ecdsa with password

browserify · Nov 16, 2014 · 2186465 · 2186465
1 parent 17745d2
commit 2186465
Show file tree

Hide file tree

Showing 5 changed files with 55 additions and 8 deletions.
diff --git a/asn1.js b/asn1.js
@@ -39,6 +39,17 @@ var ECPublicKey =  asn1.define('ECPublicKey', function() {
   );
 });
 exports.ECPublicKey = ECPublicKey;
+var ECPrivateWrap =  asn1.define('ECPrivateWrap', function() {
+  this.seq().obj(
+    this.key('version').int(),
+    this.key('algorithm').seq().obj(
+      this.key('id').objid(),
+      this.key('curve').objid()
+    ),
+    this.key('subjectPrivateKey').octstr()
+  );
+});
+exports.ECPrivateWrap = ECPrivateWrap;
 var PrivateKeyInfo = asn1.define('PrivateKeyInfo', function() {
   this.seq().obj(
     this.key('version').int(),
@@ -85,4 +96,15 @@ var ECParameters = asn1.define('ECParameters', function() {
   this.choice({
     namedCurve: this.objid()
   });
-});
+});
+
+var ECPrivateKey2 = asn1.define('ECPrivateKey2', function() {
+  this.seq().obj(
+    this.key('version').int(),
+    this.key('privateKey').octstr(),
+    this.key('publicKey').seq().obj(
+      this.key('key').bitstr()
+    )
+  );
+});
+exports.ECPrivateKey2 = ECPrivateKey2;
diff --git a/parseKeys.js b/parseKeys.js
@@ -33,11 +33,17 @@ function parseKeys(buffer, crypto) {
 		  data = decrypt(crypto, data, password);
 		  //falling through
 		case 'PRIVATE KEY':
-		  data = asn1.PrivateKey.decode(data, 'der');
-		  subtype = data.algorithm.algorithm.join('.');
+		  ndata = asn1.PrivateKey.decode(data, 'der');
+		  subtype = ndata.algorithm.algorithm.join('.');
 		  switch(subtype) {
 		  	case '1.2.840.113549.1.1.1':
-		  	  return asn1.RSAPrivateKey.decode(data.subjectPrivateKey, 'der');
+		  	  return asn1.RSAPrivateKey.decode(ndata.subjectPrivateKey, 'der');
+		  	case '1.2.840.10045.2.1':
+		  	  ndata =  asn1.ECPrivateWrap.decode(data, 'der');
+		  	  return {
+		  	  	curve: ndata.algorithm.curve,
+		  	  	privateKey: asn1.ECPrivateKey.decode(ndata.subjectPrivateKey, 'der').privateKey
+		  	  };
 		  	default: throw new Error('unknown key id ' +  subtype);
 		  }
 		  throw new Error('unknown key type ' +  type);
@@ -46,7 +52,11 @@ function parseKeys(buffer, crypto) {
 		case 'RSA PRIVATE KEY':
 		  return asn1.RSAPrivateKey.decode(data, 'der');
 		case 'EC PRIVATE KEY':
-		  return asn1.ECPrivateKey.decode(data, 'der');
+		  data = asn1.ECPrivateKey.decode(data, 'der');
+		  return {
+		  	curve: data.parameters.value,
+		  	privateKey: data.privateKey
+		  }
 		default: throw new Error('unknown key type ' +  type);
 	}
 }

diff --git a/sign.js b/sign.js
@@ -5,7 +5,7 @@ var elliptic = require('elliptic');
 module.exports = sign;
 function sign(hash, key, crypto) {
   var priv = parseKeys(key, crypto);
-  if (priv.parameters && priv.parameters.type === 'namedCurve') {
+  if (priv.curve) {
     return ecSign(hash, priv, crypto);
   }
   var len = priv.modulus.byteLength();
@@ -45,7 +45,7 @@ function crt(msg, priv) {
 function ecSign(hash, priv, crypto) {
   elliptic.rand = crypto.randomBytes;
   var curve;
-  if (priv.parameters.value.join('.')  === '1.3.132.0.10') {
+  if (priv.curve.join('.')  === '1.3.132.0.10') {
     curve = new elliptic.ec('secp256k1');
   }
   var key = curve.genKeyPair();

diff --git a/test/ec.pass.priv b/test/ec.pass.priv
@@ -0,0 +1,7 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIHeMEkGCSqGSIb3DQEFDTA8MBsGCSqGSIb3DQEFDDAOBAi9LqZQx4JFXAICCAAw
+HQYJYIZIAWUDBAECBBA+js1fG4Rv/yRN7oZvxbgyBIGQ/D4yj86M1x8lMsnAHQ/K
+7/ryb/baDNHqN9LTZanEGBuyxgrTzt08SiL+h91yFGMoaly029K1VgEI8Lxu5Np/
+A+LK7ewh73ABzsbuxYdcXI+rKnrvLN9Tt6veDs4GlqTTsWwq5wF0C+6gaYRBXA74
+T1b6NykGh2UNL5U5pHZEYdOVLz+lRJL7gYqlweNHP/S3
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/test/index.js b/test/index.js
@@ -24,6 +24,13 @@ var ec = {
 	private: fs.readFileSync(__dirname + '/ec.priv'),
 	public: fs.readFileSync(__dirname + '/ec.pub')
 }
+var ecpass = {
+	private: {
+		key: fs.readFileSync(__dirname + '/ec.pass.priv'),
+		passphrase: 'bard'
+	},
+	public: fs.readFileSync(__dirname + '/ec.pub')
+}
 function isNode10() {
   return process.version && process.version.split('.').length === 3 && parseInt(process.version.split('.')[1], 10) <= 10;
 }
@@ -63,7 +70,7 @@ function ectestIt(keys, message, scheme) {
 		t.ok(myVer.update(message).verify(pub, nodeSig), 'me validate node sig');
 	});
 }
-ectestIt(ec, new Buffer('ecdsa with 1024 keys'), 'ecdsa-with-SHA1');
+ectestIt(ec, new Buffer('ecdsa with sha1'), 'ecdsa-with-SHA1');
 
 testIt(rsa1024, new Buffer('sha1 with 1024 keys'), 'RSA-SHA1');
 testIt(rsa2028, new Buffer('sha1 with 2028 keys'), 'RSA-SHA1');
@@ -81,6 +88,7 @@ testIt(rsa1024, new Buffer('SHA512 with 1024 keys'), 'RSA-SHA512');
 testIt(nonrsa1024, new Buffer('sha512 with 1024 keys non-rsa key'), 'RSA-SHA512');
 testIt(rsa2028, new Buffer('SHA512 with 2028 keys'), 'RSA-SHA512');
 if (!isNode10()) {
+	ectestIt(ecpass, new Buffer('ecdsa with password'), 'ecdsa-with-SHA1');
 	testIt(pass1024, new Buffer('sha1 with 1024 keys and password'), 'RSA-SHA1');
 	testIt(pass1024, new Buffer('sha224 with 1024 keys and password'), 'RSA-SHA224');
 	testIt(pass1024, new Buffer('sha256 with 1024 keys and password'), 'RSA-SHA256');