-
Notifications
You must be signed in to change notification settings - Fork 569
/
public_encrypt.js
104 lines (101 loc) · 2.59 KB
/
public_encrypt.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
// Copyright 2018-2022 the Deno authors. All rights reserved. MIT license.
// Copyright 2017 Calvin Metcalf. All rights reserved. MIT license.
import parseKeys from "../parse_asn1/mod.js";
import { randomBytes } from "../randombytes.ts";
import { createHash } from "../../hash.ts";
import mgf from "./mgf.js";
import { xor } from "./xor.js";
import { BN } from "../bn.js/bn.js";
import { withPublic } from "./with_public.js";
import crt from "../browserify_rsa.js";
import { Buffer } from "../../../buffer.ts";
export function publicEncrypt(publicKey, msg, reverse) {
let padding;
if (publicKey.padding) {
padding = publicKey.padding;
} else if (reverse) {
padding = 1;
} else {
padding = 4;
}
const key = parseKeys(publicKey);
let paddedMsg;
if (padding === 4) {
paddedMsg = oaep(key, msg);
} else if (padding === 1) {
paddedMsg = pkcs1(key, msg, reverse);
} else if (padding === 3) {
paddedMsg = new BN(msg);
if (paddedMsg.cmp(key.modulus) >= 0) {
throw new Error("data too long for modulus");
}
} else {
throw new Error("unknown padding");
}
if (reverse) {
return crt(paddedMsg, key);
} else {
return withPublic(paddedMsg, key);
}
}
function oaep(key, msg) {
const k = key.modulus.byteLength();
const mLen = msg.length;
const iHash = createHash("sha1").update(Buffer.alloc(0)).digest();
const hLen = iHash.length;
const hLen2 = 2 * hLen;
if (mLen > k - hLen2 - 2) {
throw new Error("message too long");
}
const ps = Buffer.alloc(k - mLen - hLen2 - 2);
const dblen = k - hLen - 1;
const seed = randomBytes(hLen);
const maskedDb = xor(
Buffer.concat([iHash, ps, Buffer.alloc(1, 1), msg], dblen),
mgf(seed, dblen),
);
const maskedSeed = xor(seed, mgf(maskedDb, hLen));
return new BN(Buffer.concat([Buffer.alloc(1), maskedSeed, maskedDb], k));
}
function pkcs1(key, msg, reverse) {
const mLen = msg.length;
const k = key.modulus.byteLength();
if (mLen > k - 11) {
throw new Error("message too long");
}
let ps;
if (reverse) {
ps = Buffer.alloc(k - mLen - 3, 0xff);
} else {
ps = nonZero(k - mLen - 3);
}
return new BN(
Buffer.concat([
Buffer.from([
0,
reverse ? 1 : 2,
]),
ps,
Buffer.alloc(1),
msg,
], k),
);
}
function nonZero(len) {
const out = Buffer.allocUnsafe(len);
let i = 0;
let cache = randomBytes(len * 2);
let cur = 0;
let num;
while (i < len) {
if (cur === cache.length) {
cache = randomBytes(len * 2);
cur = 0;
}
num = cache[cur++];
if (num) {
out[i++] = num;
}
}
return out;
}