-----END ' + opts.type + '-----'
;
};
function toHex(ab) {
var hex = [];
var u8 = new Uint8Array(ab);
var size = u8.byteLength;
var i;
var h;
for (i = 0; i < size; i += 1) {
h = u8[i].toString(16);
if (2 === h.length) {
hex.push(h);
} else {
hex.push('0' + h);
}
}
return hex.join('').replace(/\s+/g, '').toLowerCase();
}
Hex.fromAB = toHex;
Hex.fromInt = function numToHex(d) {
d = d.toString(16);
if (d.length % 2) {
return '0' + d;
}
return d;
};
Hex.toUint8 = function (hex) {
var buf = Buffer.from(hex, 'hex');
var ab = buf.buffer;
return new Uint8Array(ab.slice(buf.offset, buf.offset + buf.byteLength));
};
function toBase64(u8) {
return Buffer.from(u8).toString('base64');
return { typ: typ, pub: pub, der: der, crv: crv };
}
function urlBase64ToBase64(ub64) {
var r = ub64 % 4;
if (2 === r) {
ub64 += '==';
} else if (3 === r) {
ub64 += '=';
}
return ub64.replace(/-/g, '+').replace(/_/g, '/');
}
function base64ToUint8(b64) {
var buf = Buffer.from(b64, 'base64');
return new Uint8Array(buf.buffer.slice(buf.byteOffset, buf.byteOffset + buf.byteLength));
}
EC.parseSec1 = function parseEcOnlyPrivkey(u8, jwk) {
function parseEcOnlyPrivkey(u8, jwk) {
var index = 7;
var len = 32;
var olen = OBJ_ID_EC.length/2;
@ -156,9 +111,8 @@ EC.parseSec1 = function parseEcOnlyPrivkey(u8, jwk) {
, y: PEM._toUrlSafeBase64(y)
//, yh: y
};
};
EC.parsePkcs8 = function parseEcPkcs8(u8, jwk) {
}
function parseEcPkcs8Privkey(u8, jwk) {
var index = 24 + (OBJ_ID_EC.length/2);
var len = 32;
if ("P-384" === jwk.crv) {
@ -193,9 +147,8 @@ EC.parsePkcs8 = function parseEcPkcs8(u8, jwk) {
, y: PEM._toUrlSafeBase64(y)
//, yh: y
};
};
EC.parseSpki = function parsePem(u8, jwk) {
}
function parseEcPub(u8, jwk) {
var ci = 16 + OBJ_ID_EC.length/2;
var len = 32;
@ -223,17 +176,16 @@ EC.parseSpki = function parsePem(u8, jwk) {
, y: PEM._toUrlSafeBase64(y)
//, yh: y
};
};
EC.parsePkix = EC.parseSpki;
}
/*global Promise*/
EC.parse = function parseEc(opts) {
function parseEcPrivkey(opts) {
return Promise.resolve().then(function () {
if (!opts || !opts.pem) {
throw new Error("must pass { pem: pem }");
}
var pem = opts.pem;
var u8 = PEM.parseBlock(pem).der;
var u8 = parsePem(pem).der;
var hex = toHex(u8);
var jwk = { kty: 'EC', crv: null, x: null, y: null };
@ -244,15 +196,15 @@ EC.parse = function parseEc(opts) {
// PKCS8
if (0x02 === u8[3] && 0x30 === u8[6] && 0x06 === u8[8]) {
//console.log("PKCS8", u8[3].toString(16), u8[6].toString(16), u8[8].toString(16));
return EC.parsePkcs8(u8, jwk);
return parseEcPkcs8Privkey(u8, jwk);
// EC-only
} else if (0x02 === u8[2] && 0x04 === u8[5] && 0xA0 === u8[39]) {
//console.log("EC---", u8[2].toString(16), u8[5].toString(16), u8[39].toString(16));
return EC.parseSec1(u8, jwk);
return parseEcOnlyPrivkey(u8, jwk);
// SPKI/PKIK (Public)
} else if (0x30 === u8[2] && 0x06 === u8[4] && 0x06 === u8[13]) {
//console.log("SPKI-", u8[2].toString(16), u8[4].toString(16), u8[13].toString(16));
return EC.parseSpki(u8, jwk);
return parseEcPub(u8, jwk);
// Error
} else {
//console.log("PKCS8", u8[3].toString(16), u8[6].toString(16), u8[8].toString(16));
@ -266,15 +218,15 @@ EC.parse = function parseEc(opts) {
// PKCS8
if (0x02 === u8[3] && 0x30 === u8[6] && 0x06 === u8[8]) {
//console.log("PKCS8", u8[3].toString(16), u8[6].toString(16), u8[8].toString(16));
return EC.parsePkcs8(u8, jwk);
return parseEcPkcs8Privkey(u8, jwk);
// EC-only
} else if (0x02 === u8[3] && 0x04 === u8[6] && 0xA0 === u8[56]) {
//console.log("EC---", u8[3].toString(16), u8[6].toString(16), u8[56].toString(16));
return EC.parseSec1(u8, jwk);
return parseEcOnlyPrivkey(u8, jwk);
// SPKI/PKIK (Public)
} else if (0x30 === u8[2] && 0x06 === u8[4] && 0x06 === u8[13]) {
//console.log("SPKI-", u8[2].toString(16), u8[4].toString(16), u8[13].toString(16));
return EC.parseSpki(u8, jwk);
return parseEcPub(u8, jwk);
// Error
} else {
//console.log("PKCS8", u8[3].toString(16), u8[6].toString(16), u8[8].toString(16));
@ -286,133 +238,6 @@ EC.parse = function parseEc(opts) {
throw new Error("Supported key types are P-256 and P-384");
}
});
};
EC.toJwk = EC.import = EC.parse;
EC.pack = function (opts) {
return Promise.resolve().then(function () {
if (!opts || !opts.jwk || 'object' !== typeof opts.jwk) {
throw new Error("must pass { jwk: jwk }");
}
var jwk = JSON.parse(JSON.stringify(opts.jwk));
var format = opts.format;
if (opts.public || -1 !== [ 'spki', 'pkix' ].indexOf(format)) {
jwk.d = null;
}
if ('EC' !== jwk.kty) {
throw new Error("options.jwk.kty must be 'EC' for EC keys");
}
if (!jwk.d) {
if (!format || 'pkix' === format) {
format = 'spki';
} else if ('spki' !== format) {
throw new Error("options.format must be 'spki' for public EC keys");
}
} else {
if (!format || 'sec1' === format) {
format = 'sec1';
} else if ('pkcs8' !== format) {
throw new Error("options.format must be 'sec1' or 'pkcs8' for private EC keys");
}
}
if (-1 === [ 'P-256', 'P-384' ].indexOf(jwk.crv)) {
throw new Error("options.jwk.crv must be either P-256 or P-384 for EC keys");
}
if (!jwk.y) {
throw new Error("options.jwk.y must be a urlsafe base64-encoded either P-256 or P-384");
}
if ('sec1' === format) {
return PEM.packBlock({ type: "EC PRIVATE KEY", bytes: EC.packSec1(jwk) });
} else if ('pkcs8' === format) {
throw new Error("pkcs8 output not implemented");
} else {
throw new Error("spki not implemented");
}
});
};
EC.packSec1 = function (jwk) {
var d = toHex(base64ToUint8(urlBase64ToBase64(jwk.d)));
var x = toHex(base64ToUint8(urlBase64ToBase64(jwk.x)));
var y = toHex(base64ToUint8(urlBase64ToBase64(jwk.y)));
var objId = ('P-256' === jwk.crv) ? OBJ_ID_EC : OBJ_ID_EC_384;
return Hex.toUint8(
ASN1('30'
, ASN1.UInt('01')
, ASN1('04', d)
, ASN1('A0', objId)
, ASN1('A1', ASN1.BitStr('04' + x + y)))
);
};
EC.packPkcs8 = function (jwk) {
var d = toHex(base64ToUint8(urlBase64ToBase64(jwk.d)));
var x = toHex(base64ToUint8(urlBase64ToBase64(jwk.x)));
var y = toHex(base64ToUint8(urlBase64ToBase64(jwk.y)));
var objId = ('P-256' === jwk.crv) ? OBJ_ID_EC : OBJ_ID_EC_384;
};
EC.packSpki = function (jwk) {
var x = toHex(base64ToUint8(urlBase64ToBase64(jwk.x)));
var y = toHex(base64ToUint8(urlBase64ToBase64(jwk.y)));
};
EC.packPkix = EC.packSpki;
//
// A dumbed-down, minimal ASN.1 packer
//
// Almost every ASN.1 type that's important for CSR
// can be represented generically with only a few rules.
ASN1 = function ASN1(/*type, hexstrings...*/) {
var args = Array.prototype.slice.call(arguments);
var typ = args.shift();
var str = args.join('').replace(/\s+/g, '').toLowerCase();
var len = (str.length/2);
var lenlen = 0;
var hex = typ;
// We can't have an odd number of hex chars
if (len !== Math.round(len)) {
throw new Error("invalid hex");
}
// The first byte of any ASN.1 sequence is the type (Sequence, Integer, etc)
// The second byte is either the size of the value, or the size of its size
// 1. If the second byte is < 0x80 (128) it is considered the size
// 2. If it is > 0x80 then it describes the number of bytes of the size
// ex: 0x82 means the next 2 bytes describe the size of the value
// 3. The special case of exactly 0x80 is "indefinite" length (to end-of-file)
if (len > 127) {
lenlen += 1;
while (len > 255) {
lenlen += 1;
len = len >> 8;
}
}
if (lenlen) { hex += Hex.fromInt(0x80 + lenlen); }
return hex + Hex.fromInt(str.length/2) + str;
};
// The Integer type has some special rules
ASN1.UInt = function UINT() {
var str = Array.prototype.slice.call(arguments).join('');
var first = parseInt(str.slice(0, 2), 16);
// If the first byte is 0x80 or greater, the number is considered negative
// Therefore we add a '00' prefix if the 0x80 bit is set
if (0x80 & first) { str = '00' + str; }
return ASN1('02', str);
};
// The Bit String type also has a special rule
ASN1.BitStr = function BITSTR() {
var str = Array.prototype.slice.call(arguments).join('');
// '00' is a mask of how many bits of the next byte to ignore
return ASN1('03', '00' + str);
};
EC.toPem = EC.export = EC.pack;
module.exports.import = parseEcPrivkey;

2
package.json
View File

@ -1,6 +1,6 @@
{
"name": "eckles",
"version": "0.7.0",
"version": "0.1.1",
"description": "A focused, zero-dependency library for perfect universal ECDSA P-256 (prime256v1, secp256r1) and P-384 (secp384r1) support.",
"main": "index.js",
"bin": {

13
test.sh
View File

@ -1,5 +1,4 @@
#/bin/bash
set -e
echo ""
echo ""
@ -14,15 +13,3 @@ node bin/eckles.js fixtures/privkey-ec-p384.pkcs8.pem
node bin/eckles.js fixtures/pub-ec-p384.spki.pem
echo ""
echo ""
node bin/eckles.js fixtures/privkey-ec-p256.jwk sec1
node bin/eckles.js fixtures/privkey-ec-p256.jwk pkcs8
node bin/eckles.js fixtures/pub-ec-p256.jwk spki
echo ""
echo ""
node bin/eckles.js fixtures/privkey-ec-p384.jwk sec1
node bin/eckles.js fixtures/privkey-ec-p384.jwk pkcs8
node bin/eckles.js fixtures/pub-ec-p384.jwk spki
echo ""