diff options
Diffstat (limited to 'ext/node/polyfills/_crypto/crypto_browserify/parse_asn1')
4 files changed, 383 insertions, 0 deletions
diff --git a/ext/node/polyfills/_crypto/crypto_browserify/parse_asn1/asn1.js b/ext/node/polyfills/_crypto/crypto_browserify/parse_asn1/asn1.js new file mode 100644 index 000000000..9023cf259 --- /dev/null +++ b/ext/node/polyfills/_crypto/crypto_browserify/parse_asn1/asn1.js @@ -0,0 +1,117 @@ +// Copyright 2018-2023 the Deno authors. All rights reserved. MIT license. +// Copyright 2017 crypto-browserify. All rights reserved. MIT license. +// from https://github.com/crypto-browserify/parse-asn1/blob/fbd70dca8670d17955893e083ca69118908570be/asn1.js + +import asn1 from "internal:deno_node/polyfills/_crypto/crypto_browserify/asn1.js/mod.js"; +import certificate from "internal:deno_node/polyfills/_crypto/crypto_browserify/parse_asn1/certificate.js"; +export { certificate }; + +export const RSAPrivateKey = asn1.define("RSAPrivateKey", function () { + this.seq().obj( + this.key("version").int(), + this.key("modulus").int(), + this.key("publicExponent").int(), + this.key("privateExponent").int(), + this.key("prime1").int(), + this.key("prime2").int(), + this.key("exponent1").int(), + this.key("exponent2").int(), + this.key("coefficient").int(), + ); +}); + +export const RSAPublicKey = asn1.define("RSAPublicKey", function () { + this.seq().obj( + this.key("modulus").int(), + this.key("publicExponent").int(), + ); +}); + +export const PublicKey = asn1.define("SubjectPublicKeyInfo", function () { + this.seq().obj( + this.key("algorithm").use(AlgorithmIdentifier), + this.key("subjectPublicKey").bitstr(), + ); +}); + +const AlgorithmIdentifier = asn1.define("AlgorithmIdentifier", function () { + this.seq().obj( + this.key("algorithm").objid(), + this.key("none").null_().optional(), + this.key("curve").objid().optional(), + this.key("params").seq().obj( + this.key("p").int(), + this.key("q").int(), + this.key("g").int(), + ).optional(), + ); +}); + +export const PrivateKey = asn1.define("PrivateKeyInfo", function () { + this.seq().obj( + this.key("version").int(), + this.key("algorithm").use(AlgorithmIdentifier), + this.key("subjectPrivateKey").octstr(), + ); +}); +export const EncryptedPrivateKey = asn1.define( + "EncryptedPrivateKeyInfo", + function () { + this.seq().obj( + this.key("algorithm").seq().obj( + this.key("id").objid(), + this.key("decrypt").seq().obj( + this.key("kde").seq().obj( + this.key("id").objid(), + this.key("kdeparams").seq().obj( + this.key("salt").octstr(), + this.key("iters").int(), + ), + ), + this.key("cipher").seq().obj( + this.key("algo").objid(), + this.key("iv").octstr(), + ), + ), + ), + this.key("subjectPrivateKey").octstr(), + ); + }, +); + +export const DSAPrivateKey = asn1.define("DSAPrivateKey", function () { + this.seq().obj( + this.key("version").int(), + this.key("p").int(), + this.key("q").int(), + this.key("g").int(), + this.key("pub_key").int(), + this.key("priv_key").int(), + ); +}); + +export const DSAparam = asn1.define("DSAparam", function () { + this.int(); +}); + +export const ECPrivateKey = asn1.define("ECPrivateKey", function () { + this.seq().obj( + this.key("version").int(), + this.key("privateKey").octstr(), + this.key("parameters").optional().explicit(0).use(ECParameters), + this.key("publicKey").optional().explicit(1).bitstr(), + ); +}); + +const ECParameters = asn1.define("ECParameters", function () { + this.choice({ + namedCurve: this.objid(), + }); +}); + +export const signature = asn1.define("signature", function () { + this.seq().obj( + this.key("r").int(), + this.key("s").int(), + ); +}); diff --git a/ext/node/polyfills/_crypto/crypto_browserify/parse_asn1/certificate.js b/ext/node/polyfills/_crypto/crypto_browserify/parse_asn1/certificate.js new file mode 100644 index 000000000..484aa41c4 --- /dev/null +++ b/ext/node/polyfills/_crypto/crypto_browserify/parse_asn1/certificate.js @@ -0,0 +1,91 @@ +// Copyright 2018-2023 the Deno authors. All rights reserved. MIT license. +// Copyright 2017 crypto-browserify. All rights reserved. MIT license. +// from https://github.com/crypto-browserify/parse-asn1/blob/fbd70dca8670d17955893e083ca69118908570be/certificate.js + +import * as asn from "internal:deno_node/polyfills/_crypto/crypto_browserify/asn1.js/mod.js"; + +const Time = asn.define("Time", function () { + this.choice({ + utcTime: this.utctime(), + generalTime: this.gentime(), + }); +}); + +const AttributeTypeValue = asn.define("AttributeTypeValue", function () { + this.seq().obj( + this.key("type").objid(), + this.key("value").any(), + ); +}); + +const AlgorithmIdentifier = asn.define("AlgorithmIdentifier", function () { + this.seq().obj( + this.key("algorithm").objid(), + this.key("parameters").optional(), + this.key("curve").objid().optional(), + ); +}); + +const SubjectPublicKeyInfo = asn.define("SubjectPublicKeyInfo", function () { + this.seq().obj( + this.key("algorithm").use(AlgorithmIdentifier), + this.key("subjectPublicKey").bitstr(), + ); +}); + +const RelativeDistinguishedName = asn.define( + "RelativeDistinguishedName", + function () { + this.setof(AttributeTypeValue); + }, +); + +const RDNSequence = asn.define("RDNSequence", function () { + this.seqof(RelativeDistinguishedName); +}); + +const Name = asn.define("Name", function () { + this.choice({ + rdnSequence: this.use(RDNSequence), + }); +}); + +const Validity = asn.define("Validity", function () { + this.seq().obj( + this.key("notBefore").use(Time), + this.key("notAfter").use(Time), + ); +}); + +const Extension = asn.define("Extension", function () { + this.seq().obj( + this.key("extnID").objid(), + this.key("critical").bool().def(false), + this.key("extnValue").octstr(), + ); +}); + +const TBSCertificate = asn.define("TBSCertificate", function () { + this.seq().obj( + this.key("version").explicit(0).int().optional(), + this.key("serialNumber").int(), + this.key("signature").use(AlgorithmIdentifier), + this.key("issuer").use(Name), + this.key("validity").use(Validity), + this.key("subject").use(Name), + this.key("subjectPublicKeyInfo").use(SubjectPublicKeyInfo), + this.key("issuerUniqueID").implicit(1).bitstr().optional(), + this.key("subjectUniqueID").implicit(2).bitstr().optional(), + this.key("extensions").explicit(3).seqof(Extension).optional(), + ); +}); + +export const X509Certificate = asn.define("X509Certificate", function () { + this.seq().obj( + this.key("tbsCertificate").use(TBSCertificate), + this.key("signatureAlgorithm").use(AlgorithmIdentifier), + this.key("signatureValue").bitstr(), + ); +}); + +export default X509Certificate; diff --git a/ext/node/polyfills/_crypto/crypto_browserify/parse_asn1/fix_proc.js b/ext/node/polyfills/_crypto/crypto_browserify/parse_asn1/fix_proc.js new file mode 100644 index 000000000..9c78f7bb2 --- /dev/null +++ b/ext/node/polyfills/_crypto/crypto_browserify/parse_asn1/fix_proc.js @@ -0,0 +1,37 @@ +// Copyright 2018-2023 the Deno authors. All rights reserved. MIT license. +// Copyright 2017 crypto-browserify. All rights reserved. MIT license. +// from https://github.com/crypto-browserify/parse-asn1/blob/fbd70dca8670d17955893e083ca69118908570be/fixProc.js + +import evp from "internal:deno_node/polyfills/_crypto/crypto_browserify/evp_bytes_to_key.ts"; +import * as ciphers from "internal:deno_node/polyfills/_crypto/crypto_browserify/browserify_aes/mod.js"; +import { Buffer } from "internal:deno_node/polyfills/buffer.ts"; + +const findProc = + /Proc-Type: 4,ENCRYPTED[\n\r]+DEK-Info: AES-((?:128)|(?:192)|(?:256))-CBC,([0-9A-H]+)[\n\r]+([0-9A-z\n\r+/=]+)[\n\r]+/m; +const startRegex = /^-----BEGIN ((?:.*? KEY)|CERTIFICATE)-----/m; +const fullRegex = + /^-----BEGIN ((?:.*? KEY)|CERTIFICATE)-----([0-9A-z\n\r+/=]+)-----END \1-----$/m; +export default function (okey, password) { + const key = okey.toString(); + const match = key.match(findProc); + let decrypted; + if (!match) { + const match2 = key.match(fullRegex); + decrypted = Buffer.from(match2[2].replace(/[\r\n]/g, ""), "base64"); + } else { + const suite = "aes" + match[1]; + const iv = Buffer.from(match[2], "hex"); + const cipherText = Buffer.from(match[3].replace(/[\r\n]/g, ""), "base64"); + const cipherKey = evp(password, iv.slice(0, 8), parseInt(match[1], 10)).key; + const out = []; + const cipher = ciphers.createDecipheriv(suite, cipherKey, iv); + out.push(cipher.update(cipherText)); + out.push(cipher.final()); + decrypted = Buffer.concat(out); + } + const tag = key.match(startRegex)[1]; + return { + tag: tag, + data: decrypted, + }; +} diff --git a/ext/node/polyfills/_crypto/crypto_browserify/parse_asn1/mod.js b/ext/node/polyfills/_crypto/crypto_browserify/parse_asn1/mod.js new file mode 100644 index 000000000..66aa2227f --- /dev/null +++ b/ext/node/polyfills/_crypto/crypto_browserify/parse_asn1/mod.js @@ -0,0 +1,138 @@ +// Copyright 2018-2023 the Deno authors. All rights reserved. MIT license. +// Copyright 2017 crypto-browserify. All rights reserved. MIT license. +// from https://github.com/crypto-browserify/parse-asn1/blob/fbd70dca8670d17955893e083ca69118908570be/index.js + +import * as asn1 from "internal:deno_node/polyfills/_crypto/crypto_browserify/parse_asn1/asn1.js"; +import fixProc from "internal:deno_node/polyfills/_crypto/crypto_browserify/parse_asn1/fix_proc.js"; +import * as ciphers from "internal:deno_node/polyfills/_crypto/crypto_browserify/browserify_aes/mod.js"; +import { Buffer } from "internal:deno_node/polyfills/buffer.ts"; +import { pbkdf2Sync } from "internal:deno_node/polyfills/internal/crypto/pbkdf2.ts"; + +const aesid = { + "2.16.840.1.101.3.4.1.1": "aes-128-ecb", + "2.16.840.1.101.3.4.1.2": "aes-128-cbc", + "2.16.840.1.101.3.4.1.3": "aes-128-ofb", + "2.16.840.1.101.3.4.1.4": "aes-128-cfb", + "2.16.840.1.101.3.4.1.21": "aes-192-ecb", + "2.16.840.1.101.3.4.1.22": "aes-192-cbc", + "2.16.840.1.101.3.4.1.23": "aes-192-ofb", + "2.16.840.1.101.3.4.1.24": "aes-192-cfb", + "2.16.840.1.101.3.4.1.41": "aes-256-ecb", + "2.16.840.1.101.3.4.1.42": "aes-256-cbc", + "2.16.840.1.101.3.4.1.43": "aes-256-ofb", + "2.16.840.1.101.3.4.1.44": "aes-256-cfb", +}; +export function parseKeys(buffer) { + let password; + if (typeof buffer === "object" && !Buffer.isBuffer(buffer)) { + password = buffer.passphrase; + buffer = buffer.key; + } + if (typeof buffer === "string") { + buffer = Buffer.from(buffer); + } + + const stripped = fixProc(buffer, password); + + const type = stripped.tag; + let data = stripped.data; + let subtype, ndata; + switch (type) { + case "CERTIFICATE": + ndata = asn1.certificate.decode(data, "der").tbsCertificate + .subjectPublicKeyInfo; + // falls through + case "PUBLIC KEY": + if (!ndata) { + ndata = asn1.PublicKey.decode(data, "der"); + } + subtype = ndata.algorithm.algorithm.join("."); + switch (subtype) { + case "1.2.840.113549.1.1.1": + return asn1.RSAPublicKey.decode(ndata.subjectPublicKey.data, "der"); + case "1.2.840.10045.2.1": + ndata.subjectPrivateKey = ndata.subjectPublicKey; + return { + type: "ec", + data: ndata, + }; + case "1.2.840.10040.4.1": + ndata.algorithm.params.pub_key = asn1.DSAparam.decode( + ndata.subjectPublicKey.data, + "der", + ); + return { + type: "dsa", + data: ndata.algorithm.params, + }; + default: + throw new Error("unknown key id " + subtype); + } + // throw new Error('unknown key type ' + type) + case "ENCRYPTED PRIVATE KEY": + data = asn1.EncryptedPrivateKey.decode(data, "der"); + data = decrypt(data, password); + // falls through + case "PRIVATE KEY": + ndata = asn1.PrivateKey.decode(data, "der"); + subtype = ndata.algorithm.algorithm.join("."); + switch (subtype) { + case "1.2.840.113549.1.1.1": + return asn1.RSAPrivateKey.decode(ndata.subjectPrivateKey, "der"); + case "1.2.840.10045.2.1": + return { + curve: ndata.algorithm.curve, + privateKey: asn1.ECPrivateKey.decode(ndata.subjectPrivateKey, "der") + .privateKey, + }; + case "1.2.840.10040.4.1": + ndata.algorithm.params.priv_key = asn1.DSAparam.decode( + ndata.subjectPrivateKey, + "der", + ); + return { + type: "dsa", + params: ndata.algorithm.params, + }; + default: + throw new Error("unknown key id " + subtype); + } + // throw new Error('unknown key type ' + type) + case "RSA PUBLIC KEY": + return asn1.RSAPublicKey.decode(data, "der"); + case "RSA PRIVATE KEY": + return asn1.RSAPrivateKey.decode(data, "der"); + case "DSA PRIVATE KEY": + return { + type: "dsa", + params: asn1.DSAPrivateKey.decode(data, "der"), + }; + case "EC PRIVATE KEY": + data = asn1.ECPrivateKey.decode(data, "der"); + return { + curve: data.parameters.value, + privateKey: data.privateKey, + }; + default: + throw new Error("unknown key type " + type); + } +} +export default parseKeys; +parseKeys.signature = asn1.signature; +function decrypt(data, password) { + const salt = data.algorithm.decrypt.kde.kdeparams.salt; + const iters = parseInt( + data.algorithm.decrypt.kde.kdeparams.iters.toString(), + 10, + ); + const algo = aesid[data.algorithm.decrypt.cipher.algo.join(".")]; + const iv = data.algorithm.decrypt.cipher.iv; + const cipherText = data.subjectPrivateKey; + const keylen = parseInt(algo.split("-")[1], 10) / 8; + const key = pbkdf2Sync(password, salt, iters, keylen, "sha1"); + const cipher = ciphers.createDecipheriv(algo, key, iv); + const out = []; + out.push(cipher.update(cipherText)); + out.push(cipher.final()); + return Buffer.concat(out); +} |