|
|
- var asn1 = require('./asn1')
- var aesid = require('./aesid.json')
- var fixProc = require('./fixProc')
- var ciphers = require('browserify-aes')
- var compat = require('pbkdf2')
- var Buffer = require('safe-buffer').Buffer
- module.exports = parseKeys
-
- function parseKeys (buffer) {
- var password
- if (typeof buffer === 'object' && !Buffer.isBuffer(buffer)) {
- password = buffer.passphrase
- buffer = buffer.key
- }
- if (typeof buffer === 'string') {
- buffer = Buffer.from(buffer)
- }
-
- var stripped = fixProc(buffer, password)
-
- var type = stripped.tag
- var data = stripped.data
- var subtype, ndata
- switch (type) {
- case 'CERTIFICATE':
- ndata = asn1.certificate.decode(data, 'der').tbsCertificate.subjectPublicKeyInfo
- // falls through
- case 'PUBLIC KEY':
- if (!ndata) {
- ndata = asn1.PublicKey.decode(data, 'der')
- }
- subtype = ndata.algorithm.algorithm.join('.')
- switch (subtype) {
- case '1.2.840.113549.1.1.1':
- return asn1.RSAPublicKey.decode(ndata.subjectPublicKey.data, 'der')
- case '1.2.840.10045.2.1':
- ndata.subjectPrivateKey = ndata.subjectPublicKey
- return {
- type: 'ec',
- data: ndata
- }
- case '1.2.840.10040.4.1':
- ndata.algorithm.params.pub_key = asn1.DSAparam.decode(ndata.subjectPublicKey.data, 'der')
- return {
- type: 'dsa',
- data: ndata.algorithm.params
- }
- default: throw new Error('unknown key id ' + subtype)
- }
- throw new Error('unknown key type ' + type)
- case 'ENCRYPTED PRIVATE KEY':
- data = asn1.EncryptedPrivateKey.decode(data, 'der')
- data = decrypt(data, password)
- // falls through
- case 'PRIVATE KEY':
- ndata = asn1.PrivateKey.decode(data, 'der')
- subtype = ndata.algorithm.algorithm.join('.')
- switch (subtype) {
- case '1.2.840.113549.1.1.1':
- return asn1.RSAPrivateKey.decode(ndata.subjectPrivateKey, 'der')
- case '1.2.840.10045.2.1':
- return {
- curve: ndata.algorithm.curve,
- privateKey: asn1.ECPrivateKey.decode(ndata.subjectPrivateKey, 'der').privateKey
- }
- case '1.2.840.10040.4.1':
- ndata.algorithm.params.priv_key = asn1.DSAparam.decode(ndata.subjectPrivateKey, 'der')
- return {
- type: 'dsa',
- params: ndata.algorithm.params
- }
- default: throw new Error('unknown key id ' + subtype)
- }
- throw new Error('unknown key type ' + type)
- case 'RSA PUBLIC KEY':
- return asn1.RSAPublicKey.decode(data, 'der')
- case 'RSA PRIVATE KEY':
- return asn1.RSAPrivateKey.decode(data, 'der')
- case 'DSA PRIVATE KEY':
- return {
- type: 'dsa',
- params: asn1.DSAPrivateKey.decode(data, 'der')
- }
- case 'EC PRIVATE KEY':
- data = asn1.ECPrivateKey.decode(data, 'der')
- return {
- curve: data.parameters.value,
- privateKey: data.privateKey
- }
- default: throw new Error('unknown key type ' + type)
- }
- }
- parseKeys.signature = asn1.signature
- function decrypt (data, password) {
- var salt = data.algorithm.decrypt.kde.kdeparams.salt
- var iters = parseInt(data.algorithm.decrypt.kde.kdeparams.iters.toString(), 10)
- var algo = aesid[data.algorithm.decrypt.cipher.algo.join('.')]
- var iv = data.algorithm.decrypt.cipher.iv
- var cipherText = data.subjectPrivateKey
- var keylen = parseInt(algo.split('-')[1], 10) / 8
- var key = compat.pbkdf2Sync(password, salt, iters, keylen, 'sha1')
- var cipher = ciphers.createDecipheriv(algo, key, iv)
- var out = []
- out.push(cipher.update(cipherText))
- out.push(cipher.final())
- return Buffer.concat(out)
- }
|