From 2e7134dd8a3c33cc59f801ef48c4fb045ad555a6 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Thu, 14 Mar 2019 11:59:31 -0600 Subject: [PATCH] use keypairs (over rasha) --- lib/generate-privkey-forge.js | 6 +- lib/generate-privkey-node.js | 6 +- lib/generate-privkey-ursa.js | 6 +- lib/rasha/.drone.yml | 11 - lib/rasha/.gitignore | 1 - lib/rasha/README.md | 218 ---------------- lib/rasha/TODO.txt | 63 ----- lib/rasha/bin/rasha.js | 97 -------- lib/rasha/fixtures/privkey-rsa-2048.jwk.json | 11 - lib/rasha/fixtures/privkey-rsa-2048.pkcs1.pem | 27 -- lib/rasha/fixtures/privkey-rsa-2048.pkcs8.pem | 28 --- lib/rasha/fixtures/pub-rsa-2048.jwk.json | 5 - lib/rasha/fixtures/pub-rsa-2048.pkcs1.pem | 8 - lib/rasha/fixtures/pub-rsa-2048.spki.pem | 9 - lib/rasha/fixtures/pub-rsa-2048.ssh.pub | 1 - lib/rasha/index.js | 2 - lib/rasha/lib/asn1.js | 235 ------------------ lib/rasha/lib/encoding.js | 104 -------- lib/rasha/lib/pem.js | 28 --- lib/rasha/lib/rasha.js | 204 --------------- lib/rasha/lib/ssh.js | 80 ------ lib/rasha/lib/telemetry.js | 111 --------- lib/rasha/lib/x509.js | 153 ------------ lib/rasha/package.json | 40 --- lib/rasha/test.js | 6 - lib/rasha/test.sh | 172 ------------- lib/rsa.js | 10 +- package-lock.json | 27 ++ package.json | 7 +- 29 files changed, 46 insertions(+), 1630 deletions(-) delete mode 100644 lib/rasha/.drone.yml delete mode 100644 lib/rasha/.gitignore delete mode 100644 lib/rasha/README.md delete mode 100644 lib/rasha/TODO.txt delete mode 100755 lib/rasha/bin/rasha.js delete mode 100644 lib/rasha/fixtures/privkey-rsa-2048.jwk.json delete mode 100644 lib/rasha/fixtures/privkey-rsa-2048.pkcs1.pem delete mode 100644 lib/rasha/fixtures/privkey-rsa-2048.pkcs8.pem delete mode 100644 lib/rasha/fixtures/pub-rsa-2048.jwk.json delete mode 100644 lib/rasha/fixtures/pub-rsa-2048.pkcs1.pem delete mode 100644 lib/rasha/fixtures/pub-rsa-2048.spki.pem delete mode 100644 lib/rasha/fixtures/pub-rsa-2048.ssh.pub delete mode 100644 lib/rasha/index.js delete mode 100644 lib/rasha/lib/asn1.js delete mode 100644 lib/rasha/lib/encoding.js delete mode 100644 lib/rasha/lib/pem.js delete mode 100644 lib/rasha/lib/rasha.js delete mode 100644 lib/rasha/lib/ssh.js delete mode 100644 lib/rasha/lib/telemetry.js delete mode 100644 lib/rasha/lib/x509.js delete mode 100644 lib/rasha/package.json delete mode 100644 lib/rasha/test.js delete mode 100755 lib/rasha/test.sh create mode 100644 package-lock.json diff --git a/lib/generate-privkey-forge.js b/lib/generate-privkey-forge.js index a11def9..c3f20e3 100644 --- a/lib/generate-privkey-forge.js +++ b/lib/generate-privkey-forge.js @@ -4,7 +4,7 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 'use strict'; -var Rasha = require('./rasha'); +var Keypairs = require('keypairs'); module.exports = function (bitlen, exp) { var k = require('node-forge').pki.rsa @@ -21,8 +21,8 @@ module.exports = function (bitlen, exp) { , qi: _toUrlBase64(k.qInv) }; return { - publicKeyPem: Rasha.exportSync({ jwk: jwk, public: true }) - , privateKeyPem: Rasha.exportSync({ jwk: jwk }) + publicKeyPem: Keypairs._exportSync({ jwk: jwk, public: true }) + , privateKeyPem: Keypairs._exportSync({ jwk: jwk }) , privateKeyJwk: jwk , publicKeyJwk: { kty: jwk.kty diff --git a/lib/generate-privkey-node.js b/lib/generate-privkey-node.js index cfc3c8b..fff6627 100644 --- a/lib/generate-privkey-node.js +++ b/lib/generate-privkey-node.js @@ -4,7 +4,7 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 'use strict'; -var Rasha = require('./rasha'); +var Keypairs = require('keypairs'); module.exports = function (bitlen, exp) { var keypair = require('crypto').generateKeyPairSync( @@ -25,8 +25,8 @@ module.exports = function (bitlen, exp) { publicKeyPem: keypair.publicKey.trim() , privateKeyPem: keypair.privateKey.trim() }; - result.publicKeyJwk = Rasha.importSync({ pem: result.publicKeyPem, public: true }); - result.privateKeyJwk = Rasha.importSync({ pem: result.privateKeyPem }); + result.publicKeyJwk = Keypairs._importSync({ pem: result.publicKeyPem, public: true }); + result.privateKeyJwk = Keypairs._importSync({ pem: result.privateKeyPem }); return result; }; diff --git a/lib/generate-privkey-ursa.js b/lib/generate-privkey-ursa.js index 2267233..ec263e4 100644 --- a/lib/generate-privkey-ursa.js +++ b/lib/generate-privkey-ursa.js @@ -4,7 +4,7 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 'use strict'; -var Rasha = require('./rasha'); +var Keypairs = require('keypairs'); module.exports = function (bitlen, exp) { var ursa; @@ -18,8 +18,8 @@ module.exports = function (bitlen, exp) { publicKeyPem: keypair.toPublicPem().toString('ascii').trim() , privateKeyPem: keypair.toPrivatePem().toString('ascii').trim() }; - result.publicKeyJwk = Rasha.importSync({ pem: result.publicKeyPem, public: true }); - result.privateKeyJwk = Rasha.importSync({ pem: result.privateKeyPem }); + result.publicKeyJwk = Keypairs._importSync({ pem: result.publicKeyPem, public: true }); + result.privateKeyJwk = Keypairs._importSync({ pem: result.privateKeyPem }); return result; }; diff --git a/lib/rasha/.drone.yml b/lib/rasha/.drone.yml deleted file mode 100644 index 309fe40..0000000 --- a/lib/rasha/.drone.yml +++ /dev/null @@ -1,11 +0,0 @@ -kind: pipeline -name: default - -pipeline: - build: - image: node - environment: - RASHA_TEST_LARGE_KEYS: "true" - commands: - - npm install --ignore-scripts - - npm test diff --git a/lib/rasha/.gitignore b/lib/rasha/.gitignore deleted file mode 100644 index f080492..0000000 --- a/lib/rasha/.gitignore +++ /dev/null @@ -1 +0,0 @@ -all.* diff --git a/lib/rasha/README.md b/lib/rasha/README.md deleted file mode 100644 index e2d5fb2..0000000 --- a/lib/rasha/README.md +++ /dev/null @@ -1,218 +0,0 @@ -[Rasha.js](https://git.coolaj86.com/coolaj86/rasha.js) · [![Build Status](https://strong-emu-11.telebit.io/api/badges/coolaj86/rasha.js/status.svg)](https://strong-emu-11.telebit.io/coolaj86/rasha.js) -========= - -Sponsored by [Root](https://therootcompany.com). -Built for [ACME.js](https://git.coolaj86.com/coolaj86/acme.js) -and [Greenlock.js](https://git.coolaj86.com/coolaj86/greenlock.js) - - - -| ~550 lines of code | 3kb gzipped | 10kb minified | 18kb with comments | - -RSA tools. Lightweight. Zero Dependencies. Universal compatibility. - -* [x] Fast and Easy RSA Key Generation -* [x] PEM-to-JWK -* [x] JWK-to-PEM -* [x] SSH "pub" format -* [ ] ECDSA - * **Need EC or ECDSA tools?** Check out [Eckles.js](https://git.coolaj86.com/coolaj86/eckles.js) - - -## Generate RSA Key - -Achieves the *fastest possible key generation* using node's native RSA bindings to OpenSSL, -then converts to JWK for ease-of-use. - -``` -Rasha.generate({ format: 'jwk' }).then(function (keypair) { - console.log(keypair.private); - console.log(keypair.public); -}); -``` - -**options** - -* `format` defaults to `'jwk'` - * `'pkcs1'` (traditional) - * `'pkcs8'` -* `modulusLength` defaults to 2048 (must not be lower) - * generally you shouldn't pick a larger key size - they're slow - * **2048** is more than sufficient - * 3072 is way, way overkill and takes a few seconds to generate - * 4096 can take about a minute to generate and is just plain wasteful - -**advanced options** - -These options are provided for debugging and should not be used. - -* `publicExponent` defaults to 65537 (`0x10001`) - -## PEM-to-JWK - -* [x] PKCS#1 (traditional) -* [x] PKCS#8, SPKI/PKIX -* [x] 2048-bit, 3072-bit, 4096-bit (and ostensibily all others) -* [x] SSH (RFC4716), (RFC 4716/SSH2) - -```js -var Rasha = require('rasha'); -var pem = require('fs') - .readFileSync('./node_modles/rasha/fixtures/privkey-rsa-2048.pkcs1.pem', 'ascii'); - -Rasha.import({ pem: pem }).then(function (jwk) { - console.log(jwk); -}); -``` - -```js -{ - "kty": "RSA", - "n": "m2ttVBxPlWw06ZmGBWVDl...QlEz7UNNj9RGps_50-CNw", - "e": "AQAB", - "d": "Cpfo7Mm9Nu8YMC_xrZ54W...Our1IdDzJ_YfHPt9sHMQQ", - "p": "ynG-t9HwKCN3MWRYFdnFz...E9S4DsGcAarIuOT2TsTCE", - "q": "xIkAjgUzB1zaUzJtW2Zgv...38ahSrBFEVnxjpnPh1Q1c", - "dp": "tzDGjECFOU0ehqtuqhcu...dVGAXJoGOdv5VpaZ7B1QE", - "dq": "kh5dyDk7YCz7sUFbpsmu...aX9PKa12HFlny6K1daL48", - "qi": "AlHWbx1gp6Z9pbw_1hlS...lhmIOgRApS0t9VoXtHhFU" -} -``` - -## JWK-to-PEM - -* [x] PKCS#1 (traditional) -* [x] PKCS#8, SPKI/PKIX -* [x] 2048-bit, 4096-bit (and ostensibily all others) -* [x] SSH (RFC4716), (RFC 4716/SSH2) - -```js -var Rasha = require('rasha'); -var jwk = require('rasha/fixtures/privkey-rsa-2048.jwk.json'); - -Rasha.export({ jwk: jwk }).then(function (pem) { - // PEM in PKCS1 (traditional) format - console.log(pem); -}); -``` - -``` ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAm2ttVBxPlWw06ZmGBWVDlfjkPAJ4DgnY0TrDwtCohHzLxGhD -NzUJefLukC+xu0LBKylYojT5vTkxaOhxeSYo31syu4WhxbkTBLICOFcCGMob6pSQ -38P8LdAIlb0pqDHxEJ9adWomjuFf.....5cCBahfsiNtNR6WV1/iCSuINYs6uPdA -Jlw7hm9m8TAmFWWyfL0s7wiRvAYkQvpxetorTwHJVLabBDJ+WBOAY2enOLHIRQv+ -atAvHrLXjkUdzF96o0icyF6n7QzGfUPmeWGYg6BEClLS31Whe0eEVQ== ------END RSA PRIVATE KEY----- -``` - -### Advanced Options - -`format: 'pkcs8'`: - -The default output format `pkcs1` (RSA-specific format) is used for private keys. -Use `format: 'pkcs8'` to output in PKCS#8 format instead. - -```js -Rasha.export({ jwk: jwk, format: 'pkcs8' }).then(function (pem) { - // PEM in PKCS#8 format - console.log(pem); -}); -``` - -``` ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCba21UHE+VbDTp -mYYFZUOV+OQ8AngOCdjROsPC0KiEfMvEaEM3NQl58u6QL7G7QsErKViiNPm9OTFo -6HF5JijfWzK7haHFuRMEsgI4VwIY.....LorV1ovjwKBgAJR1m8dYKemfaW8P9YZ -Uux7lwIFqF+yI201HpZXX+IJK4g1izq490AmXDuGb2bxMCYVZbJ8vSzvCJG8BiRC -+nF62itPAclUtpsEMn5YE4BjZ6c4schFC/5q0C8esteORR3MX3qjSJzIXqftDMZ9 -Q+Z5YZiDoEQKUtLfVaF7R4RV ------END PRIVATE KEY----- -``` - -`format: 'ssh'`: - -Although SSH uses PKCS#1 for private keys, it uses ts own special non-ASN1 format -(affectionately known as rfc4716) for public keys. I got curious and then decided -to add this format as well. - -To get the same format as you -would get with `ssh-keygen`, pass `ssh` as the format option: - -```js -Rasha.export({ jwk: jwk, format: 'ssh' }).then(function (pub) { - // Special SSH2 Public Key format (RFC 4716) - console.log(pub); -}); -``` - -``` -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCba21UHE.....Q02P1Eamz/nT4I3 rsa@localhost -``` - -`public: 'true'`: - -If a private key is used as input, a private key will be output. - -If you'd like to output a public key instead you can pass `public: true`. - -or `format: 'spki'`. - -```js -Rasha.export({ jwk: jwk, public: true }).then(function (pem) { - // PEM in SPKI/PKIX format - console.log(pem); -}); -``` - -``` ------BEGIN PUBLIC KEY----- -MIIBCgKCAQEAm2ttVBxPlWw06ZmGBWVDlfjkPAJ4DgnY0TrDwtCohHzLxGhDNzUJ -efLukC+xu0LBKylYojT5vTkxaOhx.....TmzCh2ikrwTMja7mUdBJf2bK3By5AB0 -Qi49OykUCfNZeQlEz7UNNj9RGps/50+CNwIDAQAB ------END PUBLIC KEY----- -``` - -Testing -------- - -All cases are tested in `test.sh`. - -You can compare these keys to the ones that you get from OpenSSL, OpenSSH/ssh-keygen, and WebCrypto: - -```bash -# Generate 2048-bit RSA Keypair -openssl genrsa -out privkey-rsa-2048.pkcs1.pem 2048 - -# Convert PKCS1 (traditional) RSA Keypair to PKCS8 format -openssl rsa -in privkey-rsa-2048.pkcs1.pem -pubout -out pub-rsa-2048.spki.pem - -# Export Public-only RSA Key in PKCS1 (traditional) format -openssl pkcs8 -topk8 -nocrypt -in privkey-rsa-2048.pkcs1.pem -out privkey-rsa-2048.pkcs8.pem - -# Convert PKCS1 (traditional) RSA Public Key to SPKI/PKIX format -openssl rsa -in pub-rsa-2048.spki.pem -pubin -RSAPublicKey_out -out pub-rsa-2048.pkcs1.pem - -# Convert RSA public key to SSH format -ssh-keygen -f ./pub-rsa-2048.spki.pem -i -mPKCS8 > ./pub-rsa-2048.ssh.pub -``` - -Goals of this project ------ - -* Focused support for 2048-bit and 4096-bit RSA keypairs (although any size is technically supported) -* Zero Dependencies -* VanillaJS -* Quality Code: Good comments and tests -* Convert both ways: PEM-to-JWK and JWK-to-PEM (also supports SSH pub files) -* Browser support as well (TODO) -* OpenSSL, ssh-keygen, and WebCrypto compatibility - -Legal ------ - -[Rasha.js](https://git.coolaj86.com/coolaj86/rasha.js) | -MPL-2.0 | -[Terms of Use](https://therootcompany.com/legal/#terms) | -[Privacy Policy](https://therootcompany.com/legal/#privacy) diff --git a/lib/rasha/TODO.txt b/lib/rasha/TODO.txt deleted file mode 100644 index 598d29a..0000000 --- a/lib/rasha/TODO.txt +++ /dev/null @@ -1,63 +0,0 @@ -ACME <- rsa-compat - -unsign csr - -greenlock-ecdsa -greenlock-ec-pem-to-jwk -greenlock-ec-jwk-to-pem -greenlock-ec-ssh-to-jwk -greenlock-ec-jwk-to-ssh -greenlock-ec-csr -greenlock-rsa -greenlock-rsa-pem-to-jwk -greenlock-rsa-jwk-to-pem -greenlock-rsa-ssh-to-jwk -greenlock-rsa-jwk-to-ssh -greenlock-rsa-csr -greenlock-x509 -greenlock-acme -greenlock-asn1 -greenlock-encoding -bluecrypt-ecdsa -bluecrypt-ec-pem-to-jwk -bluecrypt-ec-jwk-to-pem -bluecrypt-ec-ssh-to-jwk -bluecrypt-ec-jwk-to-ssh -bluecrypt-ec-csr -bluecrypt-rsa -bluecrypt-rsa-pem-to-jwk -bluecrypt-rsa-jwk-to-pem -bluecrypt-rsa-ssh-to-jwk -bluecrypt-rsa-jwk-to-ssh -bluecrypt-rsa-csr -bluecrypt-ans1 -bluecrypt-x509 -bluecrypt-acme -bluecrypt-encoding -keypairs -asymmetric -symmetric -groot-crypto -broot-crypto - -** unified openssl commands ** - -https://gist.github.com/briansmith/2ee42439923d8e65a266994d0f70180b - -https://connect2id.com/products/nimbus-jose-jwt/examples/jwk-generation - -https://gist.github.com/briansmith/2ee42439923d8e65a266994d0f70180b - - -RSAPrivateKey ::= SEQUENCE { - version Version, - modulus INTEGER, -- n - publicExponent INTEGER, -- e - privateExponent INTEGER, -- d - prime1 INTEGER, -- p - prime2 INTEGER, -- q - exponent1 INTEGER, -- d mod (p-1) - exponent2 INTEGER, -- d mod (q-1) - coefficient INTEGER, -- (inverse of q) mod p - otherPrimeInfos OtherPrimeInfos OPTIONAL -} diff --git a/lib/rasha/bin/rasha.js b/lib/rasha/bin/rasha.js deleted file mode 100755 index 4ffed3c..0000000 --- a/lib/rasha/bin/rasha.js +++ /dev/null @@ -1,97 +0,0 @@ -#!/usr/bin/env node -'use strict'; - -var fs = require('fs'); -var Rasha = require('../index.js'); -var PEM = require('../lib/pem.js'); -var ASN1 = require('../lib/asn1.js'); - -var infile = process.argv[2]; -var format = process.argv[3]; -var msg = process.argv[4]; -var sign; -if ('sign' === format) { - sign = true; - format = 'pkcs8'; -} - -if (!infile) { - infile = 'jwk'; -} - -if (-1 !== [ 'jwk', 'pem', 'json', 'der', 'pkcs1', 'pkcs8', 'spki' ].indexOf(infile)) { - console.log("Generating new key..."); - Rasha.generate({ - format: infile - , modulusLength: parseInt(format, 10) || 2048 - , encoding: parseInt(format, 10) ? null : format - }).then(function (key) { - if ('der' === infile || 'der' === format) { - key.private = key.private.toString('binary'); - key.public = key.public.toString('binary'); - } - console.log(key.private); - console.log(key.public); - }).catch(function (err) { - console.error(err); - process.exit(1); - }); - return; -} -var key = fs.readFileSync(infile, 'ascii'); - -try { - key = JSON.parse(key); -} catch(e) { - // ignore -} - -if ('string' === typeof key) { - if ('tpl' === format) { - var block = PEM.parseBlock(key); - var asn1 = ASN1.parse(block.der); - ASN1.tpl(asn1); - return; - } - if (sign) { signMessage(key, msg); return; } - - var pub = (-1 !== [ 'public', 'spki', 'pkix' ].indexOf(format)); - Rasha.import({ pem: key, public: (pub || format) }).then(function (jwk) { - console.info(JSON.stringify(jwk, null, 2)); - }).catch(function (err) { - console.error(err); - process.exit(1); - }); -} else { - Rasha.export({ jwk: key, format: format }).then(function (pem) { - if (sign) { signMessage(pem, msg); return; } - console.info(pem); - }).catch(function (err) { - console.error(err); - process.exit(2); - }); -} - -function signMessage(pem, name) { - var msg; - try { - msg = fs.readFileSync(name); - } catch(e) { - console.warn("[info] input string did not exist as a file, signing the string itself"); - msg = Buffer.from(name, 'binary'); - } - var crypto = require('crypto'); - var sign = crypto.createSign('SHA256'); - sign.write(msg) - sign.end() - var buf = sign.sign(pem, 'hex'); - console.log(buf); - //console.log(buf.toString('base64')); - /* - Rasha.sign({ pem: pem, message: msg, alg: 'SHA256' }).then(function (sig) { - }).catch(function () { - console.error(err); - process.exit(3); - }); - */ -} diff --git a/lib/rasha/fixtures/privkey-rsa-2048.jwk.json b/lib/rasha/fixtures/privkey-rsa-2048.jwk.json deleted file mode 100644 index f344c22..0000000 --- a/lib/rasha/fixtures/privkey-rsa-2048.jwk.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "kty": "RSA", - "n": "m2ttVBxPlWw06ZmGBWVDlfjkPAJ4DgnY0TrDwtCohHzLxGhDNzUJefLukC-xu0LBKylYojT5vTkxaOhxeSYo31syu4WhxbkTBLICOFcCGMob6pSQ38P8LdAIlb0pqDHxEJ9adWomjuFf0SUhN1cP7s9m8Yk9trkpEqjskocn2BOnTB57qAZM6-I70on0_iDZm7-jcqOPgADAmbWHhy67BXkk4yy_YzD4yOGZFXZcNp915_TW5bRd__AKPHUHxJasPiyEFqlNKBR2DSD-LbX5eTmzCh2ikrwTMja7mUdBJf2bK3By5AB0Qi49OykUCfNZeQlEz7UNNj9RGps_50-CNw", - "e": "AQAB", - "d": "Cpfo7Mm9Nu8YMC_xrZ54W9mKHPkCG9rZ93Ds9PNp-RXUgb-ljTbFPZWsYxGNKLllFz8LNosr1pT2ZDMrwNk0Af1iWNvD6gkyXaiQdCyiDPSBsJyNv2LJZon-e85X74nv53UlIkmo9SYxdLz2JaJ-iIWEe8Qh-7llLktrTJV_xr98_tbhgSppz_IeOymq3SEZaQHM8pTU7w7XvCj2pb9r8fN0M0XcgWZIaf3LGEfkhF_WtX67XJ0C6-LbkT51jtlLRNGX6haGdscXS0OWWjKOJzKGuV-NbthEn5rmRtVnjRZ3yaxQ0ud8vC-NONn7yvGUlOur1IdDzJ_YfHPt9sHMQQ", - "p": "ynG-t9HwKCN3MWRYFdnFzi9-02Qcy3p8B5pu3ary2E70hYn2pHlUG2a9BNE8c5xHQ3Hx43WoWf6s0zOunPV1G28LkU_UYEbAtPv_PxSmzpQp9n9XnYvBLBF8Y3z7gxgLn1vVFNARrQdRtj87qY3aw7E9S4DsGcAarIuOT2TsTCE", - "q": "xIkAjgUzB1zaUzJtW2Zgvp9cYYr1DmpH30ePZl3c_8397_DZDDo46fnFYjs6uPa03HpmKUnbjwr14QHlfXlntJBEuXxcqLjkdKdJ4ob7xueLTK4suo9V8LSrkLChVxlZQwnFD2E5ll0sVeeDeMJHQw38ahSrBFEVnxjpnPh1Q1c", - "dp": "tzDGjECFOU0ehqtuqhcuT63a7h8hj19-7MJqoFwY9HQ-ALkfXyYLXeBSGxHbyiIYuodZg6LsfMNgUJ3r3Eyhc_nAVfYPEC_2IdAG4WYmq7iXYF9LQV09qEsKbFykm7QekE3hO7wswo5k-q2tp3ieBYdVGAXJoGOdv5VpaZ7B1QE", - "dq": "kh5dyDk7YCz7sUFbpsmuAeuPjoH2ghooh2u3xN7iUVmAg-ToKjwbVnG5-7eXiC779rQVwnrD_0yh1AFJ8wjRPqDIR7ObXGHikIxT1VSQWqiJm6AfZzDsL0LUD4YS3iPdhob7-NxLKWzqao_u4lhnDQaX9PKa12HFlny6K1daL48", - "qi": "AlHWbx1gp6Z9pbw_1hlS7HuXAgWoX7IjbTUelldf4gkriDWLOrj3QCZcO4ZvZvEwJhVlsny9LO8IkbwGJEL6cXraK08ByVS2mwQyflgTgGNnpzixyEUL_mrQLx6y145FHcxfeqNInMhep-0Mxn1D5nlhmIOgRApS0t9VoXtHhFU" -} diff --git a/lib/rasha/fixtures/privkey-rsa-2048.pkcs1.pem b/lib/rasha/fixtures/privkey-rsa-2048.pkcs1.pem deleted file mode 100644 index 246bd35..0000000 --- a/lib/rasha/fixtures/privkey-rsa-2048.pkcs1.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAm2ttVBxPlWw06ZmGBWVDlfjkPAJ4DgnY0TrDwtCohHzLxGhD -NzUJefLukC+xu0LBKylYojT5vTkxaOhxeSYo31syu4WhxbkTBLICOFcCGMob6pSQ -38P8LdAIlb0pqDHxEJ9adWomjuFf0SUhN1cP7s9m8Yk9trkpEqjskocn2BOnTB57 -qAZM6+I70on0/iDZm7+jcqOPgADAmbWHhy67BXkk4yy/YzD4yOGZFXZcNp915/TW -5bRd//AKPHUHxJasPiyEFqlNKBR2DSD+LbX5eTmzCh2ikrwTMja7mUdBJf2bK3By -5AB0Qi49OykUCfNZeQlEz7UNNj9RGps/50+CNwIDAQABAoIBAAqX6OzJvTbvGDAv -8a2eeFvZihz5Ahva2fdw7PTzafkV1IG/pY02xT2VrGMRjSi5ZRc/CzaLK9aU9mQz -K8DZNAH9Yljbw+oJMl2okHQsogz0gbCcjb9iyWaJ/nvOV++J7+d1JSJJqPUmMXS8 -9iWifoiFhHvEIfu5ZS5La0yVf8a/fP7W4YEqac/yHjspqt0hGWkBzPKU1O8O17wo -9qW/a/HzdDNF3IFmSGn9yxhH5IRf1rV+u1ydAuvi25E+dY7ZS0TRl+oWhnbHF0tD -lloyjicyhrlfjW7YRJ+a5kbVZ40Wd8msUNLnfLwvjTjZ+8rxlJTrq9SHQ8yf2Hxz -7fbBzEECgYEAynG+t9HwKCN3MWRYFdnFzi9+02Qcy3p8B5pu3ary2E70hYn2pHlU -G2a9BNE8c5xHQ3Hx43WoWf6s0zOunPV1G28LkU/UYEbAtPv/PxSmzpQp9n9XnYvB -LBF8Y3z7gxgLn1vVFNARrQdRtj87qY3aw7E9S4DsGcAarIuOT2TsTCECgYEAxIkA -jgUzB1zaUzJtW2Zgvp9cYYr1DmpH30ePZl3c/8397/DZDDo46fnFYjs6uPa03Hpm -KUnbjwr14QHlfXlntJBEuXxcqLjkdKdJ4ob7xueLTK4suo9V8LSrkLChVxlZQwnF -D2E5ll0sVeeDeMJHQw38ahSrBFEVnxjpnPh1Q1cCgYEAtzDGjECFOU0ehqtuqhcu -T63a7h8hj19+7MJqoFwY9HQ+ALkfXyYLXeBSGxHbyiIYuodZg6LsfMNgUJ3r3Eyh -c/nAVfYPEC/2IdAG4WYmq7iXYF9LQV09qEsKbFykm7QekE3hO7wswo5k+q2tp3ie -BYdVGAXJoGOdv5VpaZ7B1QECgYEAkh5dyDk7YCz7sUFbpsmuAeuPjoH2ghooh2u3 -xN7iUVmAg+ToKjwbVnG5+7eXiC779rQVwnrD/0yh1AFJ8wjRPqDIR7ObXGHikIxT -1VSQWqiJm6AfZzDsL0LUD4YS3iPdhob7+NxLKWzqao/u4lhnDQaX9PKa12HFlny6 -K1daL48CgYACUdZvHWCnpn2lvD/WGVLse5cCBahfsiNtNR6WV1/iCSuINYs6uPdA -Jlw7hm9m8TAmFWWyfL0s7wiRvAYkQvpxetorTwHJVLabBDJ+WBOAY2enOLHIRQv+ -atAvHrLXjkUdzF96o0icyF6n7QzGfUPmeWGYg6BEClLS31Whe0eEVQ== ------END RSA PRIVATE KEY----- diff --git a/lib/rasha/fixtures/privkey-rsa-2048.pkcs8.pem b/lib/rasha/fixtures/privkey-rsa-2048.pkcs8.pem deleted file mode 100644 index 53dbf83..0000000 --- a/lib/rasha/fixtures/privkey-rsa-2048.pkcs8.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCba21UHE+VbDTp -mYYFZUOV+OQ8AngOCdjROsPC0KiEfMvEaEM3NQl58u6QL7G7QsErKViiNPm9OTFo -6HF5JijfWzK7haHFuRMEsgI4VwIYyhvqlJDfw/wt0AiVvSmoMfEQn1p1aiaO4V/R -JSE3Vw/uz2bxiT22uSkSqOyShyfYE6dMHnuoBkzr4jvSifT+INmbv6Nyo4+AAMCZ -tYeHLrsFeSTjLL9jMPjI4ZkVdlw2n3Xn9NbltF3/8Ao8dQfElqw+LIQWqU0oFHYN -IP4ttfl5ObMKHaKSvBMyNruZR0El/ZsrcHLkAHRCLj07KRQJ81l5CUTPtQ02P1Ea -mz/nT4I3AgMBAAECggEACpfo7Mm9Nu8YMC/xrZ54W9mKHPkCG9rZ93Ds9PNp+RXU -gb+ljTbFPZWsYxGNKLllFz8LNosr1pT2ZDMrwNk0Af1iWNvD6gkyXaiQdCyiDPSB -sJyNv2LJZon+e85X74nv53UlIkmo9SYxdLz2JaJ+iIWEe8Qh+7llLktrTJV/xr98 -/tbhgSppz/IeOymq3SEZaQHM8pTU7w7XvCj2pb9r8fN0M0XcgWZIaf3LGEfkhF/W -tX67XJ0C6+LbkT51jtlLRNGX6haGdscXS0OWWjKOJzKGuV+NbthEn5rmRtVnjRZ3 -yaxQ0ud8vC+NONn7yvGUlOur1IdDzJ/YfHPt9sHMQQKBgQDKcb630fAoI3cxZFgV -2cXOL37TZBzLenwHmm7dqvLYTvSFifakeVQbZr0E0TxznEdDcfHjdahZ/qzTM66c -9XUbbwuRT9RgRsC0+/8/FKbOlCn2f1edi8EsEXxjfPuDGAufW9UU0BGtB1G2Pzup -jdrDsT1LgOwZwBqsi45PZOxMIQKBgQDEiQCOBTMHXNpTMm1bZmC+n1xhivUOakff -R49mXdz/zf3v8NkMOjjp+cViOzq49rTcemYpSduPCvXhAeV9eWe0kES5fFyouOR0 -p0nihvvG54tMriy6j1XwtKuQsKFXGVlDCcUPYTmWXSxV54N4wkdDDfxqFKsEURWf -GOmc+HVDVwKBgQC3MMaMQIU5TR6Gq26qFy5PrdruHyGPX37swmqgXBj0dD4AuR9f -Jgtd4FIbEdvKIhi6h1mDoux8w2BQnevcTKFz+cBV9g8QL/Yh0AbhZiaruJdgX0tB -XT2oSwpsXKSbtB6QTeE7vCzCjmT6ra2neJ4Fh1UYBcmgY52/lWlpnsHVAQKBgQCS -Hl3IOTtgLPuxQVumya4B64+OgfaCGiiHa7fE3uJRWYCD5OgqPBtWcbn7t5eILvv2 -tBXCesP/TKHUAUnzCNE+oMhHs5tcYeKQjFPVVJBaqImboB9nMOwvQtQPhhLeI92G -hvv43EspbOpqj+7iWGcNBpf08prXYcWWfLorV1ovjwKBgAJR1m8dYKemfaW8P9YZ -Uux7lwIFqF+yI201HpZXX+IJK4g1izq490AmXDuGb2bxMCYVZbJ8vSzvCJG8BiRC -+nF62itPAclUtpsEMn5YE4BjZ6c4schFC/5q0C8esteORR3MX3qjSJzIXqftDMZ9 -Q+Z5YZiDoEQKUtLfVaF7R4RV ------END PRIVATE KEY----- diff --git a/lib/rasha/fixtures/pub-rsa-2048.jwk.json b/lib/rasha/fixtures/pub-rsa-2048.jwk.json deleted file mode 100644 index 333b300..0000000 --- a/lib/rasha/fixtures/pub-rsa-2048.jwk.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "kty": "RSA", - "n": "m2ttVBxPlWw06ZmGBWVDlfjkPAJ4DgnY0TrDwtCohHzLxGhDNzUJefLukC-xu0LBKylYojT5vTkxaOhxeSYo31syu4WhxbkTBLICOFcCGMob6pSQ38P8LdAIlb0pqDHxEJ9adWomjuFf0SUhN1cP7s9m8Yk9trkpEqjskocn2BOnTB57qAZM6-I70on0_iDZm7-jcqOPgADAmbWHhy67BXkk4yy_YzD4yOGZFXZcNp915_TW5bRd__AKPHUHxJasPiyEFqlNKBR2DSD-LbX5eTmzCh2ikrwTMja7mUdBJf2bK3By5AB0Qi49OykUCfNZeQlEz7UNNj9RGps_50-CNw", - "e": "AQAB" -} diff --git a/lib/rasha/fixtures/pub-rsa-2048.pkcs1.pem b/lib/rasha/fixtures/pub-rsa-2048.pkcs1.pem deleted file mode 100644 index e592fda..0000000 --- a/lib/rasha/fixtures/pub-rsa-2048.pkcs1.pem +++ /dev/null @@ -1,8 +0,0 @@ ------BEGIN RSA PUBLIC KEY----- -MIIBCgKCAQEAm2ttVBxPlWw06ZmGBWVDlfjkPAJ4DgnY0TrDwtCohHzLxGhDNzUJ -efLukC+xu0LBKylYojT5vTkxaOhxeSYo31syu4WhxbkTBLICOFcCGMob6pSQ38P8 -LdAIlb0pqDHxEJ9adWomjuFf0SUhN1cP7s9m8Yk9trkpEqjskocn2BOnTB57qAZM -6+I70on0/iDZm7+jcqOPgADAmbWHhy67BXkk4yy/YzD4yOGZFXZcNp915/TW5bRd -//AKPHUHxJasPiyEFqlNKBR2DSD+LbX5eTmzCh2ikrwTMja7mUdBJf2bK3By5AB0 -Qi49OykUCfNZeQlEz7UNNj9RGps/50+CNwIDAQAB ------END RSA PUBLIC KEY----- diff --git a/lib/rasha/fixtures/pub-rsa-2048.spki.pem b/lib/rasha/fixtures/pub-rsa-2048.spki.pem deleted file mode 100644 index 465d115..0000000 --- a/lib/rasha/fixtures/pub-rsa-2048.spki.pem +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN PUBLIC KEY----- -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm2ttVBxPlWw06ZmGBWVD -lfjkPAJ4DgnY0TrDwtCohHzLxGhDNzUJefLukC+xu0LBKylYojT5vTkxaOhxeSYo -31syu4WhxbkTBLICOFcCGMob6pSQ38P8LdAIlb0pqDHxEJ9adWomjuFf0SUhN1cP -7s9m8Yk9trkpEqjskocn2BOnTB57qAZM6+I70on0/iDZm7+jcqOPgADAmbWHhy67 -BXkk4yy/YzD4yOGZFXZcNp915/TW5bRd//AKPHUHxJasPiyEFqlNKBR2DSD+LbX5 -eTmzCh2ikrwTMja7mUdBJf2bK3By5AB0Qi49OykUCfNZeQlEz7UNNj9RGps/50+C -NwIDAQAB ------END PUBLIC KEY----- diff --git a/lib/rasha/fixtures/pub-rsa-2048.ssh.pub b/lib/rasha/fixtures/pub-rsa-2048.ssh.pub deleted file mode 100644 index a00fd4c..0000000 --- a/lib/rasha/fixtures/pub-rsa-2048.ssh.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCba21UHE+VbDTpmYYFZUOV+OQ8AngOCdjROsPC0KiEfMvEaEM3NQl58u6QL7G7QsErKViiNPm9OTFo6HF5JijfWzK7haHFuRMEsgI4VwIYyhvqlJDfw/wt0AiVvSmoMfEQn1p1aiaO4V/RJSE3Vw/uz2bxiT22uSkSqOyShyfYE6dMHnuoBkzr4jvSifT+INmbv6Nyo4+AAMCZtYeHLrsFeSTjLL9jMPjI4ZkVdlw2n3Xn9NbltF3/8Ao8dQfElqw+LIQWqU0oFHYNIP4ttfl5ObMKHaKSvBMyNruZR0El/ZsrcHLkAHRCLj07KRQJ81l5CUTPtQ02P1Eamz/nT4I3 rsa@localhost diff --git a/lib/rasha/index.js b/lib/rasha/index.js deleted file mode 100644 index c538483..0000000 --- a/lib/rasha/index.js +++ /dev/null @@ -1,2 +0,0 @@ -'use strict'; -module.exports = require('./lib/rasha.js'); diff --git a/lib/rasha/lib/asn1.js b/lib/rasha/lib/asn1.js deleted file mode 100644 index bce9568..0000000 --- a/lib/rasha/lib/asn1.js +++ /dev/null @@ -1,235 +0,0 @@ -'use strict'; - -// -// A dumbed-down, minimal ASN.1 parser / packer combo -// -// Note: generally I like to write congruent code -// (i.e. output can be used as input and vice-versa) -// However, this seemed to be more readable and easier -// to use written as-is, asymmetrically. -// (I also generally prefer to export objects rather -// functions but, yet again, asthetics one in this case) - -var Enc = require('./encoding.js'); - -// -// Packer -// - -// Almost every ASN.1 type that's important for CSR -// can be represented generically with only a few rules. -var ASN1 = module.exports = function ASN1(/*type, hexstrings...*/) { - var args = Array.prototype.slice.call(arguments); - var typ = args.shift(); - var str = args.join('').replace(/\s+/g, '').toLowerCase(); - var len = (str.length/2); - var lenlen = 0; - var hex = typ; - - // We can't have an odd number of hex chars - if (len !== Math.round(len)) { - throw new Error("invalid hex"); - } - - // The first byte of any ASN.1 sequence is the type (Sequence, Integer, etc) - // The second byte is either the size of the value, or the size of its size - - // 1. If the second byte is < 0x80 (128) it is considered the size - // 2. If it is > 0x80 then it describes the number of bytes of the size - // ex: 0x82 means the next 2 bytes describe the size of the value - // 3. The special case of exactly 0x80 is "indefinite" length (to end-of-file) - - if (len > 127) { - lenlen += 1; - while (len > 255) { - lenlen += 1; - len = len >> 8; - } - } - - if (lenlen) { hex += Enc.numToHex(0x80 + lenlen); } - return hex + Enc.numToHex(str.length/2) + str; -}; - -// The Integer type has some special rules -ASN1.UInt = function UINT() { - var str = Array.prototype.slice.call(arguments).join(''); - var first = parseInt(str.slice(0, 2), 16); - - // If the first byte is 0x80 or greater, the number is considered negative - // Therefore we add a '00' prefix if the 0x80 bit is set - if (0x80 & first) { str = '00' + str; } - - return ASN1('02', str); -}; - -// The Bit String type also has a special rule -ASN1.BitStr = function BITSTR() { - var str = Array.prototype.slice.call(arguments).join(''); - // '00' is a mask of how many bits of the next byte to ignore - return ASN1('03', '00' + str); -}; - - -// -// Parser -// - -ASN1.ELOOP = "uASN1.js Error: iterated over 15+ elements (probably a malformed file)"; -ASN1.EDEEP = "uASN1.js Error: element nested 20+ layers deep (probably a malformed file)"; -// Container Types are Sequence 0x30, Octect String 0x04, Array? (0xA0, 0xA1) -// Value Types are Integer 0x02, Bit String 0x03, Null 0x05, Object ID 0x06, -// Sometimes Bit String is used as a container (RSA Pub Spki) -ASN1.VTYPES = [ 0x02, 0x03, 0x05, 0x06, 0x0c, 0x82 ]; -ASN1.parse = function parseAsn1(buf, depth, ws) { - if (!ws) { ws = ''; } - if (depth >= 20) { throw new Error(ASN1.EDEEP); } - - var index = 2; // we know, at minimum, data starts after type (0) and lengthSize (1) - var asn1 = { type: buf[0], lengthSize: 0, length: buf[1] }; - var child; - var iters = 0; - var adjust = 0; - var adjustedLen; - - // Determine how many bytes the length uses, and what it is - if (0x80 & asn1.length) { - asn1.lengthSize = 0x7f & asn1.length; - // I think that buf->hex->int solves the problem of Endianness... not sure - asn1.length = parseInt(Enc.bufToHex(buf.slice(index, index + asn1.lengthSize)), 16); - index += asn1.lengthSize; - } - - // High-order bit Integers have a leading 0x00 to signify that they are positive. - // Bit Streams use the first byte to signify padding, which x.509 doesn't use. - if (0x00 === buf[index] && (0x02 === asn1.type || 0x03 === asn1.type)) { - // However, 0x00 on its own is a valid number - if (asn1.length > 1) { - index += 1; - adjust = -1; - } - } - adjustedLen = asn1.length + adjust; - - //console.warn(ws + '0x' + Enc.numToHex(asn1.type), index, 'len:', asn1.length, asn1); - - // this is a primitive value type - if (-1 !== ASN1.VTYPES.indexOf(asn1.type)) { - asn1.value = buf.slice(index, index + adjustedLen); - return asn1; - } - - asn1.children = []; - //console.warn('1 len:', (2 + asn1.lengthSize + asn1.length), 'idx:', index, 'clen:', 0); - while (iters < 15 && index < (2 + asn1.length + asn1.lengthSize)) { - iters += 1; - child = ASN1.parse(buf.slice(index, index + adjustedLen), (depth || 0) + 1, ws + ' '); - // The numbers don't match up exactly and I don't remember why... - // probably something with adjustedLen or some such, but the tests pass - index += (2 + child.lengthSize + child.length); - //console.warn('2 len:', (2 + asn1.lengthSize + asn1.length), 'idx:', index, 'clen:', (2 + child.lengthSize + child.length)); - if (index > (2 + asn1.lengthSize + asn1.length)) { - console.error(JSON.stringify(asn1, function (k, v) { - if ('value' === k) { return '0x' + Enc.bufToHex(v.data); } return v; - }, 2)); - throw new Error("Parse error: child value length (" + child.length - + ") is greater than remaining parent length (" + (asn1.length - index) - + " = " + asn1.length + " - " + index + ")"); - } - asn1.children.push(child); - //console.warn(ws + '0x' + Enc.numToHex(asn1.type), index, 'len:', asn1.length, asn1); - } - if (index !== (2 + asn1.lengthSize + asn1.length)) { - console.warn('index:', index, 'length:', (2 + asn1.lengthSize + asn1.length)) - throw new Error("premature end-of-file"); - } - if (iters >= 15) { throw new Error(ASN1.ELOOP); } - - return asn1; -}; - -/* -ASN1._stringify = function(asn1) { - //console.log(JSON.stringify(asn1, null, 2)); - //console.log(asn1); - var ws = ''; - - function write(asn1) { - console.log(ws, 'ch', Enc.numToHex(asn1.type), asn1.length); - if (!asn1.children) { - return; - } - asn1.children.forEach(function (a) { - ws += '\t'; - write(a); - ws = ws.slice(1); - }); - } - write(asn1); -}; -*/ - -ASN1.tpl = function (asn1) { - //console.log(JSON.stringify(asn1, null, 2)); - //console.log(asn1); - var sp = ' '; - var ws = sp; - var i = 0; - var vars = []; - var str = ws; - - function write(asn1, k) { - str += "\n" + ws; - var val; - if ('number' !== typeof k) { - // ignore - } else { - str += ', '; - } - if (0x02 === asn1.type) { - str += "ASN1.UInt("; - } else if (0x03 === asn1.type) { - str += "ASN1.BitStr("; - } else { - str += "ASN1('" + Enc.numToHex(asn1.type) + "'"; - } - if (!asn1.children) { - if (0x05 !== asn1.type) { - if (0x06 !== asn1.type) { - val = asn1.value || new Uint8Array(0); - vars.push("\n// 0x" + Enc.numToHex(val.byteLength) + " (" + val.byteLength + " bytes)\nopts.tpl" + i + " = '" - + Enc.bufToHex(val) + "';"); - if (0x02 !== asn1.type && 0x03 !== asn1.type) { - str += ", "; - } - str += "Enc.bufToHex(opts.tpl" + i + ")"; - } else { - str += ", '" + Enc.bufToHex(asn1.value) + "'"; - } - } else { - console.warn("XXXXXXXXXXXXXXXXXXXXX"); - } - str += ")"; - return ; - } - asn1.children.forEach(function (a, j) { - i += 1; - ws += sp; - write(a, j); - ws = ws.slice(sp.length); - }); - str += "\n" + ws + ")"; - } - - write(asn1); - console.log('var opts = {};'); - console.log(vars.join('\n') + '\n'); - console.log(); - console.log('function buildSchema(opts) {'); - console.log(sp + 'return Enc.hexToBuf(' + str.slice(3) + ');'); - console.log('}'); - console.log(); - console.log('buildSchema(opts);'); -}; - -module.exports = ASN1; diff --git a/lib/rasha/lib/encoding.js b/lib/rasha/lib/encoding.js deleted file mode 100644 index 7ed4116..0000000 --- a/lib/rasha/lib/encoding.js +++ /dev/null @@ -1,104 +0,0 @@ -'use strict'; - -var Enc = module.exports; - -Enc.base64ToBuf = function (str) { - // always convert from urlsafe base64, just in case - //return Buffer.from(Enc.urlBase64ToBase64(str)).toString('base64'); - // node handles urlBase64 automatically - return Buffer.from(str, 'base64'); -}; - -Enc.base64ToHex = function (b64) { - return Enc.bufToHex(Enc.base64ToBuf(b64)); -}; - -Enc.bufToBase64 = function (u8) { - // we want to maintain api compatability with browser APIs, - // so we assume that this could be a Uint8Array - return Buffer.from(u8).toString('base64'); -}; - -/* -Enc.bufToUint8 = function bufToUint8(buf) { - return new Uint8Array(buf.buffer.slice(buf.byteOffset, buf.byteOffset + buf.byteLength)); -}; -*/ - -Enc.bufToUrlBase64 = function (u8) { - return Enc.bufToBase64(u8) - .replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, ''); -}; - - -Enc.bufToHex = function (u8) { - var hex = []; - var i, h; - var len = (u8.byteLength || u8.length); - - for (i = 0; i < len; i += 1) { - h = u8[i].toString(16); - if (2 !== h.length) { h = '0' + h; } - hex.push(h); - } - - return hex.join('').toLowerCase(); -}; - -Enc.hexToBase64 = function (hex) { - return Buffer.from(hex, 'hex').toString('base64'); -}; - -Enc.hexToBuf = function (hex) { - return Buffer.from(hex, 'hex'); -}; - -Enc.numToHex = function (d) { - d = d.toString(16); - if (d.length % 2) { - return '0' + d; - } - return d; -}; - -/* -Enc.strToBase64 = function (str) { - // node automatically can tell the difference - // between uc2 (utf-8) strings and binary strings - // so we don't have to re-encode the strings - return Buffer.from(str).toString('base64'); -}; -*/ - -/* -Enc.strToBin = function (str) { - var escstr = encodeURIComponent(str); - // replaces any uri escape sequence, such as %0A, - // with binary escape, such as 0x0A - var binstr = escstr.replace(/%([0-9A-F]{2})/g, function(match, p1) { - return String.fromCharCode(parseInt(p1, 16)); - }); - - return binstr; -}; -*/ - -Enc.strToBuf = function (str) { - return Buffer.from(str); -}; - -Enc.strToHex = function (str) { - return Buffer.from(str).toString('hex'); -}; - -/* -Enc.urlBase64ToBase64 = function (str) { - var r = str % 4; - if (2 === r) { - str += '=='; - } else if (3 === r) { - str += '='; - } - return str.replace(/-/g, '+').replace(/_/g, '/'); -}; -*/ diff --git a/lib/rasha/lib/pem.js b/lib/rasha/lib/pem.js deleted file mode 100644 index 76aec96..0000000 --- a/lib/rasha/lib/pem.js +++ /dev/null @@ -1,28 +0,0 @@ -'use strict'; - -var PEM = module.exports; -var Enc = require('./encoding.js'); - -PEM.parseBlock = function pemToDer(pem) { - var lines = pem.trim().split(/\n/); - var end = lines.length - 1; - var head = lines[0].match(/-----BEGIN (.*)-----/); - var foot = lines[end].match(/-----END (.*)-----/); - - if (head) { - lines = lines.slice(1, end); - head = head[1]; - if (head !== foot[1]) { - throw new Error("headers and footers do not match"); - } - } - - return { type: head, bytes: Enc.base64ToBuf(lines.join('')) }; -}; - -PEM.packBlock = function (opts) { - return '-----BEGIN ' + opts.type + '-----\n' - + Enc.bufToBase64(opts.bytes).match(/.{1,64}/g).join('\n') + '\n' - + '-----END ' + opts.type + '-----' - ; -}; diff --git a/lib/rasha/lib/rasha.js b/lib/rasha/lib/rasha.js deleted file mode 100644 index 67d1d0b..0000000 --- a/lib/rasha/lib/rasha.js +++ /dev/null @@ -1,204 +0,0 @@ -'use strict'; - -var RSA = module.exports; -var SSH = require('./ssh.js'); -var PEM = require('./pem.js'); -var x509 = require('./x509.js'); -var ASN1 = require('./asn1.js'); - -/*global Promise*/ -RSA.generate = function (opts) { - return Promise.resolve().then(function () { - var typ = 'rsa'; - var format = opts.format; - var encoding = opts.encoding; - var priv; - var pub; - - if (!format) { - format = 'jwk'; - } - if ('spki' === format || 'pkcs8' === format) { - format = 'pkcs8'; - pub = 'spki'; - } - - if ('pem' === format) { - format = 'pkcs1'; - encoding = 'pem'; - } else if ('der' === format) { - format = 'pkcs1'; - encoding = 'der'; - } - - if ('jwk' === format || 'json' === format) { - format = 'jwk'; - encoding = 'json'; - } else { - priv = format; - pub = pub || format; - } - - if (!encoding) { - encoding = 'pem'; - } - - if (priv) { - priv = { type: priv, format: encoding }; - pub = { type: pub, format: encoding }; - } else { - // jwk - priv = { type: 'pkcs1', format: 'pem' }; - pub = { type: 'pkcs1', format: 'pem' }; - } - - return new Promise(function (resolve, reject) { - return require('crypto').generateKeyPair(typ, { - modulusLength: opts.modulusLength || 2048 - , publicExponent: opts.publicExponent || 0x10001 - , privateKeyEncoding: priv - , publicKeyEncoding: pub - }, function (err, pubkey, privkey) { - if (err) { reject(err); } - resolve({ - private: privkey - , public: pubkey - }); - }); - }).then(function (keypair) { - if ('jwk' !== format) { - return keypair; - } - - return { - private: RSA.importSync({ pem: keypair.private, format: priv.type }) - , public: RSA.importSync({ pem: keypair.public, format: pub.type, public: true }) - }; - }); - }); -}; - -RSA.importSync = function (opts) { - if (!opts || !opts.pem || 'string' !== typeof opts.pem) { - throw new Error("must pass { pem: pem } as a string"); - } - - var jwk = { kty: 'RSA', n: null, e: null }; - if (0 === opts.pem.indexOf('ssh-rsa ')) { - return SSH.parse(opts.pem, jwk); - } - var pem = opts.pem; - var block = PEM.parseBlock(pem); - //var hex = toHex(u8); - var asn1 = ASN1.parse(block.bytes); - - var meta = x509.guess(block.bytes, asn1); - - if ('pkcs1' === meta.format) { - jwk = x509.parsePkcs1(block.bytes, asn1, jwk); - } else { - jwk = x509.parsePkcs8(block.bytes, asn1, jwk); - } - - if (opts.public) { - jwk = RSA.nueter(jwk); - } - return jwk; -}; -RSA.parse = function parseRsa(opts) { - // wrapped in a promise for API compatibility - // with the forthcoming browser version - // (and potential future native node capability) - return Promise.resolve().then(function () { - return RSA.importSync(opts); - }); -}; -RSA.toJwk = RSA.import = RSA.parse; - -/* -RSAPrivateKey ::= SEQUENCE { - version Version, - modulus INTEGER, -- n - publicExponent INTEGER, -- e - privateExponent INTEGER, -- d - prime1 INTEGER, -- p - prime2 INTEGER, -- q - exponent1 INTEGER, -- d mod (p-1) - exponent2 INTEGER, -- d mod (q-1) - coefficient INTEGER, -- (inverse of q) mod p - otherPrimeInfos OtherPrimeInfos OPTIONAL -} -*/ - -RSA.exportSync = function (opts) { - if (!opts || !opts.jwk || 'object' !== typeof opts.jwk) { - throw new Error("must pass { jwk: jwk }"); - } - var jwk = JSON.parse(JSON.stringify(opts.jwk)); - var format = opts.format; - var pub = opts.public; - if (pub || -1 !== [ 'spki', 'pkix', 'ssh', 'rfc4716' ].indexOf(format)) { - jwk = RSA.nueter(jwk); - } - if ('RSA' !== jwk.kty) { - throw new Error("options.jwk.kty must be 'RSA' for RSA keys"); - } - if (!jwk.p) { - // TODO test for n and e - pub = true; - if (!format || 'pkcs1' === format) { - format = 'pkcs1'; - } else if (-1 !== [ 'spki', 'pkix' ].indexOf(format)) { - format = 'spki'; - } else if (-1 !== [ 'ssh', 'rfc4716' ].indexOf(format)) { - format = 'ssh'; - } else { - throw new Error("options.format must be 'spki', 'pkcs1', or 'ssh' for public RSA keys, not (" - + typeof format + ") " + format); - } - } else { - // TODO test for all necessary keys (d, p, q ...) - if (!format || 'pkcs1' === format) { - format = 'pkcs1'; - } else if ('pkcs8' !== format) { - throw new Error("options.format must be 'pkcs1' or 'pkcs8' for private RSA keys"); - } - } - - if ('pkcs1' === format) { - if (jwk.d) { - return PEM.packBlock({ type: "RSA PRIVATE KEY", bytes: x509.packPkcs1(jwk) }); - } else { - return PEM.packBlock({ type: "RSA PUBLIC KEY", bytes: x509.packPkcs1(jwk) }); - } - } else if ('pkcs8' === format) { - return PEM.packBlock({ type: "PRIVATE KEY", bytes: x509.packPkcs8(jwk) }); - } else if (-1 !== [ 'spki', 'pkix' ].indexOf(format)) { - return PEM.packBlock({ type: "PUBLIC KEY", bytes: x509.packSpki(jwk) }); - } else if (-1 !== [ 'ssh', 'rfc4716' ].indexOf(format)) { - return SSH.pack({ jwk: jwk, comment: opts.comment }); - } else { - throw new Error("Sanity Error: reached unreachable code block with format: " + format); - } -}; -RSA.pack = function (opts) { - // wrapped in a promise for API compatibility - // with the forthcoming browser version - // (and potential future native node capability) - return Promise.resolve().then(function () { - return RSA.exportSync(opts); - }); -}; -RSA.toPem = RSA.export = RSA.pack; - -// snip the _private_ parts... hAHAHAHA! -RSA.nueter = function (jwk) { - // (snip rather than new object to keep potential extra data) - // otherwise we could just do this: - // return { kty: jwk.kty, n: jwk.n, e: jwk.e }; - [ 'p', 'q', 'd', 'dp', 'dq', 'qi' ].forEach(function (key) { - if (key in jwk) { jwk[key] = undefined; } - return jwk; - }); - return jwk; -}; diff --git a/lib/rasha/lib/ssh.js b/lib/rasha/lib/ssh.js deleted file mode 100644 index 6304171..0000000 --- a/lib/rasha/lib/ssh.js +++ /dev/null @@ -1,80 +0,0 @@ -'use strict'; - -var SSH = module.exports; -var Enc = require('./encoding.js'); - - // 7 s s h - r s a -SSH.RSA = '00000007 73 73 68 2d 72 73 61'.replace(/\s+/g, '').toLowerCase(); - -SSH.parse = function (pem, jwk) { - - var parts = pem.split(/\s+/); - var buf = Enc.base64ToBuf(parts[1]); - var els = []; - var index = 0; - var len; - var i = 0; - var offset = (buf.byteOffset || 0); - // using dataview to be browser-compatible (I do want _some_ code reuse) - var dv = new DataView(buf.buffer.slice(offset, offset + buf.byteLength)); - var el; - - if (SSH.RSA !== Enc.bufToHex(buf.slice(0, SSH.RSA.length/2))) { - throw new Error("does not lead with ssh header"); - } - - while (index < buf.byteLength) { - i += 1; - if (i > 3) { throw new Error("15+ elements, probably not a public ssh key"); } - len = dv.getUint32(index, false); - index += 4; - el = buf.slice(index, index + len); - // remove BigUInt '00' prefix - if (0x00 === el[0]) { - el = el.slice(1); - } - els.push(el); - index += len; - } - - jwk.n = Enc.bufToUrlBase64(els[2]); - jwk.e = Enc.bufToUrlBase64(els[1]); - - return jwk; -}; - -SSH.pack = function (opts) { - var jwk = opts.jwk; - var header = 'ssh-rsa'; - var comment = opts.comment || 'rsa@localhost'; - var e = SSH._padHexInt(Enc.base64ToHex(jwk.e)); - var n = SSH._padHexInt(Enc.base64ToHex(jwk.n)); - var hex = [ - SSH._numToUint32Hex(header.length) - , Enc.strToHex(header) - , SSH._numToUint32Hex(e.length/2) - , e - , SSH._numToUint32Hex(n.length/2) - , n - ].join(''); - return [ header, Enc.hexToBase64(hex), comment ].join(' '); -}; - -SSH._numToUint32Hex = function (num) { - var hex = num.toString(16); - while (hex.length < 8) { - hex = '0' + hex; - } - return hex; -}; - -SSH._padHexInt = function (hex) { - // BigInt is negative if the high order bit 0x80 is set, - // so ASN1, SSH, and many other formats pad with '0x00' - // to signifiy a positive number. - var i = parseInt(hex.slice(0, 2), 16); - if (0x80 & i) { - return '00' + hex; - } - return hex; -}; diff --git a/lib/rasha/lib/telemetry.js b/lib/rasha/lib/telemetry.js deleted file mode 100644 index 9623b77..0000000 --- a/lib/rasha/lib/telemetry.js +++ /dev/null @@ -1,111 +0,0 @@ -'use strict'; - -// We believe in a proactive approach to sustainable open source. -// As part of that we make it easy for you to opt-in to following our progress -// and we also stay up-to-date on telemetry such as operating system and node -// version so that we can focus our efforts where they'll have the greatest impact. -// -// Want to learn more about our Terms, Privacy Policy, and Mission? -// Check out https://therootcompany.com/legal/ - -var os = require('os'); -var crypto = require('crypto'); -var https = require('https'); -var pkg = require('../package.json'); - -// to help focus our efforts in the right places -var data = { - package: pkg.name -, version: pkg.version -, node: process.version -, arch: process.arch || os.arch() -, platform: process.platform || os.platform() -, release: os.release() -}; - -function addCommunityMember(opts) { - setTimeout(function () { - var req = https.request({ - hostname: 'api.therootcompany.com' - , port: 443 - , path: '/api/therootcompany.com/public/community' - , method: 'POST' - , headers: { 'Content-Type': 'application/json' } - }, function (resp) { - // let the data flow, so we can ignore it - resp.on('data', function () {}); - //resp.on('data', function (chunk) { console.log(chunk.toString()); }); - resp.on('error', function () { /*ignore*/ }); - //resp.on('error', function (err) { console.error(err); }); - }); - var obj = JSON.parse(JSON.stringify(data)); - obj.action = 'updates'; - try { - obj.ppid = ppid(obj.action); - } catch(e) { - // ignore - //console.error(e); - } - obj.name = opts.name || undefined; - obj.address = opts.email; - obj.community = 'node.js@therootcompany.com'; - - req.write(JSON.stringify(obj, 2, null)); - req.end(); - req.on('error', function () { /*ignore*/ }); - //req.on('error', function (err) { console.error(err); }); - }, 50); -} - -function ping(action) { - setTimeout(function () { - var req = https.request({ - hostname: 'api.therootcompany.com' - , port: 443 - , path: '/api/therootcompany.com/public/ping' - , method: 'POST' - , headers: { 'Content-Type': 'application/json' } - }, function (resp) { - // let the data flow, so we can ignore it - resp.on('data', function () { }); - //resp.on('data', function (chunk) { console.log(chunk.toString()); }); - resp.on('error', function () { /*ignore*/ }); - //resp.on('error', function (err) { console.error(err); }); - }); - var obj = JSON.parse(JSON.stringify(data)); - obj.action = action; - try { - obj.ppid = ppid(obj.action); - } catch(e) { - // ignore - //console.error(e); - } - - req.write(JSON.stringify(obj, 2, null)); - req.end(); - req.on('error', function (/*e*/) { /*console.error('req.error', e);*/ }); - }, 50); -} - -// to help identify unique installs without getting -// the personally identifiable info that we don't want -function ppid(action) { - var parts = [ action, data.package, data.version, data.node, data.arch, data.platform, data.release ]; - var ifaces = os.networkInterfaces(); - Object.keys(ifaces).forEach(function (ifname) { - if (/^en/.test(ifname) || /^eth/.test(ifname) || /^wl/.test(ifname)) { - if (ifaces[ifname] && ifaces[ifname].length) { - parts.push(ifaces[ifname][0].mac); - } - } - }); - return crypto.createHash('sha1').update(parts.join(',')).digest('base64'); -} - -module.exports.ping = ping; -module.exports.joinCommunity = addCommunityMember; - -if (require.main === module) { - ping('install'); - //addCommunityMember({ name: "AJ ONeal", email: 'coolaj86@gmail.com' }); -} diff --git a/lib/rasha/lib/x509.js b/lib/rasha/lib/x509.js deleted file mode 100644 index fb193e1..0000000 --- a/lib/rasha/lib/x509.js +++ /dev/null @@ -1,153 +0,0 @@ -'use strict'; - -var x509 = module.exports; -var ASN1 = require('./asn1.js'); -var Enc = require('./encoding.js'); - -x509.guess = function (der, asn1) { - // accepting der for compatability with other usages - - var meta = { kty: 'RSA', format: 'pkcs1', public: true }; - //meta.asn1 = ASN1.parse(u8); - - if (asn1.children.every(function(el) { - return 0x02 === el.type; - })) { - if (2 === asn1.children.length) { - // rsa pkcs1 public - return meta; - } else if (asn1.children.length >= 9) { - // the standard allows for "otherPrimeInfos", hence at least 9 - meta.public = false; - // rsa pkcs1 private - return meta; - } else { - throw new Error("not an RSA PKCS#1 public or private key (wrong number of ints)"); - } - } else { - meta.format = 'pkcs8'; - } - - return meta; -}; - -x509.parsePkcs1 = function parseRsaPkcs1(buf, asn1, jwk) { - if (!asn1.children.every(function(el) { - return 0x02 === el.type; - })) { - throw new Error("not an RSA PKCS#1 public or private key (not all ints)"); - } - - if (2 === asn1.children.length) { - - jwk.n = Enc.bufToUrlBase64(asn1.children[0].value); - jwk.e = Enc.bufToUrlBase64(asn1.children[1].value); - return jwk; - - } else if (asn1.children.length >= 9) { - // the standard allows for "otherPrimeInfos", hence at least 9 - - jwk.n = Enc.bufToUrlBase64(asn1.children[1].value); - jwk.e = Enc.bufToUrlBase64(asn1.children[2].value); - jwk.d = Enc.bufToUrlBase64(asn1.children[3].value); - jwk.p = Enc.bufToUrlBase64(asn1.children[4].value); - jwk.q = Enc.bufToUrlBase64(asn1.children[5].value); - jwk.dp = Enc.bufToUrlBase64(asn1.children[6].value); - jwk.dq = Enc.bufToUrlBase64(asn1.children[7].value); - jwk.qi = Enc.bufToUrlBase64(asn1.children[8].value); - return jwk; - - } else { - throw new Error("not an RSA PKCS#1 public or private key (wrong number of ints)"); - } -}; - -x509.parsePkcs8 = function parseRsaPkcs8(buf, asn1, jwk) { - if (2 === asn1.children.length - && 0x03 === asn1.children[1].type - && 0x30 === asn1.children[1].value[0]) { - - asn1 = ASN1.parse(asn1.children[1].value); - jwk.n = Enc.bufToUrlBase64(asn1.children[0].value); - jwk.e = Enc.bufToUrlBase64(asn1.children[1].value); - - } else if (3 === asn1.children.length - && 0x04 === asn1.children[2].type - && 0x30 === asn1.children[2].children[0].type - && 0x02 === asn1.children[2].children[0].children[0].type) { - - asn1 = asn1.children[2].children[0]; - jwk.n = Enc.bufToUrlBase64(asn1.children[1].value); - jwk.e = Enc.bufToUrlBase64(asn1.children[2].value); - jwk.d = Enc.bufToUrlBase64(asn1.children[3].value); - jwk.p = Enc.bufToUrlBase64(asn1.children[4].value); - jwk.q = Enc.bufToUrlBase64(asn1.children[5].value); - jwk.dp = Enc.bufToUrlBase64(asn1.children[6].value); - jwk.dq = Enc.bufToUrlBase64(asn1.children[7].value); - jwk.qi = Enc.bufToUrlBase64(asn1.children[8].value); - - } else { - throw new Error("not an RSA PKCS#8 public or private key (wrong format)"); - } - return jwk; -}; - -x509.packPkcs1 = function (jwk) { - var n = ASN1.UInt(Enc.base64ToHex(jwk.n)); - var e = ASN1.UInt(Enc.base64ToHex(jwk.e)); - - if (!jwk.d) { - return Enc.hexToBuf(ASN1('30', n, e)); - } - - return Enc.hexToBuf(ASN1('30' - , ASN1.UInt('00') - , n - , e - , ASN1.UInt(Enc.base64ToHex(jwk.d)) - , ASN1.UInt(Enc.base64ToHex(jwk.p)) - , ASN1.UInt(Enc.base64ToHex(jwk.q)) - , ASN1.UInt(Enc.base64ToHex(jwk.dp)) - , ASN1.UInt(Enc.base64ToHex(jwk.dq)) - , ASN1.UInt(Enc.base64ToHex(jwk.qi)) - )); -}; - -x509.packPkcs8 = function (jwk) { - if (!jwk.d) { - // Public RSA - return Enc.hexToBuf(ASN1('30' - , ASN1('30' - , ASN1('06', '2a864886f70d010101') - , ASN1('05') - ) - , ASN1.BitStr(ASN1('30' - , ASN1.UInt(Enc.base64ToHex(jwk.n)) - , ASN1.UInt(Enc.base64ToHex(jwk.e)) - )) - )); - } - - // Private RSA - return Enc.hexToBuf(ASN1('30' - , ASN1.UInt('00') - , ASN1('30' - , ASN1('06', '2a864886f70d010101') - , ASN1('05') - ) - , ASN1('04' - , ASN1('30' - , ASN1.UInt('00') - , ASN1.UInt(Enc.base64ToHex(jwk.n)) - , ASN1.UInt(Enc.base64ToHex(jwk.e)) - , ASN1.UInt(Enc.base64ToHex(jwk.d)) - , ASN1.UInt(Enc.base64ToHex(jwk.p)) - , ASN1.UInt(Enc.base64ToHex(jwk.q)) - , ASN1.UInt(Enc.base64ToHex(jwk.dp)) - , ASN1.UInt(Enc.base64ToHex(jwk.dq)) - , ASN1.UInt(Enc.base64ToHex(jwk.qi)) - ) - ) - )); -}; -x509.packSpki = x509.packPkcs8; diff --git a/lib/rasha/package.json b/lib/rasha/package.json deleted file mode 100644 index 21a17c4..0000000 --- a/lib/rasha/package.json +++ /dev/null @@ -1,40 +0,0 @@ -{ - "name": "rasha", - "version": "1.1.0", - "description": "💯 PEM-to-JWK and JWK-to-PEM for RSA keys in a lightweight, zero-dependency library focused on perfect universal compatibility.", - "homepage": "https://git.coolaj86.com/coolaj86/rasha.js", - "main": "index.js", - "bin": { - "rasha": "bin/rasha.js" - }, - "files": [ - "bin", - "fixtures", - "lib" - ], - "directories": { - "lib": "lib" - }, - "scripts": { - "postinstall": "node lib/telemetry.js event:install", - "test": "bash test.sh" - }, - "repository": { - "type": "git", - "url": "https://git.coolaj86.com/coolaj86/rasha.js" - }, - "keywords": [ - "zero-dependency", - "PEM-to-JWK", - "JWK-to-PEM", - "RSA", - "2048", - "4096", - "asn1", - "x509", - "JWK-to-SSH", - "PEM-to-SSH" - ], - "author": "AJ ONeal (https://coolaj86.com/)", - "license": "MPL-2.0" -} diff --git a/lib/rasha/test.js b/lib/rasha/test.js deleted file mode 100644 index c09a216..0000000 --- a/lib/rasha/test.js +++ /dev/null @@ -1,6 +0,0 @@ -var Rasha = require('./'); - -var pem = require('fs').readFileSync(process.argv[2], 'ascii'); -var jwk = Rasha.importSync({ pem: pem }); - -console.log(Buffer.from(jwk.n, 'base64').byteLength); diff --git a/lib/rasha/test.sh b/lib/rasha/test.sh deleted file mode 100755 index db1ea9d..0000000 --- a/lib/rasha/test.sh +++ /dev/null @@ -1,172 +0,0 @@ -#!/bin/bash - -# cause errors to hard-fail -# (and diff non-0 exit status will cause failure) -set -e - -pemtojwk() { - keyid=$1 - if [ -z "$keyid" ]; then - echo "" - echo "Testing PEM-to-JWK PKCS#1" - fi - # - node bin/rasha.js ./fixtures/privkey-rsa-2048.pkcs1.${keyid}pem \ - > ./fixtures/privkey-rsa-2048.jwk.1.json - diff ./fixtures/privkey-rsa-2048.jwk.${keyid}json ./fixtures/privkey-rsa-2048.jwk.1.json - # - node bin/rasha.js ./fixtures/pub-rsa-2048.pkcs1.${keyid}pem \ - > ./fixtures/pub-rsa-2048.jwk.1.json - diff ./fixtures/pub-rsa-2048.jwk.${keyid}json ./fixtures/pub-rsa-2048.jwk.1.json - if [ -z "$keyid" ]; then - echo "Pass" - fi - - - if [ -z "$keyid" ]; then - echo "" - echo "Testing PEM-to-JWK PKCS#8" - fi - # - node bin/rasha.js ./fixtures/privkey-rsa-2048.pkcs8.${keyid}pem \ - > ./fixtures/privkey-rsa-2048.jwk.1.json - diff ./fixtures/privkey-rsa-2048.jwk.${keyid}json ./fixtures/privkey-rsa-2048.jwk.1.json - # - node bin/rasha.js ./fixtures/pub-rsa-2048.spki.${keyid}pem \ - > ./fixtures/pub-rsa-2048.jwk.1.json - diff ./fixtures/pub-rsa-2048.jwk.${keyid}json ./fixtures/pub-rsa-2048.jwk.1.json - if [ -z "$keyid" ]; then - echo "Pass" - fi -} - -jwktopem() { - keyid=$1 - if [ -z "$keyid" ]; then - echo "" - echo "Testing JWK-to-PEM PKCS#1" - fi - # - node bin/rasha.js ./fixtures/privkey-rsa-2048.jwk.${keyid}json pkcs1 \ - > ./fixtures/privkey-rsa-2048.pkcs1.1.pem - diff ./fixtures/privkey-rsa-2048.pkcs1.${keyid}pem ./fixtures/privkey-rsa-2048.pkcs1.1.pem - # - node bin/rasha.js ./fixtures/pub-rsa-2048.jwk.${keyid}json pkcs1 \ - > ./fixtures/pub-rsa-2048.pkcs1.1.pem - diff ./fixtures/pub-rsa-2048.pkcs1.${keyid}pem ./fixtures/pub-rsa-2048.pkcs1.1.pem - if [ -z "$keyid" ]; then - echo "Pass" - fi - - if [ -z "$keyid" ]; then - echo "" - echo "Testing JWK-to-PEM PKCS#8" - fi - # - node bin/rasha.js ./fixtures/privkey-rsa-2048.jwk.${keyid}json pkcs8 \ - > ./fixtures/privkey-rsa-2048.pkcs8.1.pem - diff ./fixtures/privkey-rsa-2048.pkcs8.${keyid}pem ./fixtures/privkey-rsa-2048.pkcs8.1.pem - # - node bin/rasha.js ./fixtures/pub-rsa-2048.jwk.${keyid}json spki \ - > ./fixtures/pub-rsa-2048.spki.1.pem - diff ./fixtures/pub-rsa-2048.spki.${keyid}pem ./fixtures/pub-rsa-2048.spki.1.pem - if [ -z "$keyid" ]; then - echo "Pass" - fi - - if [ -z "$keyid" ]; then - echo "" - echo "Testing JWK-to-SSH" - fi - # - node bin/rasha.js ./fixtures/privkey-rsa-2048.jwk.${keyid}json ssh > ./fixtures/pub-rsa-2048.ssh.1.pub - diff ./fixtures/pub-rsa-2048.ssh.${keyid}pub ./fixtures/pub-rsa-2048.ssh.1.pub - # - node bin/rasha.js ./fixtures/pub-rsa-2048.jwk.${keyid}json ssh > ./fixtures/pub-rsa-2048.ssh.1.pub - diff ./fixtures/pub-rsa-2048.ssh.${keyid}pub ./fixtures/pub-rsa-2048.ssh.1.pub - if [ -z "$keyid" ]; then - echo "Pass" - fi -} - -rndkey() { - keyid="rnd.1." - keysize=$1 - # Generate 2048-bit RSA Keypair - openssl genrsa -out fixtures/privkey-rsa-2048.pkcs1.${keyid}pem $keysize - # Convert PKCS1 (traditional) RSA Keypair to PKCS8 format - openssl rsa -in fixtures/privkey-rsa-2048.pkcs1.${keyid}pem -pubout \ - -out fixtures/pub-rsa-2048.spki.${keyid}pem - # Export Public-only RSA Key in PKCS1 (traditional) format - openssl pkcs8 -topk8 -nocrypt -in fixtures/privkey-rsa-2048.pkcs1.${keyid}pem \ - -out fixtures/privkey-rsa-2048.pkcs8.${keyid}pem - # Convert PKCS1 (traditional) RSA Public Key to SPKI/PKIX format - openssl rsa -in fixtures/pub-rsa-2048.spki.${keyid}pem -pubin -RSAPublicKey_out \ - -out fixtures/pub-rsa-2048.pkcs1.${keyid}pem - # Convert RSA public key to SSH format - sshpub=$(ssh-keygen -f fixtures/pub-rsa-2048.spki.${keyid}pem -i -mPKCS8) - echo "$sshpub rsa@localhost" > fixtures/pub-rsa-2048.ssh.${keyid}pub - - - # to JWK - node bin/rasha.js ./fixtures/privkey-rsa-2048.pkcs1.${keyid}pem \ - > ./fixtures/privkey-rsa-2048.jwk.${keyid}json - node bin/rasha.js ./fixtures/pub-rsa-2048.pkcs1.${keyid}pem \ - > ./fixtures/pub-rsa-2048.jwk.${keyid}json - - pemtojwk "$keyid" - jwktopem "$keyid" -} - -pemtojwk "" -jwktopem "" - -echo "" -echo "testing node key generation" -node bin/rasha.js > /dev/null -node bin/rasha.js jwk > /dev/null -node bin/rasha.js json 2048 > /dev/null -node bin/rasha.js der > /dev/null -node bin/rasha.js pkcs8 der > /dev/null -node bin/rasha.js pem > /dev/null -node bin/rasha.js pkcs1 pem > /dev/null -node bin/rasha.js spki > /dev/null -echo "PASS" - -echo "" -echo "" -echo "Re-running tests with random keys of varying sizes" -echo "" - -# commented out sizes below 512, since they are below minimum size on some systems. -# rndkey 32 # minimum key size -# rndkey 64 -# rndkey 128 -# rndkey 256 - -rndkey 512 -rndkey 768 -rndkey 1024 -rndkey 2048 # first secure key size - -if [ "${RASHA_TEST_LARGE_KEYS}" == "true" ]; then - rndkey 3072 - rndkey 4096 # largest reasonable key size -else - echo "" - echo "Note:" - echo "Keys larger than 2048 have been tested and work, but are omitted from automated tests to save time." - echo "Set RASHA_TEST_LARGE_KEYS=true to enable testing of keys up to 4096." -fi - -echo "" -echo "Pass" - -rm fixtures/*.1.* - -echo "" -echo "" -echo "PASSED:" -echo "• All inputs produced valid outputs" -echo "• All outputs matched known-good values" -echo "• All random tests passed reciprosity" diff --git a/lib/rsa.js b/lib/rsa.js index d642cfd..ae1b515 100644 --- a/lib/rsa.js +++ b/lib/rsa.js @@ -13,7 +13,7 @@ try { /* ignore */ } -var Rasha = require('./rasha'); +var Keypairs = require('Keypairs'); var RSACSR = require('./rsa-csr'); var NOBJ = {}; var DEFAULT_BITLEN = 2048; @@ -48,12 +48,12 @@ RSA.import = function (options) { // Private Keys if (options.privateKeyPem) { if (!options.privateKeyJwk) { - options.privateKeyJwk = Rasha.importSync({ pem: options.privateKeyPem }); + options.privateKeyJwk = Keypairs._importSync({ pem: options.privateKeyPem }); } } if (options.privateKeyJwk) { if (!options.privateKeyPem) { - options.privateKeyPem = Rasha.exportSync({ + options.privateKeyPem = Keypairs._exportSync({ jwk: options.privateKeyJwk , format: options.format || 'pkcs1' , encoding: options.encoding || 'pem' @@ -64,7 +64,7 @@ RSA.import = function (options) { // Public Keys if (options.publicKeyPem || options.privateKeyPem) { if (!options.publicKeyJwk) { - options.publicKeyJwk = Rasha.importSync({ + options.publicKeyJwk = Keypairs._importSync({ pem: options.publicKeyPem || options.privateKeyPem , public: true }); @@ -72,7 +72,7 @@ RSA.import = function (options) { } if (options.publicKeyJwk || options.privateKeyJwk) { if (!options.publicKeyPem) { - options.publicKeyPem = Rasha.exportSync({ + options.publicKeyPem = Keypairs._exportSync({ jwk: options.publicKeyJwk || options.privateKeyJwk , format: options.format || 'pkcs1' , encoding: options.encoding || 'pem' diff --git a/package-lock.json b/package-lock.json new file mode 100644 index 0000000..2e621ba --- /dev/null +++ b/package-lock.json @@ -0,0 +1,27 @@ +{ + "name": "rsa-compat", + "version": "2.0.3", + "lockfileVersion": 1, + "requires": true, + "dependencies": { + "eckles": { + "version": "1.4.1", + "resolved": "https://registry.npmjs.org/eckles/-/eckles-1.4.1.tgz", + "integrity": "sha512-auWyk/k8oSkVHaD4RxkPadKsLUcIwKgr/h8F7UZEueFDBO7BsE4y+H6IMUDbfqKIFPg/9MxV6KcBdJCmVVcxSA==" + }, + "keypairs": { + "version": "1.2.14", + "resolved": "https://registry.npmjs.org/keypairs/-/keypairs-1.2.14.tgz", + "integrity": "sha512-ZoZfZMygyB0QcjSlz7Rh6wT2CJasYEHBPETtmHZEfxuJd7bnsOG5AdtPZqHZBT+hoHvuWCp/4y8VmvTvH0Y9uA==", + "requires": { + "eckles": "^1.4.1", + "rasha": "^1.2.4" + } + }, + "rasha": { + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/rasha/-/rasha-1.2.4.tgz", + "integrity": "sha512-GsIwKv+hYSumJyK9wkTDaERLwvWaGYh1WuI7JMTBISfYt13TkKFU/HFzlY4n72p8VfXZRUYm0AqaYhkZVxOC3Q==" + } + } +} diff --git a/package.json b/package.json index 40a2448..51d22c7 100644 --- a/package.json +++ b/package.json @@ -1,8 +1,8 @@ { "name": "rsa-compat", "version": "2.0.3", - "engines" : { - "node" : ">=10.12" + "engines": { + "node": ">=10.12" }, "description": "RSA utils that work on Windows, Mac, and Linux with or without C compiler", "main": "index.js", @@ -40,5 +40,8 @@ "buffer-v6-polyfill": "^1.0.3", "node-forge": "^0.7.6", "ursa-optional": "^0.9.10" + }, + "dependencies": { + "keypairs": "^1.2.14" } }