From c225f67bfc1f71547a283672e47d4f1c5ab96bc1 Mon Sep 17 00:00:00 2001 From: Christopher Jeffrey Date: Wed, 1 Feb 2017 17:36:44 -0800 Subject: [PATCH] crypto: remove subtle support. remove DSA support. --- lib/bip70/paymentrequest.js | 29 ----- lib/bip70/pk.js | 39 ------- lib/bip70/x509.js | 48 --------- lib/crypto/backend-browser.js | 107 +------------------ lib/crypto/backend.js | 7 -- lib/crypto/pk-browser.js | 196 +--------------------------------- lib/crypto/pk.js | 38 +------ 7 files changed, 8 insertions(+), 456 deletions(-) diff --git a/lib/bip70/paymentrequest.js b/lib/bip70/paymentrequest.js index fdbca703..31a6bcef 100644 --- a/lib/bip70/paymentrequest.js +++ b/lib/bip70/paymentrequest.js @@ -8,7 +8,6 @@ var assert = require('assert'); var util = require('../utils/util'); -var co = require('../utils/co'); var crypto = require('../crypto/crypto'); var x509 = require('./x509'); var PEM = require('../utils/pem'); @@ -224,34 +223,6 @@ PaymentRequest.prototype.verifyChain = function verifyChain() { return x509.verifyChain(this.getChain()); }; -PaymentRequest.prototype.verifyAsync = co(function* verifyAsync() { - var alg, msg, sig, chain; - - if (!this.pkiType || this.pkiType === 'none') - return true; - - if (!this.signature) - return false; - - alg = this.getAlgorithm(); - - if (!alg) - return false; - - msg = this.signatureData(); - sig = this.signature; - chain = this.getChain(); - - return yield x509.verifySubjectAsync(alg.hash, msg, sig, chain); -}); - -PaymentRequest.prototype.verifyChainAsync = co(function* verifyChain() { - if (!this.pkiType || this.pkiType === 'none') - return true; - - return yield x509.verifyChainAsync(this.getChain()); -}); - PaymentRequest.prototype.getCA = function getCA() { var chain, root; diff --git a/lib/bip70/pk.js b/lib/bip70/pk.js index 26a27d04..7fcc0650 100644 --- a/lib/bip70/pk.js +++ b/lib/bip70/pk.js @@ -7,12 +7,9 @@ 'use strict'; var pk = require('../crypto/pk'); -var co = require('../utils/co'); exports._verify = function verify(hash, msg, sig, key) { switch (key.alg) { - case 'dsa': - return pk.dsa.verify(hash, msg, sig, key.data, key.params); case 'rsa': return pk.rsa.verify(hash, msg, sig, key.data); case 'ecdsa': @@ -32,8 +29,6 @@ exports.verify = function verify(hash, msg, sig, key) { exports.sign = function sign(hash, msg, key) { switch (key.alg) { - case 'dsa': - return pk.dsa.sign(hash, msg, key.data, key.params); case 'rsa': return pk.rsa.sign(hash, msg, key.data); case 'ecdsa': @@ -42,37 +37,3 @@ exports.sign = function sign(hash, msg, key) { throw new Error('Unsupported algorithm.'); } }; - -exports._verifyAsync = co(function* verifyAsync(hash, msg, sig, key) { - switch (key.alg) { - case 'dsa': - return yield pk.dsa.verifyAsync(hash, msg, sig, key.data, key.params); - case 'rsa': - return yield pk.rsa.verifyAsync(hash, msg, sig, key.data); - case 'ecdsa': - return yield pk.ecdsa.verifyAsync(key.curve, hash, msg, sig, key.data); - default: - throw new Error('Unsupported algorithm.'); - } -}); - -exports.verifyAsync = co(function* verifyAsync(hash, msg, sig, key) { - try { - return yield exports._verifyAsync(hash, msg, sig, key); - } catch (e) { - return false; - } -}); - -exports.signAsync = co(function* signAsync(hash, msg, key) { - switch (key.alg) { - case 'dsa': - return yield pk.dsa.signAsync(hash, msg, key.data, key.params); - case 'rsa': - return yield pk.rsa.signAsync(hash, msg, key.data); - case 'ecdsa': - return yield pk.ecdsa.signAsync(key.curve, hash, msg, key.data); - default: - throw new Error('Unsupported algorithm.'); - } -}); diff --git a/lib/bip70/x509.js b/lib/bip70/x509.js index 61e02064..c7e19b30 100644 --- a/lib/bip70/x509.js +++ b/lib/bip70/x509.js @@ -12,7 +12,6 @@ var PEM = require('../utils/pem'); var util = require('../utils/util'); var crypto = require('../crypto/crypto'); var pk = require('./pk'); -var co = require('../utils/co'); var x509 = exports; x509.getSubjectOID = function getSubjectOID(cert, oid) { @@ -219,11 +218,6 @@ x509.signSubject = function signSubject(hash, msg, key, chain) { return pk.sign(hash, msg, priv); }; -x509.signSubjectAsync = co(function* signSubjectAsync(hash, msg, key, chain) { - var priv = x509.getSigningKey(key, chain); - return yield pk.signAsync(hash, msg, priv); -}); - x509.getVerifyKey = function getVerifyKey(chain) { var cert, key; @@ -248,11 +242,6 @@ x509.verifySubject = function verifySubject(hash, msg, sig, chain) { return pk.verify(hash, msg, sig, key); }; -x509.verifySubjectAsync = co(function* verifySubjectAsync(hash, msg, sig, chain) { - var key = x509.getVerifyKey(chain); - return yield pk.verifyAsync(hash, msg, sig, key); -}); - x509.parseChain = function parseChain(chain) { var certs = []; var i, cert; @@ -342,43 +331,6 @@ x509.verifyChain = function verifyChain(certs) { return x509.verifyTrust(chain); }; -x509.verifyChainAsync = co(function* verifyChainAsync(certs) { - var chain = x509.parseChain(certs); - var i, child, parent, alg, key, sig, msg; - - if (!chain) - return false; - - // Parse certificates and - // check validity time. - if (!x509.verifyTimes(chain)) - return false; - - // Verify signatures. - for (i = 1; i < chain.length; i++) { - child = chain[i - 1]; - parent = chain[i]; - - alg = x509.getSigAlgorithm(child); - msg = child.tbs.raw; - sig = child.sig; - key = x509.getPublicKey(parent); - - if (!alg || !alg.hash) - return false; - - if (!key) - return false; - - if (!(yield pk.verifyAsync(alg.hash, msg, sig, key))) - return false; - } - - // Make sure we trust one - // of the certs in the chain. - return x509.verifyTrust(chain); -}); - function isHash(data) { if (typeof data === 'string') return util.isHex(data) && data.length === 64; diff --git a/lib/crypto/backend-browser.js b/lib/crypto/backend-browser.js index 26f465c9..af91b13e 100644 --- a/lib/crypto/backend-browser.js +++ b/lib/crypto/backend-browser.js @@ -64,64 +64,6 @@ backend.hmac = function _hmac(alg, data, key) { return new Buffer(hmac.update(data).digest()); }; -backend.hashAsync = function hashAsync(alg, data) { - var name = backend.getHash(alg); - var result; - - if (!name) { - try { - result = backend.hash(alg, data); - } catch (e) { - return Promise.reject(e); - } - return Promise.resolve(result); - } - - return subtle.digest(name, data).then(function(hash) { - return new Buffer(hash); - }); -}; - -if (!subtle.digest) - backend.hashAsync = util.promisify(backend.hash); - -backend.hash256Async = function hash256Async(data) { - return backend.hashAsync('sha256', data).then(function(hash) { - return backend.hashAsync('sha256', hash); - }); -}; - -backend.hmacAsync = function _hmacAsync(alg, data, key) { - var name = backend.getHash(alg); - var use = ['sign']; - var algo, promise, result; - - if (!name) { - try { - result = backend.hmac(alg, data, key); - } catch (e) { - return Promise.reject(e); - } - return Promise.resolve(result); - } - - algo = { - name: 'HMAC', - hash: name - }; - - promise = subtle.importKey('raw', key, algo, true, use); - - return promise.then(function(key) { - return subtle.sign('HMAC', key, data); - }).then(function(data) { - return new Buffer(data); - }); -}; - -if (!subtle.sign) - backend.hmacAsync = util.promisify(backend.hmac); - /* * Key Derivation */ @@ -158,16 +100,7 @@ backend.pbkdf2Async = function pbkdf2Async(key, salt, iter, len, alg) { var use = ['deriveBits']; var name = backend.getHash(alg); var length = len * 8; - var options, promise, result; - - if (!name) { - try { - result = backend.pbkdf2(key, salt, iter, len, alg); - } catch (e) { - return Promise.reject(e); - } - return Promise.resolve(result); - } + var options, promise; options = { name: 'PBKDF2', @@ -204,42 +137,6 @@ backend.decipher = function decipher(data, key, iv) { } }; -backend.encipherAsync = function encipherAsync(data, key, iv) { - var algo = { name: 'AES-CBC' }; - var use = ['encrypt']; - var options = { name: 'AES-CBC', iv: iv }; - var promise; - - promise = subtle.importKey('raw', key, algo, false, use); - - return promise.then(function(key) { - return subtle.encrypt(options, key, data); - }).then(function(result) { - return new Buffer(result); - }); -}; - -if (!subtle.encrypt) - backend.encipherAsync = util.promisify(backend.encipher); - -backend.decipherAsync = function decipherAsync(data, key, iv) { - var algo = { name: 'AES-CBC' }; - var use = ['decrypt']; - var options = { name: 'AES-CBC', iv: iv }; - var promise; - - promise = subtle.importKey('raw', key, algo, false, use); - - return promise.then(function(key) { - return subtle.decrypt(options, key, data); - }).then(function(result) { - return new Buffer(result); - }); -}; - -if (!subtle.decrypt) - backend.decipherAsync = util.promisify(backend.decipher); - /* * Misc */ @@ -274,7 +171,7 @@ backend.getHash = function getHash(name) { case 'sha512': return 'SHA-512'; default: - return null; + throw new Error('Algorithm not supported: ' + name); } }; diff --git a/lib/crypto/backend.js b/lib/crypto/backend.js index f60b53e8..049e2bdb 100644 --- a/lib/crypto/backend.js +++ b/lib/crypto/backend.js @@ -58,10 +58,6 @@ if (native) { backend.hash256 = native.hash256; } -backend.hashAsync = util.promisify(backend.hash); -backend.hash256Async = util.promisify(backend.hash256); -backend.hmacAsync = util.promisify(backend.hmac); - /* * Key Derivation */ @@ -99,9 +95,6 @@ if (native) { backend.decipher = native.decipher; } -backend.encipherAsync = util.promisify(backend.encipher); -backend.decipherAsync = util.promisify(backend.decipher); - /* * Misc */ diff --git a/lib/crypto/pk-browser.js b/lib/crypto/pk-browser.js index b42a1308..5a2f5c60 100644 --- a/lib/crypto/pk-browser.js +++ b/lib/crypto/pk-browser.js @@ -8,31 +8,10 @@ var assert = require('assert'); var BN = require('bn.js'); -var ASN1 = require('../utils/asn1'); -var util = require('../utils/util'); -var co = require('../utils/co'); var elliptic = require('elliptic'); +var ASN1 = require('../utils/asn1'); var backend = require('./backend'); -var subtle = backend.subtle; -var dsa, rsa, ecdsa; - -/* - * DSA - */ - -dsa = {}; - -dsa.verify = function verify(alg, msg, sig, key, params) { - throw new Error('DSA not implemented.'); -}; - -dsa.verifyAsync = util.promisify(dsa.verify); - -dsa.sign = function sign(alg, msg, key, params) { - throw new Error('DSA not implemented.'); -}; - -dsa.signAsync = util.promisify(dsa.sign); +var rsa, ecdsa; /* * RSA @@ -47,7 +26,6 @@ rsa.prefixes = { sha256: new Buffer('3031300d060960864801650304020105000420', 'hex'), sha384: new Buffer('3041300d060960864801650304020205000430', 'hex'), sha512: new Buffer('3051300d060960864801650304020305000440', 'hex'), - md5sha1: new Buffer(0), ripemd160: new Buffer('30203008060628cf060300310414', 'hex') }; @@ -117,82 +95,6 @@ rsa.sign = function sign(alg, msg, key) { return rsa.decrypt(N, D, em); }; -rsa.verifyAsync = co(function* verifyAsync(alg, msg, sig, key) { - var use = ['verify']; - var name = backend.getHash(alg); - var pub, data, algo, ckey; - - if (!name) - return rsa.verify(alg, msg, sig, key); - - pub = ASN1.parseRSAPublic(key); - - data = { - kty: 'RSA', - n: toBase64(pub.modulus), - e: toBase64(pub.publicExponent), - alg: 'RS256', - ext: true - }; - - algo = { - name: 'RSASSA-PKCS1-v1_5', - hash: { name: name } - }; - - ckey = yield subtle.importKey('jwk', data, algo, false, use); - - algo = { - name: 'RSASSA-PKCS1-v1_5', - }; - - return yield subtle.verify(algo, ckey, sig, msg); -}); - -if (!subtle.verify) - rsa.verifyAsync = util.promisify(rsa.verify); - -rsa.signAsync = co(function* signAsync(alg, msg, key) { - var use = ['sign']; - var name = backend.getHash(alg); - var pub, data, algo, ckey; - - if (!name) - return rsa.sign(alg, msg, key); - - pub = ASN1.parseRSAPrivate(key); - - data = { - kty: 'RSA', - n: toBase64(pub.modulus), - e: toBase64(pub.publicExponent), - d: toBase64(pub.privateExponent), - p: toBase64(pub.prime1), - q: toBase64(pub.prime2), - dp: toBase64(pub.exponent1), - dq: toBase64(pub.exponent2), - qi: toBase64(pub.coefficient), - alg: 'RS256', - ext: true - }; - - algo = { - name: 'RSASSA-PKCS1-v1_5', - hash: { name: name } - }; - - ckey = yield subtle.importKey('jwk', data, algo, false, use); - - algo = { - name: 'RSASSA-PKCS1-v1_5', - }; - - return yield subtle.sign(algo, ckey, msg); -}); - -if (!subtle.sign) - rsa.signAsync = util.promisify(rsa.sign); - rsa.decrypt = function decrypt(N, D, m) { var c = new BN(m); @@ -242,69 +144,6 @@ ecdsa.sign = function sign(curve, alg, msg, key) { return new Buffer(ec.sign(hash, key)); }; -ecdsa.verifyAsync = co(function* verifyAsync(curve, alg, msg, sig, key) { - var use = ['verify']; - var name = backend.getHash(alg); - var curveName = getCurve(curve); - var pub, data, algo, ckey; - - if (!name || !curveName) - return ecdsa.verify(curve, alg, msg, sig, key); - - pub = parseECPublic(key, curve); - - data = { - kty: 'EC', - x: toBase64(pub.x), - y: toBase64(pub.y), - ext: true - }; - - algo = { - name: 'ECDSA', - namedCurve: curveName - }; - - ckey = yield subtle.importKey('jwk', data, algo, false, use); - - algo = { - name: 'ECDSA', - hash: name - }; - - return yield subtle.verify(algo, ckey, sig, msg); -}); - -if (!subtle.verify) - ecdsa.verifyAsync = util.promisify(ecdsa.verify); - -ecdsa.signAsync = co(function* signAsync(curve, alg, msg, key) { - var use = ['sign']; - var name = backend.getHash(alg); - var curveName = getCurve(curve); - var algo, ckey; - - if (!name || !curveName) - return ecdsa.sign(curve, alg, msg, key); - - algo = { - name: 'ECDSA', - namedCurve: curveName - }; - - ckey = yield subtle.importKey('raw', key, algo, false, use); - - algo = { - name: 'ECDSA', - hash: name - }; - - return yield subtle.sign(algo, ckey, msg); -}); - -if (!subtle.sign) - ecdsa.signAsync = util.promisify(ecdsa.sign); - /* * Helpers */ @@ -324,36 +163,6 @@ function leftpad(input, size) { return out; } -function toBase64(data) { - var str = data.toString('base64'); - str = str.replace(/\+/g, '-'); - str = str.replace(/\//g, '_'); - str = str.replace(/=+$/, ''); - return str; -} - -function getCurve(name) { - switch (name) { - case 'p256': - return 'P-256'; - case 'p384': - return 'P-384'; - case 'p521': - return 'P-521'; - default: - return null; - } -} - -function parseECPublic(data, curve) { - var ec = elliptic.ec(curve).curve; - var point = ec.decodePoint(data); - return { - x: point.toArrayLike(Buffer, 'be', 32), - y: point.toArrayLike(Buffer, 'be', 32) - }; -} - function ceq(a, b) { var r = ~(a ^ b) & 0xff; r &= r >>> 4; @@ -366,6 +175,5 @@ function ceq(a, b) { * Expose */ -exports.dsa = dsa; exports.rsa = rsa; exports.ecdsa = ecdsa; diff --git a/lib/crypto/pk.js b/lib/crypto/pk.js index 08171e42..83d31d22 100644 --- a/lib/crypto/pk.js +++ b/lib/crypto/pk.js @@ -7,31 +7,11 @@ 'use strict'; var assert = require('assert'); -var PEM = require('../utils/pem'); -var elliptic = require('elliptic'); -var util = require('../utils/util'); -var backend = require('./backend'); var nodeCrypto = require('crypto'); -var dsa, rsa, ecdsa; - -/* - * DSA - */ - -dsa = {}; - -dsa.verify = function _verify(alg, msg, sig, key, params) { - var pem = toPEM('dsa', key, params, 'public key'); - return verify('dsa', alg, msg, sig, pem); -}; - -dsa.sign = function _sign(alg, msg, key, params) { - var pem = toPEM('dsa', key, params, 'private key'); - return sign('dsa', alg, msg, pem); -}; - -dsa.verifyAsync = util.promisify(dsa.verify); -dsa.signAsync = util.promisify(dsa.sign); +var elliptic = require('elliptic'); +var PEM = require('../utils/pem'); +var backend = require('./backend'); +var rsa, ecdsa; /* * RSA @@ -49,9 +29,6 @@ rsa.sign = function _sign(alg, msg, key) { return sign('rsa', alg, msg, pem); }; -rsa.verifyAsync = util.promisify(rsa.verify); -rsa.signAsync = util.promisify(rsa.sign); - /* * ECDSA */ @@ -80,9 +57,6 @@ ecdsa.sign = function sign(curve, msg, alg, key) { return new Buffer(ec.sign(hash, key)); }; -ecdsa.verifyAsync = util.promisify(ecdsa.verify); -ecdsa.signAsync = util.promisify(ecdsa.sign); - /* * Helpers */ @@ -105,9 +79,6 @@ function toPEM(alg, key, params, type) { var tag, pem; switch (alg) { - case 'dsa': - tag = 'DSA'; - break; case 'rsa': tag = 'RSA'; break; @@ -147,6 +118,5 @@ function normalizeAlg(alg, hash) { * Expose */ -exports.dsa = dsa; exports.rsa = rsa; exports.ecdsa = ecdsa;