Merge pull request #31 from rzcoder/dev

merge with dev

Author: rzcoder

README.md

@@ -29,7 +29,7 @@ console.log('decrypted: ', decrypted);
 ```shell
 npm install node-rsa
 ```
-*Requires nodejs >= 0.10.x*
+*Requires nodejs >= 0.10.x or io.js >= 1.x*
 
 ### Testing
 
@@ -57,35 +57,22 @@ var key = new NodeRSA([keyData, [format]], [options]);
 #### Options
 You can specify some options by second/third constructor argument, or over `key.setOptions()` method.
 
-* environment — working environment, `'browser'` or `'node'`. Default autodetect.
+* environment — working environment (default autodetect):
+    * `'browser'` — will run pure js implementation of RSA algorithms.
+    * `'node'` for `nodejs >= 0.10.x or io.js >= 1.x` — provide some native methods like sign/verify and encrypt/decrypt.
 * encryptionScheme — padding scheme for encrypt/decrypt. Can be `'pkcs1_oaep'` or `'pkcs1'`. Default `'pkcs1_oaep'`.
 * signingScheme — scheme used for signing and verifying. Can be `'pkcs1'` or `'pss'` or 'scheme-hash' format string (eg `'pss-sha1'`). Default `'pkcs1-sha256'`, or, if chosen pss: `'pss-sha1'`.
 
-**Advanced options:**<br/>
-You also can specify advanced options for some schemes like this:
-```javascript
-options = {
-  encryptionScheme: {
-    scheme: 'pkcs1_oaep', //scheme
-    hash: 'md5', //hash using for scheme
-    mgf: function(...) {...} //mask generation function
-  },
-  signingScheme: {
-    scheme: 'pss', //scheme
-    hash: 'sha1', //hash using for scheme
-    saltLength: 20 //salt length for pss sign
-  }
-}
-```
+> *Notice:* This lib supporting next hash algorithms: `'md5'`, `'ripemd160'`, `'sha1'`, `'sha256'`, `'sha512'` in browser and node environment and additional `'md4'`, `'sha'`, `'sha224'`, `'sha384'` in node only.
 
-This lib supporting next hash algorithms: `'md5'`, `'ripemd160'`, `'sha1'`, `'sha256'`, `'sha512'` in browser and node environment and additional `'md4'`, `'sha'`, `'sha224'`, `'sha384'` in node only.
+<sub>Some [advanced options info](https://github.com/rzcoder/node-rsa/wiki/Advanced-options)</sub>
 
 #### Creating "empty" key
 ```javascript
 var key = new NodeRSA();
 ```
 
-#### Generate new key 512bit-length and with public exponent 65537
+#### Generate new 512bit-length key
 ```javascript
 var key = new NodeRSA({b: 512});
 ```
@@ -136,7 +123,7 @@ Output type — can be:
  * `'pem'` — Base64 encoded string with header and footer. Used by default.
  * `'der'` — Binary encoded key data.
 
-**Notice:** For import, if *keyData* is PEM string or buffer containing string, you can do not specify format, but if you provide *keyData* as DER you must specify it in format string.
+> *Notice:* For import, if *keyData* is PEM string or buffer containing string, you can do not specify format, but if you provide *keyData* as DER you must specify it in format string.
 
 **Shortcuts and examples**
  * `'private'` or `'pkcs1'` or `'pkcs1-private'` == `'pkcs1-private-pem'` — private key encoded in pcks1 scheme as pem string.
@@ -183,6 +170,7 @@ Return max data size for encrypt in bytes.
 
 ```javascript
 key.encrypt(buffer, [encoding], [source_encoding]);
+key.encryptPrivate(buffer, [encoding], [source_encoding]); // use private key for encryption
 ```
 Return encrypted data.<br/>
 
@@ -192,12 +180,15 @@ Return encrypted data.<br/>
 
 ```javascript
 key.decrypt(buffer, [encoding]);
+key.decryptPublic(buffer, [encoding]); // use public key for decryption
 ```
 Return decrypted data.<br/>
 
 * buffer — `{buffer}` — data for decrypting. Takes Buffer object or base64 encoded string.<br/>
 * encoding — `{string}` — encoding for result string. Can also take `'buffer'` for raw Buffer object, or `'json'` for automatic JSON.parse result. Default `'buffer'`.
 
+> *Notice:* usage `encryptPrivate` and `decryptPublic` with `pkcs1_oaep` padding not described in the RSA [specification](http://www.emc.com/collateral/white-papers/h11300-pkcs-1v2-2-rsa-cryptography-standard-wp.pdf)
+
 ### Signing/Verifying
 ```javascript
 key.sign(buffer, [encoding], [source_encoding]);
@@ -220,6 +211,12 @@ Questions, comments, bug reports, and pull requests are all welcome.
 
 ## Changelog
 
+### 0.2.20
+ * Added `.encryptPrivate()` and `.decryptPublic()` methods.
+ * Encrypt/decrypt methods in nodejs 0.12.x and io.js using native implementation (> 40x speed boost).
+ * Fixed some regex issue causing catastrophic backtracking.
+ * *KNOWN ISSUE*:`encryptPrivate` and `decryptPublic` don't have native implementation in nodejs and can't be use in native implementation with pkcs1_oaep padding in io.js.
+
 ### 0.2.10
  * **Methods `.exportPrivate()` and `.exportPublic()` was replaced by `.exportKey([format])`.**
     * By default `.exportKey()` returns private key as `.exportPrivate()`, if you need public key from `.exportPublic()` you must specify format as `'public'` or `'pkcs8-public-pem'`.
@@ -229,34 +226,34 @@ Questions, comments, bug reports, and pull requests are all welcome.
  * **`.getPublicPEM()` method was renamed to `.exportPublic()`**
  * **`.getPrivatePEM()` method was renamed to `.exportPrivate()`**
  * **`.loadFromPEM()` method was renamed to `.importKey()`**
- * Added PKCS1_OAEP encrypting/decrypting support
-     * **PKCS1_OAEP now default scheme, you need to specify 'encryptingScheme' option to 'pkcs1' for compatibility with 0.1.x version of NodeRSA**
- * Added PSS signing/verifying support
+ * Added PKCS1_OAEP encrypting/decrypting support.
+     * **PKCS1_OAEP now default scheme, you need to specify 'encryptingScheme' option to 'pkcs1' for compatibility with 0.1.x version of NodeRSA.**
+ * Added PSS signing/verifying support.
  * Signing now supports `'md5'`, `'ripemd160'`, `'sha1'`, `'sha256'`, `'sha512'` hash algorithms in both environments
  and additional `'md4'`, `'sha'`, `'sha224'`, `'sha384'` for nodejs env.
  * **`options.signingAlgorithm` was renamed to `options.signingScheme`**
- * Added `encryptingScheme` option
+ * Added `encryptingScheme` option.
  * Property `key.options` now mark as private. Added `key.setOptions(options)` method.
 
 
 ### 0.1.54
- * Added support for loading PEM key from Buffer (`fs.readFileSync()` output)
- * Added `isEmpty()` method
+ * Added support for loading PEM key from Buffer (`fs.readFileSync()` output).
+ * Added `isEmpty()` method.
 
 ### 0.1.52
- * Improve work with not properly trimming PEM strings
+ * Improve work with not properly trimming PEM strings.
 
 ### 0.1.50
- * Implemented native js signing and verifying for browsers
- * `options.signingAlgorithm` now takes only hash-algorithm name
- * Added `.getKeySize()` and `.getMaxMessageSize()` methods
- * `.loadFromPublicPEM` and `.loadFromPrivatePEM` methods marked as private
+ * Implemented native js signing and verifying for browsers.
+ * `options.signingAlgorithm` now takes only hash-algorithm name.
+ * Added `.getKeySize()` and `.getMaxMessageSize()` methods.
+ * `.loadFromPublicPEM` and `.loadFromPrivatePEM` methods marked as private.
 
 ### 0.1.40
- * Added signing/verifying
+ * Added signing/verifying.
 
 ### 0.1.30
- * Added long message support
+ * Added long message support.
 
 
 ## License

package.json

@@ -1,6 +1,6 @@
 {
   "name": "node-rsa",
-  "version": "0.2.13",
+  "version": "0.2.20",
   "description": "Node.js RSA library",
   "main": "src/NodeRSA.js",
   "scripts": {
@@ -30,14 +30,14 @@
   },
   "homepage": "https://github.com/rzcoder/node-rsa",
   "devDependencies": {
-    "grunt": "^0.4.4",
-    "grunt-simple-mocha": "^0.4.0",
-    "jit-grunt": "^0.3.2",
-    "chai": "^1.9.1",
-    "grunt-contrib-jshint": "^0.9.2"
+    "grunt": "0.4.5",
+    "grunt-simple-mocha": "0.4.0",
+    "jit-grunt": "0.9.1",
+    "chai": "2.0.0",
+    "grunt-contrib-jshint": "0.11.0"
   },
   "dependencies": {
-    "lodash": "^2.4.1",
-    "asn1": "^0.2.0"
+    "lodash": "3.3.0",
+    "asn1": "0.2.2"
   }
 }

src/NodeRSA.js

@@ -17,7 +17,9 @@ var formats = require('./formats/formats.js');
 
 module.exports = (function () {
     var SUPPORTED_HASH_ALGORITHMS = {
+        node10: ['md4', 'md5', 'ripemd160', 'sha', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512'],
         node: ['md4', 'md5', 'ripemd160', 'sha', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512'],
+        iojs: ['md4', 'md5', 'ripemd160', 'sha', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512'],
         browser: ['md5', 'ripemd160', 'sha1', 'sha256', 'sha512']
     };
 
@@ -219,16 +221,52 @@ module.exports = (function () {
     };
 
     /**
-     * Encrypting data method
+     * Encrypting data method with public key
      *
      * @param buffer {string|number|object|array|Buffer} - data for encrypting. Object and array will convert to JSON string.
      * @param encoding {string} - optional. Encoding for output result, may be 'buffer', 'binary', 'hex' or 'base64'. Default 'buffer'.
      * @param source_encoding {string} - optional. Encoding for given string. Default utf8.
      * @returns {string|Buffer}
      */
     NodeRSA.prototype.encrypt = function (buffer, encoding, source_encoding) {
+        return this.$$encryptKey(false, buffer, encoding, source_encoding);
+    };
+
+    /**
+     * Decrypting data method with private key
+     *
+     * @param buffer {Buffer} - buffer for decrypting
+     * @param encoding - encoding for result string, can also take 'json' or 'buffer' for the automatic conversion of this type
+     * @returns {Buffer|object|string}
+     */
+    NodeRSA.prototype.decrypt = function (buffer, encoding) {
+        return this.$$decryptKey(false, buffer, encoding);
+    };
+
+    /**
+     * Encrypting data method with private key
+     *
+     * Parameters same as `encrypt` method
+     */
+    NodeRSA.prototype.encryptPrivate = function (buffer, encoding, source_encoding) {
+        return this.$$encryptKey(true, buffer, encoding, source_encoding);
+    };
+
+    /**
+     * Decrypting data method with public key
+     *
+     * Parameters same as `decrypt` method
+     */
+    NodeRSA.prototype.decryptPublic = function (buffer, encoding) {
+        return this.$$decryptKey(true, buffer, encoding);
+    };
+
+    /**
+     * Encrypting data method with custom key
+     */
+    NodeRSA.prototype.$$encryptKey = function (usePrivate, buffer, encoding, source_encoding) {
         try {
-            var res = this.keyPair.encrypt(this.$getDataForEncrypt(buffer, source_encoding));
+            var res = this.keyPair.encrypt(this.$getDataForEncrypt(buffer, source_encoding), usePrivate);
 
             if (encoding == 'buffer' || !encoding) {
                 return res;
@@ -241,16 +279,12 @@ module.exports = (function () {
     };
 
     /**
-     * Decrypting data method
-     *
-     * @param buffer {Buffer} - buffer for decrypting
-     * @param encoding - encoding for result string, can also take 'json' or 'buffer' for the automatic conversion of this type
-     * @returns {Buffer|object|string}
+     * Decrypting data method with custom key
      */
-    NodeRSA.prototype.decrypt = function (buffer, encoding) {
+    NodeRSA.prototype.$$decryptKey = function (usePublic, buffer, encoding) {
         try {
             buffer = _.isString(buffer) ? new Buffer(buffer, 'base64') : buffer;
-            var res = this.keyPair.decrypt(buffer);
+            var res = this.keyPair.decrypt(buffer, usePublic);
 
             if (res === null) {
                 throw Error('Key decrypt method returns null.');

src/encryptEngines/encryptEngines.js

@@ -0,0 +1,19 @@
+var crypt = require('crypto');
+
+module.exports = {
+    getEngine: function (keyPair, options) {
+        var engine;
+        if (options.environment === 'browser') {
+            engine = require('./js.js');
+        } else {
+            if (typeof crypt.publicEncrypt === 'function' && typeof crypt.privateDecrypt === 'function') {
+                if (typeof crypt.privateEncrypt === 'function' && typeof crypt.publicDecrypt === 'function') {
+                    engine = require('./io.js');
+                } else {
+                    engine = require('./node12.js');
+                }
+            }
+        }
+        return engine(keyPair, options);
+    }
+};

src/encryptEngines/io.js

@@ -0,0 +1,52 @@
+var crypto = require('crypto');
+var constants = require('constants');
+
+module.exports = function (keyPair, options) {
+    var jsEngine = require('./js.js')(keyPair);
+
+    return {
+        encrypt: function (buffer, usePrivate) {
+            var padding = constants.RSA_PKCS1_OAEP_PADDING;
+            if (options.encryptionScheme === 'pkcs1') {
+                padding = constants.RSA_PKCS1_PADDING;
+            }
+            if (usePrivate) {
+                // openssl don't support oaep padding for private encrypt
+                if (padding === constants.RSA_PKCS1_OAEP_PADDING) {
+                    return jsEngine.encrypt(buffer, usePrivate);
+                }
+                return crypto.privateEncrypt({
+                    key: options.rsaUtils.exportKey('private'),
+                    padding: padding
+                }, buffer);
+            } else {
+                return crypto.publicEncrypt({
+                    key: options.rsaUtils.exportKey('public'),
+                    padding: padding
+                }, buffer);
+            }
+        },
+
+        decrypt: function (buffer, usePublic) {
+            var padding = constants.RSA_PKCS1_OAEP_PADDING;
+            if (options.encryptionScheme === 'pkcs1') {
+                padding = constants.RSA_PKCS1_PADDING;
+            }
+            if (usePublic) {
+                // openssl don't support oaep padding for public decrypt
+                if (padding === constants.RSA_PKCS1_OAEP_PADDING) {
+                    return jsEngine.decrypt(buffer, usePublic);
+                }
+                return crypto.publicDecrypt({
+                    key: options.rsaUtils.exportKey('public'),
+                    padding: padding
+                }, buffer);
+            } else {
+                return crypto.privateDecrypt({
+                    key: options.rsaUtils.exportKey('private'),
+                    padding: padding
+                }, buffer);
+            }
+        }
+    };
+};

src/encryptEngines/js.js

@@ -0,0 +1,17 @@
+var BigInteger = require('../libs/jsbn.js');
+
+module.exports = function (keyPair, options) {
+    return {
+        encrypt: function (buffer, usePrivate) {
+            var m = new BigInteger(keyPair.encryptionScheme.encPad(buffer));
+            var c = usePrivate ? keyPair.$doPrivate(m) : keyPair.$doPublic(m);
+            return c.toBuffer(keyPair.encryptedDataLength);
+        },
+
+        decrypt: function (buffer, usePublic) {
+            var c = new BigInteger(buffer);
+            var m = usePublic ? keyPair.$doPublic(c) : keyPair.$doPrivate(c);
+            return keyPair.encryptionScheme.encUnPad(m.toBuffer(keyPair.encryptedDataLength));
+        }
+    };
+};

src/encryptEngines/node12.js

@@ -0,0 +1,38 @@
+var crypto = require('crypto');
+var constants = require('constants');
+
+module.exports = function (keyPair, options) {
+    var jsEngine = require('./js.js')(keyPair);
+
+    return {
+        encrypt: function (buffer, usePrivate) {
+            if (usePrivate) {
+                return jsEngine.encrypt(buffer, usePrivate);
+            }
+            var padding = constants.RSA_PKCS1_OAEP_PADDING;
+            if (options.encryptionScheme === 'pkcs1') {
+                padding = constants.RSA_PKCS1_PADDING;
+            }
+
+            return crypto.publicEncrypt({
+                key: options.rsaUtils.exportKey('public'),
+                padding: padding
+            }, buffer);
+        },
+
+        decrypt: function (buffer, usePublic) {
+            if (usePublic) {
+                return jsEngine.decrypt(buffer, usePublic);
+            }
+            var padding = constants.RSA_PKCS1_OAEP_PADDING;
+            if (options.encryptionScheme === 'pkcs1') {
+                padding = constants.RSA_PKCS1_PADDING;
+            }
+
+            return crypto.privateDecrypt({
+                key: options.rsaUtils.exportKey('private'),
+                padding: padding
+            }, buffer);
+        }
+    };
+};