forked from browserify/browserify-sign
-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.js
137 lines (110 loc) · 4.3 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
var asn1 = require('parse-asn1/asn1')
var test = require('tape').test
var nCrypto = require('crypto')
var bCrypto = require('../browser')
var fixtures = require('./fixtures')
function isNode10 () {
return parseInt(process.version.split('.')[1], 10) <= 10
}
fixtures.valid.rsa.forEach(function (f) {
var message = new Buffer(f.message)
var pub = new Buffer(f.public, 'base64')
var priv
// skip passphrase tests in node 10
if (f.passphrase && isNode10()) return
if (f.passphrase) {
priv = {
key: new Buffer(f.private, 'base64'),
passphrase: f.passphrase
}
} else {
priv = new Buffer(f.private, 'base64')
}
test(f.message, function (t) {
var bSign = bCrypto.createSign(f.scheme)
var nSign = nCrypto.createSign(f.scheme)
var bSig = bSign.update(message).sign(priv)
var nSig = nSign.update(message).sign(priv)
t.equals(bSig.length, nSig.length, 'correct length')
t.equals(bSig.toString('hex'), nSig.toString('hex'), 'equal sigs')
t.equals(bSig.toString('hex'), f.signature, 'compare to known')
t.ok(nCrypto.createVerify(f.scheme).update(message).verify(pub, nSig), 'node validate node sig')
t.ok(nCrypto.createVerify(f.scheme).update(message).verify(pub, bSig), 'node validate browser sig')
t.ok(bCrypto.createVerify(f.scheme).update(message).verify(pub, nSig), 'browser validate node sig')
t.ok(bCrypto.createVerify(f.scheme).update(message).verify(pub, bSig), 'browser validate browser sig')
t.end()
})
})
fixtures.valid.ec.forEach(function (f) {
var message = new Buffer(f.message)
var pub = new Buffer(f.public, 'base64')
var priv
// skip passphrase tests in node 10
if (f.passphrase && isNode10()) return
if (f.passphrase) {
priv = {
key: new Buffer(f.private, 'base64'),
passphrase: f.passphrase
}
} else {
priv = new Buffer(f.private, 'base64')
}
test(f.message, function (t) {
var nSign
try {
nSign = nCrypto.createSign(f.scheme)
} catch (ex) {
console.info('skipping unsupported scheme', f.scheme)
t.end()
return
}
var bSign = bCrypto.createSign(f.scheme)
var bSig = bSign.update(message).sign(priv)
var nSig = nSign.update(message).sign(priv)
t.notEqual(bSig.toString('hex'), nSig.toString('hex'), 'not equal sigs')
t.equals(bSig.toString('hex'), f.signature, 'sig is determanistic')
var nVer = nCrypto.createVerify(f.scheme)
t.ok(nVer.update(message).verify(pub, bSig), 'node validate browser sig')
var bVer = bCrypto.createVerify(f.scheme)
t.ok(bVer.update(message).verify(pub, nSig), 'browser validate node sig')
t.end()
})
if (f.scheme !== 'DSA' && f.scheme.toLowerCase().indexOf('dsa') === -1) {
test(f.message + ' named rsa through', function (t) {
var scheme = 'RSA-' + f.scheme.toUpperCase()
var nSign = nCrypto.createSign(scheme)
var bSign = bCrypto.createSign(scheme)
var bSig = bSign.update(message).sign(priv)
var nSig = nSign.update(message).sign(priv)
t.notEqual(bSig.toString('hex'), nSig.toString('hex'), 'not equal sigs')
t.equals(bSig.toString('hex'), f.signature, 'sig is determanistic')
var nVer = nCrypto.createVerify(f.scheme)
t.ok(nVer.update(message).verify(pub, bSig), 'node validate browser sig')
var bVer = bCrypto.createVerify(f.scheme)
t.ok(bVer.update(message).verify(pub, nSig), 'browser validate node sig')
t.end()
})
}
})
fixtures.valid.kvectors.forEach(function (f) {
test('kvector algo: ' + f.algo + ' key len: ' + f.key.length + ' msg: ' + f.msg, function (t) {
var key = new Buffer(f.key, 'base64')
var bSig = bCrypto.createSign(f.algo).update(f.msg).sign(key)
var bRS = asn1.signature.decode(bSig, 'der')
t.equals(bRS.r.toString(16), f.r.toLowerCase(), 'r')
t.equals(bRS.s.toString(16), f.s.toLowerCase(), 's')
t.end()
})
})
fixtures.invalid.verify.forEach(function (f) {
test(f.description, function (t) {
var sign = new Buffer(f.signature, 'hex')
var pub = new Buffer(f.public, 'base64')
var message = new Buffer(f.message)
var nVerify = nCrypto.createVerify(f.scheme).update(message).verify(pub, sign)
t.notOk(nVerify, 'node rejects it')
var bVerify = bCrypto.createVerify(f.scheme).update(message).verify(pub, sign)
t.notOk(bVerify, 'We reject it')
t.end()
})
})