Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
if (spki && this._verify(spki, X509.decode(certs[i + 1])))
return true;
// else fall thru
}
x509 = X509.decode(certs[length]);
validity = X509.decodeTBS(x509.tbs).validity;
if (!((validity.from < now) && (now < validity.to)))
throw new Error("date validation failed");
let spki = this.findCert("ca.ski", X509.decodeAKI(certs[length]));
if (spki && this._verify(spki, x509))
return true;
// else fall thru
spki = this.findCert("ca.subject", new Crypt.Digest("SHA1")).process(X509.decodeTBS(x509.tbs).issuer);
return spki && this._verify(spki, x509);
};
break;
default:
throw new Error("SSL: SetupCipher: unkown encryption algorithm");
}
switch (cipher.encryptionMode) {
case CBC:
case NONE:
switch (cipher.hashAlgorithm) {
case MD5: h = "MD5"; break;
case SHA1: h = "SHA1"; break;
case SHA256: h = "SHA256"; break;
case SHA384: h = "SHA384"; break;
default:
throw new Error("SSL: SetupCipher: unknown hash algorithm");
}
o.hmac = new HMAC(new Digest(h), o.macSecret);
if (cipher.encryptionMode == CBC)
o.enc = new Mode("CBC", enc, o.iv); // no padding -- SSL 3.2 requires padding process beyond RFC2630
else
o.enc = enc;
break;
case GCM:
o.enc = new Gcm(enc);
o.nonce = BigInt(1);
break;
default:
o.enc = enc;
break;
}
}
import {Digest, GHASH} from "crypt";
import Base64 from "base64";
import Bin from "bin";
function H2B(hstr)
{
return ArrayBuffer.fromBigInt(BigInt(hstr));
}
function B2H(b)
{
return (BigInt.fromArrayBuffer(b)).toString(16);
}
// sample WebSocket handshake hash
let sha1 = new Digest("SHA1");
sha1.write("dGhlIHNhbXBsZSBub25jZQ==");
sha1.write("258EAFA5-E914-47DA-95CA-C5AB0DC85B11");
let result = Base64.encode(sha1.close());
trace(`Calculated hash: ${result}\n`);
let expect = "s3pPLMBiTxaQ9kYGzzhZRbK+xOo=";
trace(`Expected hash: ${expect}\n`);
if (result == expect)
trace("PASS\n");
else
trace("FAIL\n");
let ghash = new GHASH(H2B("0x66e94bd4ef8a2c3b884cfa59ca342b2e"));
ghash.write(H2B("0x0388dace60b6a392f328c2b971b2fe78"));
hash = "SHA1";
pk = DSA;
// needs to decode the sig value into
var ber = new BER(x509.sig);
if (ber.getTag() == 0x30) {
ber.getLength();
var r = ber.getInteger();
var s = ber.getInteger();
sig = r.concat(s);
}
break;
default:
throw new Error("Cert: unsupported algorithm: " + x509.algo.toString());
break;
}
var H = (new Crypt.Digest(hash)).process(x509.tbs);
return (new pk(spki, false, [] /* any oid */)).verify(H, sig);
};
register(cert) {
}
if (10 != line.charCodeAt(line.length - 1)) { // partial header line, accumulate and wait for more
trace("partial header!!\n"); //@@ untested
this.line = line;
return;
}
if ("\r\n" == line) { // empty line is end of headers
if (15 !== this.flags)
throw new Error("not a valid websocket handshake");
delete this.line;
delete this.flags;
let sha1 = new Digest("SHA1");
sha1.write(this.key);
delete this.key;
sha1.write("258EAFA5-E914-47DA-95CA-C5AB0DC85B11");
let response = [
"HTTP/1.1 101 Web Socket Protocol Handshake\r\n",
"Connection: Upgrade\r\n",
"Upgrade: websocket\r\n",
"Sec-WebSocket-Accept: ", Base64.encode(sha1.close()), "\r\n",
]
if (this.protocol) {
response.push("Sec-WebSocket-Protocol: ", this.protocol, "\r\n");
delete this.protocol;
}
response.push("\r\n");
if (BigInt.fromArrayBuffer(Z) != BigInt(Uxs))
trace("cuve.dh failed: " + (BigInt(Z)).toString(16) + "\n");
let key = {
G: G,
n: n,
p: m,
a: a,
b: b,
Qu: P,
du: X,
k: k,
};
let ecdsa = new ECDSA(key, true);
let digest = new Digest("SHA256");
let H = digest.process(message);
let sig = ecdsa.sign(H);
trace("sig: " + (BigInt.fromArrayBuffer(sig)).toString(16) + "\n")
let l = (BigInt.bitLength(n) + 7) >>> 3;
if (r == BigInt.fromArrayBuffer(sig.slice(0, l)) &&
s == BigInt.fromArrayBuffer(sig.slice(l, l*2)))
trace("ecdsa: succeeded\n");
else {
trace("ecdsa: failed!\n");
trace("r = " + r.toString(16) + "\n");
trace("s = " + s.toString(16) + "\n");
}