Update: Use native RSA/OpenSSL crypto whenever possible (#101)

connor4312 · linuxwolf · commit 0d1a8cdc3519 · 2017-04-03T13:48:19.000-06:00
* Use native Node crypto for key cracking when possible

* Complete update to native RSA crypto

* Address CR comments
diff --git a/lib/algorithms/rsa-util.js b/lib/algorithms/rsa-util.js
@@ -23,6 +23,7 @@ function convertToForge(key, isPublic) {
            forge.pki.rsa.setPrivateKey;
   return fn.apply(forge.pki.rsa, parts);
 }
+
 function convertToJWK(key, isPublic) {
   var result = clone(key);
   var parts = isPublic ?
@@ -49,7 +50,24 @@ function convertToJWK(key, isPublic) {
   return result;
 }
 
+function convertToPem(key, isPublic) {
+  if (key.__cachedPem) {
+    return key.__cachedPem;
+  }
+
+  var value;
+  if (isPublic) {
+    value = forge.pki.publicKeyToPem(convertToForge(key, isPublic));
+  } else {
+    value = forge.pki.privateKeyToPem(convertToForge(key, isPublic));
+  }
+
+  Object.defineProperty(key, '__cachedPem', { value: value });
+  return value;
+}
+
 module.exports = {
   convertToForge: convertToForge,
-  convertToJWK: convertToJWK
+  convertToJWK: convertToJWK,
+  convertToPem: convertToPem
 };
diff --git a/lib/algorithms/rsaes.js b/lib/algorithms/rsaes.js
@@ -138,7 +138,15 @@ function rsaesDecryptFn(name) {
     webcrypto = null;
   }
 
-  return helpers.setupFallback(null, webcrypto, fallback);
+  var nodejs;
+  if (helpers.nodeCrypto && name === "RSA-OAEP") { // node only support SHA1, plain RSA-OAEP
+    nodejs = function(key, pdata) {
+      key = rsaUtil.convertToPem(key, false);
+      return helpers.nodeCrypto.privateDecrypt(key, pdata);
+    };
+  }
+
+  return helpers.setupFallback(nodejs, webcrypto, fallback);
 }
 
 // ### Public API
diff --git a/lib/algorithms/rsassa.js b/lib/algorithms/rsassa.js
@@ -60,7 +60,21 @@ function rsassaV15SignFn(name) {
     return promise;
   };
 
-  return helpers.setupFallback(null, webcrypto, fallback);
+  var nodejs;
+  if (helpers.nodeCrypto && helpers.nodeCrypto.getHashes().indexOf(hash) > -1) {
+    nodejs = function(key, pdata) {
+      key = rsaUtil.convertToPem(key, false);
+      var sign = helpers.nodeCrypto.createSign(hash);
+      sign.update(pdata);
+
+      return {
+        data: pdata,
+        mac: sign.sign(rsaUtil.convertToPem(key, false))
+      };
+    };
+  }
+
+  return helpers.setupFallback(nodejs, webcrypto, fallback);
 }
 
 function rsassaV15VerifyFn(name) {
@@ -118,7 +132,26 @@ function rsassaV15VerifyFn(name) {
     return promise;
   };
 
-  return helpers.setupFallback(null, webcrypto, fallback);
+  var nodejs;
+  if (helpers.nodeCrypto && helpers.nodeCrypto.getHashes().indexOf(md) > -1) {
+    nodejs = function(key, pdata, mac) {
+      var verify = helpers.nodeCrypto.createVerify(md);
+      verify.update(pdata);
+      verify.end();
+      var result = verify.verify(rsaUtil.convertToPem(key, true), mac);
+      if (!result) {
+        return Promise.reject(new Error("verification failed"));
+      }
+
+      return {
+        data: pdata,
+        mac: mac,
+        valid: true,
+      };
+    };
+  }
+
+  return helpers.setupFallback(nodejs, webcrypto, fallback);
 }
 
 // ### RSA-PSS
