You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
225 lines
6.3 KiB
225 lines
6.3 KiB
'use strict';
|
|
|
|
var RSA = module.exports;
|
|
var SSH = require('./ssh.js');
|
|
var PEM = require('./pem.js');
|
|
var x509 = require('./x509.js');
|
|
var ASN1 = require('./asn1.js');
|
|
var Enc = require('./encoding.js');
|
|
var Crypto = require('./crypto.js');
|
|
|
|
/*global Promise*/
|
|
RSA.generate = function (opts) {
|
|
opts.kty = "RSA";
|
|
return Crypto.generate(opts).then(function (pair) {
|
|
var format = opts.format;
|
|
var encoding = opts.encoding;
|
|
|
|
// The easy way
|
|
if ('json' === format && !encoding) {
|
|
format = 'jwk';
|
|
encoding = 'json';
|
|
}
|
|
if (('jwk' === format || !format) && ('json' === encoding || !encoding)) { return pair; }
|
|
if ('jwk' === format || 'json' === encoding) {
|
|
throw new Error("format '" + format + "' is incompatible with encoding '" + encoding + "'");
|
|
}
|
|
|
|
// The... less easy way
|
|
/*
|
|
var priv;
|
|
var pub;
|
|
|
|
if ('spki' === format || 'pkcs8' === format) {
|
|
format = 'pkcs8';
|
|
pub = 'spki';
|
|
}
|
|
|
|
if ('pem' === format) {
|
|
format = 'pkcs1';
|
|
encoding = 'pem';
|
|
} else if ('der' === format) {
|
|
format = 'pkcs1';
|
|
encoding = 'der';
|
|
}
|
|
|
|
priv = format;
|
|
pub = pub || format;
|
|
|
|
if (!encoding) {
|
|
encoding = 'pem';
|
|
}
|
|
|
|
if (priv) {
|
|
priv = { type: priv, format: encoding };
|
|
pub = { type: pub, format: encoding };
|
|
} else {
|
|
// jwk
|
|
priv = { type: 'pkcs1', format: 'pem' };
|
|
pub = { type: 'pkcs1', format: 'pem' };
|
|
}
|
|
*/
|
|
if (('pem' === format || 'der' === format) && !encoding) {
|
|
encoding = format;
|
|
format = 'pkcs1';
|
|
}
|
|
|
|
var exOpts = { jwk: pair.private, format: format, encoding: encoding };
|
|
return RSA.export(exOpts).then(function (priv) {
|
|
exOpts.public = true;
|
|
if ('pkcs8' === exOpts.format) { exOpts.format = 'spki'; }
|
|
return RSA.export(exOpts).then(function (pub) {
|
|
return { private: priv, public: pub };
|
|
});
|
|
});
|
|
});
|
|
};
|
|
|
|
RSA.importSync = function (opts) {
|
|
if (!opts || !opts.pem || 'string' !== typeof opts.pem) {
|
|
throw new Error("must pass { pem: pem } as a string");
|
|
}
|
|
|
|
var jwk = { kty: 'RSA', n: null, e: null };
|
|
if (0 === opts.pem.indexOf('ssh-rsa ')) {
|
|
return SSH.parse(opts.pem, jwk);
|
|
}
|
|
var pem = opts.pem;
|
|
var block = PEM.parseBlock(pem);
|
|
//var hex = toHex(u8);
|
|
var asn1 = ASN1.parse(block.bytes);
|
|
|
|
var meta = x509.guess(block.bytes, asn1);
|
|
|
|
if ('pkcs1' === meta.format) {
|
|
jwk = x509.parsePkcs1(block.bytes, asn1, jwk);
|
|
} else {
|
|
jwk = x509.parsePkcs8(block.bytes, asn1, jwk);
|
|
}
|
|
|
|
if (opts.public) {
|
|
jwk = RSA.neuter(jwk);
|
|
}
|
|
return jwk;
|
|
};
|
|
RSA.parse = function parseRsa(opts) {
|
|
// wrapped in a promise for API compatibility
|
|
// with the forthcoming browser version
|
|
// (and potential future native node capability)
|
|
return Promise.resolve().then(function () {
|
|
return RSA.importSync(opts);
|
|
});
|
|
};
|
|
RSA.toJwk = RSA.import = RSA.parse;
|
|
|
|
/*
|
|
RSAPrivateKey ::= SEQUENCE {
|
|
version Version,
|
|
modulus INTEGER, -- n
|
|
publicExponent INTEGER, -- e
|
|
privateExponent INTEGER, -- d
|
|
prime1 INTEGER, -- p
|
|
prime2 INTEGER, -- q
|
|
exponent1 INTEGER, -- d mod (p-1)
|
|
exponent2 INTEGER, -- d mod (q-1)
|
|
coefficient INTEGER, -- (inverse of q) mod p
|
|
otherPrimeInfos OtherPrimeInfos OPTIONAL
|
|
}
|
|
*/
|
|
|
|
RSA.exportSync = function (opts) {
|
|
if (!opts || !opts.jwk || 'object' !== typeof opts.jwk) {
|
|
throw new Error("must pass { jwk: jwk }");
|
|
}
|
|
var jwk = JSON.parse(JSON.stringify(opts.jwk));
|
|
var format = opts.format;
|
|
var pub = opts.public;
|
|
if (pub || -1 !== [ 'spki', 'pkix', 'ssh', 'rfc4716' ].indexOf(format)) {
|
|
jwk = RSA.neuter(jwk);
|
|
}
|
|
if ('RSA' !== jwk.kty) {
|
|
throw new Error("options.jwk.kty must be 'RSA' for RSA keys");
|
|
}
|
|
if (!jwk.p) {
|
|
// TODO test for n and e
|
|
pub = true;
|
|
if (!format || 'pkcs1' === format) {
|
|
format = 'pkcs1';
|
|
} else if (-1 !== [ 'spki', 'pkix' ].indexOf(format)) {
|
|
format = 'spki';
|
|
} else if (-1 !== [ 'ssh', 'rfc4716' ].indexOf(format)) {
|
|
format = 'ssh';
|
|
} else {
|
|
throw new Error("options.format must be 'spki', 'pkcs1', or 'ssh' for public RSA keys, not ("
|
|
+ typeof format + ") " + format);
|
|
}
|
|
} else {
|
|
// TODO test for all necessary keys (d, p, q ...)
|
|
if (!format || 'pkcs1' === format) {
|
|
format = 'pkcs1';
|
|
} else if ('pkcs8' !== format) {
|
|
throw new Error("options.format must be 'pkcs1' or 'pkcs8' for private RSA keys");
|
|
}
|
|
}
|
|
|
|
if ('pkcs1' === format) {
|
|
if (jwk.d) {
|
|
return PEM.packBlock({ type: "RSA PRIVATE KEY", bytes: x509.packPkcs1(jwk) });
|
|
} else {
|
|
return PEM.packBlock({ type: "RSA PUBLIC KEY", bytes: x509.packPkcs1(jwk) });
|
|
}
|
|
} else if ('pkcs8' === format) {
|
|
return PEM.packBlock({ type: "PRIVATE KEY", bytes: x509.packPkcs8(jwk) });
|
|
} else if (-1 !== [ 'spki', 'pkix' ].indexOf(format)) {
|
|
return PEM.packBlock({ type: "PUBLIC KEY", bytes: x509.packSpki(jwk) });
|
|
} else if (-1 !== [ 'ssh', 'rfc4716' ].indexOf(format)) {
|
|
return SSH.pack({ jwk: jwk, comment: opts.comment });
|
|
} else {
|
|
throw new Error("Sanity Error: reached unreachable code block with format: " + format);
|
|
}
|
|
};
|
|
RSA.pack = function (opts) {
|
|
// wrapped in a promise for API compatibility
|
|
// with the forthcoming browser version
|
|
// (and potential future native node capability)
|
|
return Promise.resolve().then(function () {
|
|
return RSA.exportSync(opts);
|
|
});
|
|
};
|
|
RSA.toPem = RSA.export = RSA.pack;
|
|
|
|
// snip the _private_ parts... hAHAHAHA!
|
|
var privates = [ 'p', 'q', 'd', 'dp', 'dq', 'qi' ];
|
|
// fix misspelling without breaking the API
|
|
RSA.neuter = RSA.nueter = function (priv) {
|
|
var pub = {};
|
|
Object.keys(priv).forEach(function (key) {
|
|
if (!privates.includes(key)) {
|
|
pub[key] = priv[key];
|
|
}
|
|
});
|
|
return pub;
|
|
};
|
|
|
|
RSA.__thumbprint = function (jwk) {
|
|
var buf = require('crypto').createHash('sha256')
|
|
// alphabetically sorted keys [ 'e', 'kty', 'n' ]
|
|
.update('{"e":"' + jwk.e + '","kty":"RSA","n":"' + jwk.n + '"}')
|
|
.digest()
|
|
;
|
|
return Enc.bufToUrlBase64(buf);
|
|
};
|
|
|
|
RSA.thumbprint = function (opts) {
|
|
return Promise.resolve().then(function () {
|
|
var jwk;
|
|
if ('RSA' === opts.kty) {
|
|
jwk = opts;
|
|
} else if (opts.jwk) {
|
|
jwk = opts.jwk;
|
|
} else {
|
|
jwk = RSA.importSync(opts);
|
|
}
|
|
return RSA.__thumbprint(jwk);
|
|
});
|
|
};
|
|
|