bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-20 10:13:31 +00:00
Code Issues Releases Wiki Activity

rsa encrypt and decrypt tests

Browse Source
This commit is contained in:
Kyle Spearrin
2018-04-20 15:32:25 -04:00
parent 44f5d1c267
commit d73012efc8
5 changed files with 206 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/misc/utils.ts
View File

@@ -39,6 +39,14 @@ export class Utils {
}
}
static fromByteStringToArray(str: string): Uint8Array {
const arr = new Uint8Array(str.length);
for (let i = 0; i < str.length; i++) {
arr[i] = str.charCodeAt(i);
}
return arr;
}
static fromBufferToB64(buffer: ArrayBuffer): string {
if (Utils.isNode) {
return new Buffer(buffer).toString('base64');
@@ -62,6 +70,10 @@ export class Utils {
}
}
static fromBufferToByteString(buffer: ArrayBuffer): string {
return String.fromCharCode.apply(null, new Uint8Array(buffer));
}
// ref: https://stackoverflow.com/a/40031979/1090359
static fromBufferToHex(buffer: ArrayBuffer): string {
if (Utils.isNode) {

50
src/services/nodeCryptoFunction.service.ts
View File

@@ -1,8 +1,11 @@
import * as constants from 'constants';
import * as crypto from 'crypto';
import * as forge from 'node-forge';
import { CryptoFunctionService } from '../abstractions/cryptoFunction.service';
import { Utils } from '../misc/utils';
export class NodeCryptoFunctionService implements CryptoFunctionService {
pbkdf2(password: string | ArrayBuffer, salt: string | ArrayBuffer, algorithm: 'sha256' | 'sha512',
iterations: number): Promise<ArrayBuffer> {
@@ -57,18 +60,32 @@ export class NodeCryptoFunctionService implements CryptoFunctionService {
return Promise.resolve(this.toArrayBuffer(decBuf));
}
rsaDecrypt(data: ArrayBuffer, key: ArrayBuffer, algorithm: 'sha1' | 'sha256'): Promise<ArrayBuffer> {
if (algorithm !== 'sha1') {
throw new Error('only sha1 is supported on this platform.');
rsaEncrypt(data: ArrayBuffer, publicKey: ArrayBuffer, algorithm: 'sha1' | 'sha256'): Promise<ArrayBuffer> {
let md: forge.md.MessageDigest;
if (algorithm === 'sha256') {
md = forge.md.sha256.create();
} else {
md = forge.md.sha1.create();
}
const nodeData = this.toNodeBuffer(data);
const rsaKey: crypto.RsaPrivateKey = {
key: this.toPem(key),
padding: constants.RSA_PKCS1_OAEP_PADDING,
};
const decBuf = crypto.publicDecrypt(rsaKey, nodeData);
return Promise.resolve(this.toArrayBuffer(decBuf));
const dataBytes = Utils.fromBufferToByteString(data);
const key = this.toForgePublicKey(publicKey);
const decBytes: string = key.encrypt(dataBytes, 'RSA-OAEP', { md: md });
return Promise.resolve(Utils.fromByteStringToArray(decBytes).buffer);
}
rsaDecrypt(data: ArrayBuffer, privateKey: ArrayBuffer, algorithm: 'sha1' | 'sha256'): Promise<ArrayBuffer> {
let md: forge.md.MessageDigest;
if (algorithm === 'sha256') {
md = forge.md.sha256.create();
} else {
md = forge.md.sha1.create();
}
const dataBytes = Utils.fromBufferToByteString(data);
const key = this.toForgePrivateKey(privateKey);
const decBytes: string = key.decrypt(dataBytes, 'RSA-OAEP', { md: md });
return Promise.resolve(Utils.fromByteStringToArray(decBytes).buffer);
}
randomBytes(length: number): Promise<ArrayBuffer> {
@@ -101,8 +118,15 @@ export class NodeCryptoFunctionService implements CryptoFunctionService {
return new Uint8Array(buf).buffer;
}
private toPem(key: ArrayBuffer): string {
const b64Key = ''; // TODO: key to b84
return '-----BEGIN PRIVATE KEY-----\n' + b64Key + '\n-----END PRIVATE KEY-----';
private toForgePrivateKey(key: ArrayBuffer): any {
const byteString = Utils.fromBufferToByteString(key);
const asn1 = forge.asn1.fromDer(byteString);
return (forge as any).pki.privateKeyFromAsn1(asn1);
}
private toForgePublicKey(key: ArrayBuffer): any {
const byteString = Utils.fromBufferToByteString(key);
const asn1 = forge.asn1.fromDer(byteString);
return (forge as any).pki.publicKeyFromAsn1(asn1);
}
}

33
src/services/webCryptoFunction.service.ts
View File

@@ -23,7 +23,7 @@ export class WebCryptoFunctionService implements CryptoFunctionService {
const passwordBytes = this.toByteString(password);
const saltBytes = this.toByteString(salt);
const derivedKeyBytes = (forge as any).pbkdf2(passwordBytes, saltBytes, iterations, forgeLen, algorithm);
return this.fromByteStringToBuf(derivedKeyBytes);
return Utils.fromByteStringToArray(derivedKeyBytes).buffer;
}
const wcLen = algorithm === 'sha256' ? 256 : 512;
@@ -54,7 +54,7 @@ export class WebCryptoFunctionService implements CryptoFunctionService {
const valueBytes = this.toByteString(value);
md.update(valueBytes, 'raw');
return this.fromByteStringToBuf(md.digest().data);
return Utils.fromByteStringToArray(md.digest().data).buffer;
}
const valueBuf = this.toBuf(value);
@@ -68,7 +68,7 @@ export class WebCryptoFunctionService implements CryptoFunctionService {
const hmac = (forge as any).hmac.create();
hmac.start(algorithm, keyBytes);
hmac.update(valueBytes);
return this.fromByteStringToBuf(hmac.digest().getBytes());
return Utils.fromByteStringToArray(hmac.digest().getBytes()).buffer;
}
const signingAlgorithm = {
@@ -94,7 +94,7 @@ export class WebCryptoFunctionService implements CryptoFunctionService {
decipher.start({ iv: ivBytes });
decipher.update(dataBuffer);
decipher.finish();
return this.fromByteStringToBuf(decipher.output.getBytes());
return Utils.fromByteStringToArray(decipher.output.getBytes()).buffer;
}
async aesDecryptLarge(data: ArrayBuffer, iv: ArrayBuffer, key: ArrayBuffer): Promise<ArrayBuffer> {
@@ -102,14 +102,25 @@ export class WebCryptoFunctionService implements CryptoFunctionService {
return await this.subtle.decrypt({ name: 'AES-CBC', iv: iv }, impKey, data);
}
async rsaDecrypt(data: ArrayBuffer, key: ArrayBuffer, algorithm: 'sha1' | 'sha256'): Promise<ArrayBuffer> {
async rsaEncrypt(data: ArrayBuffer, publicKey: ArrayBuffer, algorithm: 'sha1' | 'sha256'): Promise<ArrayBuffer> {
// Note: Edge browser requires that we specify name and hash for both key import and decrypt.
// We cannot use the proper types here.
const rsaParams = {
name: 'RSA-OAEP',
hash: { name: this.toWebCryptoAlgorithm(algorithm) },
};
const impKey = await this.subtle.importKey('pkcs8', key, rsaParams, false, ['decrypt']);
const impKey = await this.subtle.importKey('spki', publicKey, rsaParams, false, ['encrypt']);
return await this.subtle.encrypt(rsaParams, impKey, data);
}
async rsaDecrypt(data: ArrayBuffer, privateKey: ArrayBuffer, algorithm: 'sha1' | 'sha256'): Promise<ArrayBuffer> {
// Note: Edge browser requires that we specify name and hash for both key import and decrypt.
// We cannot use the proper types here.
const rsaParams = {
name: 'RSA-OAEP',
hash: { name: this.toWebCryptoAlgorithm(algorithm) },
};
const impKey = await this.subtle.importKey('pkcs8', privateKey, rsaParams, false, ['decrypt']);
return await this.subtle.decrypt(rsaParams, impKey, data);
}
@@ -134,19 +145,11 @@ export class WebCryptoFunctionService implements CryptoFunctionService {
if (typeof (value) === 'string') {
bytes = forge.util.encodeUtf8(value);
} else {
bytes = String.fromCharCode.apply(null, new Uint8Array(value));
bytes = Utils.fromBufferToByteString(value);
}
return bytes;
}
private fromByteStringToBuf(byteString: string): ArrayBuffer {
const arr = new Uint8Array(byteString.length);
for (let i = 0; i < byteString.length; i++) {
arr[i] = byteString.charCodeAt(i);
}
return arr.buffer;
}
private toWebCryptoAlgorithm(algorithm: 'sha1' | 'sha256' | 'sha512'): string {
return algorithm === 'sha1' ? 'SHA-1' : algorithm === 'sha256' ? 'SHA-256' : 'SHA-512';
}