@hg-ts/rsa 0.5.17 → 0.5.18

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@hg-ts/rsa",
-  "version": "0.5.17",
+  "version": "0.5.18",
   "main": "dist/index.js",
   "type": "module",
   "exports": {
@@ -18,12 +18,12 @@
     "test:dev": "vitest watch"
   },
   "devDependencies": {
-    "@hg-ts-config/typescript": "0.5.17",
-    "@hg-ts/exception": "0.5.17",
-    "@hg-ts/linter": "0.5.17",
-    "@hg-ts/tests": "0.5.17",
-    "@hg-ts/types": "0.5.17",
-    "@hg-ts/validation": "0.5.17",
+    "@hg-ts-config/typescript": "0.5.18",
+    "@hg-ts/exception": "0.5.18",
+    "@hg-ts/linter": "0.5.18",
+    "@hg-ts/tests": "0.5.18",
+    "@hg-ts/types": "0.5.18",
+    "@hg-ts/validation": "0.5.18",
     "@types/node": "22.19.1",
     "@types/node-forge": "^1",
     "@vitest/coverage-v8": "4.0.14",
@@ -36,8 +36,8 @@
     "vitest": "4.0.14"
   },
   "peerDependencies": {
-    "@hg-ts/exception": "0.5.17",
-    "@hg-ts/validation": "0.5.17",
+    "@hg-ts/exception": "0.5.18",
+    "@hg-ts/validation": "0.5.18",
     "reflect-metadata": "*",
     "tslib": "*",
     "vitest": "*"

package/src/index.ts

@@ -0,0 +1,3 @@
+export * from './rsa.private-key.js';
+export * from './rsa.public-key.js';
+export * from './rsa.key-pair.js';

package/src/rsa.base-key.ts

@@ -0,0 +1,75 @@
+import forge from 'node-forge';
+
+export abstract class RSABaseKey {
+	private readonly mdDigestLength: number;
+
+	protected abstract key: forge.pki.rsa.PrivateKey | forge.pki.rsa.PublicKey;
+
+	public constructor() {
+		this.mdDigestLength = this.getMd().digestLength;
+	}
+
+	protected prepareToEncrypt(data: string | Uint8Array): string[] {
+		const input = this.formatDecryptedInputToString(data);
+
+		return this.splitInput(input, this.maxLength);
+	}
+
+	protected prepareToDecrypt(data: string | Uint8Array): string[] {
+		const encryptedLength = this.keyLength * 2;
+		const encrypted = typeof data === 'string' ? data : Buffer.from(data).toString('hex');
+
+		return this.splitInput(encrypted, encryptedLength)
+			.map(chunk => Buffer
+				.from(chunk, 'hex')
+				.toString('binary'),
+			);
+	}
+
+	protected formatDecryptedInputToString(data: string | Uint8Array): string {
+		if (typeof data === 'string') {
+			return data;
+		}
+
+		return Buffer.from(data).toString('hex');
+	}
+
+	protected formatSignature(data: string | Uint8Array): string {
+		if (typeof data === 'string') {
+			return data;
+		}
+
+		return Buffer.from(data).toString('binary');
+	}
+
+	protected formatEncrypted(data: string[]): Uint8Array {
+		const chunks = data.map(chunk => Buffer.from(chunk, 'binary').toString('hex'));
+
+		return Buffer.from(chunks.join(''), 'hex');
+	}
+
+	protected getMd(): forge.md.MessageDigest {
+		return forge.md.sha256.create();
+	}
+
+	protected get maxLength(): number {
+		return this.keyLength - (this.mdDigestLength * 2) - 2;
+	}
+
+	protected get keyLength(): number {
+		return Math.ceil(this.key.n.bitLength() / 8);
+	}
+
+	private splitInput(value: string, length: number): string[] {
+		const chars = value.split('');
+		const chunks: string[] = [];
+
+		while (chars.length > 0) {
+			const chunk = chars.splice(0, length);
+
+			chunks.push(chunk.join(''));
+		}
+
+		return chunks;
+	}
+}

package/src/rsa.key-pair.ts

@@ -0,0 +1,57 @@
+import forge from 'node-forge';
+import { RSAPrivateKey } from './rsa.private-key.js';
+import { RSAPublicKey } from './rsa.public-key.js';
+
+export type RSAKeyPairOptions = {
+	seed?: string;
+	bits?: number;
+}
+
+export class RSAKeyPair {
+	private readonly publicRsaKey: RSAPublicKey;
+	private readonly privateRsaKey: RSAPrivateKey;
+
+	public constructor(options: RSAKeyPairOptions = {}) {
+		const keyPair = this.generateKeys(options);
+
+		this.privateRsaKey = new RSAPrivateKey(keyPair.privateKey);
+		this.publicRsaKey = new RSAPublicKey(keyPair.publicKey);
+	}
+
+	public encrypt(value: string | Uint8Array): Uint8Array {
+		return this.publicRsaKey.encrypt(value);
+	}
+
+	public decrypt(value: string | Uint8Array): string {
+		return this.privateRsaKey.decrypt(value);
+	}
+
+	public sign(value: string): Uint8Array {
+		return this.privateRsaKey.sign(value);
+	}
+
+	public verify(signature: string | Uint8Array, value: string): boolean {
+		return this.publicRsaKey.verify(signature, value);
+	}
+
+	public get publicKey(): string {
+		return this.publicRsaKey.toString();
+	}
+
+	public get privateKey(): string {
+		return this.privateRsaKey.toString();
+	}
+
+	private generateKeys(options: RSAKeyPairOptions): forge.pki.rsa.KeyPair {
+		const { seed } = options;
+		if (!seed) {
+			return forge.pki.rsa.generateKeyPair({ bits: options.bits });
+		}
+
+		const prng = forge.random.createInstance();
+		prng.seedFileSync = (): string => seed;
+		prng.seedFile = (): string => seed;
+
+		return forge.pki.rsa.generateKeyPair({ prng, bits: options.bits });
+	}
+}

package/src/rsa.private-key.ts

@@ -0,0 +1,45 @@
+import forge from 'node-forge';
+import { RSABaseKey } from './rsa.base-key.js';
+
+export class RSAPrivateKey extends RSABaseKey {
+	protected readonly key: forge.pki.rsa.PrivateKey;
+
+	public constructor(key: forge.pki.rsa.PrivateKey) {
+		super();
+		this.key = key;
+	}
+
+	public decrypt(encrypted: string | Uint8Array): string {
+		const md = this.getMd();
+
+		const chunks = this.prepareToDecrypt(encrypted);
+
+		const decryptedChunks = chunks.map(chunk => this.key.decrypt(chunk, 'RSAES-PKCS1-V1_5', { md }));
+
+		return decryptedChunks.join('');
+	}
+
+	public sign(value: string): Uint8Array {
+		const hash = this.getMd();
+		hash.update(value);
+
+		const pss = forge.pss.create({
+			md: this.getMd(),
+			mgf: forge.mgf.mgf1.create(this.getMd()),
+			saltLength: 20,
+		});
+		const signedId = this.key.sign(hash, pss);
+
+		return Buffer.from(signedId, 'binary');
+	}
+
+	public override toString(): string {
+		return forge.pki.privateKeyToPem(this.key);
+	}
+
+	public static fromString(pemKey: string): RSAPrivateKey {
+		const key = forge.pki.privateKeyFromPem(pemKey);
+
+		return new RSAPrivateKey(key);
+	}
+}

package/src/rsa.public-key.ts

@@ -0,0 +1,65 @@
+import { z } from '@hg-ts/validation';
+import forge from 'node-forge';
+import { RSABaseKey } from './rsa.base-key.js';
+
+const schema = z.string().transform((value, ctx) => {
+	try {
+		const publicKey = forge.pki.publicKeyFromPem(value);
+
+		return forge.pki.publicKeyToPem(publicKey);
+	} catch (error) {
+		ctx.issues.push({
+			message: 'Invalid public key',
+			fatal: true,
+			code: 'invalid_format',
+			input: value,
+			format: 'RSA Public Key',
+		});
+		return value;
+	}
+}).pipe(z.string());
+
+export class RSAPublicKey extends RSABaseKey {
+	protected readonly key: forge.pki.rsa.PublicKey;
+
+	public static schema = schema;
+
+	public constructor(key: forge.pki.rsa.PublicKey) {
+		super();
+		this.key = key;
+	}
+
+	public encrypt(value: string | Uint8Array): Uint8Array {
+		const md = this.getMd();
+		const chunks = this.prepareToEncrypt(value);
+
+		const encryptedChunks = chunks.map(chunk => this.key.encrypt(chunk, 'RSAES-PKCS1-V1_5', { md }));
+
+		return this.formatEncrypted(encryptedChunks);
+	}
+
+	public verify(signature: string | Uint8Array, value: string): boolean {
+		const hash = this.getMd();
+		hash.update(value);
+
+		const pss = forge.pss.create({
+			md: this.getMd(),
+			mgf: forge.mgf.mgf1.create(this.getMd()),
+			saltLength: 20,
+		});
+
+		const formattedSignature = this.formatSignature(signature);
+
+		return this.key.verify(hash.digest().bytes(), formattedSignature, pss);
+	}
+
+	public override toString(): string {
+		return forge.pki.publicKeyToPem(this.key);
+	}
+
+	public static fromString(pemKey: string): RSAPublicKey {
+		const key = forge.pki.publicKeyFromPem(pemKey);
+
+		return new RSAPublicKey(key);
+	}
+}

package/src/rsa.test.ts

@@ -0,0 +1,113 @@
+import {
+	Describe,
+	expect,
+	ExpectException,
+	Suite,
+	Test,
+} from '@hg-ts/tests';
+import { z } from '@hg-ts/validation';
+
+import { RSAKeyPair } from './rsa.key-pair.js';
+import { RSAPrivateKey } from './rsa.private-key.js';
+import { RSAPublicKey } from './rsa.public-key.js';
+
+@Describe()
+export class RsaTest extends Suite {
+	@Test()
+	public async signature(): Promise<void> {
+		const rsa = new RSAKeyPair({ bits: 512 });
+		const value = Math.random().toString();
+
+		const signature = rsa.sign(value);
+		expect(rsa.verify(Buffer.from(signature).toString('binary'), value)).toBeTruthy();
+	}
+
+	@Test()
+	public async signatureBuffer(): Promise<void> {
+		const rsa = new RSAKeyPair({ bits: 512 });
+		const value = Math.random().toString();
+
+		const signature = rsa.sign(value);
+		expect(rsa.verify(Buffer.from(signature), value)).toBeTruthy();
+	}
+
+	@Test()
+	public async encryption(): Promise<void> {
+		const rsa = new RSAKeyPair({ bits: 1024 });
+		const value = Math.random().toString();
+
+		const encrypted = rsa.encrypt(value);
+		expect(rsa.decrypt(Buffer.from(encrypted).toString('hex'))).toBe(value);
+	}
+
+	@Test()
+	public async encryptionBuffer(): Promise<void> {
+		const rsa = new RSAKeyPair({ bits: 1024 });
+		const value = Buffer.from(Math.random().toString(), 'utf-8');
+
+		const encrypted = rsa.encrypt(value);
+		expect(Buffer.from(rsa.decrypt(encrypted), 'hex')).toMatchObject(value);
+	}
+
+	@Test()
+	public async longMessageEncryption(): Promise<void> {
+		const rsa = new RSAKeyPair({ bits: 1024 });
+		const rsaToTest = new RSAKeyPair({ bits: 1024 });
+		const value = rsaToTest.publicKey;
+
+		const encrypted = rsa.encrypt(value);
+		expect(rsa.decrypt(encrypted)).toBe(value);
+	}
+
+	@Test()
+	public async longMessageSignature(): Promise<void> {
+		const rsa = new RSAKeyPair({ bits: 512 });
+		const value = rsa.publicKey;
+
+		const signature = rsa.sign(value);
+		expect(rsa.verify(signature, value)).toBeTruthy();
+	}
+
+	@Test()
+	public async seeded(): Promise<void> {
+		const seed = Math.random().toString();
+		const rsa1 = new RSAKeyPair({ seed, bits: 512 });
+		const rsa2 = new RSAKeyPair({ seed, bits: 512 });
+
+		expect(rsa1.privateKey).toBe(rsa2.privateKey);
+		expect(rsa1.publicKey).toBe(rsa2.publicKey);
+	}
+
+	@Test()
+	public async privateKeyFromString(): Promise<void> {
+		const rsa = new RSAKeyPair({ bits: 512 });
+		const rsaFromString = RSAPrivateKey.fromString(rsa.privateKey);
+
+		expect(rsaFromString.toString()).toBe(rsa.privateKey.toString());
+	}
+
+	@Test()
+	public async publicKeyFromString(): Promise<void> {
+		const rsa = new RSAKeyPair({ bits: 512 });
+		const rsaFromString = RSAPublicKey.fromString(rsa.publicKey);
+
+		expect(rsaFromString.toString()).toBe(rsa.publicKey.toString());
+	}
+
+	@Test()
+	public async publicKeyValidationsValid(): Promise<void> {
+		const rsa = new RSAKeyPair({ bits: 512 });
+
+		RSAPublicKey.schema.parse(rsa.publicKey.toString());
+	}
+
+	@Test()
+	@ExpectException(z.ZodError)
+	public async publicKeyValidationsFails(): Promise<void> {
+		// Тут убран одир случайный символ из ключа
+		RSAPublicKey.schema.parse(`-----BEGIN PUBLIC KEY-----
+MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALnfPJr6J2UXwvZhbPWolBw4UJHAEMd
+/FvIyIYADhT/k+2TIFixs4pxM5VaGMP7Tny+5WAouv9ulh4tACPxKoMCAwEAAQ==
+-----END PUBLIC KEY-----`);
+	}
+}

package/src/utils.ts

@@ -0,0 +1,40 @@
+import forge from 'node-forge';
+
+export function chunkString(value: string, length: number): string[] {
+	const chars = value.split('');
+	const chunks: string[] = [];
+
+	while (chars.length > 0) {
+		const chunk = chars.splice(0, length);
+
+		chunks.push(chunk.join(''));
+	}
+
+	return chunks;
+}
+
+export function getMd(): forge.md.MessageDigest {
+	return forge.md.sha256.create();
+}
+
+export function getKeyLength(key: forge.pki.rsa.PrivateKey | forge.pki.rsa.PublicKey): number {
+	return Math.ceil(key.n.bitLength() / 8);
+}
+
+export function getMaxLength(
+	key: forge.pki.rsa.PrivateKey | forge.pki.rsa.PublicKey,
+	md: forge.md.MessageDigest,
+): number {
+	const keyLength = getKeyLength(key);
+
+	return keyLength - (md.digestLength * 2) - 2;
+}
+
+
+export function getEncryptedLength(
+	key: forge.pki.rsa.PrivateKey | forge.pki.rsa.PublicKey,
+): number {
+	const keyLength = getKeyLength(key);
+
+	return keyLength * 2;
+}