-
-
Notifications
You must be signed in to change notification settings - Fork 40
/
index.js
132 lines (104 loc) · 4.27 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
var Buffer = require('buffer').Buffer
var asn1 = require('parse-asn1/asn1')
var test = require('tape').test
var nCrypto = require('crypto')
var bCrypto = require('../browser')
var fixtures = require('./fixtures')
function isNode10 () {
return parseInt(process.version.split('.')[1], 10) <= 10
}
fixtures.valid.rsa.forEach(function (f) {
var message = Buffer.from(f.message)
var pub = Buffer.from(f.public, 'base64')
var priv
// skip passphrase tests in node 10
if (f.passphrase && isNode10()) return
if (f.passphrase) {
priv = {
key: Buffer.from(f.private, 'base64'),
passphrase: f.passphrase
}
} else {
priv = Buffer.from(f.private, 'base64')
}
test(f.message, function (t) {
var bSign = bCrypto.createSign(f.scheme)
var nSign = nCrypto.createSign(f.scheme)
var bSig = bSign.update(message).sign(priv)
var nSig = nSign.update(message).sign(priv)
t.equals(bSig.length, nSig.length, 'correct length')
t.equals(bSig.toString('hex'), nSig.toString('hex'), 'equal sigs')
t.equals(bSig.toString('hex'), f.signature, 'compare to known')
t.ok(nCrypto.createVerify(f.scheme).update(message).verify(pub, nSig), 'node validate node sig')
t.ok(nCrypto.createVerify(f.scheme).update(message).verify(pub, bSig), 'node validate browser sig')
t.ok(bCrypto.createVerify(f.scheme).update(message).verify(pub, nSig), 'browser validate node sig')
t.ok(bCrypto.createVerify(f.scheme).update(message).verify(pub, bSig), 'browser validate browser sig')
t.end()
})
})
fixtures.valid.ec.forEach(function (f) {
var message = Buffer.from(f.message)
var pub = Buffer.from(f.public, 'base64')
var priv
// skip passphrase tests in node 10
if (f.passphrase && isNode10()) return
if (f.passphrase) {
priv = {
key: Buffer.from(f.private, 'base64'),
passphrase: f.passphrase
}
} else {
priv = Buffer.from(f.private, 'base64')
}
(nCrypto.getHashes().includes(f.scheme) ? test : test.skip)(f.message, function (t) {
var nSign = nCrypto.createSign(f.scheme)
var bSign = bCrypto.createSign(f.scheme)
var bSig = bSign.update(message).sign(priv)
var nSig = nSign.update(message).sign(priv)
t.notEqual(bSig.toString('hex'), nSig.toString('hex'), 'not equal sigs')
t.equals(bSig.toString('hex'), f.signature, 'sig is determanistic')
var nVer = nCrypto.createVerify(f.scheme)
t.ok(nVer.update(message).verify(pub, bSig), 'node validate browser sig')
var bVer = bCrypto.createVerify(f.scheme)
t.ok(bVer.update(message).verify(pub, nSig), 'browser validate node sig')
t.end()
})
if (f.scheme !== 'DSA' && f.scheme.toLowerCase().indexOf('dsa') === -1) {
test(f.message + ' named rsa through', function (t) {
var scheme = 'RSA-' + f.scheme.toUpperCase()
var nSign = nCrypto.createSign(scheme)
var bSign = bCrypto.createSign(scheme)
var bSig = bSign.update(message).sign(priv)
var nSig = nSign.update(message).sign(priv)
t.notEqual(bSig.toString('hex'), nSig.toString('hex'), 'not equal sigs')
t.equals(bSig.toString('hex'), f.signature, 'sig is determanistic')
var nVer = nCrypto.createVerify(f.scheme)
t.ok(nVer.update(message).verify(pub, bSig), 'node validate browser sig')
var bVer = bCrypto.createVerify(f.scheme)
t.ok(bVer.update(message).verify(pub, nSig), 'browser validate node sig')
t.end()
})
}
})
fixtures.valid.kvectors.forEach(function (f) {
test('kvector algo: ' + f.algo + ' key len: ' + f.key.length + ' msg: ' + f.msg, function (t) {
var key = Buffer.from(f.key, 'base64')
var bSig = bCrypto.createSign(f.algo).update(f.msg).sign(key)
var bRS = asn1.signature.decode(bSig, 'der')
t.equals(bRS.r.toString(16), f.r.toLowerCase(), 'r')
t.equals(bRS.s.toString(16), f.s.toLowerCase(), 's')
t.end()
})
})
fixtures.invalid.verify.forEach(function (f) {
test(f.description, function (t) {
var sign = Buffer.from(f.signature, 'hex')
var pub = Buffer.from(f.public, 'base64')
var message = Buffer.from(f.message)
var nVerify = nCrypto.createVerify(f.scheme).update(message).verify(pub, sign)
t.notOk(nVerify, 'node rejects it')
var bVerify = bCrypto.createVerify(f.scheme).update(message).verify(pub, sign)
t.notOk(bVerify, 'We reject it')
t.end()
})
})