Source: security/identity/private-key-storage.js

  1. /**
  2.  * Copyright (C) 2014-2018 Regents of the University of California.
  3.  * @author: Jeff Thompson <jefft0@remap.ucla.edu>
  4.  * From ndn-cxx security by Yingdi Yu <yingdi@cs.ucla.edu>.
  5.  *
  6.  * This program is free software: you can redistribute it and/or modify
  7.  * it under the terms of the GNU Lesser General Public License as published by
  8.  * the Free Software Foundation, either version 3 of the License, or
  9.  * (at your option) any later version.
  10.  *
  11.  * This program is distributed in the hope that it will be useful,
  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14.  * GNU Lesser General Public License for more details.
  15.  *
  16.  * You should have received a copy of the GNU Lesser General Public License
  17.  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18.  * A copy of the GNU Lesser General Public License is in the file COPYING.
  19.  */
  21. /** @ignore */
  22. var SyncPromise = require('../../util/sync-promise.js').SyncPromise; /** @ignore */
  23. var DerNode = require('../../encoding/der/der-node.js').DerNode;
  25. /**
  26.  * PrivateKeyStorage is an abstract class which declares methods for working
  27.  * with a private key storage. You should use a subclass.
  28.  * @constructor
  29.  */
  30. var PrivateKeyStorage = function PrivateKeyStorage()
  31. {
  32. };
  34. exports.PrivateKeyStorage = PrivateKeyStorage;
  36. /**
  37.  * Generate a pair of asymmetric keys.
  38.  * @param {Name} keyName The name of the key pair.
  39.  * @param {KeyParams} params The parameters of the key.
  40.  * @param {boolean} (optional) useSync If true then return a SyncPromise which
  41.  * is already fulfilled. If omitted or false, this may return a SyncPromise or
  42.  * an async Promise.
  43.  * @return {Promise|SyncPromise} A promise that fulfills when the pair is
  44.  * generated.
  45.  */
  46. PrivateKeyStorage.prototype.generateKeyPairPromise = function
  47.   (keyName, params, useSync)
  48. {
  49.   return SyncPromise.reject(new Error
  50.     ("PrivateKeyStorage.generateKeyPairPromise is not implemented"));
  51. };
  53. /**
  54.  * Generate a pair of asymmetric keys.
  55.  * @param {Name} keyName The name of the key pair.
  56.  * @param {KeyParams} params The parameters of the key.
  57.  * @throws Error If generateKeyPairPromise doesn't return a SyncPromise which
  58.  * is already fulfilled.
  59.  */
  60. PrivateKeyStorage.prototype.generateKeyPair = function(keyName, params)
  61. {
  62.   SyncPromise.getValue(this.generateKeyPairPromise(keyName, params, true));
  63. };
  65. /**
  66.  * Delete a pair of asymmetric keys. If the key doesn't exist, do nothing.
  67.  * @param {Name} keyName The name of the key pair.
  68.  * @param {boolean} useSync (optional) If true then return a SyncPromise which
  69.  * is already fulfilled. If omitted or false, this may return a SyncPromise or
  70.  * an async Promise.
  71.  * @return {Promise|SyncPromise} A promise that fulfills when the key pair is
  72.  * deleted.
  73.  */
  74. PrivateKeyStorage.prototype.deleteKeyPairPromise = function(keyName, useSync)
  75. {
  76.   return SyncPromise.reject(new Error
  77.     ("PrivateKeyStorage.deleteKeyPairPromise is not implemented"));
  78. };
  80. /**
  81.  * Delete a pair of asymmetric keys. If the key doesn't exist, do nothing.
  82.  * @param {Name} keyName The name of the key pair.
  83.  * @throws Error If deleteKeyPairPromise doesn't return a SyncPromise which
  84.  * is already fulfilled.
  85.  */
  86. PrivateKeyStorage.prototype.deleteKeyPair = function(keyName)
  87. {
  88.   SyncPromise.getValue(this.deleteKeyPairPromise(keyName, true));
  89. };
  91. /**
  92.  * Get the public key
  93.  * @param {Name} keyName The name of public key.
  94.  * @param {boolean} useSync (optional) If true then return a SyncPromise which
  95.  * is already fulfilled. If omitted or false, this may return a SyncPromise or
  96.  * an async Promise.
  97.  * @return {Promise|SyncPromise} A promise that returns the PublicKey.
  98.  */
  99. PrivateKeyStorage.prototype.getPublicKeyPromise = function(keyName, useSync)
  100. {
  101.   return SyncPromise.reject(new Error
  102.     ("PrivateKeyStorage.getPublicKeyPromise is not implemented"));
  103. };
  105. /**
  106.  * Get the public key
  107.  * @param {Name} keyName The name of public key.
  108.  * @return {PublicKey} The public key.
  109.  * @throws Error If getPublicKeyPromise doesn't return a SyncPromise which
  110.  * is already fulfilled.
  111.  */
  112. PrivateKeyStorage.prototype.getPublicKey = function(keyName)
  113. {
  114.   return SyncPromise.getValue(this.getPublicKeyPromise(keyName, true));
  115. };
  117. /**
  118.  * Fetch the private key for keyName and sign the data to produce a signature Blob.
  119.  * @param {Buffer} data Pointer to the input byte array.
  120.  * @param {Name} keyName The name of the signing key.
  121.  * @param {number} digestAlgorithm (optional) The digest algorithm from
  122.  * DigestAlgorithm, such as DigestAlgorithm.SHA256. If omitted, use
  123.  * DigestAlgorithm.SHA256.
  124.  * @param {boolean} useSync (optional) If true then return a SyncPromise which
  125.  * is already fulfilled. If omitted or false, this may return a SyncPromise or
  126.  * an async Promise.
  127.  * @return {Promise|SyncPromise} A promise that returns the signature Blob.
  128.  */
  129. PrivateKeyStorage.prototype.signPromise = function
  130.   (data, keyName, digestAlgorithm, useSync)
  131. {
  132.   return SyncPromise.reject(new Error("PrivateKeyStorage.sign is not implemented"));
  133. };
  135. /**
  136.  * Fetch the private key for keyName and sign the data to produce a signature Blob.
  137.  * @param {Buffer} data Pointer to the input byte array.
  138.  * @param {Name} keyName The name of the signing key.
  139.  * @param {number} digestAlgorithm (optional) The digest algorithm from
  140.  * DigestAlgorithm, such as DigestAlgorithm.SHA256. If omitted, use
  141.  * DigestAlgorithm.SHA256.
  142.  * @return {Blob} The signature Blob.
  143.  * @throws Error If signPromise doesn't return a SyncPromise which is already
  144.  * fulfilled.
  145.  */
  146. PrivateKeyStorage.prototype.sign = function(data, keyName, digestAlgorithm)
  147. {
  148.   return SyncPromise.getValue
  149.     (this.signPromise(data, keyName, digestAlgorithm, true));
  150. };
  152. /**
  153.  * Decrypt data.
  154.  * @param {Name} keyName The name of the decrypting key.
  155.  * @param {Buffer} data The byte to be decrypted.
  156.  * @param {boolean} isSymmetric (optional) If true symmetric encryption is used,
  157.  * otherwise asymmetric encryption is used. If omitted, use asymmetric
  158.  * encryption.
  159.  * @return {Blob} The decrypted data.
  160.  */
  161. PrivateKeyStorage.prototype.decrypt = function(keyName, data, isSymmetric)
  162. {
  163.   throw new Error("PrivateKeyStorage.decrypt is not implemented");
  164. };
  166. /**
  167.  * Encrypt data.
  168.  * @param {Name} keyName The name of the encrypting key.
  169.  * @param {Buffer} data The byte to be encrypted.
  170.  * @param {boolean} isSymmetric (optional) If true symmetric encryption is used,
  171.  * otherwise asymmetric encryption is used. If omitted, use asymmetric
  172.  * encryption.
  173.  * @return {Blob} The encrypted data.
  174.  */
  175. PrivateKeyStorage.prototype.encrypt = function(keyName, data, isSymmetric)
  176. {
  177.   throw new Error("PrivateKeyStorage.encrypt is not implemented");
  178. };
  180. /**
  181.  * Generate a symmetric key.
  182.  * @param {Name} keyName The name of the key.
  183.  * @param {KeyParams} params The parameters of the key.
  184.  */
  185. PrivateKeyStorage.prototype.generateKey = function(keyName, params)
  186. {
  187.   throw new Error("PrivateKeyStorage.generateKey is not implemented");
  188. };
  190. /**
  191.  * Check if a particular key exists.
  192.  * @param {Name} keyName The name of the key.
  193.  * @param {number} keyClass The class of the key, e.g. KeyClass.PUBLIC,
  194.  * KeyClass.PRIVATE, or KeyClass.SYMMETRIC.
  195.  * @param {boolean} useSync (optional) If true then return a SyncPromise which
  196.  * is already fulfilled. If omitted or false, this may return a SyncPromise or
  197.  * an async Promise.
  198.  * @return {Promise|SyncPromise} A promise which returns true if the key exists.
  199.  */
  200. PrivateKeyStorage.prototype.doesKeyExistPromise = function
  201.   (keyName, keyClass, useSync)
  202. {
  203.   return SyncPromise.reject(new Error
  204.     ("PrivateKeyStorage.doesKeyExist is not implemented"));
  205. };
  207. /**
  208.  * Check if a particular key exists.
  209.  * @param {Name} keyName The name of the key.
  210.  * @param {number} keyClass The class of the key, e.g. KeyClass.PUBLIC,
  211.  * KeyClass.PRIVATE, or KeyClass.SYMMETRIC.
  212.  * @return {boolean} True if the key exists.
  213.  * @throws Error If doesKeyExistPromise doesn't return a SyncPromise which
  214.  * is already fulfilled.
  215.  */
  216. PrivateKeyStorage.prototype.doesKeyExist = function(keyName, keyClass)
  217. {
  218.   return SyncPromise.getValue(this.doesKeyExistPromise(keyName, keyClass, true));
  219. };
  221. /**
  222.  * Encode the private key to a PKCS #8 private key. We do this explicitly here
  223.  * to avoid linking to extra OpenSSL libraries.
  224.  * @param {Buffer} privateKeyDer The input private key DER.
  225.  * @param {OID} oid The OID of the privateKey.
  226.  * @param {DerNode} parameters The DerNode of the parameters for the OID.
  227.  * @return {Blob} The PKCS #8 private key DER.
  228.  */
  229. PrivateKeyStorage.encodePkcs8PrivateKey = function
  230.   (privateKeyDer, oid, parameters)
  231. {
  232.   var algorithmIdentifier = new DerNode.DerSequence();
  233.   algorithmIdentifier.addChild(new DerNode.DerOid(oid));
  234.   algorithmIdentifier.addChild(parameters);
  236.   var result = new DerNode.DerSequence();
  237.   result.addChild(new DerNode.DerInteger(0));
  238.   result.addChild(algorithmIdentifier);
  239.   result.addChild(new DerNode.DerOctetString(privateKeyDer));
  241.   return result.encode();
  242. };
  244. /**
  245.  * Encode the RSAKey private key as a PKCS #1 private key.
  246.  * @param {RSAKey} rsaKey The RSAKey private key.
  247.  * @return {Blob} The PKCS #1 private key DER.
  248.  */
  249. PrivateKeyStorage.encodePkcs1PrivateKeyFromRSAKey = function(rsaKey)
  250. {
  251.   // Imitate KJUR getEncryptedPKCS5PEMFromRSAKey.
  252.   var result = new DerNode.DerSequence();
  254.   result.addChild(new DerNode.DerInteger(0));
  255.   result.addChild(new DerNode.DerInteger(PrivateKeyStorage.bigIntegerToBuffer(rsaKey.n)));
  256.   result.addChild(new DerNode.DerInteger(rsaKey.e));
  257.   result.addChild(new DerNode.DerInteger(PrivateKeyStorage.bigIntegerToBuffer(rsaKey.d)));
  258.   result.addChild(new DerNode.DerInteger(PrivateKeyStorage.bigIntegerToBuffer(rsaKey.p)));
  259.   result.addChild(new DerNode.DerInteger(PrivateKeyStorage.bigIntegerToBuffer(rsaKey.q)));
  260.   result.addChild(new DerNode.DerInteger(PrivateKeyStorage.bigIntegerToBuffer(rsaKey.dmp1)));
  261.   result.addChild(new DerNode.DerInteger(PrivateKeyStorage.bigIntegerToBuffer(rsaKey.dmq1)));
  262.   result.addChild(new DerNode.DerInteger(PrivateKeyStorage.bigIntegerToBuffer(rsaKey.coeff)));
  264.   return result.encode();
  265. };
  267. /**
  268.  * Encode the public key values in the RSAKey private key as a
  269.  * SubjectPublicKeyInfo.
  270.  * @param {RSAKey} rsaKey The RSAKey private key with the public key values.
  271.  * @return {Blob} The SubjectPublicKeyInfo DER.
  272.  */
  273. PrivateKeyStorage.encodePublicKeyFromRSAKey = function(rsaKey)
  274. {
  275.   var rsaPublicKey = new DerNode.DerSequence();
  277.   rsaPublicKey.addChild(new DerNode.DerInteger(PrivateKeyStorage.bigIntegerToBuffer(rsaKey.n)));
  278.   rsaPublicKey.addChild(new DerNode.DerInteger(rsaKey.e));
  280.   var algorithmIdentifier = new DerNode.DerSequence();
  281.   algorithmIdentifier.addChild
  282.     (new DerNode.DerOid(new OID(PrivateKeyStorage.RSA_ENCRYPTION_OID)));
  283.   algorithmIdentifier.addChild(new DerNode.DerNull());
  285.   var result = new DerNode.DerSequence();
  287.   result.addChild(algorithmIdentifier);
  288.   result.addChild(new DerNode.DerBitString(rsaPublicKey.encode().buf(), 0));
  290.   return result.encode();
  291. };
  293. /**
  294.  * Convert a BigInteger to a Buffer.
  295.  * @param {BigInteger} bigInteger The BigInteger.
  296.  * @return {Buffer} The Buffer.
  297.  */
  298. PrivateKeyStorage.bigIntegerToBuffer = function(bigInteger)
  299. {
  300.   // Imitate KJUR.asn1.ASN1Util.bigIntToMinTwosComplementsHex.
  301.   var hex = bigInteger.toString(16);
  302.   if (hex.substr(0, 1) == "-")
  303.     throw new Error
  304.       ("PrivateKeyStorage.bigIntegerToBuffer: Negative integers are not currently supported");
  306.   if (hex.length % 2 == 1)
  307.     // Odd number of characters.
  308.     hex = "0" + hex;
  309.   else {
  310.     if (! hex.match(/^[0-7]/))
  311.       // The first byte is >= 0x80, so prepend a zero to keep it positive.
  312.       hex = "00" + hex;
  313.   }
  315.   return new Buffer(hex, 'hex');
  316. };
  318. PrivateKeyStorage.RSA_ENCRYPTION_OID = "1.2.840.113549.1.1.1";
  319. PrivateKeyStorage.EC_ENCRYPTION_OID = "1.2.840.10045.2.1";