2021-12-10 09:06:03 -05:00
|
|
|
use std::borrow::Cow;
|
|
|
|
|
|
|
|
use deno_core::error::custom_error;
|
2021-12-13 07:22:03 -05:00
|
|
|
use deno_core::error::type_error;
|
2021-12-10 09:06:03 -05:00
|
|
|
use deno_core::error::AnyError;
|
|
|
|
use deno_core::ZeroCopyBuf;
|
2022-02-08 08:18:28 -05:00
|
|
|
use elliptic_curve::sec1::ToEncodedPoint;
|
|
|
|
use p256::pkcs8::FromPrivateKey;
|
2021-12-13 07:22:03 -05:00
|
|
|
use rsa::pkcs1::FromRsaPrivateKey;
|
|
|
|
use rsa::pkcs1::ToRsaPublicKey;
|
|
|
|
use rsa::RsaPrivateKey;
|
2021-12-10 09:06:03 -05:00
|
|
|
use serde::Deserialize;
|
|
|
|
use serde::Serialize;
|
|
|
|
|
2022-02-08 08:18:28 -05:00
|
|
|
use crate::ec_key::ECPrivateKey;
|
|
|
|
|
2021-12-10 09:06:03 -05:00
|
|
|
pub const RSA_ENCRYPTION_OID: rsa::pkcs8::ObjectIdentifier =
|
|
|
|
rsa::pkcs8::ObjectIdentifier::new("1.2.840.113549.1.1.1");
|
|
|
|
pub const SHA1_RSA_ENCRYPTION_OID: rsa::pkcs8::ObjectIdentifier =
|
|
|
|
rsa::pkcs8::ObjectIdentifier::new("1.2.840.113549.1.1.5");
|
|
|
|
pub const SHA256_RSA_ENCRYPTION_OID: rsa::pkcs8::ObjectIdentifier =
|
|
|
|
rsa::pkcs8::ObjectIdentifier::new("1.2.840.113549.1.1.11");
|
|
|
|
pub const SHA384_RSA_ENCRYPTION_OID: rsa::pkcs8::ObjectIdentifier =
|
|
|
|
rsa::pkcs8::ObjectIdentifier::new("1.2.840.113549.1.1.12");
|
|
|
|
pub const SHA512_RSA_ENCRYPTION_OID: rsa::pkcs8::ObjectIdentifier =
|
|
|
|
rsa::pkcs8::ObjectIdentifier::new("1.2.840.113549.1.1.13");
|
|
|
|
pub const RSASSA_PSS_OID: rsa::pkcs8::ObjectIdentifier =
|
|
|
|
rsa::pkcs8::ObjectIdentifier::new("1.2.840.113549.1.1.10");
|
|
|
|
pub const ID_SHA1_OID: rsa::pkcs8::ObjectIdentifier =
|
|
|
|
rsa::pkcs8::ObjectIdentifier::new("1.3.14.3.2.26");
|
|
|
|
pub const ID_SHA256_OID: rsa::pkcs8::ObjectIdentifier =
|
|
|
|
rsa::pkcs8::ObjectIdentifier::new("2.16.840.1.101.3.4.2.1");
|
|
|
|
pub const ID_SHA384_OID: rsa::pkcs8::ObjectIdentifier =
|
|
|
|
rsa::pkcs8::ObjectIdentifier::new("2.16.840.1.101.3.4.2.2");
|
|
|
|
pub const ID_SHA512_OID: rsa::pkcs8::ObjectIdentifier =
|
|
|
|
rsa::pkcs8::ObjectIdentifier::new("2.16.840.1.101.3.4.2.3");
|
|
|
|
pub const ID_MFG1: rsa::pkcs8::ObjectIdentifier =
|
|
|
|
rsa::pkcs8::ObjectIdentifier::new("1.2.840.113549.1.1.8");
|
|
|
|
pub const RSAES_OAEP_OID: rsa::pkcs8::ObjectIdentifier =
|
|
|
|
rsa::pkcs8::ObjectIdentifier::new("1.2.840.113549.1.1.7");
|
|
|
|
pub const ID_P_SPECIFIED: rsa::pkcs8::ObjectIdentifier =
|
|
|
|
rsa::pkcs8::ObjectIdentifier::new("1.2.840.113549.1.1.9");
|
|
|
|
|
2021-12-16 11:28:43 -05:00
|
|
|
pub const ID_SECP256R1_OID: rsa::pkcs8::ObjectIdentifier =
|
|
|
|
rsa::pkcs8::ObjectIdentifier::new("1.2.840.10045.3.1.7");
|
|
|
|
pub const ID_SECP384R1_OID: rsa::pkcs8::ObjectIdentifier =
|
|
|
|
rsa::pkcs8::ObjectIdentifier::new("1.3.132.0.34");
|
|
|
|
pub const ID_SECP521R1_OID: rsa::pkcs8::ObjectIdentifier =
|
|
|
|
rsa::pkcs8::ObjectIdentifier::new("1.3.132.0.35");
|
|
|
|
|
2021-12-10 09:06:03 -05:00
|
|
|
#[derive(Serialize, Deserialize, Copy, Clone, PartialEq)]
|
|
|
|
pub enum ShaHash {
|
|
|
|
#[serde(rename = "SHA-1")]
|
|
|
|
Sha1,
|
|
|
|
#[serde(rename = "SHA-256")]
|
|
|
|
Sha256,
|
|
|
|
#[serde(rename = "SHA-384")]
|
|
|
|
Sha384,
|
|
|
|
#[serde(rename = "SHA-512")]
|
|
|
|
Sha512,
|
|
|
|
}
|
|
|
|
|
|
|
|
#[derive(Serialize, Deserialize, Copy, Clone, PartialEq)]
|
|
|
|
pub enum EcNamedCurve {
|
|
|
|
#[serde(rename = "P-256")]
|
|
|
|
P256,
|
|
|
|
#[serde(rename = "P-384")]
|
|
|
|
P384,
|
2021-12-16 11:28:43 -05:00
|
|
|
#[serde(rename = "P-521")]
|
|
|
|
P521,
|
2021-12-10 09:06:03 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
#[derive(Serialize, Deserialize)]
|
|
|
|
#[serde(rename_all = "lowercase", tag = "type", content = "data")]
|
|
|
|
pub enum RawKeyData {
|
|
|
|
Secret(ZeroCopyBuf),
|
|
|
|
Private(ZeroCopyBuf),
|
|
|
|
Public(ZeroCopyBuf),
|
|
|
|
}
|
|
|
|
|
2021-12-13 07:22:03 -05:00
|
|
|
impl RawKeyData {
|
|
|
|
pub fn as_rsa_public_key(&self) -> Result<Cow<'_, [u8]>, AnyError> {
|
|
|
|
match self {
|
|
|
|
RawKeyData::Public(data) => Ok(Cow::Borrowed(data)),
|
|
|
|
RawKeyData::Private(data) => {
|
|
|
|
let private_key = RsaPrivateKey::from_pkcs1_der(data)
|
|
|
|
.map_err(|_| type_error("expected valid private key"))?;
|
|
|
|
|
|
|
|
let public_key_doc = private_key
|
|
|
|
.to_public_key()
|
|
|
|
.to_pkcs1_der()
|
|
|
|
.map_err(|_| type_error("expected valid public key"))?;
|
|
|
|
|
|
|
|
Ok(Cow::Owned(public_key_doc.as_der().into()))
|
|
|
|
}
|
|
|
|
_ => Err(type_error("expected public key")),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
pub fn as_rsa_private_key(&self) -> Result<&[u8], AnyError> {
|
|
|
|
match self {
|
|
|
|
RawKeyData::Private(data) => Ok(data),
|
|
|
|
_ => Err(type_error("expected private key")),
|
|
|
|
}
|
|
|
|
}
|
2021-12-15 16:18:26 -05:00
|
|
|
|
|
|
|
pub fn as_secret_key(&self) -> Result<&[u8], AnyError> {
|
|
|
|
match self {
|
|
|
|
RawKeyData::Secret(data) => Ok(data),
|
|
|
|
_ => Err(type_error("expected secret key")),
|
|
|
|
}
|
|
|
|
}
|
2022-01-18 22:38:35 -05:00
|
|
|
|
|
|
|
pub fn as_ec_public_key_p256(&self) -> Result<p256::EncodedPoint, AnyError> {
|
|
|
|
match self {
|
|
|
|
RawKeyData::Public(data) => {
|
|
|
|
// public_key is a serialized EncodedPoint
|
|
|
|
p256::EncodedPoint::from_bytes(&data)
|
2022-02-08 08:18:28 -05:00
|
|
|
.map_err(|_| type_error("expected valid public EC key"))
|
2022-01-18 22:38:35 -05:00
|
|
|
}
|
2022-02-08 08:18:28 -05:00
|
|
|
RawKeyData::Private(data) => {
|
|
|
|
let signing_key = p256::SecretKey::from_pkcs8_der(data)
|
|
|
|
.map_err(|_| type_error("expected valid private EC key"))?;
|
|
|
|
Ok(signing_key.public_key().to_encoded_point(false))
|
|
|
|
}
|
|
|
|
// Should never reach here.
|
|
|
|
RawKeyData::Secret(_) => unreachable!(),
|
2022-01-18 22:38:35 -05:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
pub fn as_ec_public_key_p384(&self) -> Result<p384::EncodedPoint, AnyError> {
|
|
|
|
match self {
|
|
|
|
RawKeyData::Public(data) => {
|
|
|
|
// public_key is a serialized EncodedPoint
|
|
|
|
p384::EncodedPoint::from_bytes(&data)
|
2022-02-08 08:18:28 -05:00
|
|
|
.map_err(|_| type_error("expected valid public EC key"))
|
2022-01-18 22:38:35 -05:00
|
|
|
}
|
2022-02-08 08:18:28 -05:00
|
|
|
RawKeyData::Private(data) => {
|
|
|
|
let ec_key = ECPrivateKey::<p384::NistP384>::try_from(&**data)
|
|
|
|
.map_err(|_| {
|
|
|
|
custom_error(
|
|
|
|
"DOMExceptionOperationError",
|
|
|
|
"failed to decode private key",
|
|
|
|
)
|
|
|
|
})?;
|
|
|
|
let point = p384::EncodedPoint::from_bytes(&ec_key.encoded_point)
|
|
|
|
.map_err(|_| data_error("expected valid public EC key"))?;
|
|
|
|
Ok(point)
|
|
|
|
}
|
|
|
|
// Should never reach here.
|
|
|
|
RawKeyData::Secret(_) => unreachable!(),
|
2022-01-18 22:38:35 -05:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
pub fn as_ec_private_key(&self) -> Result<&[u8], AnyError> {
|
|
|
|
match self {
|
|
|
|
RawKeyData::Private(data) => Ok(data),
|
|
|
|
_ => Err(type_error("expected private key")),
|
|
|
|
}
|
|
|
|
}
|
2021-12-13 07:22:03 -05:00
|
|
|
}
|
|
|
|
|
2021-12-10 09:06:03 -05:00
|
|
|
pub fn data_error(msg: impl Into<Cow<'static, str>>) -> AnyError {
|
|
|
|
custom_error("DOMExceptionDataError", msg)
|
|
|
|
}
|
|
|
|
|
|
|
|
pub fn not_supported_error(msg: impl Into<Cow<'static, str>>) -> AnyError {
|
|
|
|
custom_error("DOMExceptionNotSupportedError", msg)
|
|
|
|
}
|
|
|
|
|
2021-12-13 12:45:08 -05:00
|
|
|
pub fn operation_error(msg: impl Into<Cow<'static, str>>) -> AnyError {
|
|
|
|
custom_error("DOMExceptionOperationError", msg)
|
|
|
|
}
|
|
|
|
|
2021-12-10 09:06:03 -05:00
|
|
|
pub fn unsupported_format() -> AnyError {
|
|
|
|
not_supported_error("unsupported format")
|
|
|
|
}
|