Migrate RSA to SubtleCrypto (#132)

* migrated rsa to subtle crypto * moved to denoland/setup-deno
denodrivers · Oct 27, 2022 · 1622fe5 · 1622fe5
1 parent 28f9935
commit 1622fe5
Show file tree

Hide file tree

Showing 4 changed files with 43 additions and 19 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -9,7 +9,7 @@ jobs:
     steps:
       - uses: actions/checkout@v1
       - name: Install Deno 1.x
-        uses: denolib/setup-deno@master
+        uses: denoland/setup-deno@v1
         with:
           deno-version: v1.x
       - name: Check fmt
@@ -37,7 +37,7 @@ jobs:
     steps:
       - uses: actions/checkout@v1
       - name: Install Deno ${{ matrix.DENO_VERSION }}
-        uses: denolib/setup-deno@master
+        uses: denoland/setup-deno@v1
         with:
           deno-version: ${{ matrix.DENO_VERSION }}
       - name: Show Deno version

diff --git a/src/auth_plugin/caching_sha2_password.ts b/src/auth_plugin/caching_sha2_password.ts
@@ -10,12 +10,17 @@ interface handler {
 }
 
 let scramble: Uint8Array, password: string;
-function start(scramble_: Uint8Array, password_: string): handler {
+
+async function start(
+  scramble_: Uint8Array,
+  password_: string,
+): Promise<handler> {
   scramble = scramble_;
   password = password_;
-  return { done: false, next: authMoreResponse };
+  return { done: false, next: await authMoreResponse };
 }
-function authMoreResponse(packet: ReceivePacket): handler {
+
+async function authMoreResponse(packet: ReceivePacket): Promise<handler> {
   const enum AuthStatusFlags {
     FullAuth = 0x04,
     FastPath = 0x03,
@@ -26,7 +31,7 @@ function authMoreResponse(packet: ReceivePacket): handler {
   if (statusFlag === AuthStatusFlags.FullAuth) {
     authMoreData = new Uint8Array([REQUEST_PUBLIC_KEY]);
     done = false;
-    next = encryptWithKey;
+    next = await encryptWithKey;
   }
   if (statusFlag === AuthStatusFlags.FastPath) {
     done = false;
@@ -36,30 +41,34 @@ function authMoreResponse(packet: ReceivePacket): handler {
   return { done, next, quickRead, data: authMoreData };
 }
 
-function encryptWithKey(packet: ReceivePacket): handler {
+async function encryptWithKey(packet: ReceivePacket): Promise<handler> {
   const publicKey = parsePublicKey(packet);
   const len = password.length;
-  let passwordBuffer: Uint8Array = new Uint8Array(len + 1);
+  const passwordBuffer: Uint8Array = new Uint8Array(len + 1);
   for (let n = 0; n < len; n++) {
     passwordBuffer[n] = password.charCodeAt(n);
   }
   passwordBuffer[len] = 0x00;
 
-  const encryptedPassword = encrypt(passwordBuffer, scramble, publicKey);
-  return { done: false, next: terminate, data: encryptedPassword };
+  const encryptedPassword = await encrypt(passwordBuffer, scramble, publicKey);
+  return {
+    done: false,
+    next: terminate,
+    data: new Uint8Array(encryptedPassword),
+  };
 }
 
 function parsePublicKey(packet: ReceivePacket): string {
   return packet.body.skip(1).readNullTerminatedString();
 }
-function encrypt(
+
+async function encrypt(
   password: Uint8Array,
   scramble: Uint8Array,
   key: string,
-): Uint8Array {
+): Promise<ArrayBuffer> {
   const stage1 = xor(password, scramble);
-  const encrypted = encryptWithPublicKey(key, stage1);
-  return encrypted;
+  return await encryptWithPublicKey(key, stage1);
 }
 
 function terminate() {

diff --git a/src/auth_plugin/crypt.ts b/src/auth_plugin/crypt.ts
@@ -1,7 +1,22 @@
-import { RSA } from "https://deno.land/x/[email protected]/mod.ts";
-function encryptWithPublicKey(key: string, data: Uint8Array): Uint8Array {
-  const publicKey = RSA.parseKey(key);
-  return RSA.encrypt(data, publicKey);
+async function encryptWithPublicKey(
+  key: string,
+  data: Uint8Array,
+): Promise<ArrayBuffer> {
+  const importedKey = await crypto.subtle.importKey(
+    "raw",
+    new TextEncoder().encode(key),
+    { name: "RSA-OAEP", hash: "SHA-256" },
+    false,
+    ["encrypt"],
+  );
+
+  return await crypto.subtle.encrypt(
+    {
+      name: "RSA-OAEP",
+    },
+    importedKey,
+    data,
+  );
 }
 
 export { encryptWithPublicKey };
diff --git a/src/connection.ts b/src/connection.ts
@@ -106,7 +106,7 @@ export class Connection {
 
       let result;
       if (handler) {
-        result = handler.start(handshakePacket.seed, password!);
+        result = await handler.start(handshakePacket.seed, password!);
         while (!result.done) {
           if (result.data) {
             const sequenceNumber = receive.header.no + 1;