Эхлэл Бүгдийг харах Тусламж
Нэвтрэх
andrea
/
karmen
1
0
Салаа 0
Файлууд Асуудлууд 0 Хуулах хүсэлтүүд 0 Мэдлэгийн сан
Мод: ad5c5c1151
Салаанууд Тагууд
karmen
/
node_modules
/
browserify-sign
/
browser
/
verify.js

verify.js 2.3 KB
Түүх Анхны өгөгдөл

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283 
  1. // much of this based on https://github.com/indutny/self-signed/blob/gh-pages/lib/rsa.js
    2. 

  2. var BN = require('bn.js')
    3. 

  3. var EC = require('elliptic').ec
    4. 

  4. var parseKeys = require('parse-asn1')
    5. 

  5. var curves = require('./curves.json')
    6. 

  6. 

  7. function verify (sig, hash, key, signType, tag) {
    8. 

  8.   var pub = parseKeys(key)
    9. 

  9.   if (pub.type === 'ec') {
    10. 

  10.     // rsa keys can be interpreted as ecdsa ones in openssl
    11. 

  11.     if (signType !== 'ecdsa' && signType !== 'ecdsa/rsa') throw new Error('wrong public key type')
    12. 

  12.     return ecVerify(sig, hash, pub)
    13. 

  13.   } else if (pub.type === 'dsa') {
    14. 

  14.     if (signType !== 'dsa') throw new Error('wrong public key type')
    15. 

  15.     return dsaVerify(sig, hash, pub)
    16. 

  16.   } else {
    17. 

  17.     if (signType !== 'rsa' && signType !== 'ecdsa/rsa') throw new Error('wrong public key type')
    18. 

  18.   }
    19. 

  19.   hash = Buffer.concat([tag, hash])
    20. 

  20.   var len = pub.modulus.byteLength()
    21. 

  21.   var pad = [ 1 ]
    22. 

  22.   var padNum = 0
    23. 

  23.   while (hash.length + pad.length + 2 < len) {
    24. 

  24.     pad.push(0xff)
    25. 

  25.     padNum++
    26. 

  26.   }
    27. 

  27.   pad.push(0x00)
    28. 

  28.   var i = -1
    29. 

  29.   while (++i < hash.length) {
    30. 

  30.     pad.push(hash[i])
    31. 

  31.   }
    32. 

  32.   pad = new Buffer(pad)
    33. 

  33.   var red = BN.mont(pub.modulus)
    34. 

  34.   sig = new BN(sig).toRed(red)
    35. 

  35. 

  36.   sig = sig.redPow(new BN(pub.publicExponent))
    37. 

  37.   sig = new Buffer(sig.fromRed().toArray())
    38. 

  38.   var out = padNum < 8 ? 1 : 0
    39. 

  39.   len = Math.min(sig.length, pad.length)
    40. 

  40.   if (sig.length !== pad.length) out = 1
    41. 

  41. 

  42.   i = -1
    43. 

  43.   while (++i < len) out |= sig[i] ^ pad[i]
    44. 

  44.   return out === 0
    45. 

  45. }
    46. 

  46. 

  47. function ecVerify (sig, hash, pub) {
    48. 

  48.   var curveId = curves[pub.data.algorithm.curve.join('.')]
    49. 

  49.   if (!curveId) throw new Error('unknown curve ' + pub.data.algorithm.curve.join('.'))
    50. 

  50. 

  51.   var curve = new EC(curveId)
    52. 

  52.   var pubkey = pub.data.subjectPrivateKey.data
    53. 

  53. 

  54.   return curve.verify(hash, sig, pubkey)
    55. 

  55. }
    56. 

  56. 

  57. function dsaVerify (sig, hash, pub) {
    58. 

  58.   var p = pub.data.p
    59. 

  59.   var q = pub.data.q
    60. 

  60.   var g = pub.data.g
    61. 

  61.   var y = pub.data.pub_key
    62. 

  62.   var unpacked = parseKeys.signature.decode(sig, 'der')
    63. 

  63.   var s = unpacked.s
    64. 

  64.   var r = unpacked.r
    65. 

  65.   checkValue(s, q)
    66. 

  66.   checkValue(r, q)
    67. 

  67.   var montp = BN.mont(p)
    68. 

  68.   var w = s.invm(q)
    69. 

  69.   var v = g.toRed(montp)
    70. 

  70.     .redPow(new BN(hash).mul(w).mod(q))
    71. 

  71.     .fromRed()
    72. 

  72.     .mul(y.toRed(montp).redPow(r.mul(w).mod(q)).fromRed())
    73. 

  73.     .mod(p)
    74. 

  74.     .mod(q)
    75. 

  75.   return v.cmp(r) === 0
    76. 

  76. }
    77. 

  77. 

  78. function checkValue (b, q) {
    79. 

  79.   if (b.cmpn(0) <= 0) throw new Error('invalid sig')
    80. 

  80.   if (b.cmp(q) >= q) throw new Error('invalid sig')
    81. 

  81. }
    82. 

  82. 

  83. module.exports = verify
    84.