-
-
Notifications
You must be signed in to change notification settings - Fork 15
/
rsa-pss.ts
111 lines (100 loc) · 4.26 KB
/
rsa-pss.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
import { IAlgorithm } from "graphene-pk11";
import * as graphene from "graphene-pk11";
import * as core from "webcrypto-core";
import { Crypto } from "../../crypto";
import { CryptoKey } from "../../key";
import { RsaCrypto } from "./crypto";
import { RsaCryptoKey } from "./key";
export class RsaPssProvider extends core.RsaPssProvider {
constructor(private crypto: Crypto) {
super();
}
public async onGenerateKey(algorithm: RsaHashedKeyGenParams, extractable: boolean, keyUsages: KeyUsage[]): Promise<CryptoKeyPair> {
const key = await RsaCrypto.generateKey(
this.crypto.session,
{
...algorithm,
name: this.name,
},
extractable,
keyUsages);
return key;
}
public async onSign(algorithm: RsaPssParams, key: RsaCryptoKey, data: ArrayBuffer): Promise<ArrayBuffer> {
return new Promise<ArrayBuffer>((resolve, reject) => {
let buf = Buffer.from(data);
const mechanism = this.wc2pk11(algorithm, key.algorithm as RsaHashedKeyAlgorithm);
mechanism.name = RsaCrypto.getAlgorithm(this.crypto.session, this.name, mechanism.name);
if (mechanism.name === "RSA_PKCS_PSS") {
buf = RsaCrypto.prepareData((key as any).algorithm.hash.name, buf);
}
this.crypto.session.createSign(mechanism, key.key).once(buf, (err, data2) => {
if (err) {
reject(err);
} else {
resolve(new Uint8Array(data2).buffer);
}
});
});
}
public async onVerify(algorithm: RsaPssParams, key: RsaCryptoKey, signature: ArrayBuffer, data: ArrayBuffer): Promise<boolean> {
return new Promise<boolean>((resolve, reject) => {
let buf = Buffer.from(data);
const mechanism = this.wc2pk11(algorithm, key.algorithm as RsaHashedKeyAlgorithm);
mechanism.name = RsaCrypto.getAlgorithm(this.crypto.session, this.name, mechanism.name);
if (mechanism.name === "RSA_PKCS_PSS") {
buf = RsaCrypto.prepareData((key as any).algorithm.hash.name, buf);
}
this.crypto.session.createVerify(mechanism, key.key).once(buf, Buffer.from(signature), (err, data2) => {
if (err) {
reject(err);
} else {
resolve(data2);
}
});
});
}
public async onExportKey(format: KeyFormat, key: RsaCryptoKey): Promise<JsonWebKey | ArrayBuffer> {
return RsaCrypto.exportKey(this.crypto.session, format, key);
}
public async onImportKey(format: KeyFormat, keyData: JsonWebKey | ArrayBuffer, algorithm: RsaHashedImportParams, extractable: boolean, keyUsages: KeyUsage[]): Promise<CryptoKey> {
const key = await RsaCrypto.importKey(this.crypto.session, format, keyData, { ...algorithm, name: this.name }, extractable, keyUsages);
return key;
}
public checkCryptoKey(key: CryptoKey, keyUsage?: KeyUsage) {
super.checkCryptoKey(key, keyUsage);
if (!(key instanceof RsaCryptoKey)) {
throw new TypeError("key: Is not PKCS11 CryptoKey");
}
}
protected wc2pk11(alg: RsaPssParams, keyAlg: RsaHashedKeyAlgorithm): IAlgorithm {
let mech: string;
let param: graphene.RsaPssParams;
const saltLen = alg.saltLength;
switch (keyAlg.hash.name.toUpperCase()) {
case "SHA-1":
mech = "SHA1_RSA_PKCS_PSS";
param = new graphene.RsaPssParams(graphene.MechanismEnum.SHA1, graphene.RsaMgf.MGF1_SHA1, saltLen);
break;
case "SHA-224":
mech = "SHA224_RSA_PKCS_PSS";
param = new graphene.RsaPssParams(graphene.MechanismEnum.SHA224, graphene.RsaMgf.MGF1_SHA224, saltLen);
break;
case "SHA-256":
mech = "SHA256_RSA_PKCS_PSS";
param = new graphene.RsaPssParams(graphene.MechanismEnum.SHA256, graphene.RsaMgf.MGF1_SHA256, saltLen);
break;
case "SHA-384":
mech = "SHA384_RSA_PKCS_PSS";
param = new graphene.RsaPssParams(graphene.MechanismEnum.SHA384, graphene.RsaMgf.MGF1_SHA384, saltLen);
break;
case "SHA-512":
mech = "SHA512_RSA_PKCS_PSS";
param = new graphene.RsaPssParams(graphene.MechanismEnum.SHA512, graphene.RsaMgf.MGF1_SHA512, saltLen);
break;
default:
throw new core.OperationError(`Cannot create PKCS11 mechanism from algorithm '${keyAlg.hash.name}'`);
}
return { name: mech, params: param };
}
}