mirrors/CyberChef
1
0
Fork 0
mirror of https://github.com/gchq/CyberChef.git synced 2025-04-23 00:06:17 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'rsa' of https://github.com/mattnotmitt/CyberChef into mattnotmitt-rsa

Browse source
This commit is contained in:
n1474335 2021-02-01 17:30:02 +00:00
commit 99eb1cced5
12 changed files with 806 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

5
src/core/config/Categories.json
View file

@ -105,6 +105,11 @@
"Derive EVP key",
"Bcrypt",
"Scrypt",
"Generate RSA Key Pair",
"RSA Sign",
"RSA Verify",
"RSA Encrypt",
"RSA Decrypt",
"JWT Sign",
"JWT Verify",
"JWT Decode",

9
src/core/lib/RSA.mjs Normal file
View file

@ -0,0 +1,9 @@
import forge from "node-forge/dist/forge.min.js";
export const MD_ALGORITHMS = {
"SHA-1": forge.md.sha1,
"MD5": forge.md.md5,
"SHA-256": forge.md.sha256,
"SHA-384": forge.md.sha384,
"SHA-512": forge.md.sha512,
};

83
src/core/operations/GenerateRSAKeyPair.mjs Normal file
View file

@ -0,0 +1,83 @@
/**
* @author Matt C [me@mitt.dev]
* @author gchq77703 []
* @copyright Crown Copyright 2018
* @license Apache-2.0
*/
import Operation from "../Operation";
import forge from "node-forge/dist/forge.min.js";
/**
* Generate RSA Key Pair operation
*/
class GenerateRSAKeyPair extends Operation {
/**
* GenerateRSAKeyPair constructor
*/
constructor() {
super();
this.name = "Generate RSA Key Pair";
this.module = "Ciphers";
this.description = "Generate an RSA key pair with a given number of bits";
this.infoURL = "https://wikipedia.org/wiki/RSA_(cryptosystem)";
this.inputType = "string";
this.outputType = "string";
this.args = [
{
name: "RSA Key Length",
type: "option",
value: [
"1024",
"2048",
"4096"
]
},
{
name: "Output Format",
type: "option",
value: [
"PEM",
"JSON",
"DER"
]
}
];
}
/**
* @param {string} input
* @param {Object[]} args
* @returns {string}
*/
async run(input, args) {
const [keyLength, outputFormat] = args;
return new Promise((resolve, reject) => {
forge.pki.rsa.generateKeyPair({ bits: Number(keyLength), workers: -1, workerScript: "assets/forge/prime.worker.min.js"}, (err, keypair) => {
if (err) return reject(err);
let result;
switch (outputFormat) {
case "PEM":
result = forge.pki.publicKeyToPem(keypair.publicKey) + "\n" + forge.pki.privateKeyToPem(keypair.privateKey);
break;
case "JSON":
result = JSON.stringify(keypair);
break;
case "DER":
result = forge.asn1.toDer(forge.pki.privateKeyToAsn1(keypair.privateKey)).getBytes();
break;
}
resolve(result);
});
});
}
}
export default GenerateRSAKeyPair;

87
src/core/operations/RSADecrypt.mjs Normal file
View file

@ -0,0 +1,87 @@
/**
* @author Matt C [me@mitt.dev]
* @copyright Crown Copyright 2020
* @license Apache-2.0
*/
import Operation from "../Operation.mjs";
import OperationError from "../errors/OperationError.mjs";
import Utils from "../Utils.mjs";
import forge from "node-forge/dist/forge.min.js";
import { MD_ALGORITHMS } from "../lib/RSA.mjs";
/**
* RSA Decrypt operation
*/
class RSADecrypt extends Operation {
/**
* RSADecrypt constructor
*/
constructor() {
super();
this.name = "RSA Decrypt";
this.module = "Ciphers";
this.description = "Decrypt an RSA encrypted message with a PEM encoded private key.";
this.infoURL = "https://wikipedia.org/wiki/RSA_(cryptosystem)";
this.inputType = "ArrayBuffer";
this.outputType = "string";
this.args = [
{
name: "RSA Private Key (PEM)",
type: "text",
value: "-----BEGIN RSA PRIVATE KEY-----"
},
{
name: "Key Password",
type: "text",
value: ""
},
{
name: "Encryption Scheme",
type: "argSelector",
value: [
{
name: "RSA-OAEP",
on: [3]
},
{
name: "RSAES-PKCS1-V1_5",
off: [3]
},
{
name: "RAW",
off: [3]
}]
},
{
name: "Message Digest Algorithm",
type: "option",
value: Object.keys(MD_ALGORITHMS)
}
];
}
/**
* @param {string} input
* @param {Object[]} args
* @returns {string}
*/
run(input, args) {
const [pemKey, password, scheme, md] = args;
if (pemKey.replace("-----BEGIN RSA PRIVATE KEY-----", "").length === 0) {
throw new OperationError("Please enter a private key.");
}
try {
const privKey = forge.pki.decryptRsaPrivateKey(pemKey, password);
const dMsg = privKey.decrypt(Utils.arrayBufferToStr(input), scheme, {md: MD_ALGORITHMS[md].create()});
return dMsg;
} catch (err) {
throw new OperationError(err);
}
}
}
export default RSADecrypt;

88
src/core/operations/RSAEncrypt.mjs Normal file
View file

@ -0,0 +1,88 @@
/**
* @author Matt C [me@mitt.dev]
* @copyright Crown Copyright 2020
* @license Apache-2.0
*/
import Operation from "../Operation.mjs";
import OperationError from "../errors/OperationError.mjs";
import Utils from "../Utils.mjs";
import forge from "node-forge/dist/forge.min.js";
import { MD_ALGORITHMS } from "../lib/RSA.mjs";
/**
* RSA Encrypt operation
*/
class RSAEncrypt extends Operation {
/**
* RSAEncrypt constructor
*/
constructor() {
super();
this.name = "RSA Encrypt";
this.module = "Ciphers";
this.description = "Encrypt a message with a PEM encoded RSA public key.";
this.infoURL = "https://wikipedia.org/wiki/RSA_(cryptosystem)";
this.inputType = "string";
this.outputType = "ArrayBuffer";
this.args = [
{
name: "RSA Public Key (PEM)",
type: "text",
value: "-----BEGIN RSA PUBLIC KEY-----"
},
{
name: "Encryption Scheme",
type: "argSelector",
value: [
{
name: "RSA-OAEP",
on: [2]
},
{
name: "RSAES-PKCS1-V1_5",
off: [2]
},
{
name: "RAW",
off: [2]
}]
},
{
name: "Message Digest Algorithm",
type: "option",
value: Object.keys(MD_ALGORITHMS)
}
];
}
/**
* @param {string} input
* @param {Object[]} args
* @returns {string}
*/
run(input, args) {
const [pemKey, scheme, md] = args;
if (pemKey.replace("-----BEGIN RSA PUBLIC KEY-----", "").length === 0) {
throw new OperationError("Please enter a public key.");
}
try {
// Load public key
const pubKey = forge.pki.publicKeyFromPem(pemKey);
// Encrypt message
const eMsg = pubKey.encrypt(input, scheme, {md: MD_ALGORITHMS[md].create()});
return Utils.strToArrayBuffer(eMsg);
} catch (err) {
if (err.message === "RSAES-OAEP input message length is too long.") {
throw new OperationError(`RSAES-OAEP input message length (${err.length}) is longer than the maximum allowed length (${err.maxLength}).`);
}
throw new OperationError(err);
}
}
}
export default RSAEncrypt;

74
src/core/operations/RSASign.mjs Normal file
View file

@ -0,0 +1,74 @@
/**
* @author Matt C [me@mitt.dev]
* @author gchq77703 []
* @copyright Crown Copyright 2020
* @license Apache-2.0
*/
import Operation from "../Operation";
import OperationError from "../errors/OperationError";
import forge from "node-forge/dist/forge.min.js";
import { MD_ALGORITHMS } from "../lib/RSA.mjs";
/**
* RSA Sign operation
*/
class RSASign extends Operation {
/**
* RSASign constructor
*/
constructor() {
super();
this.name = "RSA Sign";
this.module = "Ciphers";
this.description = "Sign a plaintext message with a PEM encoded RSA key.";
this.infoURL = "https://wikipedia.org/wiki/RSA_(cryptosystem)";
this.inputType = "string";
this.outputType = "string";
this.args = [
{
name: "RSA Private Key (PEM)",
type: "text",
value: "-----BEGIN RSA PRIVATE KEY-----"
},
{
name: "Key Password",
type: "text",
value: ""
},
{
name: "Message Digest Algorithm",
type: "option",
value: Object.keys(MD_ALGORITHMS)
}
];
}
/**
* @param {string} input
* @param {Object[]} args
* @returns {string}
*/
run(input, args) {
const [key, password, mdAlgo] = args;
if (key.replace("-----BEGIN RSA PRIVATE KEY-----", "").length === 0) {
throw new OperationError("Please enter a private key.");
}
try {
const privateKey = forge.pki.decryptRsaPrivateKey(key, password);
// Generate message hash
const md = MD_ALGORITHMS[mdAlgo].create();
md.update(input, "utf8");
// Sign message hash
const sig = privateKey.sign(md);
return sig;
} catch (err) {
throw new OperationError(err);
}
}
}
export default RSASign;

77
src/core/operations/RSAVerify.mjs Normal file
View file

@ -0,0 +1,77 @@
/**
* @author Matt C [me@mitt.dev]
* @copyright Crown Copyright 2020
* @license Apache-2.0
*/
import Operation from "../Operation.mjs";
import OperationError from "../errors/OperationError.mjs";
import forge from "node-forge/dist/forge.min.js";
import { MD_ALGORITHMS } from "../lib/RSA.mjs";
/**
* RSA Verify operation
*/
class RSAVerify extends Operation {
/**
* RSAVerify constructor
*/
constructor() {
super();
this.name = "RSA Verify";
this.module = "Ciphers";
this.description = "Verify a message against a signature and a public PEM encoded RSA key.";
this.infoURL = "https://wikipedia.org/wiki/RSA_(cryptosystem)";
this.inputType = "string";
this.outputType = "string";
this.args = [
{
name: "RSA Public Key (PEM)",
type: "text",
value: "-----BEGIN RSA PUBLIC KEY-----"
},
{
name: "Message",
type: "text",
value: ""
},
{
name: "Message Digest Algorithm",
type: "option",
value: Object.keys(MD_ALGORITHMS)
}
];
}
/**
* @param {string} input
* @param {Object[]} args
* @returns {string}
*/
run(input, args) {
const [pemKey, message, mdAlgo] = args;
if (pemKey.replace("-----BEGIN RSA PUBLIC KEY-----", "").length === 0) {
throw new OperationError("Please enter a public key.");
}
try {
// Load public key
const pubKey = forge.pki.publicKeyFromPem(pemKey);
// Generate message digest
const md = MD_ALGORITHMS[mdAlgo].create();
md.update(message, "utf8");
// Compare signed message digest and generated message digest
const result = pubKey.verify(md.digest().bytes(), input);
return result ? "Verified OK" : "Verification Failure";
} catch (err) {
if (err.message === "Encrypted message length is invalid.") {
throw new OperationError(`Signature length (${err.length}) does not match expected length based on key (${err.expected}).`);
}
throw new OperationError(err);
}
}
}
export default RSAVerify;