Permalink
Browse files

Merge pull request #40 from warner/cleanups

Cleanups (no functional changes)
  • Loading branch information...
2 parents ce5459b + 10714d9 commit 0905c9446b73ffe85a28226357fbd08117765f54 @benadida benadida committed Jul 31, 2012
Showing with 50 additions and 37 deletions.
  1. +25 −12 lib/algs/ds.js
  2. +12 −12 lib/cert.js
  3. +13 −13 lib/jwcrypto.js
View
@@ -109,7 +109,7 @@ function generate(keysize, rng, doneCB) {
// the secret key will compute y
keypair.secretKey = new SecretKey(x, keypair.keysize, params);
keypair.publicKey = new PublicKey(keypair.secretKey.y, keypair.keysize, params);
-
+
keypair.publicKey.algorithm = keypair.secretKey.algorithm = keypair.algorithm = 'DS';
// XXX - timeout or nexttick?
@@ -121,7 +121,7 @@ var PublicKey = function(y, keysize, params) {
if (keysize && params) {
this.keysize = keysize;
-
+
// copy params
this.q = params.q; this.g = params.g; this.p = params.p;
}
@@ -161,7 +161,7 @@ PublicKey.prototype._LEGACY_deserializeFromObject = function(obj) {
this.p = new BigInteger(obj.p, 16);
this.q = new BigInteger(obj.q, 16);
this.g = new BigInteger(obj.g, 16);
- this.y = new BigInteger(obj.y, 16);
+ this.y = new BigInteger(obj.y, 16);
};
PublicKey.prototype._20120815_deserializeFromObject = function(obj) {
@@ -173,11 +173,24 @@ PublicKey.prototype._20120815_deserializeFromObject = function(obj) {
PublicKey.prototype.deserializeFromObject = function(obj) {
version.dispatchOnDataFormatVersion(this, 'deserializeFromObject', obj.version, obj);
-
+
this.keysize = _getKeySizeFromBitlength(this.y.bitLength());
return this;
};
+// note: this deserialization code does not check that the public key is
+// well-formed (P and Q are primes, G is actually a generator, etc), and it
+// allows the use of any group (instead of being restricted to e.g. the
+// ones published by NIST). For sign/verify that is ok: when someone else
+// gives a public key, they're instructing us how to distinguish between good
+// signatures and forgeries, and giving us a corrupt pubkey is their
+// perogative (plus we have no secrets to lose).
+//
+// Do not use this approach for DH key agreement. In that world, we *do* have
+// a private key that could be lost, and a maliciously crafted pubkey could
+// be used to learn it. Additional checks would be necessary to do that
+// safely.
+
function SecretKey(x, keysize, params) {
this.x = x;
@@ -215,23 +228,23 @@ SecretKey.prototype._LEGACY_deserializeFromObject = function(obj) {
this.p = new BigInteger(obj.p, 16);
this.q = new BigInteger(obj.q, 16);
- this.g = new BigInteger(obj.g, 16);
+ this.g = new BigInteger(obj.g, 16);
};
SecretKey.prototype._20120815_deserializeFromObject = function(obj) {
this.x = BigInteger.fromBase64(obj.x);
this.p = BigInteger.fromBase64(obj.p);
this.q = BigInteger.fromBase64(obj.q);
- this.g = BigInteger.fromBase64(obj.g);
+ this.g = BigInteger.fromBase64(obj.g);
};
SecretKey.prototype.deserializeFromObject = function(obj) {
version.dispatchOnDataFormatVersion(this, 'deserializeFromObject', obj.version,
obj);
this.keysize = _getKeySizeFromBitlength(this.p.bitLength());
-
+
return this;
};
@@ -248,18 +261,18 @@ SecretKey.prototype.sign = function(message, rng, progressCB, doneCB) {
while(true) {
k = randomNumberMod(this.q, rng);
r = this.g.modPow(k, this.p).mod(this.q);
-
+
if (r.equals(BigInteger.ZERO)) {
console.log("oops r is zero");
continue;
}
// the hash
var bigint_hash = doHash(params.hashAlg, message, this.q);
-
+
// compute H(m) + (x*r)
var message_dep = bigint_hash.add(this.x.multiply(r).mod(this.q)).mod(this.q);
-
+
// compute s
s = k.modInverse(this.q).multiply(message_dep).mod(this.q);
@@ -296,7 +309,7 @@ PublicKey.prototype.verify = function(message, signature, cb) {
//return cb("problem with r/s combo: " + signature.length + "/" + hexlength + " - " + signature);
return cb("malformed signature");
}
-
+
var r = new BigInteger(signature.substring(0, hexlength), 16),
s = new BigInteger(signature.substring(hexlength, hexlength*2), 16);
@@ -321,7 +334,7 @@ PublicKey.prototype.verify = function(message, signature, cb) {
cb(null, v.equals(r));
};
-// register this stuff
+// register this stuff
algs.register("DS", {
generate: generate,
PublicKey: PublicKey,
View
@@ -13,12 +13,12 @@ var SERIALIZER = {};
SERIALIZER._LEGACY_serializeCertParamsInto = function(certParams, params) {
params['public-key'] = certParams.publicKey.toSimpleObject();
- params.principal = certParams.principal;
+ params.principal = certParams.principal;
};
SERIALIZER._20120815_serializeCertParamsInto = function(certParams, params) {
params['publicKey'] = certParams.publicKey.toSimpleObject();
- params.principal = certParams.principal;
+ params.principal = certParams.principal;
params.version = "2012.08.15";
}
@@ -34,7 +34,7 @@ SERIALIZER._LEGACY_extractCertParamsFrom = function(params) {
delete params['public-key'];
certParams.principal = params.principal;
delete params.principal;
-
+
return certParams;
};
@@ -47,7 +47,7 @@ SERIALIZER._20120815_extractCertParamsFrom = function(params) {
delete params.publicKey;
certParams.principal = params.principal;
delete params.principal;
-
+
return certParams;
};
@@ -75,7 +75,7 @@ var verify = function(signedObject, publicKey, now, cb) {
// compatible with old format
var originalComponents = jwcrypto.extractComponents(signedObject);
var certParams = extractCertParamsFrom(payload, originalComponents);
-
+
// make the key appear under both public-key and publicKey
cb(err, payload, assertionParams, certParams);
});
@@ -121,14 +121,14 @@ var verifyChain = function(certs, now, getRoot, cb) {
certParamsArray.push({payload: payload,
assertionParams: assertionParams,
certParams: certParams});
-
+
if (i >= certs.length)
cb(null, certParamsArray, certParams.publicKey);
else
delay(verifyCert)(i, certParams.publicKey, certParamsArray, cb);
});
}
-
+
// get the root public key
getRoot(rootIssuer, function(err, rootPK) {
if (err) return delay(cb)(err);
@@ -139,9 +139,9 @@ var verifyChain = function(certs, now, getRoot, cb) {
// we're done
cb(null, certParamsArray);
});
-
- });
-
+
+ });
+
};
exports.verifyChain = verifyChain;
@@ -174,11 +174,11 @@ exports.verifyBundle = function(bundle, now, getRoot, cb) {
// what was the last PK in the successful chain?
var lastPK = certParamsArray[certParamsArray.length - 1].certParams.publicKey;
-
+
// now verify the assertion
assertion.verify(signedAssertion, lastPK, now, function(err, payload, assertionParams) {
if (err) return cb(err);
-
+
// we're good!
cb(null, certParamsArray, payload, assertionParams);
});
View
@@ -59,7 +59,7 @@ exports.generateKeypair = function(opts, cb) {
var algObject = algs.ALGS[opts.algorithm];
if (!algObject)
throw new algs.NotImplementedException("algorithm " + opts.algorithm + " not implemented");
-
+
waitForSeed(function() {
// generate on the specific algorithm
// no progress callback
@@ -76,7 +76,7 @@ exports.loadPublicKeyFromObject = function(obj) {
};
exports.loadSecretKey = function(str) {
- return algs.SecretKey.deserialize(str);
+ return algs.SecretKey.deserialize(str);
};
exports.loadSecretKeyFromObject = function(obj) {
@@ -92,7 +92,7 @@ exports.sign = function(payload, secretKey, cb) {
waitForSeed(function() {
secretKey.sign(algBytes + "." + jsonBytes, RNG, function() {}, function(rawSignature) {
var signatureValue = utils.hex2b64urlencode(rawSignature);
-
+
delay(cb)(null, algBytes + "." + jsonBytes + "." + signatureValue);
});
});
@@ -102,15 +102,15 @@ exports.sign = function(payload, secretKey, cb) {
var extractComponents = function(signedObject) {
if (typeof(signedObject) != 'string')
throw new MalformedException("malformed signature");
-
+
var parts = signedObject.split(".");
if (parts.length != 3) {
throw new MalformedException("signed object must have three parts, this one has " + parts.length);
- }
-
+ }
+
var headerSegment = parts[0];
var payloadSegment = parts[1];
- var cryptoSegment = parts[2];
+ var cryptoSegment = parts[2];
// we verify based on the actual string
// FIXME: we should validate that the header contains only proper fields
@@ -132,12 +132,12 @@ exports.verify = function(signedObject, publicKey, cb) {
cb = delay(cb);
try {
var components = extractComponents(signedObject);
-
+
// check that algorithm matches
if (publicKey.getAlgorithm() != components.header.alg) {
cb("invalid signature");
return;
- }
+ }
} catch (x) {
cb("malformed signature");
return;
@@ -147,7 +147,7 @@ exports.verify = function(signedObject, publicKey, cb) {
publicKey.verify(components.headerSegment + "." + components.payloadSegment, components.signature, function(err, result) {
if (err)
return cb("malformed signature");
-
+
if (!result)
return cb("invalid signature");
@@ -161,15 +161,15 @@ exports.verify = function(signedObject, publicKey, cb) {
// for symmetric keys, it's plural because encryption and MACing.
exports.generateKeys = function(opts, cb) {
-
+
};
exports.encrypt = function(payload, encryptionAndMACKeys, cb) {
-
+
};
exports.decrypt = function(encryptedPayload, encryptionAndMACKeys, cb) {
-
+
};
// entropy here is a string that is expected to be relatively high entropy

0 comments on commit 0905c94

Please sign in to comment.