privateEncrypt padding fix

Author: rzcoder

README.md

@@ -210,13 +210,12 @@ Questions, comments, bug reports, and pull requests are all welcome.
 ## Changelog
 
 ### 0.2.22
- * Native support for `encryptPrivate` and `decryptPublic` in io.js caused error in linux and was removed.
+ * `encryptPrivate` and `decryptPublic` now using only pkcs1 (type 1) padding.
 
 ### 0.2.20
  * Added `.encryptPrivate()` and `.decryptPublic()` methods.
  * Encrypt/decrypt methods in nodejs 0.12.x and io.js using native implementation (> 40x speed boost).
  * Fixed some regex issue causing catastrophic backtracking.
- * *KNOWN ISSUE*: `encryptPrivate` and `decryptPublic` don't have native implementation in nodejs and can't be use in native implementation with pkcs1_oaep padding in io.js.
 
 ### 0.2.10
  * **Methods `.exportPrivate()` and `.exportPublic()` was replaced by `.exportKey([format])`.**

src/encryptEngines/encryptEngines.js

@@ -5,17 +5,11 @@ module.exports = {
         var engine = require('./js.js');
         if (options.environment === 'node') {
             if (typeof crypt.publicEncrypt === 'function' && typeof crypt.privateDecrypt === 'function') {
-                engine = require('./node12.js');
-
-                /*
-
-                io.js privateEncrypt/publicDecrypt with different environments causing error in linux
-
                 if (typeof crypt.privateEncrypt === 'function' && typeof crypt.publicDecrypt === 'function') {
                     engine = require('./io.js');
                 } else {
                     engine = require('./node12.js');
-                }*/
+                }
             }
         }
         return engine(keyPair, options);

src/encryptEngines/io.js

@@ -2,24 +2,21 @@ var crypto = require('crypto');
 var constants = require('constants');
 
 module.exports = function (keyPair, options) {
-    var jsEngine = require('./js.js')(keyPair);
+    var jsEngine = require('./js.js')(keyPair, options);
 
     return {
         encrypt: function (buffer, usePrivate) {
-            var padding = constants.RSA_PKCS1_OAEP_PADDING;
-            if (options.encryptionScheme === 'pkcs1') {
-                padding = constants.RSA_PKCS1_PADDING;
-            }
             if (usePrivate) {
-                // openssl don't support oaep padding for private encrypt
-                if (padding === constants.RSA_PKCS1_OAEP_PADDING) {
-                    return jsEngine.encrypt(buffer, usePrivate);
-                }
                 return crypto.privateEncrypt({
                     key: options.rsaUtils.exportKey('private'),
-                    padding: padding
+                    padding: constants.RSA_PKCS1_PADDING
                 }, buffer);
             } else {
+                var padding = constants.RSA_PKCS1_OAEP_PADDING;
+                if (options.encryptionScheme === 'pkcs1') {
+                    padding = constants.RSA_PKCS1_PADDING;
+                }
+
                 return crypto.publicEncrypt({
                     key: options.rsaUtils.exportKey('public'),
                     padding: padding
@@ -28,20 +25,17 @@ module.exports = function (keyPair, options) {
         },
 
         decrypt: function (buffer, usePublic) {
-            var padding = constants.RSA_PKCS1_OAEP_PADDING;
-            if (options.encryptionScheme === 'pkcs1') {
-                padding = constants.RSA_PKCS1_PADDING;
-            }
             if (usePublic) {
-                // openssl don't support oaep padding for public decrypt
-                if (padding === constants.RSA_PKCS1_OAEP_PADDING) {
-                    return jsEngine.decrypt(buffer, usePublic);
-                }
                 return crypto.publicDecrypt({
                     key: options.rsaUtils.exportKey('public'),
-                    padding: padding
+                    padding: constants.RSA_PKCS1_PADDING
                 }, buffer);
             } else {
+                var padding = constants.RSA_PKCS1_OAEP_PADDING;
+                if (options.encryptionScheme === 'pkcs1') {
+                    padding = constants.RSA_PKCS1_PADDING;
+                }
+
                 return crypto.privateDecrypt({
                     key: options.rsaUtils.exportKey('private'),
                     padding: padding

src/encryptEngines/js.js

@@ -1,17 +1,31 @@
 var BigInteger = require('../libs/jsbn.js');
+var schemes = require('../schemes/schemes.js');
 
 module.exports = function (keyPair, options) {
+    var pkcs1Scheme = schemes.pkcs1.makeScheme(keyPair, options);
+
     return {
         encrypt: function (buffer, usePrivate) {
-            var m = new BigInteger(keyPair.encryptionScheme.encPad(buffer));
-            var c = usePrivate ? keyPair.$doPrivate(m) : keyPair.$doPublic(m);
+            if (usePrivate) {
+                var m = new BigInteger(pkcs1Scheme.encPad(buffer, {type: 1}));
+                var c = keyPair.$doPrivate(m);
+            } else {
+                var m = new BigInteger(keyPair.encryptionScheme.encPad(buffer));
+                var c = keyPair.$doPublic(m);
+            }
             return c.toBuffer(keyPair.encryptedDataLength);
         },
 
         decrypt: function (buffer, usePublic) {
             var c = new BigInteger(buffer);
-            var m = usePublic ? keyPair.$doPublic(c) : keyPair.$doPrivate(c);
-            return keyPair.encryptionScheme.encUnPad(m.toBuffer(keyPair.encryptedDataLength));
+
+            if (usePublic) {
+                var m = keyPair.$doPublic(c);
+                return pkcs1Scheme.encUnPad(m.toBuffer(keyPair.encryptedDataLength), {type: 1});
+            } else {
+                var m = keyPair.$doPrivate(c);
+                return keyPair.encryptionScheme.encUnPad(m.toBuffer(keyPair.encryptedDataLength));
+            }
         }
     };
 };

src/encryptEngines/node12.js

@@ -2,7 +2,7 @@ var crypto = require('crypto');
 var constants = require('constants');
 
 module.exports = function (keyPair, options) {
-    var jsEngine = require('./js.js')(keyPair);
+    var jsEngine = require('./js.js')(keyPair, options);
 
     return {
         encrypt: function (buffer, usePrivate) {

src/schemes/pkcs1.js

@@ -39,32 +39,55 @@ module.exports.makeScheme = function (key, options) {
 
     /**
      * Pad input Buffer to encryptedDataLength bytes, and return new Buffer
-     * alg: PKCS#1 (type 2, random)
+     * alg: PKCS#1
      * @param buffer
      * @returns {Buffer}
      */
-    Scheme.prototype.encPad = function (buffer) {
+    Scheme.prototype.encPad = function (buffer, options) {
+        options = options || {};
         if (buffer.length > this.key.maxMessageLength) {
             throw new Error("Message too long for RSA (n=" + this.key.encryptedDataLength + ", l=" + buffer.length + ")");
         }
 
-        // TODO: make n-length buffer
-        var ba = Array.prototype.slice.call(buffer, 0);
+        if (options.type === 1) {
+            var filled = new Buffer(this.key.encryptedDataLength - buffer.length - 1);
+            filled.fill(0xff, 0, filled.length - 1);
+            filled[0] = 1;
+            filled[filled.length - 1] = 0;
 
-        // random padding
-        ba.unshift(0);
-        var rand = crypt.randomBytes(this.key.encryptedDataLength - ba.length - 2);
-        for (var i = 0; i < rand.length; i++) {
-            var r = rand[i];
-            while (r === 0) { // non-zero only
-                r = crypt.randomBytes(1)[0];
+            return Buffer.concat([filled, buffer]);
+        } else {
+            /*// random padding
+            // TODO: make n-length buffer
+            var ba = Array.prototype.slice.call(buffer, 0);
+            ba.unshift(0);
+            var rand = crypt.randomBytes(this.key.encryptedDataLength - ba.length - 2);
+            for (var i = 0; i < rand.length; i++) {
+                var r = rand[i];
+                while (r === 0) { // non-zero only
+                    r = crypt.randomBytes(1)[0];
+                }
+                ba.unshift(r);
+            }
+            ba.unshift(2);
+            ba.unshift(0);
+            // return ba;
+            */
+
+            var filled = new Buffer(this.key.encryptedDataLength - buffer.length);
+            filled[0] = 0;
+            filled[1] = 2;
+            var rand = crypt.randomBytes(filled.length - 3);
+            for (var i = 0; i < rand.length; i++) {
+                var r = rand[i];
+                while (r === 0) { // non-zero only
+                    r = crypt.randomBytes(1)[0];
+                }
+                filled[i + 2] = r;
             }
-            ba.unshift(r);
+            filled[filled.length - 1] = 0;
+            return Buffer.concat([filled, buffer]);
         }
-        ba.unshift(2);
-        ba.unshift(0);
-
-        return ba;
     };
 
     /**
@@ -73,10 +96,38 @@ module.exports.makeScheme = function (key, options) {
      * @param buffer
      * @returns {Buffer}
      */
-    Scheme.prototype.encUnPad = function (buffer) {
-        //var buffer = buffer.toByteArray();
+    Scheme.prototype.encUnPad = function (buffer, options) {
+        options = options || {};
         var i = 0;
 
+        if (buffer.length < 4) {
+            return null;
+        }
+
+        if (options.type === 1) {
+            if (buffer[0] !== 0 && buffer[1] !== 1) {
+                return null;
+            }
+            i = 3;
+            while (buffer[i] !== 0) {
+                if (buffer[i] != 0xFF || ++i >= buffer.length) {
+                    return null;
+                }
+            }
+        } else {
+            if (buffer[0] !== 0 && buffer[1] !== 2) {
+                return null;
+            }
+            i = 3;
+            while (buffer[i] !== 0) {
+                if (++i >= buffer.length) {
+                    return null;
+                }
+            }
+        }
+        return buffer.slice(i + 1, buffer.length);
+        /*var i = 0;
+
         while (i < buffer.length && buffer[i] === 0) {
             ++i;
         }
@@ -96,7 +147,7 @@ module.exports.makeScheme = function (key, options) {
         var res = new Buffer(buffer.length - i - 1);
         while (++i < buffer.length) {
             res[c++] = buffer[i] & 255;
-        }
+        }*/
 
         return res;
     };