node-rsa - npm Package Compare versions

Comparing version 0.4.0 to 0.4.1

gruntfile.js

@@ -0,0 +0,0 @@ module.exports = function (grunt) {

package.json

 {
   "name": "node-rsa",
-  "version": "0.4.0",
+  "version": "0.4.1",
   "description": "Node.js RSA library",
@@ -33,8 +33,8 @@ "main": "src/NodeRSA.js",
   "devDependencies": {
-    "grunt": "0.4.5",
-    "grunt-simple-mocha": "0.4.0",
-    "jit-grunt": "0.9.1",
-    "chai": "2.0.0",
-    "grunt-contrib-jshint": "0.11.0",
-    "lodash": "^4.0.0"
+    "chai": "^3.5.0",
+    "grunt": "^1.0.1",
+    "grunt-contrib-jshint": "^1.0.0",
+    "grunt-simple-mocha": "^0.4.1",
+    "jit-grunt": "^0.10.0",
+    "lodash": "^4.13.1"
   },
@@ -41,0 +41,0 @@ "dependencies": {

README.md

@@ -239,2 +239,5 @@ # Node-RSA
 ## Changelog
+
+### 0.4.1
+ * `PKCS1 no padding` scheme support.
     
@@ -241,0 +244,0 @@ ### 0.4.0

src/encryptEngines/encryptEngines.js

@@ -0,0 +0,0 @@ var crypt = require('crypto');

src/encryptEngines/io.js

@@ -5,10 +5,12 @@ var crypto = require('crypto');
 module.exports = function (keyPair, options) {
-    var jsEngine = require('./js.js')(keyPair, options);
-
     return {
         encrypt: function (buffer, usePrivate) {
             if (usePrivate) {
+                var padding = constants.RSA_PKCS1_PADDING;
+                if (options.encryptionSchemeOptions && options.encryptionSchemeOptions.padding) {
+                    padding = options.encryptionSchemeOptions.padding;
+                }
                 return crypto.privateEncrypt({
                     key: options.rsaUtils.exportKey('private'),
-                    padding: constants.RSA_PKCS1_PADDING
+                    padding: padding
                 }, buffer);
@@ -20,3 +22,5 @@ } else {
                 }
-
+                if (options.encryptionSchemeOptions && options.encryptionSchemeOptions.padding) {
+                    padding = options.encryptionSchemeOptions.padding;
+                }
                 return crypto.publicEncrypt({
@@ -31,5 +35,9 @@ key: options.rsaUtils.exportKey('public'),
             if (usePublic) {
+                var padding = constants.RSA_PKCS1_PADDING;
+                if (options.encryptionSchemeOptions && options.encryptionSchemeOptions.padding) {
+                    padding = options.encryptionSchemeOptions.padding;
+                }
                 return crypto.publicDecrypt({
                     key: options.rsaUtils.exportKey('public'),
-                    padding: constants.RSA_PKCS1_PADDING
+                    padding: padding
                 }, buffer);
@@ -41,3 +49,5 @@ } else {
                 }
-
+                if (options.encryptionSchemeOptions && options.encryptionSchemeOptions.padding) {
+                    padding = options.encryptionSchemeOptions.padding;
+                }
                 return crypto.privateDecrypt({
@@ -44,0 +54,0 @@ key: options.rsaUtils.exportKey('private'),

src/encryptEngines/js.js

@@ -11,2 +11,3 @@ var BigInteger = require('../libs/jsbn.js');
             if (usePrivate) {
+                /* Type 1: zeros padding for private key encrypt */
                 m = new BigInteger(pkcs1Scheme.encPad(buffer, {type: 1}));
@@ -26,2 +27,3 @@ c = keyPair.$doPrivate(m);
                 m = keyPair.$doPublic(c);
+                /* Type 1: zeros padding for private key decrypt */
                 return pkcs1Scheme.encUnPad(m.toBuffer(keyPair.encryptedDataLength), {type: 1});
@@ -28,0 +30,0 @@ } else {

src/encryptEngines/node12.js

@@ -16,2 +16,5 @@ var crypto = require('crypto');
             }
+            if (options.encryptionSchemeOptions && options.encryptionSchemeOptions.padding) {
+                padding = options.encryptionSchemeOptions.padding;
+            }
 
@@ -32,2 +35,5 @@ return crypto.publicEncrypt({
             }
+            if (options.encryptionSchemeOptions && options.encryptionSchemeOptions.padding) {
+                padding = options.encryptionSchemeOptions.padding;
+            }
 
@@ -34,0 +40,0 @@ return crypto.privateDecrypt({

src/formats/components.js

@@ -0,0 +0,0 @@ var _ = require('../utils')._;

src/formats/formats.js

@@ -0,0 +0,0 @@ var _ = require('../utils')._;

src/formats/pkcs1.js

@@ -0,0 +0,0 @@ var ber = require('asn1').Ber;

src/formats/pkcs8.js

@@ -0,0 +0,0 @@ var ber = require('asn1').Ber;

src/libs/jsbn.js

@@ -0,0 +0,0 @@ /*

src/libs/rsa.js

@@ -0,0 +0,0 @@ /*

src/NodeRSA.js

@@ -10,2 +10,3 @@ /*!
 
+var constants = require('constants');
 var rsa = require('./libs/rsa.js');
@@ -19,2 +20,7 @@ var crypt = require('crypto');
 
+if (typeof constants.RSA_NO_PADDING == "undefined") {
+    //patch for node v0.10.x, constants do not defined
+    constants.RSA_NO_PADDING = 3;
+}
+
 module.exports = (function () {
@@ -21,0 +27,0 @@ var SUPPORTED_HASH_ALGORITHMS = {

src/schemes/oaep.js

@@ -0,0 +0,0 @@ /**

src/schemes/pkcs1.js

@@ -7,2 +7,3 @@ /**
 var crypt = require('crypto');
+var constants = require('constants');
 var SIGN_INFO_HEAD = {
@@ -38,2 +39,5 @@ md2: new Buffer('3020300c06082a864886f70d020205000410', 'hex'),
     Scheme.prototype.maxMessageLength = function () {
+        if (this.options.encryptionSchemeOptions && this.options.encryptionSchemeOptions.padding == constants.RSA_NO_PADDING) {
+            return this.key.encryptedDataLength;
+        }
         return this.key.encryptedDataLength - 11;
@@ -54,3 +58,10 @@ };
         }
+        if (this.options.encryptionSchemeOptions && this.options.encryptionSchemeOptions.padding == constants.RSA_NO_PADDING) {
+            //RSA_NO_PADDING treated like JAVA left pad with zero character
+            filled = new Buffer(this.key.maxMessageLength - buffer.length);
+            filled.fill(0);
+            return Buffer.concat([filled, buffer]);
+        }
 
+        /* Type 1: zeros padding for private key encrypt */
         if (options.type === 1) {
@@ -64,2 +75,3 @@ filled = new Buffer(this.key.encryptedDataLength - buffer.length - 1);
         } else {
+            /* random padding for public key encrypt */
             filled = new Buffer(this.key.encryptedDataLength - buffer.length);
@@ -91,2 +103,13 @@ filled[0] = 0;
 
+        if (this.options.encryptionSchemeOptions && this.options.encryptionSchemeOptions.padding == constants.RSA_NO_PADDING) {
+            //RSA_NO_PADDING treated like JAVA left pad with zero character
+            var unPad;
+            if (typeof buffer.lastIndexOf == "function") { //patch for old node version
+                unPad = buffer.slice(buffer.lastIndexOf('\0') + 1, buffer.length);
+            } else {
+                unPad = buffer.slice(String.prototype.lastIndexOf.call(buffer, '\0') + 1, buffer.length);
+            }
+            return unPad;
+        }
+
         if (buffer.length < 4) {
@@ -96,2 +119,3 @@ return null;
 
+        /* Type 1: zeros padding for private key decrypt */
         if (options.type === 1) {
@@ -108,2 +132,3 @@ if (buffer[0] !== 0 && buffer[1] !== 1) {
         } else {
+            /* random padding for public key decrypt */
             if (buffer[0] !== 0 && buffer[1] !== 2) {
@@ -141,2 +166,6 @@ return null;
     Scheme.prototype.verify = function (buffer, signature, signature_encoding) {
+        if (this.options.encryptionSchemeOptions && this.options.encryptionSchemeOptions.padding == constants.RSA_NO_PADDING) {
+            //RSA_NO_PADDING has no verify data
+            return false;
+        }
         var hashAlgorithm = this.options.signingSchemeOptions.hash || DEFAULT_HASH_FUNCTION;
@@ -143,0 +172,0 @@ if (this.options.environment === 'browser') {

src/schemes/pss.js

@@ -0,0 +0,0 @@ /**

src/schemes/schemes.js

@@ -0,0 +0,0 @@ module.exports = {

src/utils.js

@@ -0,0 +0,0 @@ /*

New alerts

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 2 instances in 1 package

Debug access

Supply chain risk

Uses debug, reflection and dynamic code execution features.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 2 instances in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

1579116

723.67%

Number of package files

45

40.63%

Lines of code

44263

1287.99%

Number of lines in readme file

351

0.86%

Worsened metrics

Number of low supply chain risk alerts

17

Infinity%

Number of medium supply chain risk alerts

4

Infinity%

No dependency changes