Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Merge pull request #4 from Obvious/danfuzz-node-8

Danfuzz node 8
  • Loading branch information...
commit c1d6ff9fedaebe139740e0708601cbcb9fab8d10 2 parents 5f01db8 + afe78cd
@danfuzz danfuzz authored
View
2  .gitignore
@@ -1,4 +1,2 @@
-.lock-wscript
-.waf*
build
ursaNative.node
View
25 README.md
@@ -1,13 +1,14 @@
ursa
====
-This Node module provides wrappers for the RSA public/private key
-crypto functionality of OpenSSL.
+This Node module provides a fairly complete set of wrappers for the
+RSA public/private key crypto functionality of OpenSSL.
+
+It has been tested by the maintainer on both Node 0.6.* and Node 0.8.*,
+on both Linux and OS X (the latter in several configurations, including
+Node built from source as well as installed via MacPorts and Homebrew).
+If you find it doesn't work for you, please file a bug (see below).
-This module was inspired by
-[node-rsa](https://github.com/chrisa/node-rsa) by Chris Andrews. To
-be clear, there are a few lines that I (Danfuzz) used from its
-`wscript` build file, but other than that this code is new.
Building and Installing
-----------------------
@@ -157,6 +158,10 @@ the exponent value, which must be odd (65537 is the typical value; 3
and 17 are also common). Both arguments are optional and default to
2048 and 65537 (respectively).
+This method will throw if `modulusBits` is less than `512` (because
+it's pretty crazy to want a key with that few bits) or if `exponent`
+is even (because RSA only works for odd exponents).
+
Using the command-line `openssl` tool, this operation is
equivalent to:
@@ -375,6 +380,7 @@ is not encrypted, so it behooves the user of this method to take care
with the result if the key is sensitive from a security standpoint,
which is often the case with such things. (YMMV of course.)
+
Signer Methods
--------------
@@ -435,6 +441,7 @@ Bug reports that include steps-to-reproduce (including code) are the
best. Even better, make them in the form of pull requests that update
the test suite. Thanks!
+
Authors
-------
@@ -446,6 +453,12 @@ With contribution from:
* [Tyler Neylon](https://github.com/tylerneylon)
+With thanks to:
+
+* [node-rsa](https://github.com/chrisa/node-rsa) by Chris Andrews,
+ for inspiration
+
+
License
-------
View
20 binding.gyp
@@ -0,0 +1,20 @@
+{
+ 'variables': {
+ # Default for this variable, to get the right behavior for
+ # Node versions <= 0.6.*.
+ 'node_shared_openssl%': 'true'
+ },
+ 'targets': [
+ {
+ 'target_name': 'ursaNative',
+ 'sources': [ 'src/ursaNative.cc' ],
+ 'conditions': [
+ [ 'node_shared_openssl=="false"', {
+ 'include_dirs': [
+ '<(node_root_dir)/deps/openssl/openssl/include'
+ ]
+ }]
+ ]
+ }
+ ]
+}
View
4 package.json
@@ -1,6 +1,6 @@
{
"name": "ursa",
- "version": "0.6.9",
+ "version": "0.7.0",
"keywords": [
"crypto", "key", "openssl", "private", "public", "rsa", "sign",
"signature", "verify", "verification", "hash", "digest"
@@ -33,7 +33,7 @@
},
"scripts": {
- "install": "node-waf configure build",
+ "install": "node-gyp configure build; mkdir -p bin; mv build/Release/*.node bin",
"test": "node test/test.js"
}
}
View
65 src/ursaNative.cc
@@ -278,6 +278,42 @@ static bool getArgInt(const Arguments& args, int index, int *resultPtr) {
return true;
}
+/**
+ * Generate a key, using one of the two possibly-available functions.
+ * This prefers the newer function, if available.
+ */
+static RSA *generateKey(int num, unsigned long e) {
+#if OPENSSL_VERSION_NUMBER < 0x009080001
+ RSA_generate_key(num, e, NULL, NULL);
+#else
+ BIGNUM *eBig = BN_new();
+
+ if (eBig == NULL) {
+ return NULL;
+ }
+
+ if (!BN_set_word(eBig, e)) {
+ BN_free(eBig);
+ return NULL;
+ }
+
+ RSA *result = RSA_new();
+
+ if (result == NULL) {
+ BN_free(eBig);
+ return NULL;
+ }
+
+ if (RSA_generate_key_ex(result, num, eBig, NULL) < 0) {
+ RSA_free(result);
+ result = NULL;
+ }
+
+ BN_free(eBig);
+ return result;
+#endif
+}
+
/*
* Utility function implementation
@@ -321,7 +357,7 @@ void RsaWrap::InitClass(Handle<Object> target) {
Local<FunctionTemplate> tpl = FunctionTemplate::New(New);
tpl->SetClassName(className);
- tpl->InstanceTemplate()->SetInternalFieldCount(1); // required by ObjectWrap
+ tpl->InstanceTemplate()->SetInternalFieldCount(1); // req'd by ObjectWrap
// Prototype method bindings
Local<ObjectTemplate> proto = tpl->PrototypeTemplate();
@@ -444,16 +480,35 @@ Handle<Value> RsaWrap::GeneratePrivateKey(const Arguments& args) {
return Undefined();
}
- // Sanity-check the exponent, since (as of this writing) it looks like
- // OpenSSL doesn't check it. It's required to be odd.
+ // Sanity-check the arguments, since (as of this writing) OpenSSL
+ // either doesn't check, or at least doesn't consistently check:
+ //
+ // * The modulus bit count must be >= 512. Really, it just has to
+ // be a positive integer, but anything less than 512 is a
+ // horrendously bad idea.
+ //
+ // * The exponend must be positive and odd.
+
+ if (modulusBits < 512) {
+ Local<String> message =
+ String::New("Expected modulus bit count >= 512.");
+ ThrowException(Exception::TypeError(message));
+ return Undefined();
+ }
+
+ if (exponent <= 0) {
+ Local<String> message = String::New("Expected positive exponent.");
+ ThrowException(Exception::TypeError(message));
+ return Undefined();
+ }
+
if ((exponent & 1) == 0) {
Local<String> message = String::New("Expected odd exponent.");
ThrowException(Exception::TypeError(message));
return Undefined();
}
- obj->rsa =
- RSA_generate_key(modulusBits, (unsigned long) exponent, NULL, NULL);
+ obj->rsa = generateKey(modulusBits, (unsigned long) exponent);
if (obj->rsa == NULL) {
scheduleSslException();
View
11 test/native.js
@@ -408,14 +408,19 @@ function test_fail_generatePrivateKey() {
assert.throws(f4, /Expected a 32-bit integer in args\[1]\./);
function f5() {
- rsa.generatePrivateKey(512, 0);
+ rsa.generatePrivateKey(512, 2);
}
assert.throws(f5, /Expected odd exponent\./);
function f6() {
- rsa.generatePrivateKey(0, 1);
+ rsa.generatePrivateKey(512, 0);
+ }
+ assert.throws(f6, /Expected positive exponent\./);
+
+ function f7() {
+ rsa.generatePrivateKey(511, 1);
}
- assert.throws(f6, /key size too small/);
+ assert.throws(f7, /Expected modulus bit count >= 512\./);
// Use the original f1(), above, for this test.
rsa.setPublicKeyPem(fixture.PUBLIC_KEY);
View
39 wscript
@@ -1,39 +0,0 @@
-# Build script based on examples from the NodeJS docs and
-# from node-rsa
-
-import Options
-import shutil
-from os import chmod, mkdir
-from os.path import exists
-
-srcdir = '.'
-blddir = 'build'
-VERSION = '0.0.1'
-
-def set_options(opt):
- opt.tool_options('compiler_cxx')
-
-def configure(conf):
- conf.check_tool('compiler_cxx')
- conf.check_tool('node_addon')
-
-def build(bld):
- obj = bld.new_task_gen('cxx', 'shlib', 'node_addon')
- obj.target = 'ursaNative'
- obj.source = 'src/ursaNative.cc'
-
-def shutdown():
- dir = 'bin'
- target = 'ursaNative.node'
- dirTarget = dir + '/' + target
- if Options.commands['clean']:
- if exists(dir): shutil.rmtree(dir)
- if exists('build'): shutil.rmtree('build')
- if Options.commands['build']:
- if not exists(dir): mkdir(dir)
- if exists('build/default/' + target):
- shutil.copyfile('build/default/' + target, dirTarget)
- if exists('build/Release/' + target):
- shutil.copyfile('build/Release/' + target, dirTarget)
- if exists(dirTarget):
- chmod(dirTarget, 0755)
Please sign in to comment.
Something went wrong with that request. Please try again.