-
-
Notifications
You must be signed in to change notification settings - Fork 56
/
sign.js
141 lines (138 loc) · 3.22 KB
/
sign.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
// much of this based on https://github.com/indutny/self-signed/blob/gh-pages/lib/rsa.js
var parseKeys = require('parse-asn1');
var bn = require('bn.js');
var elliptic = require('elliptic');
var crt = require("browserify-rsa");
module.exports = sign;
function sign(hash, key, crypto) {
var priv = parseKeys(key, crypto);
if (priv.curve) {
return ecSign(hash, priv, crypto);
} else if (priv.type === 'dsa') {
return dsaSign(hash, priv, crypto);
}
var len = priv.modulus.byteLength();
var pad = [ 0, 1 ];
while (hash.length + pad.length + 1 < len) {
pad.push(0xff);
}
pad.push(0x00);
var i = -1;
while (++i < hash.length) {
pad.push(hash[i]);
}
var out = crt(pad, priv, crypto);
return out;
}
function ecSign(hash, priv, crypto) {
elliptic.rand = crypto.randomBytes;
var curve;
if (priv.curve.join('.') === '1.3.132.0.10') {
curve = new elliptic.ec('secp256k1');
}
var key = curve.genKeyPair();
key._importPrivate(priv.privateKey);
var out = key.sign(hash);
return new Buffer(out.toDER());
}
function dsaSign(hash, priv, crypto) {
var x = priv.params.priv_key;
var p = priv.params.p;
var q = priv.params.q;
var montq = bn.mont(q);
var g = priv.params.g;
var r = new bn(0);
var k;
var H = new bn(hash);
var s = false;
var kv = getKay(x, hash, crypto);
while (s === false) {
while (!r.cmpn(0)) {
k = makeKey(q, kv, crypto);
r = makeR(g, k, p, q);
}
s = k.invm(q).imul(H.add(x.imul(r).mod(q)).mod(q)).mod(q);
if (!s.cmpn(0)) {
s = false;
r = new bn(0);
}
}
return toDER(r,s);
}
function toDER(r, s) {
r = r.toArray();
s = s.toArray();
// Pad values
if (r[0] & 0x80)
r = [ 0 ].concat(r);
// Pad values
if (s[0] & 0x80)
s = [ 0 ].concat(s);
var total = r.length + s.length + 4;
var res = [ 0x30, total, 0x02, r.length ];
res = res.concat(r, [ 0x02, s.length ], s);
return new Buffer(res);
}
function getKay(x, hash, crypto) {
x = new Buffer(x.toArray());
var algo = 'sha1';//I know!
var hlen = hash.length;
var v = new Buffer(hlen);
v.fill(1);
var k = new Buffer(hlen);
k.fill(0);
k = crypto.createHmac('sha1', k)
.update(v)
.update(new Buffer([0]))
.update(x)
.update(hash)
.digest();
v = crypto.createHmac(algo, k)
.update(v)
.digest();
k = crypto.createHmac(algo, k)
.update(v)
.update(new Buffer([1]))
.update(x)
.update(hash)
.digest();
return {
k:k,
v:v
};
}
function bits2int(bits, q) {
bits = new bn(bits);
var shift = bits.bitLength() - q.bitLength();
if (shift > 0) {
bits.ishrn(shift);
}
return bits;
}
function makeKey(q, kv, crypto) {
var t;
var k;
while (true) {
t = new Buffer('');
while (t.length * 8 < q.bitLength()) {
kv.v = crypto.createHmac('sha1', kv.k)
.update(kv.v)
.digest();
t = Buffer.concat([t, kv.v]);
}
k = bits2int(t, q);
kv.k = crypto.createHmac('sha1', kv.k)
.update(kv.v)
.update(new Buffer([0]))
.digest();
kv.v = crypto.createHmac('sha1', kv.k)
.update(kv.v)
.digest();
if (k.cmp(q) === -1) {
return k;
}
}
}
function makeR(g, k, p, q) {
return g.toRed(bn.mont(p)).redPow(k).fromRed().mod(q);
}