types/rsa-sha256.js

  1. 'use strict'
  3. /**
  4.  * @module types
  5.  */
  7. const Rsa = require('../crypto/rsa')
  8. const pem = require('../util/pem')
  9. const BaseSha256 = require('./base-sha256')
  10. const MissingDataError = require('../errors/missing-data-error')
  11. const ValidationError = require('../errors/validation-error')
  12. const Asn1RsaFingerprintContents = require('../schemas/fingerprint').RsaFingerprintContents
  14. // Instantiate RSA signer with standard settings
  15. const rsa = new Rsa()
  17. /**
  18.  * RSA-SHA-256: RSA signature condition using SHA-256.
  19.  *
  20.  * This RSA condition uses RSA-PSS padding with SHA-256. The salt length is set
  21.  * equal the digest length of 32 bytes.
  22.  *
  23.  * The public exponent is fixed at 65537 and the public modulus must be between
  24.  * 128 (1017 bits) and 512 bytes (4096 bits) long.
  25.  *
  26.  * RSA-SHA-256 is assigned the type ID 3. It relies on the SHA-256 and RSA-PSS
  27.  * feature suites which corresponds to a feature bitmask of 0x11.
  28.  */
  29. class RsaSha256 extends BaseSha256 {
  30.   constructor () {
  31.     super()
  32.     this.modulus = null
  33.     this.signature = null
  34.   }
  36.   parseJson (json) {
  37.     this.modulus = Buffer.from(json.modulus, 'base64')
  38.     this.signature = Buffer.from(json.signature, 'base64')
  39.   }
  41.   /**
  42.    * Produce the contents of the condition hash.
  43.    *
  44.    * This function is called internally by the `getCondition` method.
  45.    *
  46.    * @return {Buffer} Encoded contents of fingerprint hash.
  47.    *
  48.    * @private
  49.    */
  50.   getFingerprintContents () {
  51.     if (!this.modulus) {
  52.       throw new MissingDataError('Requires modulus')
  53.     }
  55.     return Asn1RsaFingerprintContents.encode({
  56.       modulus: this.modulus
  57.     })
  58.   }
  60.   getAsn1JsonPayload () {
  61.     return {
  62.       modulus: this.modulus,
  63.       signature: this.signature
  64.     }
  65.   }
  67.   /**
  68.    * Set the public modulus.
  69.    *
  70.    * This is the modulus of the RSA public key. It has to be provided as a raw
  71.    * buffer with no leading zeros.
  72.    *
  73.    * @param {Buffer} modulus Public RSA modulus
  74.    */
  75.   setPublicModulus (modulus) {
  76.     if (!Buffer.isBuffer(modulus)) {
  77.       throw new TypeError('Modulus must be a buffer, was: ' + modulus)
  78.     }
  80.     if (modulus[0] === 0) {
  81.       throw new Error('Modulus may not contain leading zeros')
  82.     }
  84.     if (modulus.length > 512 || modulus.length < 128) {
  85.       throw new Error('Modulus must be between 128 bytes (1017 bits) and ' +
  86.         '512 bytes (4096 bits), was: ' + modulus.length + ' bytes')
  87.     }
  89.     this.modulus = modulus
  90.   }
  92.   /**
  93.    * Set the signature manually.
  94.    *
  95.    * The signature must be a valid RSA-PSS siganture.
  96.    *
  97.    * @param {Buffer} signature RSA signature.
  98.    */
  99.   setSignature (signature) {
  100.     if (!Buffer.isBuffer(signature)) {
  101.       throw new TypeError('Signature must be a buffer, was: ' + signature)
  102.     }
  104.     this.signature = signature
  105.   }
  107.   /**
  108.    * Sign the message.
  109.    *
  110.    * This method will take the provided message and create a signature using the
  111.    * provided RSA private key. The resulting signature is stored in the
  112.    * fulfillment.
  113.    *
  114.    * The key should be provided as a PEM encoded private key string.
  115.    *
  116.    * The message is padded using RSA-PSS with SHA256.
  117.    *
  118.    * @param {Buffer} message Message to sign.
  119.    * @param {String} privateKey RSA private key
  120.    */
  121.   sign (message, privateKey) {
  122.     if (!this.modulus) {
  123.       this.setPublicModulus(pem.modulusFromPrivateKey(privateKey))
  124.     }
  125.     this.signature = rsa.sign(privateKey, message)
  126.   }
  128.   /**
  129.    * Calculate the cost of fulfilling this condition.
  130.    *
  131.    * The cost of the RSA condition is the size of the modulus squared, divided
  132.    * by 64.
  133.    *
  134.    * @return {Number} Expected maximum cost to fulfill this condition
  135.    * @private
  136.    */
  137.   calculateCost () {
  138.     if (!this.modulus) {
  139.       throw new MissingDataError('Requires a public modulus')
  140.     }
  142.     return Math.pow(rsa.getModulusBitLength(this.modulus), 2) >>> RsaSha256.COST_RIGHT_SHIFT
  143.   }
  145.   /**
  146.    * Verify the signature of this RSA fulfillment.
  147.    *
  148.    * The signature of this RSA fulfillment is verified against the provided
  149.    * message and the condition's public modulus.
  150.    *
  151.    * @param {Buffer} message Message to verify.
  152.    * @return {Boolean} Whether this fulfillment is valid.
  153.    */
  154.   validate (message) {
  155.     if (!Buffer.isBuffer(message)) {
  156.       throw new Error('Message must be provided as a Buffer, was: ' + message)
  157.     }
  159.     const pssResult = rsa.verify(this.modulus, message, this.signature)
  161.     if (!pssResult) {
  162.       throw new ValidationError('Invalid RSA signature')
  163.     }
  165.     return true
  166.   }
  167. }
  169. RsaSha256.TYPE_ID = 3
  170. RsaSha256.TYPE_NAME = 'rsa-sha-256'
  171. RsaSha256.TYPE_ASN1_CONDITION = 'rsaSha256Condition'
  172. RsaSha256.TYPE_ASN1_FULFILLMENT = 'rsaSha256Fulfillment'
  173. RsaSha256.TYPE_CATEGORY = 'simple'
  175. RsaSha256.COST_RIGHT_SHIFT = 6 // 2^6 = 64
  177. module.exports = RsaSha256