index.js 3.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108
  1. var asn1 = require('./asn1')
  2. var aesid = require('./aesid.json')
  3. var fixProc = require('./fixProc')
  4. var ciphers = require('browserify-aes')
  5. var compat = require('pbkdf2')
  6. var Buffer = require('safe-buffer').Buffer
  7. module.exports = parseKeys
  8. function parseKeys (buffer) {
  9. var password
  10. if (typeof buffer === 'object' && !Buffer.isBuffer(buffer)) {
  11. password = buffer.passphrase
  12. buffer = buffer.key
  13. }
  14. if (typeof buffer === 'string') {
  15. buffer = Buffer.from(buffer)
  16. }
  17. var stripped = fixProc(buffer, password)
  18. var type = stripped.tag
  19. var data = stripped.data
  20. var subtype, ndata
  21. switch (type) {
  22. case 'CERTIFICATE':
  23. ndata = asn1.certificate.decode(data, 'der').tbsCertificate.subjectPublicKeyInfo
  24. // falls through
  25. case 'PUBLIC KEY':
  26. if (!ndata) {
  27. ndata = asn1.PublicKey.decode(data, 'der')
  28. }
  29. subtype = ndata.algorithm.algorithm.join('.')
  30. switch (subtype) {
  31. case '1.2.840.113549.1.1.1':
  32. return asn1.RSAPublicKey.decode(ndata.subjectPublicKey.data, 'der')
  33. case '1.2.840.10045.2.1':
  34. ndata.subjectPrivateKey = ndata.subjectPublicKey
  35. return {
  36. type: 'ec',
  37. data: ndata
  38. }
  39. case '1.2.840.10040.4.1':
  40. ndata.algorithm.params.pub_key = asn1.DSAparam.decode(ndata.subjectPublicKey.data, 'der')
  41. return {
  42. type: 'dsa',
  43. data: ndata.algorithm.params
  44. }
  45. default: throw new Error('unknown key id ' + subtype)
  46. }
  47. throw new Error('unknown key type ' + type)
  48. case 'ENCRYPTED PRIVATE KEY':
  49. data = asn1.EncryptedPrivateKey.decode(data, 'der')
  50. data = decrypt(data, password)
  51. // falls through
  52. case 'PRIVATE KEY':
  53. ndata = asn1.PrivateKey.decode(data, 'der')
  54. subtype = ndata.algorithm.algorithm.join('.')
  55. switch (subtype) {
  56. case '1.2.840.113549.1.1.1':
  57. return asn1.RSAPrivateKey.decode(ndata.subjectPrivateKey, 'der')
  58. case '1.2.840.10045.2.1':
  59. return {
  60. curve: ndata.algorithm.curve,
  61. privateKey: asn1.ECPrivateKey.decode(ndata.subjectPrivateKey, 'der').privateKey
  62. }
  63. case '1.2.840.10040.4.1':
  64. ndata.algorithm.params.priv_key = asn1.DSAparam.decode(ndata.subjectPrivateKey, 'der')
  65. return {
  66. type: 'dsa',
  67. params: ndata.algorithm.params
  68. }
  69. default: throw new Error('unknown key id ' + subtype)
  70. }
  71. throw new Error('unknown key type ' + type)
  72. case 'RSA PUBLIC KEY':
  73. return asn1.RSAPublicKey.decode(data, 'der')
  74. case 'RSA PRIVATE KEY':
  75. return asn1.RSAPrivateKey.decode(data, 'der')
  76. case 'DSA PRIVATE KEY':
  77. return {
  78. type: 'dsa',
  79. params: asn1.DSAPrivateKey.decode(data, 'der')
  80. }
  81. case 'EC PRIVATE KEY':
  82. data = asn1.ECPrivateKey.decode(data, 'der')
  83. return {
  84. curve: data.parameters.value,
  85. privateKey: data.privateKey
  86. }
  87. default: throw new Error('unknown key type ' + type)
  88. }
  89. }
  90. parseKeys.signature = asn1.signature
  91. function decrypt (data, password) {
  92. var salt = data.algorithm.decrypt.kde.kdeparams.salt
  93. var iters = parseInt(data.algorithm.decrypt.kde.kdeparams.iters.toString(), 10)
  94. var algo = aesid[data.algorithm.decrypt.cipher.algo.join('.')]
  95. var iv = data.algorithm.decrypt.cipher.iv
  96. var cipherText = data.subjectPrivateKey
  97. var keylen = parseInt(algo.split('-')[1], 10) / 8
  98. var key = compat.pbkdf2Sync(password, salt, iters, keylen, 'sha1')
  99. var cipher = ciphers.createDecipheriv(algo, key, iv)
  100. var out = []
  101. out.push(cipher.update(cipherText))
  102. out.push(cipher.final())
  103. return Buffer.concat(out)
  104. }