privateDecrypt.js 2.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105
  1. var parseKeys = require('parse-asn1')
  2. var mgf = require('./mgf')
  3. var xor = require('./xor')
  4. var BN = require('bn.js')
  5. var crt = require('browserify-rsa')
  6. var createHash = require('create-hash')
  7. var withPublic = require('./withPublic')
  8. var Buffer = require('safe-buffer').Buffer
  9. module.exports = function privateDecrypt (privateKey, enc, reverse) {
  10. var padding
  11. if (privateKey.padding) {
  12. padding = privateKey.padding
  13. } else if (reverse) {
  14. padding = 1
  15. } else {
  16. padding = 4
  17. }
  18. var key = parseKeys(privateKey)
  19. var k = key.modulus.byteLength()
  20. if (enc.length > k || new BN(enc).cmp(key.modulus) >= 0) {
  21. throw new Error('decryption error')
  22. }
  23. var msg
  24. if (reverse) {
  25. msg = withPublic(new BN(enc), key)
  26. } else {
  27. msg = crt(enc, key)
  28. }
  29. var zBuffer = Buffer.alloc(k - msg.length)
  30. msg = Buffer.concat([zBuffer, msg], k)
  31. if (padding === 4) {
  32. return oaep(key, msg)
  33. } else if (padding === 1) {
  34. return pkcs1(key, msg, reverse)
  35. } else if (padding === 3) {
  36. return msg
  37. } else {
  38. throw new Error('unknown padding')
  39. }
  40. }
  41. function oaep (key, msg) {
  42. var k = key.modulus.byteLength()
  43. var iHash = createHash('sha1').update(Buffer.alloc(0)).digest()
  44. var hLen = iHash.length
  45. if (msg[0] !== 0) {
  46. throw new Error('decryption error')
  47. }
  48. var maskedSeed = msg.slice(1, hLen + 1)
  49. var maskedDb = msg.slice(hLen + 1)
  50. var seed = xor(maskedSeed, mgf(maskedDb, hLen))
  51. var db = xor(maskedDb, mgf(seed, k - hLen - 1))
  52. if (compare(iHash, db.slice(0, hLen))) {
  53. throw new Error('decryption error')
  54. }
  55. var i = hLen
  56. while (db[i] === 0) {
  57. i++
  58. }
  59. if (db[i++] !== 1) {
  60. throw new Error('decryption error')
  61. }
  62. return db.slice(i)
  63. }
  64. function pkcs1 (key, msg, reverse) {
  65. var p1 = msg.slice(0, 2)
  66. var i = 2
  67. var status = 0
  68. while (msg[i++] !== 0) {
  69. if (i >= msg.length) {
  70. status++
  71. break
  72. }
  73. }
  74. var ps = msg.slice(2, i - 1)
  75. if ((p1.toString('hex') !== '0002' && !reverse) || (p1.toString('hex') !== '0001' && reverse)) {
  76. status++
  77. }
  78. if (ps.length < 8) {
  79. status++
  80. }
  81. if (status) {
  82. throw new Error('decryption error')
  83. }
  84. return msg.slice(i)
  85. }
  86. function compare (a, b) {
  87. a = Buffer.from(a)
  88. b = Buffer.from(b)
  89. var dif = 0
  90. var len = a.length
  91. if (a.length !== b.length) {
  92. dif++
  93. len = Math.min(a.length, b.length)
  94. }
  95. var i = -1
  96. while (++i < len) {
  97. dif += (a[i] ^ b[i])
  98. }
  99. return dif
  100. }