Permalink
Browse files

Add DES3 support to PKCS#7 module.

  • Loading branch information...
1 parent 0998bd9 commit ba0557d922ec7fbc5ceb0377613dc274d5475db1 @stesie stesie committed Mar 29, 2012
Showing with 86 additions and 1 deletion.
  1. +2 −0 js/oids.js
  2. +11 −0 js/pkcs7.js
  3. +15 −0 tests/nodeunit/_files/pkcs7_des3.pem
  4. +58 −1 tests/nodeunit/pkcs7.js
View
@@ -41,6 +41,8 @@ oids['1.3.14.3.2.26'] = 'sha1';
oids['sha1'] = '1.3.14.3.2.26';
oids['1.2.840.113549.2.5'] = 'md5';
oids['md5'] = '1.2.840.113549.2.5';
+oids['1.2.840.113549.3.7'] = 'des-EDE3-CBC';
+oids['des-EDE3-CBC'] = '1.2.840.113549.3.7';
// pkcs#7 content types
oids['1.2.840.113549.1.7.1'] = 'data';
View
@@ -83,6 +83,7 @@ else if(typeof(module) !== 'undefined' && module.exports) {
forge = {
aes: require('./aes'),
asn1: require('./asn1'),
+ des: require('./des'),
pki: require('./pki'),
random: require('./random'),
util: require('./util')
@@ -612,6 +613,10 @@ p7.createEnvelopedData = function() {
ciph = forge.aes.createDecryptionCipher(msg.encContent.key);
break;
+ case forge.pki.oids['des-EDE3-CBC']:
+ ciph = forge.des.createDecryptionCipher(msg.encContent.key);
+ break;
+
default:
throw {
message: 'Unsupported symmetric cipher, '
@@ -691,6 +696,12 @@ p7.createEnvelopedData = function() {
ciphFn = forge.aes.createEncryptionCipher;
break;
+ case forge.pki.oids['des-EDE3-CBC']:
+ keyLen = 24;
+ ivLen = 8;
+ ciphFn = forge.des.createEncryptionCipher;
+ break;
+
default:
throw {
message: 'Unsupported symmetric cipher, OID ' + cipher
@@ -0,0 +1,15 @@
+-----BEGIN PKCS7-----
+MIICTQYJKoZIhvcNAQcDoIICPjCCAjoCAQAxggHGMIIBwgIBADCBqTCBmzELMAkG
+A1UEBhMCREUxEjAQBgNVBAgMCUZyYW5jb25pYTEQMA4GA1UEBwwHQW5zYmFjaDEV
+MBMGA1UECgwMU3RlZmFuIFNpZWdsMRIwEAYDVQQLDAlHZWllcmxlaW4xFjAUBgNV
+BAMMDUdlaWVybGVpbiBERVYxIzAhBgkqhkiG9w0BCQEWFHN0ZXNpZUBicm9rZW5w
+aXBlLmRlAgkA1FQcQNg14vMwDQYJKoZIhvcNAQEBBQAEggEAS6K+sQvdKcK6YafJ
+maDPjBzyjf5jtBgVrFgBXTCRIp/Z2zAXa70skfxhbwTgmilYTacA7jPGRrnLmvBc
+BjhyCKM3dRUyYgh1K1ka0w1prvLmRk6Onf5df1ZQn3AJMIujJZcCOhbV1ByLInve
+xn02KNHstGmdHM/JGyPCp+iYGprhUozVSpNCKS+R33EbsT0sAxamfqdAblT9+5Qj
+4CABvW11a1clPV7STwBbAKbZaLs8mDeoWP0yHvBtJ7qzZdSgJJA2oU7SDv4icwEe
+Ahccbe2HWkLRw8G5YG9XcWx5PnQQhhnXMxkLoSMIYxItyL/cRORbpDohd+otAo66
+WLH1ODBrBgkqhkiG9w0BBwEwFAYIKoZIhvcNAwcECD5EWJMv1fd7gEj1w3WM1KsM
+L8GDk9JoqA8t9v3oXCT0nAMXoNpHZMnv+0UHHVljlSXBTQxwUP5VMY/ddquJ5O3N
+rDEqqJuHB+KPIsW1kxrdplU=
+-----END PKCS7-----
View
@@ -72,7 +72,7 @@ exports.testFindRecipient = function(test) {
test.done();
}
-exports.testDecrypt = function(test) {
+exports.testDecryptAES = function(test) {
p7 = forge.pkcs7.messageFromPem(p7Pem);
privKey = forge.pki.privateKeyFromPem(keyPem);
p7.decrypt(p7.recipients[0], privKey);
@@ -85,6 +85,21 @@ exports.testDecrypt = function(test) {
test.done();
}
+exports.testDecryptDES = function(test) {
+ var p7Pem = fs.readFileSync(__dirname + '/_files/pkcs7_des3.pem', 'ascii');
+
+ p7 = forge.pkcs7.messageFromPem(p7Pem);
+ privKey = forge.pki.privateKeyFromPem(keyPem);
+ p7.decrypt(p7.recipients[0], privKey);
+
+ // symmetric key must be 24 bytes long (DES3 key)
+ test.equal(p7.encContent.key.data.length, 24);
+ test.equal(p7.content, 'Today is Prickle-Prickle, '
+ + "the 16th day of Discord in the YOLD 3178\r\n");
+
+ test.done();
+}
+
exports.testAddRecipient = function(test) {
p7 = forge.pkcs7.createEnvelopedData();
@@ -146,6 +161,48 @@ exports.testEncrypt = function(test) {
test.done();
}
+exports.testEncryptDES3EDE = function(test) {
+ p7 = forge.pkcs7.createEnvelopedData();
+ cert = forge.pki.certificateFromPem(certPem);
+ privKey = forge.pki.privateKeyFromPem(keyPem);
+
+ p7.addRecipient(cert);
+ p7.content = forge.util.createBuffer('Just a little test');
+ p7.encContent.algorithm = forge.pki.oids['des-EDE3-CBC'];
+ p7.encrypt();
+
+ // Since we did not provide a key, a random key should have been created
+ // automatically. DES3-EDE requires 24 bytes of key material.
+ test.equal(p7.encContent.key.data.length, 24);
+
+ // Furthermore an IV must be generated. DES3 has 8 bytes IV.
+ test.equal(p7.encContent.parameter.data.length, 8);
+
+ // Content is 18 Bytes long, DES has 8 byte blocksize,
+ // with padding that should make up 24 bytes.
+ test.equals(p7.encContent.content.data.length, 24);
+
+ // RSA encryption should yield 256 bytes
+ test.equals(p7.recipients[0].encContent.content.length, 256);
+
+ // rewind Key & IV
+ p7.encContent.key.read = 0;
+ p7.encContent.parameter.read = 0;
+
+ // decryption of the asym. encrypted data should reveal the symmetric key
+ decryptedKey = privKey.decrypt(p7.recipients[0].encContent.content);
+ test.equals(decryptedKey, p7.encContent.key.data);
+
+ // decryption of sym. encrypted data should reveal the content
+ ciph = forge.des.createDecryptionCipher(decryptedKey);
+ ciph.start(p7.encContent.parameter); // IV
+ ciph.update(p7.encContent.content);
+ ciph.finish();
+ test.equals(ciph.output, 'Just a little test');
+
+ test.done();
+}
+
exports.testMessageToPem = function(test) {
p7 = forge.pkcs7.createEnvelopedData();
p7.addRecipient(forge.pki.certificateFromPem(certPem));

0 comments on commit ba0557d

Please sign in to comment.