Skip to content

Commit ccd566c

Browse files
chrisbbreuerchrisbbreuer
committed
chore: wip
1 parent 05261b1 commit ccd566c

2 files changed

Lines changed: 22 additions & 15 deletions

File tree

src/pbe.ts

Lines changed: 20 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -385,7 +385,7 @@ function deriveKeyPBKDF2(
385385
const { salt, iterationCount, prf } = options
386386
const md = prfAlgorithmToMessageDigest(prf)
387387
const saltBuffer = toNodeBufferFromBSB(salt)
388-
const result = pbkdf2(toNodeBufferFromString(password), saltBuffer, iterationCount, 32, md)
388+
const result = pbkdf2(toNodeBufferFromString(password), saltBuffer, iterationCount, 32, md, undefined)
389389
return result ? createBuffer(result) : createBuffer('')
390390
}
391391

@@ -744,9 +744,11 @@ export function encryptPrivateKeyInfo(obj: any, password: string, options: Encry
744744
const md = prfAlgorithmToMessageDigest(prfAlgorithm)
745745

746746
// encrypt private key using pbe SHA-1 and AES/DES
747-
const dk = pbkdf2(toNodeBuffer(password), toNodeBuffer(salt), count, dkLen, md, undefined)
748-
if (!dk)
749-
throw new Error('Failed to generate derived key')
747+
if (!salt) throw new Error('Salt is required')
748+
if (typeof dkLen === 'undefined') throw new Error('Key length is required')
749+
const saltBuffer = toNodeBuffer(salt)
750+
const dk = pbkdf2(password, saltBuffer, count, dkLen, md, undefined)
751+
if (!dk) throw new Error('Failed to generate derived key')
750752

751753
const iv = createBuffer(getBytesSync(ivLen))
752754
const cipher = cipherFn(toByteStringBuffer(dk))
@@ -1004,6 +1006,7 @@ export function encryptRsaPrivateKey(rsaKey: any, password: string, options: Enc
10041006
}
10051007

10061008
const dk = opensslDeriveBytes(password, iv.bytes(), dkLen, sha1.create())
1009+
const iv = createBuffer(getBytesSync(16))
10071010
const cipher = cipherFn(createBuffer(dk))
10081011
cipher.start({ iv })
10091012
cipher.update(asn1.toDer(privateKeyToAsn1(rsaKey)))
@@ -1198,34 +1201,38 @@ export function getCipherForPBES2(oid: string, params: any, password: string): B
11981201
switch (oids[oid]) {
11991202
case 'aes128-CBC':
12001203
dkLen = 16
1201-
cipherFn = createCipherOriginal('AES-CBC', key)
1204+
cipherFn = (key: string) => createCipherOriginal('AES-CBC', key)
12021205
break
12031206
case 'aes192-CBC':
12041207
dkLen = 24
1205-
cipherFn = createCipherOriginal('AES-CBC', key)
1208+
cipherFn = (key: string) => createCipherOriginal('AES-CBC', key)
12061209
break
12071210
case 'aes256-CBC':
12081211
dkLen = 32
1209-
cipherFn = createCipherOriginal('AES-CBC', key)
1212+
cipherFn = (key: string) => createCipherOriginal('AES-CBC', key)
12101213
break
12111214
case 'des-EDE3-CBC':
12121215
dkLen = 24
1213-
cipherFn = createCipherOriginal('3DES-CBC', key)
1216+
cipherFn = (key: string) => createCipherOriginal('3DES-CBC', key)
12141217
break
12151218
case 'desCBC':
12161219
dkLen = 8
1217-
cipherFn = createCipherOriginal('DES-CBC', key)
1220+
cipherFn = (key: string) => createCipherOriginal('DES-CBC', key)
12181221
break
12191222
}
12201223

12211224
// get PRF message digest
1222-
const prfAlgorithm = capture.prfOid
1225+
const prfAlgorithm = capture.prfOid || 'hmacWithSHA1'
12231226
const md = prfAlgorithmToMessageDigest(prfAlgorithm)
12241227

12251228
// decrypt private key using pbe with chosen PRF and AES/DES
1226-
const dk = pbkdf2(password, salt, iterationCount, dkLen, md, undefined)
1229+
if (!salt) throw new Error('Salt is required')
1230+
if (typeof dkLen === 'undefined') throw new Error('Key length is required')
1231+
const saltBuffer = toNodeBuffer(salt)
1232+
const dk = pbkdf2(password, saltBuffer, iterationCount, dkLen, md, undefined)
1233+
if (!dk) throw new Error('Failed to generate derived key')
12271234
const iv = capture.encIv
1228-
const cipher = cipherFn(dk.bytes())
1235+
const cipher = cipherFn(convertToString(dk))
12291236
cipher.start({ iv: createBuffer(iv) })
12301237

12311238
return cipher
@@ -1283,7 +1290,7 @@ export function getCipherForPKCS12PBE(oid: string, params: Asn1Object, password:
12831290
}
12841291

12851292
// get PRF message digest
1286-
const prfAlgorithm = capture.prfOid
1293+
const prfAlgorithm = capture.prfOid || 'hmacWithSHA1'
12871294
const md = prfAlgorithmToMessageDigest(prfAlgorithm)
12881295
const key = generatePkcs12Key(password, salt, 1, iterationCount, dkLen, md)
12891296
md.start()

src/pbkdf2.ts

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -34,8 +34,8 @@ const hashAlgorithms: { [key: string]: { create: () => MessageDigest } } = {
3434
* @return the derived key, as a binary-encoded string of bytes, for the synchronous version (if no callback is specified).
3535
*/
3636
export function pbkdf2(
37-
p: Buffer,
38-
s: Buffer,
37+
p: Buffer | string,
38+
s: Buffer | string,
3939
c: number,
4040
dkLen: number,
4141
md?: MessageDigest | string | ((err: Error | null, key?: string) => void),

0 commit comments

Comments
 (0)