Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code

Unified Diff: lib/rsa.js

Issue 9001046: Fixed wrongly rejected RSA signatures (Closed)
Patch Set: Created Dec. 11, 2012, 4:36 p.m.
Use n/p to move between diff chunks; N/P to move between comments.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | qunit/tests/signatures.js » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: lib/rsa.js
===================================================================
--- a/lib/rsa.js
+++ b/lib/rsa.js
@@ -9,183 +9,185 @@
* Adblock Plus is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Adblock Plus. If not, see <http://www.gnu.org/licenses/>.
*/
-
-
-/**
- * This is a specialized RSA library meant only to verify SHA1-based signatures.
- * It requires jsbn.js and sha1.js to work.
- */
-
-(function(globalObj)
-{
- // Define ASN.1 templates for the data structures used
- function seq()
- {
- return {type: 0x30, children: Array.prototype.slice.call(arguments)};
- }
- function obj(id)
- {
- return {type: 0x06, content: id};
- }
- function bitStr(contents)
- {
- return {type: 0x03, encapsulates: contents};
- }
- function intResult(id)
- {
- return {type: 0x02, out: id};
- }
- function octetResult(id)
- {
- return {type: 0x04, out: id};
- }
-
- // See http://www.cryptopp.com/wiki/Keys_and_Formats#RSA_PublicKey
- // 2A 86 48 86 F7 0D 01 01 01 means 1.2.840.113549.1.1.1
- var publicKeyTemplate = seq(seq(obj("\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01"), {}), bitStr(seq(intResult("n"), intResult("e"))));
-
- // See http://tools.ietf.org/html/rfc3447#section-9.2 step 2
- // 2B 0E 03 02 1A means 1.3.14.3.2.26
- var signatureTemplate = seq(seq(obj("\x2B\x0E\x03\x02\x1A"), {}), octetResult("sha1"));
-
- /**
- * Reads ASN.1 data matching the template passed in. This will throw an
- * exception if the data format doesn't match the template. On success an
- * object containing result properties is returned.
- *
- * See http://luca.ntop.org/Teaching/Appunti/asn1.html for info on the format.
- */
- function readASN1(data, templ)
- {
- var pos = 0;
- function next()
- {
- return data.charCodeAt(pos++);
- }
-
- function readLength()
- {
- var len = next();
- if (len & 0x80)
- {
- var cnt = len & 0x7F;
- if (cnt > 2 || cnt == 0)
- throw "Unsupported length";
-
- len = 0;
- for (var i = 0; i < cnt; i++)
- len += next() << (cnt - 1 - i) * 8;
- return len;
- }
- else
- return len;
- }
-
- function readNode(curTempl)
- {
- var type = next();
- var len = readLength();
- if ("type" in curTempl && curTempl.type != type)
- throw "Unexpected type";
- if ("content" in curTempl && curTempl.content != data.substr(pos, len))
- throw "Unexpected content";
- if ("out" in curTempl)
- out[curTempl.out] = new BigInteger(data.substr(pos, len), 256);
- if ("children" in curTempl)
- {
- var i, end;
- for (i = 0, end = pos + len; pos < end; i++)
- {
- if (i >= curTempl.children.length)
- throw "Too many children";
- readNode(curTempl.children[i]);
- }
- if (i < curTempl.children.length)
- throw "Too few children";
- if (pos > end)
- throw "Children too large";
- }
- else if ("encapsulates" in curTempl)
- {
- if (next() != 0)
- throw "Encapsulation expected";
- readNode(curTempl.encapsulates);
- }
- else
- pos += len;
- }
-
- var out = {};
- readNode(templ);
- if (pos != data.length)
- throw "Too much data";
- return out;
- }
-
- /**
- * Reads a BER-encoded RSA public key. On success returns an object with the
- * properties n and e (the components of the key), otherwise null.
- */
- function readPublicKey(key)
- {
- try
- {
- return readASN1(atob(key), publicKeyTemplate);
- }
- catch (e)
- {
- console.log("Invalid RSA public key: " + e);
- return null;
- }
- }
-
- /**
- * Checks whether the signature is valid for the given public key and data.
- */
- function verifySignature(key, signature, data)
- {
- var keyData = readPublicKey(key);
- if (!keyData)
- return false;
-
- // We need the exponent as regular number
- keyData.e = parseInt(keyData.e.toString(16), 16);
-
- // Decrypt signature data using RSA algorithm
- var sigInt = new BigInteger(atob(signature), 256);
- var digest = sigInt.modPowInt(keyData.e, keyData.n).toString(256);
-
- try
- {
- var pos = 0;
- function next()
- {
- return digest.charCodeAt(pos++);
- }
-
- // Skip padding, see http://tools.ietf.org/html/rfc3447#section-9.2 step 5
- if (next() != 1)
- throw "Wrong padding in signature digest";
- while (next() == 255) {}
- if (digest.charCodeAt(pos - 1) != 0)
- throw "Wrong padding in signature digest";
-
- // Rest is an ASN.1 structure, get the SHA1 hash from it
- var sha1 = readASN1(digest.substr(pos), signatureTemplate).sha1;
- return (sha1.toString(16) == SHA1(data));
- }
- catch (e)
- {
- console.log("Invalid encrypted signature: " + e);
- return false;
- }
- }
-
- // Export verifySignature function, everything else is private.
- globalObj.verifySignature = verifySignature;
-})(this);
+
+
+/**
+ * This is a specialized RSA library meant only to verify SHA1-based signatures.
+ * It requires jsbn.js and sha1.js to work.
+ */
+
+(function(globalObj)
+{
+ // Define ASN.1 templates for the data structures used
+ function seq()
+ {
+ return {type: 0x30, children: Array.prototype.slice.call(arguments)};
+ }
+ function obj(id)
+ {
+ return {type: 0x06, content: id};
+ }
+ function bitStr(contents)
+ {
+ return {type: 0x03, encapsulates: contents};
+ }
+ function intResult(id)
+ {
+ return {type: 0x02, out: id};
+ }
+ function octetResult(id)
+ {
+ return {type: 0x04, out: id};
+ }
+
+ // See http://www.cryptopp.com/wiki/Keys_and_Formats#RSA_PublicKey
+ // 2A 86 48 86 F7 0D 01 01 01 means 1.2.840.113549.1.1.1
+ var publicKeyTemplate = seq(seq(obj("\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01"), {}), bitStr(seq(intResult("n"), intResult("e"))));
+
+ // See http://tools.ietf.org/html/rfc3447#section-9.2 step 2
+ // 2B 0E 03 02 1A means 1.3.14.3.2.26
+ var signatureTemplate = seq(seq(obj("\x2B\x0E\x03\x02\x1A"), {}), octetResult("sha1"));
+
+ /**
+ * Reads ASN.1 data matching the template passed in. This will throw an
+ * exception if the data format doesn't match the template. On success an
+ * object containing result properties is returned.
+ *
+ * See http://luca.ntop.org/Teaching/Appunti/asn1.html for info on the format.
+ */
+ function readASN1(data, templ)
+ {
+ var pos = 0;
+ function next()
+ {
+ return data.charCodeAt(pos++);
+ }
+
+ function readLength()
+ {
+ var len = next();
+ if (len & 0x80)
+ {
+ var cnt = len & 0x7F;
+ if (cnt > 2 || cnt == 0)
+ throw "Unsupported length";
+
+ len = 0;
+ for (var i = 0; i < cnt; i++)
+ len += next() << (cnt - 1 - i) * 8;
+ return len;
+ }
+ else
+ return len;
+ }
+
+ function readNode(curTempl)
+ {
+ var type = next();
+ var len = readLength();
+ if ("type" in curTempl && curTempl.type != type)
+ throw "Unexpected type";
+ if ("content" in curTempl && curTempl.content != data.substr(pos, len))
+ throw "Unexpected content";
+ if ("out" in curTempl)
+ out[curTempl.out] = new BigInteger(data.substr(pos, len), 256);
+ if ("children" in curTempl)
+ {
+ var i, end;
+ for (i = 0, end = pos + len; pos < end; i++)
+ {
+ if (i >= curTempl.children.length)
+ throw "Too many children";
+ readNode(curTempl.children[i]);
+ }
+ if (i < curTempl.children.length)
+ throw "Too few children";
+ if (pos > end)
+ throw "Children too large";
+ }
+ else if ("encapsulates" in curTempl)
+ {
+ if (next() != 0)
+ throw "Encapsulation expected";
+ readNode(curTempl.encapsulates);
+ }
+ else
+ pos += len;
+ }
+
+ var out = {};
+ readNode(templ);
+ if (pos != data.length)
+ throw "Too much data";
+ return out;
+ }
+
+ /**
+ * Reads a BER-encoded RSA public key. On success returns an object with the
+ * properties n and e (the components of the key), otherwise null.
+ */
+ function readPublicKey(key)
+ {
+ try
+ {
+ return readASN1(atob(key), publicKeyTemplate);
+ }
+ catch (e)
+ {
+ console.log("Invalid RSA public key: " + e);
+ return null;
+ }
+ }
+
+ /**
+ * Checks whether the signature is valid for the given public key and data.
+ */
+ function verifySignature(key, signature, data)
+ {
+ var keyData = readPublicKey(key);
+ if (!keyData)
+ return false;
+
+ // We need the exponent as regular number
+ keyData.e = parseInt(keyData.e.toString(16), 16);
+
+ // Decrypt signature data using RSA algorithm
+ var sigInt = new BigInteger(atob(signature), 256);
+ var digest = sigInt.modPowInt(keyData.e, keyData.n).toString(256);
+
+ try
+ {
+ var pos = 0;
+ function next()
+ {
+ return digest.charCodeAt(pos++);
+ }
+
+ // Skip padding, see http://tools.ietf.org/html/rfc3447#section-9.2 step 5
+ if (next() != 1)
+ throw "Wrong padding in signature digest";
+ while (next() == 255) {}
+ if (digest.charCodeAt(pos - 1) != 0)
+ throw "Wrong padding in signature digest";
+
+ // Rest is an ASN.1 structure, get the SHA1 hash from it
+ var sha1 = readASN1(digest.substr(pos), signatureTemplate).sha1.toString(16);
+ while (sha1.length < 40)
+ sha1 = "0" + sha1; // Zero-pad to the right length
+ return (sha1 == SHA1(data));
+ }
+ catch (e)
+ {
+ console.log("Invalid encrypted signature: " + e);
+ return false;
+ }
+ }
+
+ // Export verifySignature function, everything else is private.
+ globalObj.verifySignature = verifySignature;
+})(this);
« no previous file with comments | « no previous file | qunit/tests/signatures.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld