Nonconformist Propaganda Machine

npm

Need private packages and team management tools?Check out npm Orgs. »

uasn1

0.7.1 • Public • Published

μASN1.js

An insanely minimal ASN.1 builder for X.509 common schemas, specifically SEC1/X9.62 PKCS#8, SPKI/PKIX, PKCS#1 and CSR.

Created for ECDSA-CSR and eckles.js (PEM-to-JWK and JWK-to-PEM).

Optimal for the times you want lightweight ASN.1 support and it's reasonable to build concise specific functions for a bounded number of supported schemas rather than a generic parser that supports all schemas.

Works exclusively in hexidecimal for simplicity and ease-of-use.

var ASN1 = require('uasn1');

API

The ASN.1 standard is actually pretty simple and fairly consistent, but it's a little tedius to construct due to how sizes are calculated with nested structures.

There are only 3 methods needed to support all of the X.509 schemas that most of us care about, and so that's all this library has:

ASN1(type, hex1, hex2, ...)
ASN1.UInt(hex1, hex2, ...)
ASN1.BitStr(hex1, hex2, ...)
 
/*helper*/
ASN1.numToHex(num)

Most ASN.1 types follow the same rules:

  • Type byte goes first
  • Length Info byte goes next
    • for numbers < 128 length info is read as the length
    • for numbers > 128 length info is size of the length (and the next bytes are the length)
    • 128 is a special case which essentially means "read to the end of the file"
  • The value bytes go next

The tedius part is just cascading the lengths.

Integer values are different. They must have a leading '0' if the first byte is > 127, if the number is positive (otherwise it will be considered negative).

Bit Strings are also different. The first byte is used to tell how many of the next bytes are used for alignment. For the purposes of all X509 schemas I've seen, that means it's just '0'.

As far as I've been able to tell, that's all that matters.

Examples

  • EC SEC1/X9.62
  • EC PKCS#8
  • EC SPKI/PKIX

First, some CONSTANTs:

// 1.2.840.10045.3.1.7
// prime256v1 (ANSI X9.62 named elliptic curve)
var OBJ_ID_EC_256 = '06 08 2A8648CE3D030107'.replace(/\s+/g, '').toLowerCase();
 
// 1.3.132.0.34
// secp384r1 (SECG (Certicom) named elliptic curve)
var OBJ_ID_EC_384 = '06 05 2B81040022'.replace(/\s+/g, '').toLowerCase();
 
// 1.2.840.10045.2.1
// ecPublicKey (ANSI X9.62 public key type)
var OBJ_ID_EC_PUB = '06 07 2A8648CE3D0201'.replace(/\s+/g, '').toLowerCase();

EC sec1

function packEcSec1(jwk) {
  var d = toHex(base64ToUint8(urlBase64ToBase64(jwk.d)));
  var x = toHex(base64ToUint8(urlBase64ToBase64(jwk.x)));
  var y = toHex(base64ToUint8(urlBase64ToBase64(jwk.y)));
  var objId = ('P-256' === jwk.crv) ? OBJ_ID_EC_256 : OBJ_ID_EC_384;
  return hexToUint8(
    ASN1('30'                                 // Sequence
    , ASN1.UInt('01')                         // Integer (Version 1)
    , ASN1('04', d)                           // Octet String
    , ASN1('A0', objId)                       // [0] Object ID
    , ASN1('A1', ASN1.BitStr('04' + x + y)))  // [1] Embedded EC/ASN1 public key
  );
}

EC pkcs8

function packEcPkcs8(jwk) {
  var d = toHex(base64ToUint8(urlBase64ToBase64(jwk.d)));
  var x = toHex(base64ToUint8(urlBase64ToBase64(jwk.x)));
  var y = toHex(base64ToUint8(urlBase64ToBase64(jwk.y)));
  var objId = ('P-256' === jwk.crv) ? OBJ_ID_EC_256 : OBJ_ID_EC_384;
  return hexToUint8(
    ASN1('30'
    , ASN1.UInt('00')
    , ASN1('30'
      , OBJ_ID_EC_PUB
      , objId
      )
    , ASN1('04'
      , ASN1('30'
        , ASN1.UInt('01')
        , ASN1('04', d)
        , ASN1('A1', ASN1.BitStr('04' + x + y)))))
  );
}

EC spki/pkix

function packEcSpki(jwk) {
  var x = toHex(base64ToUint8(urlBase64ToBase64(jwk.x)));
  var y = toHex(base64ToUint8(urlBase64ToBase64(jwk.y)));
  var objId = ('P-256' === jwk.crv) ? OBJ_ID_EC_256 : OBJ_ID_EC_384;
  return hexToUint8(
    ASN1('30'
    , ASN1('30'
      , OBJ_ID_EC_PUB
      , objId
      )
    , ASN1.BitStr('04' + x + y))
  );
}
var packPkix = packSpki;

install

npm i uasn1

Downloadsweekly downloads

1

version

0.7.1

license

MPL-2.0

repository

Gitgit

last publish

collaborators

  • avatar
Report a vulnerability