diff --git a/package-lock.json b/package-lock.json index 22239a2..abb3cf0 100644 --- a/package-lock.json +++ b/package-lock.json @@ -874,9 +874,9 @@ } }, "node_modules/@peculiar/x509": { - "version": "1.12.2", - "resolved": "https://registry.npmjs.org/@peculiar/x509/-/x509-1.12.2.tgz", - "integrity": "sha512-a99Y4Kg40c8QJrPz9cl2L2Ocmn8nVGp9vrHa725h56hRIaGPSr1IzSgx9wTolHve+D5t1kFe5M7aEJJUuRnj8A==", + "version": "1.12.3", + "resolved": "https://registry.npmjs.org/@peculiar/x509/-/x509-1.12.3.tgz", + "integrity": "sha512-+Mzq+W7cNEKfkNZzyLl6A6ffqc3r21HGZUezgfKxpZrkORfOqgRXnS80Zu0IV6a9Ue9QBJeKD7kN0iWfc3bhRQ==", "dependencies": { "@peculiar/asn1-cms": "^2.3.13", "@peculiar/asn1-csr": "^2.3.13", @@ -1160,9 +1160,9 @@ "integrity": "sha512-HfMcUmy9hTMJh66VNcmeC9iVErIZJli2bszuXc6julh5YGuRb/W5OnkHjwLNYdFlMis0sY3If5SEAp+PktdJjw==" }, "node_modules/@types/node": { - "version": "22.6.1", - "resolved": "https://registry.npmjs.org/@types/node/-/node-22.6.1.tgz", - "integrity": "sha512-V48tCfcKb/e6cVUigLAaJDAILdMP0fUW6BidkPK4GpGjXcfbnoHasCZDwz3N3yVt5we2RHm4XTQCpv0KJz9zqw==", + "version": "22.7.4", + "resolved": "https://registry.npmjs.org/@types/node/-/node-22.7.4.tgz", + "integrity": "sha512-y+NPi1rFzDs1NdQHHToqeiX2TIS79SWEAw9GYhkkx8bD0ChpfqC+n2j5OXOCpzfojBEBt6DnEnnG9MY0zk1XLg==", "dependencies": { "undici-types": "~6.19.2" } @@ -4107,7 +4107,7 @@ "license": "MIT", "dependencies": { "@peculiar/webcrypto": "^1.5.0", - "@peculiar/x509": "^1.12.2", + "@peculiar/x509": "^1.12.3", "@types/jsrsasign": "^10.5.14", "@types/sshpk": "^1.17.4", "assert": "^2.1.0", @@ -4117,7 +4117,7 @@ "sshpk": "^1.18.0" }, "devDependencies": { - "@types/node": "^22.6.1", + "@types/node": "^22.7.4", "lorem-ipsum": "^2.0.8" } }, @@ -4126,10 +4126,10 @@ "license": "MIT", "dependencies": { "@peculiar/webcrypto": "^1.5.0", - "@peculiar/x509": "^1.12.2", + "@peculiar/x509": "^1.12.3", "@types/jsrsasign": "^10.5.14", "@types/mocha": "^10.0.8", - "@types/node": "^22.6.1", + "@types/node": "^22.7.4", "cross-env": "^7.0.3", "jsrsasign": "^11.1.0", "lorem-ipsum": "^2.0.8", diff --git a/packages/node-opcua-crypto-test/package.json b/packages/node-opcua-crypto-test/package.json index 2cfdb5a..d75354b 100644 --- a/packages/node-opcua-crypto-test/package.json +++ b/packages/node-opcua-crypto-test/package.json @@ -36,10 +36,10 @@ }, "dependencies": { "@peculiar/webcrypto": "^1.5.0", - "@peculiar/x509": "^1.12.2", + "@peculiar/x509": "^1.12.3", "@types/jsrsasign": "^10.5.14", "@types/mocha": "^10.0.8", - "@types/node": "^22.6.1", + "@types/node": "^22.7.4", "cross-env": "^7.0.3", "jsrsasign": "^11.1.0", "lorem-ipsum": "^2.0.8", diff --git a/packages/node-opcua-crypto-test/test-cjs/test_cjs.js b/packages/node-opcua-crypto-test/test-cjs/test_cjs.js index 3c315d1..d33223a 100644 --- a/packages/node-opcua-crypto-test/test-cjs/test_cjs.js +++ b/packages/node-opcua-crypto-test/test-cjs/test_cjs.js @@ -1,4 +1,4 @@ -const { exploreCertificateInfo } = require("../../node-opcua-crypto"); +const { exploreCertificateInfo } = require("node-opcua-crypto"); // eslint-disable-next-line no-undef diff --git a/packages/node-opcua-crypto-test/test-esm/test_esm.mjs b/packages/node-opcua-crypto-test/test-esm/test_esm.mjs index f8dabe8..581d742 100644 --- a/packages/node-opcua-crypto-test/test-esm/test_esm.mjs +++ b/packages/node-opcua-crypto-test/test-esm/test_esm.mjs @@ -1,4 +1,4 @@ -import { exploreCertificateInfo } from "../../node-opcua-crypto/index.mjs"; +import { exploreCertificateInfo } from "node-opcua-crypto/web"; // eslint-disable-next-line no-undef diff --git a/packages/node-opcua-crypto-test/test/test_create_certificate_signing_request.ts b/packages/node-opcua-crypto-test/test/test_create_certificate_signing_request.ts index 606f756..ea60049 100644 --- a/packages/node-opcua-crypto-test/test/test_create_certificate_signing_request.ts +++ b/packages/node-opcua-crypto-test/test/test_create_certificate_signing_request.ts @@ -21,9 +21,9 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. // --------------------------------------------------------------------------------------------------------------------- -import fs from "fs"; -import path from "path"; -import os from "os"; +import fs from "node:fs"; +import path from "node:path"; +import os from "node:os"; import "should"; diff --git a/packages/node-opcua-crypto-test/test/test_create_key_pair.ts b/packages/node-opcua-crypto-test/test/test_create_key_pair.ts index 2ebd00b..c1b88bc 100644 --- a/packages/node-opcua-crypto-test/test/test_create_key_pair.ts +++ b/packages/node-opcua-crypto-test/test/test_create_key_pair.ts @@ -21,9 +21,9 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. // --------------------------------------------------------------------------------------------------------------------- -import fs from "fs"; -import path from "path"; -import os from "os"; +import fs from "node:fs"; +import path from "node:path"; +import os from "node:os"; import should from "should"; import { diff --git a/packages/node-opcua-crypto-test/test/test_create_self_signed_certificate.ts b/packages/node-opcua-crypto-test/test/test_create_self_signed_certificate.ts index 8ae894c..1d2736a 100644 --- a/packages/node-opcua-crypto-test/test/test_create_self_signed_certificate.ts +++ b/packages/node-opcua-crypto-test/test/test_create_self_signed_certificate.ts @@ -21,10 +21,10 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. // --------------------------------------------------------------------------------------------------------------------- -import fs from "fs"; -import path from "path"; -import os from "os"; -import util from "util"; +import fs from "node:fs"; +import path from "node:path"; +import os from "node:os"; +import util from "node:util"; import should from "should"; import x509 from "@peculiar/x509"; import { diff --git a/packages/node-opcua-crypto-test/test/test_crypto.ts b/packages/node-opcua-crypto-test/test/test_crypto.ts index 135b5f8..6565f76 100644 --- a/packages/node-opcua-crypto-test/test/test_crypto.ts +++ b/packages/node-opcua-crypto-test/test/test_crypto.ts @@ -22,6 +22,8 @@ // --------------------------------------------------------------------------------------------------------------------- import assert from "assert"; +import fs from "node:fs"; +import path from "node:path"; import { createHmac, createCipheriv, @@ -32,9 +34,7 @@ import { publicEncrypt as publicEncrypt_fromCrypto, randomBytes, KeyObject, -} from "crypto"; -import fs from "fs"; -import path from "path"; +} from "node:crypto"; import should from "should"; import * as loremIpsum1 from "lorem-ipsum"; diff --git a/packages/node-opcua-crypto-test/test/test_crypto_explore_certificate.ts b/packages/node-opcua-crypto-test/test/test_crypto_explore_certificate.ts index c0d2f34..879c6e1 100644 --- a/packages/node-opcua-crypto-test/test/test_crypto_explore_certificate.ts +++ b/packages/node-opcua-crypto-test/test/test_crypto_explore_certificate.ts @@ -22,8 +22,8 @@ // --------------------------------------------------------------------------------------------------------------------- import should from "should"; -import path from "path"; -import fs from "fs"; +import path from "node:path"; +import fs from "node:fs"; import { readCertificate, diff --git a/packages/node-opcua-crypto-test/test/test_crypto_utils.ts b/packages/node-opcua-crypto-test/test/test_crypto_utils.ts index b545807..731d5e9 100644 --- a/packages/node-opcua-crypto-test/test/test_crypto_utils.ts +++ b/packages/node-opcua-crypto-test/test/test_crypto_utils.ts @@ -21,9 +21,9 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. // --------------------------------------------------------------------------------------------------------------------- -import fs from "fs"; -import os from "os"; -import path from "path"; +import fs from "node:fs"; +import os from "node:os"; +import path from "node:path"; import * as loremIpsum from "lorem-ipsum"; import "should"; diff --git a/packages/node-opcua-crypto-test/test/test_explore_crl.ts b/packages/node-opcua-crypto-test/test/test_explore_crl.ts index aa89d5f..f93df26 100644 --- a/packages/node-opcua-crypto-test/test/test_explore_crl.ts +++ b/packages/node-opcua-crypto-test/test/test_explore_crl.ts @@ -21,7 +21,7 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. // --------------------------------------------------------------------------------------------------------------------- -import path from "path"; +import path from "node:path"; import { verifyCertificateRevocationListSignature, exploreCertificateRevocationList, diff --git a/packages/node-opcua-crypto-test/test/test_explore_csr.ts b/packages/node-opcua-crypto-test/test/test_explore_csr.ts index 882ed46..3b39d75 100644 --- a/packages/node-opcua-crypto-test/test/test_explore_csr.ts +++ b/packages/node-opcua-crypto-test/test/test_explore_csr.ts @@ -21,7 +21,7 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. // --------------------------------------------------------------------------------------------------------------------- -import path from "path"; +import path from "node:path"; import { exploreCertificateSigningRequest } from "node-opcua-crypto"; import { readCertificateSigningRequest } from "node-opcua-crypto"; diff --git a/packages/node-opcua-crypto-test/test/test_explore_private_key.ts b/packages/node-opcua-crypto-test/test/test_explore_private_key.ts index b6fbf40..db63cc8 100644 --- a/packages/node-opcua-crypto-test/test/test_explore_private_key.ts +++ b/packages/node-opcua-crypto-test/test/test_explore_private_key.ts @@ -21,7 +21,7 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. // --------------------------------------------------------------------------------------------------------------------- -import path from "path"; +import path from "node:path"; import { explorePrivateKey } from "node-opcua-crypto"; import { readPrivateRsaKey, readPrivateKey } from "node-opcua-crypto"; import "should"; diff --git a/packages/node-opcua-crypto-test/test/test_extKeyUsage.ts b/packages/node-opcua-crypto-test/test/test_extKeyUsage.ts index 03b89e2..17cf8b2 100644 --- a/packages/node-opcua-crypto-test/test/test_extKeyUsage.ts +++ b/packages/node-opcua-crypto-test/test/test_extKeyUsage.ts @@ -21,9 +21,9 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. // --------------------------------------------------------------------------------------------------------------------- -import path from "path"; -import { exploreCertificate, readCertificate } from "node-opcua-crypto"; +import path from "node:path"; import should from "should"; +import { exploreCertificate, readCertificate } from "node-opcua-crypto"; describe("X509ExtKeyUsage", () => { it("should parse extKeyUsage 1", () => { diff --git a/packages/node-opcua-crypto-test/test/test_makeThumprint.ts b/packages/node-opcua-crypto-test/test/test_makeThumprint.ts index 08470ec..9529ec0 100644 --- a/packages/node-opcua-crypto-test/test/test_makeThumprint.ts +++ b/packages/node-opcua-crypto-test/test/test_makeThumprint.ts @@ -21,7 +21,7 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. // --------------------------------------------------------------------------------------------------------------------- -import path from "path"; +import path from "node:path"; import { makeSHA1Thumbprint } from "node-opcua-crypto"; import { readCertificate } from "node-opcua-crypto"; diff --git a/packages/node-opcua-crypto-test/test/test_make_private_key_from_pem.ts b/packages/node-opcua-crypto-test/test/test_make_private_key_from_pem.ts index 9eea17c..152ea68 100644 --- a/packages/node-opcua-crypto-test/test/test_make_private_key_from_pem.ts +++ b/packages/node-opcua-crypto-test/test/test_make_private_key_from_pem.ts @@ -1,4 +1,4 @@ -import path from "path"; +import path from "node:path"; import "should"; import { makePrivateKeyFromPem, diff --git a/packages/node-opcua-crypto-test/test/test_peculiar_edge_case.ts b/packages/node-opcua-crypto-test/test/test_peculiar_edge_case.ts index aea41fc..746acc0 100644 --- a/packages/node-opcua-crypto-test/test/test_peculiar_edge_case.ts +++ b/packages/node-opcua-crypto-test/test/test_peculiar_edge_case.ts @@ -1,6 +1,6 @@ -import path from "path"; -import fs from "fs"; -import { tmpdir } from "os"; +import path from "node:path"; +import fs from "node:fs"; +import { tmpdir } from "node:os"; import { Crypto as PeculiarWebCrypto } from "@peculiar/webcrypto"; import * as x509 from "@peculiar/x509"; import { AsnConvert, AsnUtf8StringConverter } from "@peculiar/asn1-schema"; @@ -116,7 +116,7 @@ declare const window: any; const ignoreCrypto = process.env.IGNORE_SUBTLE_FROM_CRYPTO; -import nativeCrypto from "crypto"; +import nativeCrypto from "node:crypto"; if (typeof window === "undefined") { _crypto = nativeCrypto as any; diff --git a/packages/node-opcua-crypto-test/test/test_private_public_key_match.ts b/packages/node-opcua-crypto-test/test/test_private_public_key_match.ts index 4250da1..04654b0 100644 --- a/packages/node-opcua-crypto-test/test/test_private_public_key_match.ts +++ b/packages/node-opcua-crypto-test/test/test_private_public_key_match.ts @@ -21,7 +21,7 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. // --------------------------------------------------------------------------------------------------------------------- -import path from "path"; +import path from "node:path"; import { exploreCertificate, explorePrivateKey } from "node-opcua-crypto"; import { publicKeyAndPrivateKeyMatches, certificateMatchesPrivateKey } from "node-opcua-crypto"; import { readCertificate, readPrivateKey } from "node-opcua-crypto"; diff --git a/packages/node-opcua-crypto-test/test/test_readBasicConstraint2_5_29_19.ts b/packages/node-opcua-crypto-test/test/test_readBasicConstraint2_5_29_19.ts index 9086204..f0837bc 100644 --- a/packages/node-opcua-crypto-test/test/test_readBasicConstraint2_5_29_19.ts +++ b/packages/node-opcua-crypto-test/test/test_readBasicConstraint2_5_29_19.ts @@ -1,4 +1,6 @@ -import { coerceCertificate, readTag, _readStruct, readTbsCertificate } from "node-opcua-crypto"; +import { coerceCertificate, readTbsCertificate } from "node-opcua-crypto"; +import { asn1 } from "node-opcua-crypto"; + import assert from "assert"; /* @@ -135,8 +137,8 @@ nPgNSo9ViIrAO7PVmvJ8ikE7Bi9io4fFSA0Jzok+tx9WFpta function extractBasicConstraintsExtension(certificate: string | Buffer) { certificate = coerceCertificate(certificate); - const block_info = readTag(certificate, 0); - const blocks = _readStruct(certificate, block_info); + const block_info = asn1.readTag(certificate, 0); + const blocks = asn1.readStruct(certificate, block_info); const { extensions } = readTbsCertificate(certificate, blocks[0]); return extensions?.basicConstraints; } diff --git a/packages/node-opcua-crypto-test/test/test_rsaLengthPublicKey.ts b/packages/node-opcua-crypto-test/test/test_rsaLengthPublicKey.ts index 9eae28f..9f1dc4b 100644 --- a/packages/node-opcua-crypto-test/test/test_rsaLengthPublicKey.ts +++ b/packages/node-opcua-crypto-test/test/test_rsaLengthPublicKey.ts @@ -21,8 +21,8 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. // --------------------------------------------------------------------------------------------------------------------- -import { createPublicKey } from "crypto"; -import path from "path"; +import { createPublicKey } from "node:crypto"; +import path from "node:path"; import { rsaLengthPublicKey } from "node-opcua-crypto"; import { readCertificate, readCertificatePEM } from "node-opcua-crypto"; diff --git a/packages/node-opcua-crypto-test/test/test_special_import.ts b/packages/node-opcua-crypto-test/test/test_special_import.ts new file mode 100644 index 0000000..55b8443 --- /dev/null +++ b/packages/node-opcua-crypto-test/test/test_special_import.ts @@ -0,0 +1 @@ +import { exploreCertificate } from "node-opcua-crypto/web"; diff --git a/packages/node-opcua-crypto-test/test/test_verifyCertificateChain.ts b/packages/node-opcua-crypto-test/test/test_verifyCertificateChain.ts index 2f008b7..49b8713 100644 --- a/packages/node-opcua-crypto-test/test/test_verifyCertificateChain.ts +++ b/packages/node-opcua-crypto-test/test/test_verifyCertificateChain.ts @@ -21,9 +21,8 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. // --------------------------------------------------------------------------------------------------------------------- -import path from "path"; -import { verifyCertificateChain } from "node-opcua-crypto"; -import { readCertificate } from "node-opcua-crypto"; +import path from "node:path"; +import { verifyCertificateChain, readCertificate } from "node-opcua-crypto"; describe("Test Certificate Chain", () => { it("DX should verify a certificate chain", async () => { diff --git a/packages/node-opcua-crypto-test/test/test_verify_certificate_signature.ts b/packages/node-opcua-crypto-test/test/test_verify_certificate_signature.ts index 095e813..4f9ab34 100644 --- a/packages/node-opcua-crypto-test/test/test_verify_certificate_signature.ts +++ b/packages/node-opcua-crypto-test/test/test_verify_certificate_signature.ts @@ -21,23 +21,23 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. // --------------------------------------------------------------------------------------------------------------------- -import path from "path"; -import { SignPrivateKeyInput, constants, createSign } from "crypto"; +import path from "node:path"; +import { SignPrivateKeyInput, constants, createSign } from "node:crypto"; import { verifyCertificateSignature, Certificate, toPem2, PrivateKey } from "node-opcua-crypto"; -import { readTag, _readStruct, _readAlgorithmIdentifier, _readSignatureValueBin } from "node-opcua-crypto"; +import { asn1 } from "node-opcua-crypto"; import { readCertificate, readPrivateKey } from "node-opcua-crypto"; export function investigateCertificateSignature(certificate: Certificate, caPrivateKey?: PrivateKey): void { - const block_info = readTag(certificate, 0); - const blocks = _readStruct(certificate, block_info); + const block_info = asn1.readTag(certificate, 0); + const blocks = asn1.readStruct(certificate, block_info); // console.log(block_info, blocks[0], blocks[1], blocks[2]); const bufferTbsCertificate = certificate.subarray(block_info.position, block_info.position + 4 + blocks[0].length); // console.log("bufferTbsCertificate = ", bufferTbsCertificate.length); - const signatureAlgorithm = _readAlgorithmIdentifier(certificate, blocks[1]); + const signatureAlgorithm = asn1.readAlgorithmIdentifier(certificate, blocks[1]); - const signatureValue = _readSignatureValueBin(certificate, blocks[2]); + const signatureValue = asn1.readSignatureValueBin(certificate, blocks[2]); // console.log("", ellipsis(signatureValue.toString("hex")), signatureValue.length); function testPadding(padding: number, saltLength?: number): boolean { diff --git a/packages/node-opcua-crypto-test/test2/test-node20.11.1.mjs b/packages/node-opcua-crypto-test/test2/test-node20.11.1.mjs new file mode 100644 index 0000000..bfbf06d --- /dev/null +++ b/packages/node-opcua-crypto-test/test2/test-node20.11.1.mjs @@ -0,0 +1,128 @@ +import * as loremIpsum1 from "lorem-ipsum"; +import fs from "fs"; +import constants from "constants"; +import sshpk from "sshpk"; +import "should"; + +import { publicEncrypt, privateDecrypt, createPrivateKey, createPublicKey } from "crypto"; +const PaddingAlgorithm = { + RSA_PKCS1_OAEP_PADDING: 4, + RSA_PKCS1_PADDING: 1, +}; +const RSA_PKCS1_OAEP_PADDING = constants.RSA_PKCS1_OAEP_PADDING; +const RSA_PKCS1_PADDING = constants.RSA_PKCS1_PADDING; +const createFastUninitializedBuffer = (size) => Buffer.allocUnsafe(size); + +export function publicEncrypt_native(buffer, publicKey, algorithm) { + if (algorithm === undefined) { + algorithm = PaddingAlgorithm.RSA_PKCS1_PADDING; + } + return publicEncrypt( + { + key: publicKey, + padding: algorithm, + }, + buffer + ); +} + +export function privateDecrypt_native(buffer, privateKey, algorithm) { + if (algorithm === undefined) { + algorithm = PaddingAlgorithm.RSA_PKCS1_OAEP_PADDING; + } + + try { + return privateDecrypt( + { + key: privateKey.hidden, + padding: algorithm, + }, + buffer + ); + } catch (err) { + console.log("privateDecrypt_native error", err); + return Buffer.alloc(1); + } +} + +export function publicEncrypt_long(buffer, publicKey, blockSize, padding, paddingAlgorithm) { + if (paddingAlgorithm === undefined) { + paddingAlgorithm = PaddingAlgorithm.RSA_PKCS1_OAEP_PADDING; + } + if (paddingAlgorithm !== RSA_PKCS1_PADDING && paddingAlgorithm !== RSA_PKCS1_OAEP_PADDING) { + throw new Error("Invalid padding algorithm " + paddingAlgorithm); + } + + const chunk_size = blockSize - padding; + const nbBlocks = Math.ceil(buffer.length / chunk_size); + + const outputBuffer = createFastUninitializedBuffer(nbBlocks * blockSize); + for (let i = 0; i < nbBlocks; i++) { + const currentBlock = buffer.slice(chunk_size * i, chunk_size * (i + 1)); + + const encrypted_chunk = publicEncrypt_native(currentBlock, publicKey, paddingAlgorithm); + // istanbul ignore next + if (encrypted_chunk.length !== blockSize) { + throw new Error(`publicEncrypt_long unexpected chunk length ${encrypted_chunk.length} expecting ${blockSize}`); + } + encrypted_chunk.copy(outputBuffer, i * blockSize); + } + return outputBuffer; +} + +export function privateDecrypt_long(buffer, privateKey, blockSize, paddingAlgorithm) { + paddingAlgorithm = paddingAlgorithm || RSA_PKCS1_OAEP_PADDING; + // istanbul ignore next + if (paddingAlgorithm !== RSA_PKCS1_PADDING && paddingAlgorithm !== RSA_PKCS1_OAEP_PADDING) { + throw new Error("Invalid padding algorithm " + paddingAlgorithm); + } + + const nbBlocks = Math.ceil(buffer.length / blockSize); + + const outputBuffer = createFastUninitializedBuffer(nbBlocks * blockSize); + + let total_length = 0; + for (let i = 0; i < nbBlocks; i++) { + const currentBlock = buffer.subarray(blockSize * i, Math.min(blockSize * (i + 1), buffer.length)); + const decrypted_buf = privateDecrypt_native(currentBlock, privateKey, paddingAlgorithm); + decrypted_buf.copy(outputBuffer, total_length); + total_length += decrypted_buf.length; + } + return outputBuffer.subarray(0, total_length); +} + +export function readPrivateRsaKey(filename) { + const content = fs.readFileSync(filename, "utf8"); + const sshKey = sshpk.parsePrivateKey(content, "auto"); + const key = sshKey.toString("pkcs1"); + const hidden = createPrivateKey({ format: "pem", type: "pkcs1", key }); + return { hidden }; +} + +function readPublicRsaKey(filename) { + const content = fs.readFileSync(filename, "utf-8"); + const sshKey = sshpk.parseKey(content, "ssh"); + const key = sshKey.toString("pkcs1"); + console.log("publicKey=\n" + key); + return createPublicKey({ format: "pem", type: "pkcs1", key }); +} + +const loremIpsum = loremIpsum1.loremIpsum({ count: 100 }); + +const bob_public_key = readPublicRsaKey("./test-fixtures/certs/bob_id_rsa.pub", "utf-8"); +console.log(bob_public_key); + +const bob_private_key = readPrivateRsaKey("./test-fixtures/certs/bob_id_rsa"); + +const initialBuffer = Buffer.from("Hello World"); + +const encryptedBuffer1 = publicEncrypt_long(initialBuffer, bob_public_key, 256, 11); +const encryptedBuffer2 = publicEncrypt_long(initialBuffer, bob_public_key, 256, 11); + +encryptedBuffer1.toString("hex").should.not.equal(encryptedBuffer2.toString("hex")); + +const decryptedBuffer1 = privateDecrypt_long(encryptedBuffer1, bob_private_key, 256); +const decryptedBuffer2 = privateDecrypt_long(encryptedBuffer2, bob_private_key, 256); + +decryptedBuffer1.toString("hex").should.equal(decryptedBuffer2.toString("hex")); +console.log("decryptedBuffer1=", decryptedBuffer1.toString("utf-8")); \ No newline at end of file diff --git a/packages/node-opcua-crypto-test/tsconfig.common.json b/packages/node-opcua-crypto-test/tsconfig.common.json index 3bfd33c..e180d1e 100644 --- a/packages/node-opcua-crypto-test/tsconfig.common.json +++ b/packages/node-opcua-crypto-test/tsconfig.common.json @@ -3,7 +3,8 @@ "target": "es2020", "esModuleInterop": true, "skipLibCheck": false, - "moduleResolution": "node", + "moduleResolution": "NodeNext", + "module": "NodeNext", "sourceMap": true, "strict": true, "listFiles": false, diff --git a/packages/node-opcua-crypto/README.md b/packages/node-opcua-crypto/README.md index 4c35b29..58d3625 100644 --- a/packages/node-opcua-crypto/README.md +++ b/packages/node-opcua-crypto/README.md @@ -67,11 +67,16 @@ Please refer to the examples directory for more specific use cases and comprehen ## Support -For any inquiries or issues related to NodeOPCUA Crypto, you can contact us at contact@sterfive.com. Please note that priority support is available to NodeOPCUA Support Subscription members. +Sterfive provides this module free of charge, "as is," with the hope that it will be useful to you. However, any support requests, bug fixes, or enhancements are handled exclusively through our paid services. We believe strongly that independent open-source companies should be fairly compensated for their contributions to the community. + +We highly recommend subscribing to our support program to ensure your requests are addressed and resolved. Please note that we only consider requests from members of our support program or sponsors. + ### Getting professional support -NodeOPCUA PKI is developed and maintained by sterfive.com. + +NodeOPCUA Crypto is developed and maintained by sterfive.com. + To get professional support, consider subscribing to the node-opcua membership community: @@ -109,6 +114,6 @@ Thank you for considering NodeOPCUA Crypto for your OPCUA cryptography needs. We ## Supporting the development effort - Sponsors & Backers -If you like `node-opcua-pki` and if you are relying on it in one of your projects, please consider becoming a backer and [sponsoring us](https://github.com/sponsors/node-opcua), this will help us to maintain a high-quality stack and constant evolution of this module. +If you like `node-opcua-crypto` and if you are relying on it in one of your projects, please consider becoming a backer and [sponsoring us](https://opencollective.com/node-opcua), this will help us to maintain a high-quality stack and constant evolution of this module. -If your company would like to participate and influence the development of future versions of `node-opcua` please contact [sterfive](mailto:contact@sterfive.com). +If your company would like to participate and influence the development of future versions of `node-opcua` and its components, please contact [sterfive](mailto:contact@sterfive.com). diff --git a/packages/node-opcua-crypto/index.mjs b/packages/node-opcua-crypto/index.mjs deleted file mode 100644 index fc5ca29..0000000 --- a/packages/node-opcua-crypto/index.mjs +++ /dev/null @@ -1 +0,0 @@ -export * from "./dist/index.mjs"; diff --git a/packages/node-opcua-crypto/index.ts b/packages/node-opcua-crypto/index.ts index 5604ecb..a003654 100644 --- a/packages/node-opcua-crypto/index.ts +++ b/packages/node-opcua-crypto/index.ts @@ -1,2 +1,2 @@ -export * from "./source/index.js"; -export * from "./source_nodejs/index.js" +export * from "./source"; +export * from "./source_nodejs"; diff --git a/packages/node-opcua-crypto/index_web.ts b/packages/node-opcua-crypto/index_web.ts deleted file mode 100644 index 3ef2450..0000000 --- a/packages/node-opcua-crypto/index_web.ts +++ /dev/null @@ -1 +0,0 @@ -export * from "./source/index.js"; diff --git a/packages/node-opcua-crypto/package.json b/packages/node-opcua-crypto/package.json index c4aebcd..7d846fd 100644 --- a/packages/node-opcua-crypto/package.json +++ b/packages/node-opcua-crypto/package.json @@ -14,6 +14,11 @@ "types": "./dist/source/index_web.d.ts", "import": "./dist/source/index_web.mjs", "require": "./dist/source/index_web.js" + }, + "./node": { + "types": "./dist/source_nodejs/index.d.ts", + "import": "./dist/source_nodejs/index.mjs", + "require": "./dist/source_nodejs/index.js" } }, "scripts": { @@ -46,12 +51,12 @@ "node": ">15.0" }, "devDependencies": { - "@types/node": "^22.6.1", + "@types/node": "^22.7.4", "lorem-ipsum": "^2.0.8" }, "dependencies": { "@peculiar/webcrypto": "^1.5.0", - "@peculiar/x509": "^1.12.2", + "@peculiar/x509": "^1.12.3", "@types/jsrsasign": "^10.5.14", "@types/sshpk": "^1.17.4", "assert": "^2.1.0", @@ -68,4 +73,4 @@ "url": "https://github.com/node-opcua/node-opcua-crypto/issues" }, "gitHead": "32e5c2e92f1ab76caf6166a6049736e2ac77a9f4" -} +} \ No newline at end of file diff --git a/packages/node-opcua-crypto/source/asn1.ts b/packages/node-opcua-crypto/source/asn1.ts index eeb373d..fb05dbe 100644 --- a/packages/node-opcua-crypto/source/asn1.ts +++ b/packages/node-opcua-crypto/source/asn1.ts @@ -66,7 +66,7 @@ export function readTag(buf: Buffer, pos: number): BlockInfo { return { start, tag, position: pos, length }; } -export function _readStruct(buf: Buffer, blockInfo: BlockInfo): BlockInfo[] { +export function readStruct(buf: Buffer, blockInfo: BlockInfo): BlockInfo[] { const length = blockInfo.length; let cursor = blockInfo.position; const end = blockInfo.position + length; @@ -160,7 +160,7 @@ export function _readIntegerAsByteString(buffer: Buffer, block: BlockInfo): Buff export function _readListOfInteger(buffer: Buffer): Buffer[] { const block = readTag(buffer, 0); - const inner_blocks = _readStruct(buffer, block); + const inner_blocks = readStruct(buffer, block); return inner_blocks.map((innerBlock: BlockInfo) => { return _readIntegerAsByteString(buffer, innerBlock); }); @@ -207,15 +207,15 @@ export function _readObjectIdentifier(buffer: Buffer, block: BlockInfo): { oid: }; } -export function _readAlgorithmIdentifier(buffer: Buffer, block: BlockInfo): AlgorithmIdentifier { - const inner_blocks = _readStruct(buffer, block); +export function readAlgorithmIdentifier(buffer: Buffer, block: BlockInfo): AlgorithmIdentifier { + const inner_blocks = readStruct(buffer, block); return { identifier: _readObjectIdentifier(buffer, inner_blocks[0]).name, }; } export function _readECCAlgorithmIdentifier(buffer: Buffer, block: BlockInfo): AlgorithmIdentifier { - const inner_blocks = _readStruct(buffer, block); + const inner_blocks = readStruct(buffer, block); return { identifier: _readObjectIdentifier(buffer, inner_blocks[1]).name, // difference with RSA as algorithm is second element of nested block }; @@ -223,12 +223,12 @@ export function _readECCAlgorithmIdentifier(buffer: Buffer, block: BlockInfo): A export type SignatureValue = string; -export function _readSignatureValueBin(buffer: Buffer, block: BlockInfo): Buffer { +export function readSignatureValueBin(buffer: Buffer, block: BlockInfo): Buffer { return _readBitString(buffer, block).data; } -export function _readSignatureValue(buffer: Buffer, block: BlockInfo): SignatureValue { - return _readSignatureValueBin(buffer, block).toString("hex"); +export function readSignatureValue(buffer: Buffer, block: BlockInfo): SignatureValue { + return readSignatureValueBin(buffer, block).toString("hex"); } export function _readLongIntegerValue(buffer: Buffer, block: BlockInfo): Buffer { @@ -381,15 +381,15 @@ export function _readDirectoryName(buffer: Buffer, block: BlockInfo): DirectoryN // AttributeTypeAndValue ::= SEQUENCE { // type ATTRIBUTE.&id({SupportedAttributes}), // value ATTRIBUTE.&Type({SupportedAttributes}{@type}), - const set_blocks = _readStruct(buffer, block); + const set_blocks = readStruct(buffer, block); const names: DirectoryName = {}; for (const set_block of set_blocks) { assert(set_block.tag === 0x31); - const blocks = _readStruct(buffer, set_block); + const blocks = readStruct(buffer, set_block); assert(blocks.length === 1); assert(blocks[0].tag === 0x30); - const sequenceBlock = _readStruct(buffer, blocks[0]); + const sequenceBlock = readStruct(buffer, blocks[0]); assert(sequenceBlock.length === 2); const type = _readObjectIdentifier(buffer, sequenceBlock[0]); diff --git a/packages/node-opcua-crypto/source/crypto_explore_certificate.ts b/packages/node-opcua-crypto/source/crypto_explore_certificate.ts index a62909c..ae52a67 100644 --- a/packages/node-opcua-crypto/source/crypto_explore_certificate.ts +++ b/packages/node-opcua-crypto/source/crypto_explore_certificate.ts @@ -62,20 +62,20 @@ import { TagType, readTag, _getBlock, - _readStruct, + readStruct, formatBuffer2DigitHexWithColum, _readOctetString, AlgorithmIdentifier, _readListOfInteger, _readObjectIdentifier, - _readAlgorithmIdentifier, + readAlgorithmIdentifier, _readECCAlgorithmIdentifier, _readBooleanValue, _readIntegerValue, _readLongIntegerValue, _readVersionValue, SignatureValue, - _readSignatureValue, + readSignatureValue, DirectoryName, _readValue, _readTime, @@ -98,8 +98,8 @@ export interface AttributeTypeAndValue { } function _readAttributeTypeAndValue(buffer: Buffer, block: BlockInfo): AttributeTypeAndValue { - let inner_blocks = _readStruct(buffer, block); - inner_blocks = _readStruct(buffer, inner_blocks[0]); + let inner_blocks = readStruct(buffer, block); + inner_blocks = readStruct(buffer, inner_blocks[0]); const data = { identifier: _readObjectIdentifier(buffer, inner_blocks[0]).name, @@ -119,7 +119,7 @@ interface RelativeDistinguishedName { } function _readRelativeDistinguishedName(buffer: Buffer, block: BlockInfo): RelativeDistinguishedName { - const inner_blocks = _readStruct(buffer, block); + const inner_blocks = readStruct(buffer, block); const data = inner_blocks.map((block) => _readAttributeTypeAndValue(buffer, block)); const result: any = {}; for (const e of data) { @@ -138,7 +138,7 @@ export interface Validity { } function _readValidity(buffer: Buffer, block: BlockInfo): Validity { - const inner_blocks = _readStruct(buffer, block); + const inner_blocks = readStruct(buffer, block); return { notBefore: _readTime(buffer, inner_blocks[0]), notAfter: _readTime(buffer, inner_blocks[1]), @@ -164,29 +164,29 @@ function _readAuthorityKeyIdentifier(buffer: Buffer): AuthorityKeyIdentifier { // KeyIdentifier ::= OCTET STRING const block_info = readTag(buffer, 0); - const blocks = _readStruct(buffer, block_info); + const blocks = readStruct(buffer, block_info); const keyIdentifier_block = _findBlockAtIndex(blocks, 0); const authorityCertIssuer_block = _findBlockAtIndex(blocks, 1); const authorityCertSerialNumber_block = _findBlockAtIndex(blocks, 2); function _readAuthorityCertIssuer(block: BlockInfo): DirectoryName { - const inner_blocks = _readStruct(buffer, block); + const inner_blocks = readStruct(buffer, block); const directoryName_block = _findBlockAtIndex(inner_blocks, 4); if (directoryName_block) { - const a = _readStruct(buffer, directoryName_block); + const a = readStruct(buffer, directoryName_block); return _readDirectoryName(buffer, a[0]); } else { throw new Error("Invalid _readAuthorityCertIssuer"); } } function _readAuthorityCertIssuerFingerPrint(block: BlockInfo): string { - const inner_blocks = _readStruct(buffer, block); + const inner_blocks = readStruct(buffer, block); const directoryName_block = _findBlockAtIndex(inner_blocks, 4)!; if (!directoryName_block) { return ""; } - const a = _readStruct(buffer, directoryName_block); + const a = readStruct(buffer, directoryName_block); if (a.length < 1) { return ""; } @@ -237,7 +237,7 @@ extKeyUsage function readBasicConstraint2_5_29_19(buffer: Buffer, block: BlockInfo): BasicConstraints { const block_info = readTag(buffer, 0); - const inner_blocks = _readStruct(buffer, block_info).slice(0, 2); + const inner_blocks = readStruct(buffer, block_info).slice(0, 2); let cA = false; let pathLengthConstraint = 0; let breakControl = 0; @@ -285,7 +285,7 @@ function _readGeneralNames(buffer: Buffer, block: BlockInfo) { 32: { name: "otherName", type: "AnotherName" }, }; - const blocks = _readStruct(buffer, block); + const blocks = readStruct(buffer, block); function _readFromType(buffer: Buffer, block: BlockInfo, type: string) { switch (type) { @@ -313,7 +313,7 @@ function _readGeneralNames(buffer: Buffer, block: BlockInfo) { // console.log(buffer.subarray(block.start, block.position+ block.length).toString("hex")); n[type.name] = n[type.name] || []; - const blocks2 = _readStruct(buffer, block); + const blocks2 = readStruct(buffer, block); const name = _readObjectIdentifier(buffer, blocks2[0]).name; const buf = _getBlock(buffer, blocks2[1]); const b = readTag(buf, 0); @@ -405,7 +405,7 @@ function readExtKeyUsage(oid: string, buffer: Buffer): X509ExtKeyUsage { // see https://tools.ietf.org/html/rfc5280#section-4.2.1.12 const block_info = readTag(buffer, 0); - const inner_blocks = _readStruct(buffer, block_info); + const inner_blocks = readStruct(buffer, block_info); const extKeyUsage: X509ExtKeyUsage = { serverAuth: false, @@ -465,7 +465,7 @@ export interface SubjectPublicKey { } function _readSubjectPublicKey(buffer: Buffer): SubjectPublicKey { const block_info = readTag(buffer, 0); - const blocks = _readStruct(buffer, block_info); + const blocks = readStruct(buffer, block_info); return { modulus: buffer.subarray(blocks[0].position + 1, blocks[0].position + blocks[0].length), @@ -482,7 +482,7 @@ function _readSubjectPublicKey(buffer: Buffer): SubjectPublicKey { } */ export function _readExtension(buffer: Buffer, block: BlockInfo): { identifier: { oid: string; name: string }; value: any } { - const inner_blocks = _readStruct(buffer, block); + const inner_blocks = readStruct(buffer, block); if (inner_blocks.length === 3) { assert(inner_blocks[1].tag === TagType.BOOLEAN); @@ -541,8 +541,8 @@ export function _readExtension(buffer: Buffer, block: BlockInfo): { identifier: // Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension function _readExtensions(buffer: Buffer, block: BlockInfo): CertificateExtension { assert(block.tag === 0xa3); - let inner_blocks = _readStruct(buffer, block); - inner_blocks = _readStruct(buffer, inner_blocks[0]); + let inner_blocks = readStruct(buffer, block); + inner_blocks = readStruct(buffer, inner_blocks[0]); const extensions = inner_blocks.map((block) => _readExtension(buffer, block)); @@ -579,10 +579,10 @@ function _readExtensions(buffer: Buffer, block: BlockInfo): CertificateExtension */ function _readSubjectPublicKeyInfo(buffer: Buffer, block: BlockInfo): SubjectPublicKeyInfo { - const inner_blocks = _readStruct(buffer, block); + const inner_blocks = readStruct(buffer, block); // algorithm identifier - const algorithm = _readAlgorithmIdentifier(buffer, inner_blocks[0]); + const algorithm = readAlgorithmIdentifier(buffer, inner_blocks[0]); //const parameters = _readBitString(buffer,inner_blocks[1]); const subjectPublicKey = _readBitString(buffer, inner_blocks[1]); @@ -600,7 +600,7 @@ function _readSubjectPublicKeyInfo(buffer: Buffer, block: BlockInfo): SubjectPub } function _readSubjectECCPublicKeyInfo(buffer: Buffer, block: BlockInfo): SubjectPublicKeyInfo { - const inner_blocks = _readStruct(buffer, block); + const inner_blocks = readStruct(buffer, block); // first parameter is the second element of the first block, which is why we have another algorithm const algorithm = _readECCAlgorithmIdentifier(buffer, inner_blocks[0]); @@ -660,7 +660,7 @@ export interface TbsCertificate { } export function readTbsCertificate(buffer: Buffer, block: BlockInfo): TbsCertificate { - const blocks = _readStruct(buffer, block); + const blocks = readStruct(buffer, block); let version, serialNumber, signature, issuer, validity, subject, subjectFingerPrint, extensions; let subjectPublicKeyInfo: SubjectPublicKeyInfo; @@ -670,7 +670,7 @@ export function readTbsCertificate(buffer: Buffer, block: BlockInfo): TbsCertifi version = 1; serialNumber = formatBuffer2DigitHexWithColum(_readLongIntegerValue(buffer, blocks[0])); - signature = _readAlgorithmIdentifier(buffer, blocks[1]); + signature = readAlgorithmIdentifier(buffer, blocks[1]); issuer = _readName(buffer, blocks[2]); validity = _readValidity(buffer, blocks[3]); subject = _readName(buffer, blocks[4]); @@ -686,14 +686,14 @@ export function readTbsCertificate(buffer: Buffer, block: BlockInfo): TbsCertifi } version = _readVersionValue(buffer, version_block) + 1; serialNumber = formatBuffer2DigitHexWithColum(_readLongIntegerValue(buffer, blocks[1])); - signature = _readAlgorithmIdentifier(buffer, blocks[2]); + signature = readAlgorithmIdentifier(buffer, blocks[2]); issuer = _readName(buffer, blocks[3]); validity = _readValidity(buffer, blocks[4]); subject = _readName(buffer, blocks[5]); subjectFingerPrint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(_getBlock(buffer, blocks[5]))); - const inner_block = _readStruct(buffer, blocks[6]); - const what_type = _readAlgorithmIdentifier(buffer, inner_block[0]).identifier; + const inner_block = readStruct(buffer, blocks[6]); + const what_type = readAlgorithmIdentifier(buffer, inner_block[0]).identifier; switch (what_type) { case "rsaEncryption": { @@ -744,11 +744,11 @@ export function exploreCertificate(certificate: Certificate): CertificateInterna assert(certificate instanceof Buffer); if (!(certificate as any)._exploreCertificate_cache) { const block_info = readTag(certificate, 0); - const blocks = _readStruct(certificate, block_info); + const blocks = readStruct(certificate, block_info); (certificate as any)._exploreCertificate_cache = { tbsCertificate: readTbsCertificate(certificate, blocks[0]), - signatureAlgorithm: _readAlgorithmIdentifier(certificate, blocks[1]), - signatureValue: _readSignatureValue(certificate, blocks[2]), + signatureAlgorithm: readAlgorithmIdentifier(certificate, blocks[1]), + signatureValue: readSignatureValue(certificate, blocks[2]), }; } return (certificate as any)._exploreCertificate_cache; diff --git a/packages/node-opcua-crypto/source/explore_asn1.ts b/packages/node-opcua-crypto/source/explore_asn1.ts index 4319fd9..217b6fd 100644 --- a/packages/node-opcua-crypto/source/explore_asn1.ts +++ b/packages/node-opcua-crypto/source/explore_asn1.ts @@ -1,4 +1,4 @@ -import { BlockInfo, readTag, _readStruct, TagType } from "./asn1"; +import { BlockInfo, readTag, readStruct, TagType } from "./asn1"; import { hexDump } from "./crypto_utils"; function t(tag: number) { @@ -23,7 +23,7 @@ export function exploreAsn1(buffer: Buffer) { function dumpBlock(blockInfo: BlockInfo, depth: number) { console.log(bi(blockInfo, depth)); if (blockInfo.tag === TagType.SEQUENCE || blockInfo.tag === TagType.SET || blockInfo.tag >= TagType.CONTEXT_SPECIFIC0) { - const blocks = _readStruct(buffer, blockInfo); + const blocks = readStruct(buffer, blockInfo); for (const block of blocks) { dumpBlock(block, depth +1); } diff --git a/packages/node-opcua-crypto/source/explore_certificate_revocation_list.ts b/packages/node-opcua-crypto/source/explore_certificate_revocation_list.ts index 8f74141..019a18a 100644 --- a/packages/node-opcua-crypto/source/explore_certificate_revocation_list.ts +++ b/packages/node-opcua-crypto/source/explore_certificate_revocation_list.ts @@ -22,13 +22,13 @@ // --------------------------------------------------------------------------------------------------------------------- import { - _readStruct, + readStruct, readTag, _readBitString, AlgorithmIdentifier, - _readAlgorithmIdentifier, - _readSignatureValue, - _readSignatureValueBin, + readAlgorithmIdentifier, + readSignatureValue, + readSignatureValueBin, BlockInfo, _readObjectIdentifier, DirectoryName, @@ -75,13 +75,13 @@ export function readNameForCrl(buffer: Buffer, block: BlockInfo): DirectoryName } function _readTbsCertList(buffer: Buffer, blockInfo: BlockInfo): TBSCertList { - const blocks = _readStruct(buffer, blockInfo); + const blocks = readStruct(buffer, blockInfo); const hasOptionalVersion = blocks[0].tag === TagType.INTEGER; if (hasOptionalVersion) { const version = _readIntegerValue(buffer, blocks[0]); - const signature = _readAlgorithmIdentifier(buffer, blocks[1]); + const signature = readAlgorithmIdentifier(buffer, blocks[1]); const issuer = readNameForCrl(buffer, blocks[2]); const issuerFingerprint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(_getBlock(buffer, blocks[2]))); @@ -91,10 +91,10 @@ function _readTbsCertList(buffer: Buffer, blockInfo: BlockInfo): TBSCertList { const revokedCertificates: RevokedCertificate[] = []; if (blocks[5] && blocks[5].tag < 0x80) { - const list = _readStruct(buffer, blocks[5]); + const list = readStruct(buffer, blocks[5]); for (const r of list) { // sometime blocks[5] doesn't exits .. in this case - const rr = _readStruct(buffer, r); + const rr = readStruct(buffer, r); const userCertificate = formatBuffer2DigitHexWithColum(_readLongIntegerValue(buffer, rr[0])); const revocationDate = _readTime(buffer, rr[1]); revokedCertificates.push({ @@ -107,7 +107,7 @@ function _readTbsCertList(buffer: Buffer, blockInfo: BlockInfo): TBSCertList { const ext0 = _findBlockAtIndex(blocks, 0); return { issuer, issuerFingerprint, thisUpdate, nextUpdate, signature, revokedCertificates } as TBSCertList; } else { - const signature = _readAlgorithmIdentifier(buffer, blocks[0]); + const signature = readAlgorithmIdentifier(buffer, blocks[0]); const issuer = readNameForCrl(buffer, blocks[1]); const issuerFingerprint = formatBuffer2DigitHexWithColum(makeSHA1Thumbprint(_getBlock(buffer, blocks[1]))); @@ -117,10 +117,10 @@ function _readTbsCertList(buffer: Buffer, blockInfo: BlockInfo): TBSCertList { const revokedCertificates: RevokedCertificate[] = []; if (blocks[4] && blocks[4].tag < 0x80) { - const list = _readStruct(buffer, blocks[4]); + const list = readStruct(buffer, blocks[4]); for (const r of list) { // sometime blocks[5] doesn't exits .. in this case - const rr = _readStruct(buffer, r); + const rr = readStruct(buffer, r); const userCertificate = formatBuffer2DigitHexWithColum(_readLongIntegerValue(buffer, rr[0])); const revocationDate = _readTime(buffer, rr[1]); revokedCertificates.push({ @@ -136,9 +136,9 @@ function _readTbsCertList(buffer: Buffer, blockInfo: BlockInfo): TBSCertList { export function exploreCertificateRevocationList(crl: CertificateRevocationList): CertificateRevocationListInfo { const blockInfo = readTag(crl, 0); - const blocks = _readStruct(crl, blockInfo); + const blocks = readStruct(crl, blockInfo); const tbsCertList = _readTbsCertList(crl, blocks[0]); - const signatureAlgorithm = _readAlgorithmIdentifier(crl, blocks[1]); - const signatureValue = _readSignatureValueBin(crl, blocks[2]); + const signatureAlgorithm = readAlgorithmIdentifier(crl, blocks[1]); + const signatureValue = readSignatureValueBin(crl, blocks[2]); return { tbsCertList, signatureAlgorithm, signatureValue }; } diff --git a/packages/node-opcua-crypto/source/explore_certificate_signing_request.ts b/packages/node-opcua-crypto/source/explore_certificate_signing_request.ts index 1f17ce4..3797694 100644 --- a/packages/node-opcua-crypto/source/explore_certificate_signing_request.ts +++ b/packages/node-opcua-crypto/source/explore_certificate_signing_request.ts @@ -21,7 +21,7 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. // --------------------------------------------------------------------------------------------------------------------- -import { BlockInfo, readTag, _findBlockAtIndex, _getBlock, _readObjectIdentifier, _readStruct, _readVersionValue } from "./asn1.js"; +import { BlockInfo, readTag, _findBlockAtIndex, _getBlock, _readObjectIdentifier, readStruct, _readVersionValue } from "./asn1.js"; import { BasicConstraints, X509KeyUsage, _readExtension } from "./crypto_explore_certificate.js"; @@ -37,7 +37,7 @@ export interface CertificateSigningRequestInfo { function _readExtensionRequest(buffer: Buffer): ExtensionRequest { const block = readTag(buffer, 0); - const inner_blocks = _readStruct(buffer, block); + const inner_blocks = readStruct(buffer, block); const extensions = inner_blocks.map((block1) => _readExtension(buffer, block1)); const result: any = {}; @@ -49,14 +49,14 @@ function _readExtensionRequest(buffer: Buffer): ExtensionRequest { } export function readCertificationRequestInfo(buffer: Buffer, block: BlockInfo): CertificateSigningRequestInfo { - const blocks = _readStruct(buffer, block); + const blocks = readStruct(buffer, block); if (blocks.length === 4) { const extensionRequestBlock = _findBlockAtIndex(blocks, 0); if (!extensionRequestBlock) { throw new Error("cannot find extensionRequest block"); } - const blocks1 = _readStruct(buffer, extensionRequestBlock); - const blocks2 = _readStruct(buffer, blocks1[0]); + const blocks1 = readStruct(buffer, extensionRequestBlock); + const blocks2 = readStruct(buffer, blocks1[0]); const identifier = _readObjectIdentifier(buffer, blocks2[0]); if (identifier.name !== "extensionRequest") { throw new Error(" Cannot find extension Request in ASN1 block"); @@ -74,7 +74,7 @@ export function readCertificationRequestInfo(buffer: Buffer, block: BlockInfo): export function exploreCertificateSigningRequest(crl: Buffer): CertificateSigningRequestInfo { const blockInfo = readTag(crl, 0); - const blocks = _readStruct(crl, blockInfo); + const blocks = readStruct(crl, blockInfo); const csrInfo = readCertificationRequestInfo(crl, blocks[0]); return csrInfo; } diff --git a/packages/node-opcua-crypto/source/explore_private_key.ts b/packages/node-opcua-crypto/source/explore_private_key.ts index 60d93aa..e93f1b7 100644 --- a/packages/node-opcua-crypto/source/explore_private_key.ts +++ b/packages/node-opcua-crypto/source/explore_private_key.ts @@ -21,7 +21,7 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. // --------------------------------------------------------------------------------------------------------------------- -import { BlockInfo, readTag, TagType, _readIntegerAsByteString, _readStruct } from "./asn1.js"; +import { BlockInfo, readTag, TagType, _readIntegerAsByteString, readStruct } from "./asn1.js"; import { PrivateKey } from "./common.js"; import { convertPEMtoDER } from "./crypto_utils.js"; @@ -63,7 +63,7 @@ export function explorePrivateKey(privateKey2: PrivateKey): PrivateKeyInternals typeof privateKey1 === "string" ? convertPEMtoDER(privateKey1) : privateKey1.export({ format: "der", type: "pkcs1" }); const block_info = readTag(privateKey, 0); - const blocks = _readStruct(privateKey, block_info); + const blocks = readStruct(privateKey, block_info); if (blocks.length === 9) { // alice_rsa @@ -107,7 +107,7 @@ export function explorePrivateKey(privateKey2: PrivateKey): PrivateKeyInternals const b = blocks[2]; const bb = privateKey.subarray(b.position, b.position + b.length); const block_info1 = readTag(bb, 0); - const blocks1 = _readStruct(bb, block_info1); + const blocks1 = readStruct(bb, block_info1); /* istanbul ignore next */ if (doDebug) { diff --git a/packages/node-opcua-crypto/source/index.ts b/packages/node-opcua-crypto/source/index.ts index db6c6ab..4d7ec49 100644 --- a/packages/node-opcua-crypto/source/index.ts +++ b/packages/node-opcua-crypto/source/index.ts @@ -24,22 +24,6 @@ /** * @module node_opcua_crypto */ -export * from "./common.js"; -export * from "./derived_keys.js"; -export * from "./explore_certificate.js"; -export * from "./crypto_utils.js"; -export * from "./crypto_utils2.js"; -export * from "./crypto_explore_certificate.js"; -export * from "./verify_certificate_signature.js"; -export * from "./explore_certificate_revocation_list.js"; -export * from "./explore_certificate_signing_request.js"; -export * from "./explore_private_key.js"; -export { publicKeyAndPrivateKeyMatches, certificateMatchesPrivateKey } from "./public_private_match.js"; -export * from "./x509/create_key_pair.js"; -export * from "./x509/create_certificate_signing_request.js"; -export * from "./x509/create_self_signed_certificate.js"; -export * from "./x509/coerce_private_key.js"; -export * from "./subject.js"; -export * from "./asn1.js"; -export * from "./explore_asn1.js"; -export * from "./make_private_key_from_pem.js"; +export * from "./index_web.js"; +import { readTag, readStruct, readAlgorithmIdentifier, readSignatureValueBin } from "./asn1.js"; +export const asn1 = { readTag, readStruct, readAlgorithmIdentifier, readSignatureValueBin }; \ No newline at end of file diff --git a/packages/node-opcua-crypto/source/index_web.ts b/packages/node-opcua-crypto/source/index_web.ts index e88b97f..01503b6 100644 --- a/packages/node-opcua-crypto/source/index_web.ts +++ b/packages/node-opcua-crypto/source/index_web.ts @@ -24,21 +24,24 @@ /** * @module node_opcua_crypto */ +export { publicKeyAndPrivateKeyMatches, certificateMatchesPrivateKey } from "./public_private_match.js"; +//xx export * from "./asn1.js"; export * from "./common.js"; -export * from "./derived_keys.js"; -export * from "./explore_certificate.js"; +export * from "./crypto_explore_certificate.js"; export * from "./crypto_utils.js"; export * from "./crypto_utils2.js"; -export * from "./crypto_explore_certificate.js"; -export * from "./verify_certificate_signature.js"; +export * from "./derived_keys.js"; +export * from "./explore_asn1.js"; export * from "./explore_certificate_revocation_list.js"; export * from "./explore_certificate_signing_request.js"; +export * from "./explore_certificate.js"; +export * from "./explore_certificate.js"; export * from "./explore_private_key.js"; -export { publicKeyAndPrivateKeyMatches, certificateMatchesPrivateKey } from "./public_private_match.js"; -export * from "./x509/create_key_pair.js"; +export * from "./make_private_key_from_pem.js"; +export * from "./make_private_key_thumbprint.js"; +export * from "./subject.js"; +export * from "./verify_certificate_signature.js"; +export * from "./x509/coerce_private_key.js"; export * from "./x509/create_certificate_signing_request.js"; +export * from "./x509/create_key_pair.js"; export * from "./x509/create_self_signed_certificate.js"; -export * from "./x509/coerce_private_key.js"; -export * from "./subject.js"; -export * from "./asn1.js"; -export * from "./make_private_key_from_pem.js"; diff --git a/packages/node-opcua-crypto/source/make_private_key_thumbprint.ts b/packages/node-opcua-crypto/source/make_private_key_thumbprint.ts new file mode 100644 index 0000000..b15d6c8 --- /dev/null +++ b/packages/node-opcua-crypto/source/make_private_key_thumbprint.ts @@ -0,0 +1,11 @@ +import { PrivateKey } from "./common.js"; +export function makePrivateKeyThumbPrint(privateKey: PrivateKey): Buffer { + // // .export({ format: "der", type: "pkcs1" }); + // if (typeof privateKey === "string") { + // + // } else { + // return makeSHA1Thumbprint(privateKey.hidden); + // } + // to do + return Buffer.alloc(0); +} diff --git a/packages/node-opcua-crypto/source/verify_certificate_signature.ts b/packages/node-opcua-crypto/source/verify_certificate_signature.ts index d483218..5903332 100644 --- a/packages/node-opcua-crypto/source/verify_certificate_signature.ts +++ b/packages/node-opcua-crypto/source/verify_certificate_signature.ts @@ -33,16 +33,16 @@ import { createVerify } from "crypto"; import { Certificate } from "./common.js"; import { split_der, exploreCertificate } from "./crypto_explore_certificate.js"; import { toPem } from "./crypto_utils.js"; -import { _readAlgorithmIdentifier, _readSignatureValueBin, TagType, readTag, _readStruct, _getBlock } from "./asn1.js"; +import { readAlgorithmIdentifier, readSignatureValueBin, TagType, readTag, readStruct, _getBlock } from "./asn1.js"; export function verifyCertificateOrClrSignature(certificateOrCrl: Buffer, parentCertificate: Certificate): boolean { const block_info = readTag(certificateOrCrl, 0); - const blocks = _readStruct(certificateOrCrl, block_info); + const blocks = readStruct(certificateOrCrl, block_info); const bufferToBeSigned = certificateOrCrl.subarray(block_info.position, blocks[1].position - 2); //xx console.log("bufferToBeSigned = ", bufferToBeSigned.length, bufferToBeSigned.toString("hex").substr(0, 50), bufferToBeSigned.toString("hex").substr(-10)); - const signatureAlgorithm = _readAlgorithmIdentifier(certificateOrCrl, blocks[1]); - const signatureValue = _readSignatureValueBin(certificateOrCrl, blocks[2]); + const signatureAlgorithm = readAlgorithmIdentifier(certificateOrCrl, blocks[1]); + const signatureValue = readSignatureValueBin(certificateOrCrl, blocks[2]); const p = split_der(parentCertificate)[0]; //xx const publicKey = extractPublicKeyFromCertificateSync(p); diff --git a/packages/node-opcua-crypto/source_nodejs/generate_private_key_filename.ts b/packages/node-opcua-crypto/source_nodejs/generate_private_key_filename.ts index 07f6e5f..f188f70 100644 --- a/packages/node-opcua-crypto/source_nodejs/generate_private_key_filename.ts +++ b/packages/node-opcua-crypto/source_nodejs/generate_private_key_filename.ts @@ -21,7 +21,7 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. // --------------------------------------------------------------------------------------------------------------------- -import fs from "fs"; +import fs from "node:fs"; import { generateKeyPair, privateKeyToPEM } from "../source/index.js"; import jsrsasign from "jsrsasign"; export async function generatePrivateKeyFile(privateKeyFilename: string, modulusLength: 1024 | 2048 | 3072 | 4096) { diff --git a/packages/node-opcua-crypto/source_nodejs/read.ts b/packages/node-opcua-crypto/source_nodejs/read.ts index 095313e..b8e247e 100644 --- a/packages/node-opcua-crypto/source_nodejs/read.ts +++ b/packages/node-opcua-crypto/source_nodejs/read.ts @@ -22,13 +22,12 @@ // --------------------------------------------------------------------------------------------------------------------- import assert from "assert"; -import fs from "fs"; -import path from "path"; +import fs from "node:fs"; +import path from "node:path"; import { createPrivateKey, createPublicKey } from "crypto"; import { Certificate, CertificatePEM, DER, PEM, PublicKey, PublicKeyPEM, PrivateKeyPEM, PrivateKey } from "../source/common.js"; import { convertPEMtoDER, identifyPemType, removeTrailingLF, toPem } from "../source/crypto_utils.js"; import sshpk from "sshpk"; -import { fileURLToPath } from "url"; function _readPemFile(filename: string): PEM { assert(typeof filename === "string"); @@ -83,16 +82,6 @@ function myCreatePrivateKey(rawKey: string | Buffer): PrivateKey { return { hidden: retValue }; } -export function makePrivateKeyThumbPrint(privateKey: PrivateKey): Buffer { - // // .export({ format: "der", type: "pkcs1" }); - // if (typeof privateKey === "string") { - // - // } else { - // return makeSHA1Thumbprint(privateKey.hidden); - // } - // to do - return Buffer.alloc(0); -} function ensureTrailingLF(str: string): string { return str.match(/\n$/) ? str : str + "\n"; diff --git a/packages/node-opcua-crypto/source_nodejs/read_certificate_revocation_list.ts b/packages/node-opcua-crypto/source_nodejs/read_certificate_revocation_list.ts index 04ae62a..cbfa261 100644 --- a/packages/node-opcua-crypto/source_nodejs/read_certificate_revocation_list.ts +++ b/packages/node-opcua-crypto/source_nodejs/read_certificate_revocation_list.ts @@ -21,13 +21,12 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. // --------------------------------------------------------------------------------------------------------------------- -import fs from "fs"; -import { promisify } from "util"; +import fs from "node:fs"; import { convertPEMtoDER } from "../source/crypto_utils.js"; import { CertificateRevocationList } from "../source/common.js"; export async function readCertificateRevocationList(filename: string): Promise { - const crl = await promisify(fs.readFile)(filename); + const crl = await fs.promises.readFile(filename); if (crl[0] === 0x30 && crl[1] === 0x82) { // der format return crl as CertificateRevocationList; diff --git a/packages/node-opcua-crypto/source_nodejs/read_certificate_signing_request.ts b/packages/node-opcua-crypto/source_nodejs/read_certificate_signing_request.ts index 76b7679..8c0f950 100644 --- a/packages/node-opcua-crypto/source_nodejs/read_certificate_signing_request.ts +++ b/packages/node-opcua-crypto/source_nodejs/read_certificate_signing_request.ts @@ -21,15 +21,14 @@ // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. // --------------------------------------------------------------------------------------------------------------------- -import fs from "fs"; -import { promisify } from "util"; +import fs from "node:fs"; import { convertPEMtoDER } from "../source/crypto_utils.js"; import { CertificateRevocationList } from "../source/common.js"; export type CertificateSigningRequest = Buffer; export async function readCertificateSigningRequest(filename: string): Promise { - const csr = await promisify(fs.readFile)(filename); + const csr = await fs.promises.readFile(filename); if (csr[0] === 0x30 && csr[1] === 0x82) { // der format return csr as CertificateRevocationList; diff --git a/packages/node-opcua-crypto/tsconfig.json b/packages/node-opcua-crypto/tsconfig.json index 84553a1..ebe955c 100644 --- a/packages/node-opcua-crypto/tsconfig.json +++ b/packages/node-opcua-crypto/tsconfig.json @@ -1,5 +1,5 @@ { "extends": "./tsconfig.common.json", - "include": ["index.ts", "src/**/*.ts"], + "include": [ "index.ts", "source/index.ts", "source_nodejs/index.ts"], } \ No newline at end of file diff --git a/packages/node-opcua-crypto/web.d.ts b/packages/node-opcua-crypto/web.d.ts deleted file mode 100644 index 76efd81..0000000 --- a/packages/node-opcua-crypto/web.d.ts +++ /dev/null @@ -1 +0,0 @@ -export * from "./source/index.js" \ No newline at end of file diff --git a/packages/node-opcua-crypto/web.mjs b/packages/node-opcua-crypto/web.mjs deleted file mode 100644 index a6fa02c..0000000 --- a/packages/node-opcua-crypto/web.mjs +++ /dev/null @@ -1 +0,0 @@ -export * from "./source/index.mjs" \ No newline at end of file