RanchiMall/fcoin
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

crypto: remove subtle support. remove DSA support.

Browse Source
This commit is contained in:
Christopher Jeffrey 2017-02-01 17:36:44 -08:00
parent 66dfce4397
commit c225f67bfc
No known key found for this signature in database
GPG Key ID: 8962AB9DE6666BBD
7 changed files with 8 additions and 456 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
lib/bip70/paymentrequest.js
View File

@ -8,7 +8,6 @@
var assert = require('assert');
var util = require('../utils/util');
var co = require('../utils/co');
var crypto = require('../crypto/crypto');
var x509 = require('./x509');
var PEM = require('../utils/pem');
@ -224,34 +223,6 @@ PaymentRequest.prototype.verifyChain = function verifyChain() {
return x509.verifyChain(this.getChain());
};
PaymentRequest.prototype.verifyAsync = co(function* verifyAsync() {
var alg, msg, sig, chain;
if (!this.pkiType || this.pkiType === 'none')
return true;
if (!this.signature)
return false;
alg = this.getAlgorithm();
if (!alg)
return false;
msg = this.signatureData();
sig = this.signature;
chain = this.getChain();
return yield x509.verifySubjectAsync(alg.hash, msg, sig, chain);
});
PaymentRequest.prototype.verifyChainAsync = co(function* verifyChain() {
if (!this.pkiType || this.pkiType === 'none')
return true;
return yield x509.verifyChainAsync(this.getChain());
});
PaymentRequest.prototype.getCA = function getCA() {
var chain, root;

39
lib/bip70/pk.js
View File

@ -7,12 +7,9 @@
'use strict';
var pk = require('../crypto/pk');
var co = require('../utils/co');
exports._verify = function verify(hash, msg, sig, key) {
switch (key.alg) {
case 'dsa':
return pk.dsa.verify(hash, msg, sig, key.data, key.params);
case 'rsa':
return pk.rsa.verify(hash, msg, sig, key.data);
case 'ecdsa':
@ -32,8 +29,6 @@ exports.verify = function verify(hash, msg, sig, key) {
exports.sign = function sign(hash, msg, key) {
switch (key.alg) {
case 'dsa':
return pk.dsa.sign(hash, msg, key.data, key.params);
case 'rsa':
return pk.rsa.sign(hash, msg, key.data);
case 'ecdsa':
@ -42,37 +37,3 @@ exports.sign = function sign(hash, msg, key) {
throw new Error('Unsupported algorithm.');
}
};
exports._verifyAsync = co(function* verifyAsync(hash, msg, sig, key) {
switch (key.alg) {
case 'dsa':
return yield pk.dsa.verifyAsync(hash, msg, sig, key.data, key.params);
case 'rsa':
return yield pk.rsa.verifyAsync(hash, msg, sig, key.data);
case 'ecdsa':
return yield pk.ecdsa.verifyAsync(key.curve, hash, msg, sig, key.data);
default:
throw new Error('Unsupported algorithm.');
}
});
exports.verifyAsync = co(function* verifyAsync(hash, msg, sig, key) {
try {
return yield exports._verifyAsync(hash, msg, sig, key);
} catch (e) {
return false;
}
});
exports.signAsync = co(function* signAsync(hash, msg, key) {
switch (key.alg) {
case 'dsa':
return yield pk.dsa.signAsync(hash, msg, key.data, key.params);
case 'rsa':
return yield pk.rsa.signAsync(hash, msg, key.data);
case 'ecdsa':
return yield pk.ecdsa.signAsync(key.curve, hash, msg, key.data);
default:
throw new Error('Unsupported algorithm.');
}
});

48
lib/bip70/x509.js
View File

@ -12,7 +12,6 @@ var PEM = require('../utils/pem');
var util = require('../utils/util');
var crypto = require('../crypto/crypto');
var pk = require('./pk');
var co = require('../utils/co');
var x509 = exports;
x509.getSubjectOID = function getSubjectOID(cert, oid) {
@ -219,11 +218,6 @@ x509.signSubject = function signSubject(hash, msg, key, chain) {
return pk.sign(hash, msg, priv);
};
x509.signSubjectAsync = co(function* signSubjectAsync(hash, msg, key, chain) {
var priv = x509.getSigningKey(key, chain);
return yield pk.signAsync(hash, msg, priv);
});
x509.getVerifyKey = function getVerifyKey(chain) {
var cert, key;
@ -248,11 +242,6 @@ x509.verifySubject = function verifySubject(hash, msg, sig, chain) {
return pk.verify(hash, msg, sig, key);
};
x509.verifySubjectAsync = co(function* verifySubjectAsync(hash, msg, sig, chain) {
var key = x509.getVerifyKey(chain);
return yield pk.verifyAsync(hash, msg, sig, key);
});
x509.parseChain = function parseChain(chain) {
var certs = [];
var i, cert;
@ -342,43 +331,6 @@ x509.verifyChain = function verifyChain(certs) {
return x509.verifyTrust(chain);
};
x509.verifyChainAsync = co(function* verifyChainAsync(certs) {
var chain = x509.parseChain(certs);
var i, child, parent, alg, key, sig, msg;
if (!chain)
return false;
// Parse certificates and
// check validity time.
if (!x509.verifyTimes(chain))
return false;
// Verify signatures.
for (i = 1; i < chain.length; i++) {
child = chain[i - 1];
parent = chain[i];
alg = x509.getSigAlgorithm(child);
msg = child.tbs.raw;
sig = child.sig;
key = x509.getPublicKey(parent);
if (!alg || !alg.hash)
return false;
if (!key)
return false;
if (!(yield pk.verifyAsync(alg.hash, msg, sig, key)))
return false;
}
// Make sure we trust one
// of the certs in the chain.
return x509.verifyTrust(chain);
});
function isHash(data) {
if (typeof data === 'string')
return util.isHex(data) && data.length === 64;

107
lib/crypto/backend-browser.js
View File

@ -64,64 +64,6 @@ backend.hmac = function _hmac(alg, data, key) {
return new Buffer(hmac.update(data).digest());
};
backend.hashAsync = function hashAsync(alg, data) {
var name = backend.getHash(alg);
var result;
if (!name) {
try {
result = backend.hash(alg, data);
} catch (e) {
return Promise.reject(e);
}
return Promise.resolve(result);
}
return subtle.digest(name, data).then(function(hash) {
return new Buffer(hash);
});
};
if (!subtle.digest)
backend.hashAsync = util.promisify(backend.hash);
backend.hash256Async = function hash256Async(data) {
return backend.hashAsync('sha256', data).then(function(hash) {
return backend.hashAsync('sha256', hash);
});
};
backend.hmacAsync = function _hmacAsync(alg, data, key) {
var name = backend.getHash(alg);
var use = ['sign'];
var algo, promise, result;
if (!name) {
try {
result = backend.hmac(alg, data, key);
} catch (e) {
return Promise.reject(e);
}
return Promise.resolve(result);
}
algo = {
name: 'HMAC',
hash: name
};
promise = subtle.importKey('raw', key, algo, true, use);
return promise.then(function(key) {
return subtle.sign('HMAC', key, data);
}).then(function(data) {
return new Buffer(data);
});
};
if (!subtle.sign)
backend.hmacAsync = util.promisify(backend.hmac);
/*
* Key Derivation
*/
@ -158,16 +100,7 @@ backend.pbkdf2Async = function pbkdf2Async(key, salt, iter, len, alg) {
var use = ['deriveBits'];
var name = backend.getHash(alg);
var length = len * 8;
var options, promise, result;
if (!name) {
try {
result = backend.pbkdf2(key, salt, iter, len, alg);
} catch (e) {
return Promise.reject(e);
}
return Promise.resolve(result);
}
var options, promise;
options = {
name: 'PBKDF2',
@ -204,42 +137,6 @@ backend.decipher = function decipher(data, key, iv) {
}
};
backend.encipherAsync = function encipherAsync(data, key, iv) {
var algo = { name: 'AES-CBC' };
var use = ['encrypt'];
var options = { name: 'AES-CBC', iv: iv };
var promise;
promise = subtle.importKey('raw', key, algo, false, use);
return promise.then(function(key) {
return subtle.encrypt(options, key, data);
}).then(function(result) {
return new Buffer(result);
});
};
if (!subtle.encrypt)
backend.encipherAsync = util.promisify(backend.encipher);
backend.decipherAsync = function decipherAsync(data, key, iv) {
var algo = { name: 'AES-CBC' };
var use = ['decrypt'];
var options = { name: 'AES-CBC', iv: iv };
var promise;
promise = subtle.importKey('raw', key, algo, false, use);
return promise.then(function(key) {
return subtle.decrypt(options, key, data);
}).then(function(result) {
return new Buffer(result);
});
};
if (!subtle.decrypt)
backend.decipherAsync = util.promisify(backend.decipher);
/*
* Misc
*/
@ -274,7 +171,7 @@ backend.getHash = function getHash(name) {
case 'sha512':
return 'SHA-512';
default:
return null;
throw new Error('Algorithm not supported: ' + name);
}
};

7
lib/crypto/backend.js
View File

@ -58,10 +58,6 @@ if (native) {
backend.hash256 = native.hash256;
}
backend.hashAsync = util.promisify(backend.hash);
backend.hash256Async = util.promisify(backend.hash256);
backend.hmacAsync = util.promisify(backend.hmac);
/*
* Key Derivation
*/
@ -99,9 +95,6 @@ if (native) {
backend.decipher = native.decipher;
}
backend.encipherAsync = util.promisify(backend.encipher);
backend.decipherAsync = util.promisify(backend.decipher);
/*
* Misc
*/

196
lib/crypto/pk-browser.js
View File

@ -8,31 +8,10 @@
var assert = require('assert');
var BN = require('bn.js');
var ASN1 = require('../utils/asn1');
var util = require('../utils/util');
var co = require('../utils/co');
var elliptic = require('elliptic');
var ASN1 = require('../utils/asn1');
var backend = require('./backend');
var subtle = backend.subtle;
var dsa, rsa, ecdsa;
/*
* DSA
*/
dsa = {};
dsa.verify = function verify(alg, msg, sig, key, params) {
throw new Error('DSA not implemented.');
};
dsa.verifyAsync = util.promisify(dsa.verify);
dsa.sign = function sign(alg, msg, key, params) {
throw new Error('DSA not implemented.');
};
dsa.signAsync = util.promisify(dsa.sign);
var rsa, ecdsa;
/*
* RSA
@ -47,7 +26,6 @@ rsa.prefixes = {
sha256: new Buffer('3031300d060960864801650304020105000420', 'hex'),
sha384: new Buffer('3041300d060960864801650304020205000430', 'hex'),
sha512: new Buffer('3051300d060960864801650304020305000440', 'hex'),
md5sha1: new Buffer(0),
ripemd160: new Buffer('30203008060628cf060300310414', 'hex')
};
@ -117,82 +95,6 @@ rsa.sign = function sign(alg, msg, key) {
return rsa.decrypt(N, D, em);
};
rsa.verifyAsync = co(function* verifyAsync(alg, msg, sig, key) {
var use = ['verify'];
var name = backend.getHash(alg);
var pub, data, algo, ckey;
if (!name)
return rsa.verify(alg, msg, sig, key);
pub = ASN1.parseRSAPublic(key);
data = {
kty: 'RSA',
n: toBase64(pub.modulus),
e: toBase64(pub.publicExponent),
alg: 'RS256',
ext: true
};
algo = {
name: 'RSASSA-PKCS1-v1_5',
hash: { name: name }
};
ckey = yield subtle.importKey('jwk', data, algo, false, use);
algo = {
name: 'RSASSA-PKCS1-v1_5',
};
return yield subtle.verify(algo, ckey, sig, msg);
});
if (!subtle.verify)
rsa.verifyAsync = util.promisify(rsa.verify);
rsa.signAsync = co(function* signAsync(alg, msg, key) {
var use = ['sign'];
var name = backend.getHash(alg);
var pub, data, algo, ckey;
if (!name)
return rsa.sign(alg, msg, key);
pub = ASN1.parseRSAPrivate(key);
data = {
kty: 'RSA',
n: toBase64(pub.modulus),
e: toBase64(pub.publicExponent),
d: toBase64(pub.privateExponent),
p: toBase64(pub.prime1),
q: toBase64(pub.prime2),
dp: toBase64(pub.exponent1),
dq: toBase64(pub.exponent2),
qi: toBase64(pub.coefficient),
alg: 'RS256',
ext: true
};
algo = {
name: 'RSASSA-PKCS1-v1_5',
hash: { name: name }
};
ckey = yield subtle.importKey('jwk', data, algo, false, use);
algo = {
name: 'RSASSA-PKCS1-v1_5',
};
return yield subtle.sign(algo, ckey, msg);
});
if (!subtle.sign)
rsa.signAsync = util.promisify(rsa.sign);
rsa.decrypt = function decrypt(N, D, m) {
var c = new BN(m);
@ -242,69 +144,6 @@ ecdsa.sign = function sign(curve, alg, msg, key) {
return new Buffer(ec.sign(hash, key));
};
ecdsa.verifyAsync = co(function* verifyAsync(curve, alg, msg, sig, key) {
var use = ['verify'];
var name = backend.getHash(alg);
var curveName = getCurve(curve);
var pub, data, algo, ckey;
if (!name || !curveName)
return ecdsa.verify(curve, alg, msg, sig, key);
pub = parseECPublic(key, curve);
data = {
kty: 'EC',
x: toBase64(pub.x),
y: toBase64(pub.y),
ext: true
};
algo = {
name: 'ECDSA',
namedCurve: curveName
};
ckey = yield subtle.importKey('jwk', data, algo, false, use);
algo = {
name: 'ECDSA',
hash: name
};
return yield subtle.verify(algo, ckey, sig, msg);
});
if (!subtle.verify)
ecdsa.verifyAsync = util.promisify(ecdsa.verify);
ecdsa.signAsync = co(function* signAsync(curve, alg, msg, key) {
var use = ['sign'];
var name = backend.getHash(alg);
var curveName = getCurve(curve);
var algo, ckey;
if (!name || !curveName)
return ecdsa.sign(curve, alg, msg, key);
algo = {
name: 'ECDSA',
namedCurve: curveName
};
ckey = yield subtle.importKey('raw', key, algo, false, use);
algo = {
name: 'ECDSA',
hash: name
};
return yield subtle.sign(algo, ckey, msg);
});
if (!subtle.sign)
ecdsa.signAsync = util.promisify(ecdsa.sign);
/*
* Helpers
*/
@ -324,36 +163,6 @@ function leftpad(input, size) {
return out;
}
function toBase64(data) {
var str = data.toString('base64');
str = str.replace(/\+/g, '-');
str = str.replace(/\//g, '_');
str = str.replace(/=+$/, '');
return str;
}
function getCurve(name) {
switch (name) {
case 'p256':
return 'P-256';
case 'p384':
return 'P-384';
case 'p521':
return 'P-521';
default:
return null;
}
}
function parseECPublic(data, curve) {
var ec = elliptic.ec(curve).curve;
var point = ec.decodePoint(data);
return {
x: point.toArrayLike(Buffer, 'be', 32),
y: point.toArrayLike(Buffer, 'be', 32)
};
}
function ceq(a, b) {
var r = ~(a ^ b) & 0xff;
r &= r >>> 4;
@ -366,6 +175,5 @@ function ceq(a, b) {
* Expose
*/
exports.dsa = dsa;
exports.rsa = rsa;
exports.ecdsa = ecdsa;

38
lib/crypto/pk.js
View File

@ -7,31 +7,11 @@
'use strict';
var assert = require('assert');
var PEM = require('../utils/pem');
var elliptic = require('elliptic');
var util = require('../utils/util');
var backend = require('./backend');
var nodeCrypto = require('crypto');
var dsa, rsa, ecdsa;
/*
* DSA
*/
dsa = {};
dsa.verify = function _verify(alg, msg, sig, key, params) {
var pem = toPEM('dsa', key, params, 'public key');
return verify('dsa', alg, msg, sig, pem);
};
dsa.sign = function _sign(alg, msg, key, params) {
var pem = toPEM('dsa', key, params, 'private key');
return sign('dsa', alg, msg, pem);
};
dsa.verifyAsync = util.promisify(dsa.verify);
dsa.signAsync = util.promisify(dsa.sign);
var elliptic = require('elliptic');
var PEM = require('../utils/pem');
var backend = require('./backend');
var rsa, ecdsa;
/*
* RSA
@ -49,9 +29,6 @@ rsa.sign = function _sign(alg, msg, key) {
return sign('rsa', alg, msg, pem);
};
rsa.verifyAsync = util.promisify(rsa.verify);
rsa.signAsync = util.promisify(rsa.sign);
/*
* ECDSA
*/
@ -80,9 +57,6 @@ ecdsa.sign = function sign(curve, msg, alg, key) {
return new Buffer(ec.sign(hash, key));
};
ecdsa.verifyAsync = util.promisify(ecdsa.verify);
ecdsa.signAsync = util.promisify(ecdsa.sign);
/*
* Helpers
*/
@ -105,9 +79,6 @@ function toPEM(alg, key, params, type) {
var tag, pem;
switch (alg) {
case 'dsa':
tag = 'DSA';
break;
case 'rsa':
tag = 'RSA';
break;
@ -147,6 +118,5 @@ function normalizeAlg(alg, hash) {
* Expose
*/
exports.dsa = dsa;
exports.rsa = rsa;
exports.ecdsa = ecdsa;