browserify-sign
Advanced tools
Comparing version 2.5.2 to 2.6.0
@@ -31,2 +31,7 @@ exports['RSA-SHA224'] = exports.sha224WithRSAEncryption = { | ||
}; | ||
exports.DSA = exports['DSA-SHA1'] = exports['DSA-SHA'] = { | ||
sign: 'dsa', | ||
hash: 'sha1', | ||
id: new Buffer('', 'hex') | ||
}; | ||
exports['RSA-RIPEMD160'] = exports.ripemd160WithRSA = { | ||
@@ -33,0 +38,0 @@ sign: 'rsa', |
{ | ||
"name": "browserify-sign", | ||
"version": "2.5.2", | ||
"version": "2.6.0", | ||
"description": "", | ||
@@ -19,3 +19,3 @@ "main": "index.js", | ||
"inherits": "^2.0.1", | ||
"parse-asn1": "^1.0.0", | ||
"parse-asn1": "^1.2.0", | ||
"readable-stream": "^1.0.33" | ||
@@ -22,0 +22,0 @@ }, |
53
sign.js
@@ -10,2 +10,4 @@ // much of this based on https://github.com/indutny/self-signed/blob/gh-pages/lib/rsa.js | ||
return ecSign(hash, priv, crypto); | ||
} else if (priv.type === 'dsa') { | ||
return dsaSign(hash, priv, crypto); | ||
} | ||
@@ -37,3 +39,3 @@ var len = priv.modulus.byteLength(); | ||
var q = new bn(priv.prime2); | ||
var m1 = c1.redPow(priv.exponent1) | ||
var m1 = c1.redPow(priv.exponent1); | ||
var m2 = c2.redPow(priv.exponent2); | ||
@@ -57,2 +59,51 @@ m1 = m1.fromRed(); | ||
return new Buffer(out.toDER()); | ||
} | ||
function dsaSign(hash, priv, crypto) { | ||
var x = priv.params.priv_key; | ||
var p = priv.params.p; | ||
var q = priv.params.q; | ||
var montq = bn.mont(q); | ||
var g = priv.params.g; | ||
var r = new bn(0); | ||
var k; | ||
var H = new bn(hash); | ||
var s = false; | ||
while (s === false) { | ||
while (!r.cmpn(0)) { | ||
k = getKay(q, crypto); | ||
r = makeR(g, k, p, q); | ||
} | ||
s = k.invm(q).imul(H.add(x.imul(r).mod(q)).mod(q)).mod(q); | ||
if (!s.cmpn(0)) { | ||
s = false; | ||
r = new bn(0); | ||
} | ||
} | ||
return toDER(r,s); | ||
} | ||
function toDER(r, s) { | ||
r = r.toArray(); | ||
s = s.toArray(); | ||
// Pad values | ||
if (r[0] & 0x80) | ||
r = [ 0 ].concat(r); | ||
// Pad values | ||
if (s[0] & 0x80) | ||
s = [ 0 ].concat(s); | ||
var total = r.length + s.length + 4; | ||
var res = [ 0x30, total, 0x02, r.length ]; | ||
res = res.concat(r, [ 0x02, s.length ], s); | ||
return new Buffer(res); | ||
} | ||
function getKay(q, crypto) { | ||
var k = new bn(crypto.randomBytes(q.byteLength())); | ||
while (k.cmp(q) >= 0) { | ||
k = new bn(crypto.randomBytes(q.byteLength())); | ||
} | ||
return k; | ||
} | ||
function makeR(g, k, p, q) { | ||
return g.toRed(bn.mont(p)).redPow(k).fromRed().mod(q); | ||
} |
@@ -7,11 +7,11 @@ var test = require('tape'); | ||
public: fs.readFileSync(__dirname + '/rsa.1024.pub') | ||
} | ||
}; | ||
var rsa2028 = { | ||
private: fs.readFileSync(__dirname + '/rsa.2028.priv'), | ||
public: fs.readFileSync(__dirname + '/rsa.2028.pub') | ||
} | ||
}; | ||
var nonrsa1024 = { | ||
private: fs.readFileSync(__dirname + '/1024.priv'), | ||
public: fs.readFileSync(__dirname + '/1024.pub') | ||
} | ||
}; | ||
var pass1024 = { | ||
@@ -23,7 +23,7 @@ private: { | ||
public: fs.readFileSync(__dirname + '/pass.1024.pub') | ||
} | ||
}; | ||
var ec = { | ||
private: fs.readFileSync(__dirname + '/ec.priv'), | ||
public: fs.readFileSync(__dirname + '/ec.pub') | ||
} | ||
}; | ||
var ecpass = { | ||
@@ -35,3 +35,39 @@ private: { | ||
public: fs.readFileSync(__dirname + '/ec.pub') | ||
} | ||
}; | ||
var dsa = { | ||
private: fs.readFileSync(__dirname + '/dsa.1024.priv'), | ||
public: fs.readFileSync(__dirname + '/dsa.1024.pub') | ||
}; | ||
var dsa2 = { | ||
private: fs.readFileSync(__dirname + '/dsa.2048.priv'), | ||
public: fs.readFileSync(__dirname + '/dsa.2048.pub') | ||
}; | ||
var dsapass = { | ||
private: { | ||
key:fs.readFileSync(__dirname + '/pass.dsa.1024.priv'), | ||
passphrase:'password' | ||
}, | ||
public: fs.readFileSync(__dirname + '/pass.dsa.1024.pub') | ||
}; | ||
var dsapass2 = { | ||
private: { | ||
key:fs.readFileSync(__dirname + '/pass2.dsa.1024.priv'), | ||
passphrase:'password' | ||
}, | ||
public: fs.readFileSync(__dirname + '/pass2.dsa.1024.pub') | ||
}; | ||
var rsapass = { | ||
private: { | ||
key:fs.readFileSync(__dirname + '/pass.rsa.1024.priv'), | ||
passphrase:'password' | ||
}, | ||
public: fs.readFileSync(__dirname + '/pass.rsa.1024.pub') | ||
}; | ||
var rsapass2 = { | ||
private: { | ||
key:fs.readFileSync(__dirname + '/pass.rsa.2028.priv'), | ||
passphrase:'password' | ||
}, | ||
public: fs.readFileSync(__dirname + '/pass.rsa.2028.pub') | ||
}; | ||
function isNode10() { | ||
@@ -76,2 +112,4 @@ return process.version && process.version.split('.').length === 3 && parseInt(process.version.split('.')[1], 10) <= 10; | ||
} | ||
ectestIt(dsa, new Buffer('dsa with 1024 keys'), 'DSA'); | ||
ectestIt(dsa2, new Buffer('dsa with 2048 keys'), 'DSA-SHA1'); | ||
testIt(rsa1024, new Buffer('md5 with 1024 keys'), 'RSA-MD5'); | ||
@@ -102,2 +140,18 @@ ectestIt(ec, new Buffer('ecdsa with sha1'), 'ecdsa-with-SHA1'); | ||
ectestIt(ecpass, new Buffer('ecdsa with password'), 'ecdsa-with-SHA1'); | ||
ectestIt(dsapass, new Buffer('dsa with 1024 keys and a password'), 'DSA-SHA'); | ||
ectestIt(dsapass2, new Buffer('dsa with 1024 keys and a password varient'), 'DSA-SHA'); | ||
testIt(rsapass, new Buffer('sha1 with 1024 keys and password, varient'), 'RSA-SHA1'); | ||
testIt(rsapass2, new Buffer('sha1 with 2024 keys and password, varient'), 'RSA-SHA1'); | ||
testIt(rsapass, new Buffer('sha224 with 1024 keys and password, varient'), 'RSA-SHA224'); | ||
testIt(rsapass2, new Buffer('sha224 with 2024 keys and password, varient'), 'RSA-SHA224'); | ||
testIt(rsapass, new Buffer('sha256 with 1024 keys and password, varient'), 'RSA-SHA256'); | ||
testIt(rsapass2, new Buffer('sha256 with 2024 keys and password, varient'), 'RSA-SHA256'); | ||
testIt(rsapass, new Buffer('sha384 with 1024 keys and password, varient'), 'RSA-SHA384'); | ||
testIt(rsapass2, new Buffer('sha384 with 2024 keys and password, varient'), 'RSA-SHA384'); | ||
testIt(rsapass, new Buffer('sha512 with 1024 keys and password, varient'), 'RSA-SHA512'); | ||
testIt(rsapass2, new Buffer('sha512 with 2024 keys and password, varient'), 'RSA-SHA512'); | ||
testIt(rsapass, new Buffer('rmd160 with 1024 keys and password, varient'), 'RSA-RIPEMD160'); | ||
testIt(rsapass2, new Buffer('rmd160 with 2024 keys and password, varient'), 'RSA-RIPEMD160'); | ||
testIt(rsapass, new Buffer('md5 with 1024 keys and password, varient'), 'RSA-MD5'); | ||
testIt(rsapass2, new Buffer('md5 with 2024 keys and password, varient'), 'RSA-MD5'); | ||
testIt(pass1024, new Buffer('sha1 with 1024 keys and password'), 'RSA-SHA1'); | ||
@@ -104,0 +158,0 @@ testIt(pass1024, new Buffer('sha224 with 1024 keys and password'), 'RSA-SHA224'); |
@@ -10,2 +10,4 @@ // much of this based on https://github.com/indutny/self-signed/blob/gh-pages/lib/rsa.js | ||
return ecVerify(sig, hash, pub); | ||
} else if (pub.type === 'dsa') { | ||
return dsaVerify(sig, hash, pub); | ||
} | ||
@@ -46,1 +48,32 @@ var len = pub.modulus.byteLength(); | ||
} | ||
function dsaVerify(sig, hash, pub) { | ||
var p = pub.data.p; | ||
var q = pub.data.q; | ||
var g = pub.data.g; | ||
var y = pub.data.pub_key; | ||
var unpacked = parseKeys.signature.decode(sig, 'der'); | ||
var s = unpacked.s; | ||
var r = unpacked.r; | ||
checkValue(s, q); | ||
checkValue(r, q); | ||
var montq = bn.mont(q); | ||
var montp = bn.mont(p); | ||
var w = s.invm(q); | ||
var v = g.toRed(montp) | ||
.redPow(new bn(hash).mul(w).mod(q)) | ||
.fromRed() | ||
.mul( | ||
y.toRed(montp) | ||
.redPow(r.mul(w).mod(q)) | ||
.fromRed() | ||
).mod(p).mod(q); | ||
return !v.cmp(r); | ||
} | ||
function checkValue(b, q) { | ||
if (b.cmpn(0) <= 0) { | ||
throw new Error('invalid sig'); | ||
} | ||
if (b.cmp(q) >= q) { | ||
throw new Error('invalid sig'); | ||
} | ||
} |
37488
42
488
Updatedparse-asn1@^1.2.0