coolaj86/old-keypairs.js
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

Compare commits

base: coolaj86:v1.2.9
Branches Tags
coolaj86:master
coolaj86:v1.2.14
coolaj86:v1.2.13
coolaj86:v1.2.12
coolaj86:v1.2.9
coolaj86:v1.2.8
coolaj86:v1.2.7
coolaj86:v1.2.6
coolaj86:v1.2.5
coolaj86:v1.2.4
coolaj86:v1.2.3
coolaj86:v1.2.1
coolaj86:v1.2.0
coolaj86:v1.1.0
coolaj86:v1.0.1
coolaj86:v1.0.0
coolaj86:v0.0.2
coolaj86:v0.0.1
...
compare: coolaj86:master
Branches Tags
coolaj86:master
coolaj86:v1.2.14
coolaj86:v1.2.13
coolaj86:v1.2.12
coolaj86:v1.2.9
coolaj86:v1.2.8
coolaj86:v1.2.7
coolaj86:v1.2.6
coolaj86:v1.2.5
coolaj86:v1.2.4
coolaj86:v1.2.3
coolaj86:v1.2.1
coolaj86:v1.2.0
coolaj86:v1.1.0
coolaj86:v1.0.1
coolaj86:v1.0.0
coolaj86:v0.0.2
coolaj86:v0.0.1

5 Commits
v1.2.9 ... master

Author SHA1 Message Date
AJ ONeal
b22f957124 update name: convertIfEcdsa => ecdsaAsn1SigToJoseSig 2019-05-06 03:07:30 -06:00
AJ ONeal
48bee9204d v1.2.14: use try/catch on PEM import 2019-03-14 11:50:37 -06:00
AJ ONeal
5dc3795a17 v1.2.13: add support for rsa-compat 2019-03-14 11:38:02 -06:00
AJ ONeal
3c84a7e1bd v1.2.12: fix EC sig padding issues 2019-03-08 19:03:55 -07:00
AJ ONeal
65db78a3c5 v1.2.11: convert ECDSA ASN.1 signature to ECDSA JWT type 2019-03-08 16:46:50 -07:00
3 changed files with 76 additions and 6 deletions
Show Stats Expand all files Collapse all files

71
keypairs.js
View File

@ -229,13 +229,21 @@ Keypairs.signJws = function (opts) {
}
// node specifies RSA-SHAxxx even whet it's actually ecdsa (it's all encoded x509 shasums anyway)
var nodeAlg = "RSA-SHA" + (((protect||header).alg||'').replace(/^[^\d]+/, '')||'256');
var nodeAlg = "SHA" + (((protect||header).alg||'').replace(/^[^\d]+/, '')||'256');
var protected64 = Enc.strToUrlBase64(protectedHeader);
var payload64 = Enc.bufToUrlBase64(payload);
var sig = require('crypto')
var binsig = require('crypto')
.createSign(nodeAlg)
.update(protect ? (protected64 + "." + payload64) : payload64)
.sign(pem, 'base64')
.sign(pem)
;
if ('EC' === opts.jwk.kty) {
// ECDSA JWT signatures differ from "normal" ECDSA signatures
// https://tools.ietf.org/html/rfc7518#section-3.4
binsig = ecdsaAsn1SigToJoseSig(binsig);
}
var sig = binsig.toString('base64')
.replace(/\+/g, '-')
.replace(/\//g, '_')
.replace(/=/g, '')
@ -249,6 +257,41 @@ Keypairs.signJws = function (opts) {
};
}
function ecdsaAsn1SigToJoseSig(binsig) {
// should have asn1 sequence header of 0x30
if (0x30 !== binsig[0]) { throw new Error("Impossible EC SHA head marker"); }
var index = 2; // first ecdsa "R" header byte
var len = binsig[1];
var lenlen = 0;
// Seek length of length if length is greater than 127 (i.e. two 512-bit / 64-byte R and S values)
if (0x80 & len) {
lenlen = len - 0x80; // should be exactly 1
len = binsig[2]; // should be <= 130 (two 64-bit SHA-512s, plus padding)
index += lenlen;
}
// should be of BigInt type
if (0x02 !== binsig[index]) { throw new Error("Impossible EC SHA R marker"); }
index += 1;
var rlen = binsig[index];
var bits = 32;
if (rlen > 49) {
bits = 64;
} else if (rlen > 33) {
bits = 48;
}
var r = binsig.slice(index + 1, index + 1 + rlen).toString('hex');
var slen = binsig[index + 1 + rlen + 1]; // skip header and read length
var s = binsig.slice(index + 1 + rlen + 1 + 1).toString('hex');
if (2 *slen !== s.length) { throw new Error("Impossible EC SHA S length"); }
// There may be one byte of padding on either
while (r.length < 2*bits) { r = '00' + r; }
while (s.length < 2*bits) { s = '00' + s; }
if (2*(bits+1) === r.length) { r = r.slice(2); }
if (2*(bits+1) === s.length) { s = s.slice(2); }
return Buffer.concat([Buffer.from(r, 'hex'), Buffer.from(s, 'hex')]);
}
if (opts.pem && opts.jwk) {
return sign(opts.pem);
} else {
@ -299,3 +342,25 @@ Enc.bufToUrlBase64 = function (buf) {
return Buffer.from(buf).toString('base64')
.replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
};
// For 'rsa-compat' module only
// PLEASE do not use these sync methods, they are deprecated
Keypairs._importSync = function (opts) {
try {
return Eckles.importSync(opts);
} catch(e) {
try {
return Rasha.importSync(opts);
} catch(e) {
console.error("options.pem does not appear to be a valid RSA or ECDSA public or private key");
}
}
};
// PLEASE do not use these, they are deprecated
Keypairs._exportSync = function (opts) {
if ('RSA' === opts.jwk.kty) {
return Rasha.exportSync(opts);
} else {
return Eckles.exportSync(opts);
}
};

10
package.json
View File

@ -1,7 +1,7 @@
{
"name": "keypairs",
"version": "1.2.9",
"description": "Lightweight RSA/ECDSA keypair generation and JWK <-> PEM",
"version": "1.2.14",
"description": "Lightweight RSA/ECDSA keypair generation and JWK <-> PEM using node's native RSA and ECDSA support",
"main": "keypairs.js",
"files": [
"bin/keypairs.js"
@ -21,7 +21,11 @@
"RSA",
"ECDSA",
"PEM",
"JWK"
"JWK",
"keypair",
"crypto",
"sign",
"verify"
],
"author": "AJ ONeal <coolaj86@gmail.com> (https://coolaj86.com/)",
"license": "MPL-2.0",

1
test.js
View File

@ -1,6 +1,7 @@
var Keypairs = require('./');
/* global Promise*/
console.info("This SHOULD result in an error message:");
Keypairs.parseOrGenerate({ key: '' }).then(function (pair) {
// should NOT have any warning output
if (!pair.private || !pair.public) {