首頁 探索 說明
登入
htcwl
/
SxsnPC
1
0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
目錄樹: 3be96aa7da
分支列表 標籤列表
SxsnPC
/
node_modules
/
browserify-sign
/
browser
/
verify.js

verify.js 2.5 KB
文件歷史 原始文件

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586 
  1. 'use strict';
    2. 

  2. 

  3. // much of this based on https://github.com/indutny/self-signed/blob/gh-pages/lib/rsa.js
    4. 

  4. var Buffer = require('safe-buffer').Buffer;
    5. 

  5. var BN = require('bn.js');
    6. 

  6. var EC = require('elliptic').ec;
    7. 

  7. var parseKeys = require('parse-asn1');
    8. 

  8. var curves = require('./curves.json');
    9. 

  9. 

  10. function verify(sig, hash, key, signType, tag) {
    11. 

  11.   var pub = parseKeys(key);
    12. 

  12.   if (pub.type === 'ec') {
    13. 

  13.     // rsa keys can be interpreted as ecdsa ones in openssl
    14. 

  14.     if (signType !== 'ecdsa' && signType !== 'ecdsa/rsa') { throw new Error('wrong public key type'); }
    15. 

  15.     return ecVerify(sig, hash, pub);
    16. 

  16.   } else if (pub.type === 'dsa') {
    17. 

  17.     if (signType !== 'dsa') { throw new Error('wrong public key type'); }
    18. 

  18.     return dsaVerify(sig, hash, pub);
    19. 

  19.   }
    20. 

  20.   if (signType !== 'rsa' && signType !== 'ecdsa/rsa') { throw new Error('wrong public key type'); }
    21. 

  21. 

  22.   hash = Buffer.concat([tag, hash]);
    23. 

  23.   var len = pub.modulus.byteLength();
    24. 

  24.   var pad = [1];
    25. 

  25.   var padNum = 0;
    26. 

  26.   while (hash.length + pad.length + 2 < len) {
    27. 

  27.     pad.push(0xff);
    28. 

  28.     padNum += 1;
    29. 

  29.   }
    30. 

  30.   pad.push(0x00);
    31. 

  31.   var i = -1;
    32. 

  32.   while (++i < hash.length) {
    33. 

  33.     pad.push(hash[i]);
    34. 

  34.   }
    35. 

  35.   pad = Buffer.from(pad);
    36. 

  36.   var red = BN.mont(pub.modulus);
    37. 

  37.   sig = new BN(sig).toRed(red);
    38. 

  38. 

  39.   sig = sig.redPow(new BN(pub.publicExponent));
    40. 

  40.   sig = Buffer.from(sig.fromRed().toArray());
    41. 

  41.   var out = padNum < 8 ? 1 : 0;
    42. 

  42.   len = Math.min(sig.length, pad.length);
    43. 

  43.   if (sig.length !== pad.length) { out = 1; }
    44. 

  44. 

  45.   i = -1;
    46. 

  46.   while (++i < len) { out |= sig[i] ^ pad[i]; }
    47. 

  47.   return out === 0;
    48. 

  48. }
    49. 

  49. 

  50. function ecVerify(sig, hash, pub) {
    51. 

  51.   var curveId = curves[pub.data.algorithm.curve.join('.')];
    52. 

  52.   if (!curveId) { throw new Error('unknown curve ' + pub.data.algorithm.curve.join('.')); }
    53. 

  53. 

  54.   var curve = new EC(curveId);
    55. 

  55.   var pubkey = pub.data.subjectPrivateKey.data;
    56. 

  56. 

  57.   return curve.verify(hash, sig, pubkey);
    58. 

  58. }
    59. 

  59. 

  60. function dsaVerify(sig, hash, pub) {
    61. 

  61.   var p = pub.data.p;
    62. 

  62.   var q = pub.data.q;
    63. 

  63.   var g = pub.data.g;
    64. 

  64.   var y = pub.data.pub_key;
    65. 

  65.   var unpacked = parseKeys.signature.decode(sig, 'der');
    66. 

  66.   var s = unpacked.s;
    67. 

  67.   var r = unpacked.r;
    68. 

  68.   checkValue(s, q);
    69. 

  69.   checkValue(r, q);
    70. 

  70.   var montp = BN.mont(p);
    71. 

  71.   var w = s.invm(q);
    72. 

  72.   var v = g.toRed(montp)
    73. 

  73.     .redPow(new BN(hash).mul(w).mod(q))
    74. 

  74.     .fromRed()
    75. 

  75.     .mul(y.toRed(montp).redPow(r.mul(w).mod(q)).fromRed())
    76. 

  76.     .mod(p)
    77. 

  77.     .mod(q);
    78. 

  78.   return v.cmp(r) === 0;
    79. 

  79. }
    80. 

  80. 

  81. function checkValue(b, q) {
    82. 

  82.   if (b.cmpn(0) <= 0) { throw new Error('invalid sig'); }
    83. 

  83.   if (b.cmp(q) >= 0) { throw new Error('invalid sig'); }
    84. 

  84. }
    85. 

  85. 

  86. module.exports = verify;
    87.