feat: move bits from https://github.com/richardschneider/ipfs-encryption

2025-07-05 20:01:34 +00:00 · 2017-12-06 22:56:09 +13:00
parent 49e6c47c40
commit 1a96ae8cb7
14 changed files with 1178 additions and 9 deletions
--- a/src/cms.js
+++ b/src/cms.js
@ -0,0 +1,97 @@
+'use strict'
+
+const async = require('async')
+const forge = require('node-forge')
+const util = require('./util')
+
+class CMS {
+  constructor (keystore) {
+    if (!keystore) {
+      throw new Error('keystore is required')
+    }
+
+    this.keystore = keystore;
+  }
+
+  createAnonymousEncryptedData (name, plain, callback) {
+    const self = this
+    if (!Buffer.isBuffer(plain)) {
+      return callback(new Error('Data is required'))
+    }
+
+    self.keystore._getPrivateKey(name, (err, key) => {
+      if (err) {
+        return callback(err)
+      }
+
+      try {
+        const privateKey = forge.pki.decryptRsaPrivateKey(key, self.keystore._())
+        util.certificateForKey(privateKey, (err, certificate) => {
+          if (err) return callback(err)
+
+          // create a p7 enveloped message
+          const p7 = forge.pkcs7.createEnvelopedData()
+          p7.addRecipient(certificate)
+          p7.content = forge.util.createBuffer(plain)
+          p7.encrypt()
+
+          // convert message to DER
+          const der = forge.asn1.toDer(p7.toAsn1()).getBytes()
+          callback(null, Buffer.from(der, 'binary'))
+        })
+      } catch (err) {
+        callback(err)
+      }
+    })
+  }
+
+  readData (cmsData, callback) {
+    if (!Buffer.isBuffer(cmsData)) {
+      return callback(new Error('CMS data is required'))
+    }
+
+    const self = this
+    let cms
+    try {
+      const buf = forge.util.createBuffer(cmsData.toString('binary'));
+      const obj = forge.asn1.fromDer(buf)
+      cms = forge.pkcs7.messageFromAsn1(obj)
+    } catch (err) {
+      return callback(new Error('Invalid CMS: ' + err.message))
+    }
+
+    // Find a recipient whose key we hold. We only deal with recipient certs
+    // issued by ipfs (O=ipfs).
+    const recipients = cms.recipients
+      .filter(r => r.issuer.find(a => a.shortName === 'O' && a.value === 'ipfs'))
+      .filter(r => r.issuer.find(a => a.shortName === 'CN'))
+      .map(r => {
+        return {
+          recipient: r,
+          keyId: r.issuer.find(a => a.shortName === 'CN').value
+        }
+      })
+    async.detect(
+      recipients,
+      (r, cb) => self.keystore.findKeyById(r.keyId, (err, info) => cb(null, !err && info)),
+      (err, r) => {
+        if (err) return callback(err)
+        if (!r) return callback(new Error('No key found for decryption'))
+
+        async.waterfall([
+          (cb) => self.keystore.findKeyById(r.keyId, cb),
+          (key, cb) => self.keystore._getPrivateKey(key.name, cb)
+        ], (err, pem) => {
+          if (err) return callback(err);
+
+          const privateKey = forge.pki.decryptRsaPrivateKey(pem, self.keystore._())
+          cms.decrypt(r.recipient, privateKey)
+          async.setImmediate(() => callback(null, Buffer.from(cms.content.getBytes(), 'binary')))
+        })
+      }
+    )
+  }
+
+}
+
+module.exports = CMS