rzcoder
diff --git a/‎README.md‎
Lines changed: 48 additions & 3 deletions b/‎README.md‎
Lines changed: 48 additions & 3 deletions
diff --git a/‎src/NodeRSA.js‎
Lines changed: 77 additions & 47 deletions b/‎src/NodeRSA.js‎
Lines changed: 77 additions & 47 deletions
diff --git a/‎src/libs/jsbn.js‎
Lines changed: 21 additions & 4 deletions b/‎src/libs/jsbn.js‎
Lines changed: 21 additions & 4 deletions
@@ -49,9 +49,6 @@ var NodeRSA = require('node-rsa');
 var key = new NodeRSA([key], [options]);
 ```
 **key** - parameters of a generated key or the key in PEM format.<br/>
-**options** - additional settings
- * **environment** - working environment, `'browser'` or `'node'`. Default autodetect.
- * **signingAlgorithm** - hash algorithm used for signing and verifying. Can be `'sha1'`, `'sha256'`, `'md5'`. Default `'sha256'`.
 
 #### "Empty" key
 ```javascript
@@ -119,6 +116,13 @@ Return max data size for encrypt in bytes.
 
 ### Encrypting/decrypting
 
+*As of v0.1.55 the default encryption scheme is RSAES-OAEP using sha1 and mgf1.
+PKCS1 is still available with the following configuring*
+
+```javascript
+key.schemeEncryption = NodeRSA.RSA.PKCS1.Default;
+```
+
 ```javascript
 key.encrypt(buffer, [encoding], [source_encoding]);
 ```
@@ -135,6 +139,14 @@ Return decrypted data.<br/>
 **encoding** - encoding for result string. Can also take `'buffer'` for raw Buffer object, or `'json'` for automatic JSON.parse result. Default `'buffer'`.
 
 ### Signing/Verifying
+
+*As of v0.1.55 the default signature scheme is RSASSA-PSS using sha1.
+PKCS1 is still available with the following configuring*
+
+```javascript
+key.schemeSignature = NodeRSA.RSA.PKCS1.Default;
+```
+
 ```javascript
 key.sign(buffer, [encoding], [source_encoding]);
 ```
@@ -149,12 +161,45 @@ Return result of check, `true` or `false`.<br/>
 **source_encoding** - same as for `encrypt` method.<br/>
 **signature_encoding** - encoding of given signature. May be `'buffer'`, `'binary'`, `'hex'` or `'base64'`. Default `'buffer'`.
 
+### Changing Encryption/Signature schemes.
+
+Schemes are the way RSA packs up it's data before encrypting/decrypting/signing/verifying and there are a few ways that it can do it. The most common are RSAES-OAEP, RSASSA-PSS, RSAES-PKCS1-v1_5(encryption/decryption), and RSASSA-PKCS1-v1_5(signing/verifying).
+As of v0.1.55 these 4 mentioned schemes are included in the package with the ability to easily add more later and by users. See below for how to configure NodeRSA to use these different schemes.
+
+*Note: The default encryption / signature schemes have been changed from PKCS1 to the more secure OAEP(encryption) and PSS(signature) schemes as per the recommendations of the spec, this can be breaking.*
+
+```javascript
+key.schemeSignature = NodeRSA.RSA.PSS.Default; // This is an object that has been automatically instantiated and has the default settings for PSS signing.
+key.schemeSignature = NodeRSA.RSA.PKCS1.Default; // This is an object that has been automatically instantiated and has the default settings for PKCS1 signing/encrypting.
+
+key.schemeEncryption = NodeRSA.RSA.OAEP.Default; // This is an object that has been automatically instantiated and has the default settings for OAEP encrypting.
+key.schemeEncryption = NodeRSA.RSA.PKCS1.Default; // This is an object that has been automatically instantiated and has the default settings for PKCS1 signing/encrypting.
+```
+To change schemes between the various defaults, each provided scheme class has a property named "Default" that provides a scheme object with the default settings for that scheme.
+
+```javascript
+var pssMD5Scheme = new NodeRSA.RSA.PSS({
+	// The options a scheme accepts should be documented in the scheme definition.
+	hash: "md5", // Use a different type of hashing function instead of sha1
+	mgf:  customMaskGenerationFunction // Use a custom mask generation function that accepts 3 parameters (seed, maskLength, hashFunction)
+});
+key.schemeSignature = pssMD5Scheme;
+key2.schemeSignature = pssMD5Scheme;
+```
+Schemes can also be initialized with custom options and can be shared between keys.
+
 ## Contributing
 
 Questions, comments, bug reports, and pull requests are all welcome.
 
 ## Changelog
 
+### 0.1.55
+ * **The default schemes used to encrypt and sign data have changed from PKCS1 to the recommended OAEP and PSS standards**
+ * Overhauled the rsa.js library to allow for schemes and to allow for easy addition of schemes in the future and custom schemes.
+ * Modified NodeRSA functions to work with new rsa.js file.
+ * All changes should be backwards compatible
+
 ### 0.1.54
  * Added support for loading PEM key from Buffer (`fs.readFileSync()` output)
  * Added `isEmpty()` method
 
@@ -8,7 +8,6 @@
  */
 
 var rsa = require('./libs/rsa.js');
-var crypt = require('crypto');
 var ber = require('asn1').Ber;
 var _ = require('lodash');
 var utils = require('./utils');
@@ -21,24 +20,30 @@ module.exports = (function() {
      * @constructor
      */
     function NodeRSA(key, options) {
-        if (! this instanceof NodeRSA) {
+        if (! this instanceof NodeRSA)
             return new NodeRSA(key, options);
-        }
 
         this.keyPair = new rsa.Key();
         this.$cache = {};
-
-        this.options = _.merge({
-            signingAlgorithm: 'sha256',
-            environment: utils.detectEnvironment()
-        }, options  || {});
+		
+		if(options){
+			console.warn("There are no more options and the parameter is deprecated. It may be removed in the future.");
+			if(options.signingAlgorithm){
+				console.warn("options.signingAlgorithm has been removed. In order to change the signature hashing algorithm create a signature scheme with the appropriate options and set NodeRSA.schemeSignature to that object. Schemes are defined in src/libs/rsa.js Default is RSASSA-PSS (RSA.PSS) with the hashing function sha1");
+				this.schemeSignature = new rsa.PKCS1({hash: options.signingAlgorithm});
+			}
+			if(options.environment)
+				console.warn("options.environment has been removed since all encryption is now done through the rsa.js library");
+		}
 
         if (Buffer.isBuffer(key) || _.isString(key)) {
             this.loadFromPEM(key);
         } else if (_.isObject(key)) {
             this.generateKeyPair(key.b, key.e);
         }
     }
+	
+	NodeRSA.RSA = rsa;
 
     /**
      * Generate private/public keys pair
@@ -155,6 +160,25 @@ module.exports = (function() {
         return !(this.keyPair.n || this.keyPair.e || this.keyPair.d);
     };
 
+	/*
+	 * In order to use a different encryption/signing/padding scheme then the default (OAEP for encrypting and PSS for signing)
+	 * create a new scheme object with desired options and set the appropriate variable to that scheme object.
+	 * Scheme classes are located in rsa.js and new ones can be easily added.
+	 */
+    Object.defineProperties(NodeRSA.prototype, {
+		schemeEncryption: {
+			enumerable: true,
+			get: function(){ return this.keyPair.schemeEncryption; },
+			set: function(scheme){ this.keyPair.schemeEncryption = scheme; }
+		},
+		
+		schemeSignature: {
+			enumerable: true,
+			get: function(){ return this.keyPair.schemeSignature; },
+			set: function(scheme){ this.keyPair.schemeSignature = scheme; }
+		}
+	});
+	
     /**
      * Encrypting data method
      *
@@ -163,8 +187,14 @@ module.exports = (function() {
      * @param source_encoding {string} - optional. Encoding for given string. Default utf8.
      * @returns {string|Buffer}
      */
-    NodeRSA.prototype.encrypt = function(buffer, encoding, source_encoding) {
-        var res = this.keyPair.encrypt(this.$getDataForEcrypt(buffer, source_encoding));
+    NodeRSA.prototype.encrypt = function(buffer, encoding, source_encoding){
+		buffer = this.$getDataForEcrypt(buffer, source_encoding);
+		try{
+	        var res = this.keyPair.encrypt(buffer);
+		} catch(e){
+			console.warn(e.message);
+			return null;
+		}
 
         if (encoding == 'buffer' || !encoding) {
             return res;
@@ -176,13 +206,20 @@ module.exports = (function() {
     /**
      * Decrypting data method
      *
-     * @param buffer {Buffer} - buffer for decrypting
-     * @param encoding - encoding for result string, can also take 'json' or 'buffer' for the automatic conversion of this type
-     * @returns {Buffer|object|string}
+     * @param buffer {Buffer} - buffer for decrypting, or base64 string
+     * @param encoding - encoding for result string, can also take 'json' or 'buffer' for the automatic conversion of this type. Default "utf8"
+     * @returns {string|Buffer|object}
      */
-    NodeRSA.prototype.decrypt = function(buffer, encoding) {
+    NodeRSA.prototype.decrypt = function(buffer, encoding){
         buffer = _.isString(buffer) ? new Buffer(buffer, 'base64') : buffer;
-        return this.$getDecryptedData(this.keyPair.decrypt(buffer), encoding);
+		var clone = new Buffer(buffer.length);
+			buffer.copy(clone);
+		try{
+	        return this.$getDecryptedData(this.keyPair.decrypt(clone), encoding);
+		} catch(e){
+			console.warn(e.message);
+			return null;
+		}
     };
 
     /**
@@ -193,24 +230,21 @@ module.exports = (function() {
      * @param source_encoding {string} - optional. Encoding for given string. Default utf8.
      * @returns {string|Buffer}
      */
-    NodeRSA.prototype.sign = function(buffer, encoding, source_encoding) {
-        if (!this.isPrivate()) {
-            throw Error("It is not private key");
-        }
-
-        if (this.options.environment == 'browser') {
-            var res = this.keyPair.sign(this.$getDataForEcrypt(buffer, source_encoding), this.options.signingAlgorithm.toLowerCase());
-            if (encoding && encoding != 'buffer') {
-                return res.toString(encoding);
-            } else {
-                return res;
-            }
-        } else {
-            encoding = (!encoding || encoding == 'buffer' ? null : encoding);
-            var signer = crypt.createSign('RSA-' + this.options.signingAlgorithm.toUpperCase());
-            signer.update(this.$getDataForEcrypt(buffer, source_encoding));
-            return signer.sign(this.getPrivatePEM(), encoding);
-        }
+    NodeRSA.prototype.sign = function(buffer, encoding, source_encoding){
+        if(!this.isPrivate()) throw Error("It is not private key");
+		
+		// Move all the lifting to rsa.js module due to its wider options.
+		try{
+			var res = this.keyPair.sign(this.$getDataForEcrypt(buffer, source_encoding));
+		} catch(e){
+			console.warn(e.message);
+			return null;
+		}
+		
+		if(encoding && encoding != 'buffer')
+			return res.toString(encoding);
+		
+		return res;
     };
 
     /**
@@ -222,20 +256,16 @@ module.exports = (function() {
      * @param signature_encoding - optional. Encoding of given signature. May be 'buffer', 'binary', 'hex' or 'base64'. Default 'buffer'.
      * @returns {*}
      */
-    NodeRSA.prototype.verify = function(buffer, signature, source_encoding, signature_encoding) {
-        if (!this.isPublic()) {
-            throw Error("It is not public key");
-        }
-
-        signature_encoding = (!signature_encoding || signature_encoding == 'buffer' ? null : signature_encoding);
-
-        if (this.options.environment == 'browser') {
-            return this.keyPair.verify(this.$getDataForEcrypt(buffer, source_encoding), signature, signature_encoding, this.options.signingAlgorithm.toLowerCase());
-        } else {
-            var verifier = crypt.createVerify('RSA-' + this.options.signingAlgorithm.toUpperCase());
-            verifier.update(this.$getDataForEcrypt(buffer, source_encoding));
-            return verifier.verify(this.getPublicPEM(), signature, signature_encoding);
-        }
+    NodeRSA.prototype.verify = function(buffer, signature, source_encoding, signature_encoding){
+		if(!this.isPublic()) throw Error("It is not public key");
+
+		signature_encoding = (!signature_encoding || signature_encoding == 'buffer' ? null : signature_encoding);
+		try{
+			return this.keyPair.verify(this.$getDataForEcrypt(buffer, source_encoding), signature, signature_encoding);
+		} catch(e){
+			console.warn(e.message);
+			return false;
+		}
     };
 
     NodeRSA.prototype.getPrivatePEM = function () {
 
@@ -34,6 +34,9 @@
 /*
  * Added Node.js Buffers support
  * 2014 rzcoder
+ * 
+ * Extended bnToBuffer to allow length specifying.
+ * 2014 BAM5
  */
 
 var crypt = require('crypto');
@@ -812,12 +815,26 @@ function bnToByteArray() {
 
 /**
  * return Buffer object
- * @param trim {boolean} slice buffer if first element == 0
+ * @param trimOrSize {boolean | uint} slice buffer if first element == 0
  * @returns {Buffer}
  */
-function bnToBuffer(trim) {
-    var res = new Buffer(this.toByteArray());
-    return trim && res[0] === 0 ? res.slice(1) : res;
+function bnToBuffer(trimOrSize) {
+	if(trimOrSize === true || trimOrSize === undefined){
+		var res = new Buffer(this.toByteArray());
+		return trimOrSize && res[0] === 0 ? res.slice(1) : res;
+	} else{
+		var res = new Buffer(this.toByteArray());
+		if(res.length > trimOrSize){
+			for(var i=0; i<res.length - trimOrSize; i++) if(res[i] !== 0) return null;
+			return res.slice(res.length - trimOrSize);
+		} else if(res.length < trimOrSize){
+			var padded = new Buffer(trimOrSize);
+			padded.fill(0, 0, trimOrSize - res.length);
+			res.copy(padded, trimOrSize - res.length);
+			return padded;
+		}
+		return res;
+	}
 }
 
 function bnEquals(a) {