Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
for (var i = 0; i < n; i++)
x509[i] = Crypt.X509.decode(certs[i]);
for (var i = 0; i < n - 1; i++) {
var spki = x509[i + 1].spki;
if (!this._verify(spki, x509[i]))
return false;
}
var aki = Crypt.X509.decodeAKI(certs[n - 1]);
if (aki) {
var spki = this.findCert("ca.ski", aki);
if (spki && this._verify(spki, x509[n - 1]))
return true;
// else fall thru
}
var tbs = Crypt.X509.decodeTBS(x509[n - 1].tbs);
var sha1 = new Crypt.SHA1();
var issuer = sha1.process(tbs.issuer);
var spki = this.findCert("ca.subject", issuer);
return spki && this._verify(spki, x509[n - 1]);
};
_verify(spki, x509) {
case SSL.cipherSuite.AES:
var enc = new Crypt.AES(o.key);
break;
case SSL.cipherSuite.RC4:
var enc = new Crypt.RC4(o.key);
break;
default:
throw new Error("SSL: SetupCipher: unkown encryption algorithm");
}
switch (cipher.encryptionMode) {
case SSL.cipherSuite.CBC:
case SSL.cipherSuite.NONE:
let h;
switch (cipher.hashAlgorithm) {
case SSL.cipherSuite.MD5: h = new Crypt.MD5(); break;
case SSL.cipherSuite.SHA1: h = new Crypt.SHA1(); break;
case SSL.cipherSuite.SHA256: h = new Crypt.SHA256(); break;
case SSL.cipherSuite.SHA384: h = new Crypt.SHA384(); break;
default:
throw new Error("SSL: SetupCipher: unknown hash algorithm");
}
o.hmac = new Crypt.HMAC(h, o.macSecret);
if (cipher.encryptionMode == SSL.cipherSuite.CBC)
o.enc = new Crypt.CBC(enc, o.iv); // no padding -- SSL 3.2 requires padding process beyond RFC2630
else
o.enc = enc;
break;
case SSL.cipherSuite.GCM:
let Arith = require.weak("arith");
o.enc = new Crypt.GCM(enc);
o.nonce = new Arith.Integer(1);
break;
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
import Crypt from "crypt";
import Arith from "arith";
import Files from "files";
import File from "file";
import Bin from "bin";
var argv = process.execArgv();
var f1 = new File("/k2/ca.ski", 1);
var f2 = new File("/k2/ca.subject", 1);
var sha1 = new Crypt.SHA1();
for (var argi = 1, argc = argv.length; argi < argc; argi++) {
var crt = Files.read(argv[argi]);
var ski = Crypt.X509.decodeSKI(crt);
if (ski.byteLength > 20) {
trace("SKI too long!\n");
continue;
}
if (ski.byteLength < 20) {
var buf = new Uint8Array(20);
buf.fill(0);
buf.set(new Uint8Array(ski), 20 - ski.byteLength);
ski = buf.buffer;
}
f1.write(ski);
console.log((new Arith.Integer(ski)).toString(16, 40));
var x509 = Crypt.X509.decode(crt);
function PRF(session, secret, label, seed, n, hash)
{
var s = ArrayBuffer.fromString(label);
s = s.concat(seed);
if (session.protocolVersion <= 0x302)
var r = Bin.xor(
p_hash(new Crypt.MD5(), secret.slice(0, iceil(secret.byteLength, 2)), s, n),
p_hash(new Crypt.SHA1(), secret.slice(idiv(secret.byteLength, 2)), s, n)
);
else {
if (!hash)
hash = session.chosenCipher.hashAlgorithm == SSL.cipherSuite.SHA384 ? Crypt.SHA384 : Crypt.SHA256;
var r = p_hash(new hash(), secret, s, n);
}
return r.slice(0, n);
}
constructor(key, priv, H, P, MGF) {
this.rsa = new Crypt.RSA(priv ? key.privExponent: key.exponent, key.modulus, key.prim1, key.prim2, key.exponent1, key.exponent2, key.coefficient);
this.modulusSize = this.rsa.modulusSize;
this.H = H ? H: new Crypt.SHA1();
this.P = P ? P: new Chunk();
this.MGF = MGF ? MGF: this.MGF1SHA1;
};
static MGF1SHA1(Z, l) {
static MGF1SHA1(Z, l) {
var H = new Crypt.SHA1();
var hLen = H.outputSize;
var T = new ArrayBuffer();
for (var counter = 0; l > 0; counter++, l -= hLen) {
var C = Crypt.PKCS1.sI2OSP(counter, 4);
H.reset();
H.update(Z, C);
var bc = H.close();
if (l < hLen)
bc.length = l;
T = T.concat(bc);
}
return(T);
};
xor(b1, b2) {