From 3d1cd02f27518f1a04374c7c8320cd5d82ede6e9 Mon Sep 17 00:00:00 2001
From: Minteck <contact@minteck.org>
Date: Thu, 23 Feb 2023 19:34:56 +0100
Subject: Updated 40 files, added 37 files, deleted 1103 files and renamed 3905
 files (automated)

---
 school/node_modules/node-forge/js/pbe.js | 975 -------------------------------
 1 file changed, 975 deletions(-)
 delete mode 100644 school/node_modules/node-forge/js/pbe.js

(limited to 'school/node_modules/node-forge/js/pbe.js')

diff --git a/school/node_modules/node-forge/js/pbe.js b/school/node_modules/node-forge/js/pbe.js
deleted file mode 100644
index 0b25758..0000000
--- a/school/node_modules/node-forge/js/pbe.js
+++ /dev/null
@@ -1,975 +0,0 @@
-/**
- * Password-based encryption functions.
- *
- * @author Dave Longley
- * @author Stefan Siegl <stesie@brokenpipe.de>
- *
- * Copyright (c) 2010-2013 Digital Bazaar, Inc.
- * Copyright (c) 2012 Stefan Siegl <stesie@brokenpipe.de>
- *
- * An EncryptedPrivateKeyInfo:
- *
- * EncryptedPrivateKeyInfo ::= SEQUENCE {
- *   encryptionAlgorithm  EncryptionAlgorithmIdentifier,
- *   encryptedData        EncryptedData }
- *
- * EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
- *
- * EncryptedData ::= OCTET STRING
- */
-(function() {
-/* ########## Begin module implementation ########## */
-function initModule(forge) {
-
-if(typeof BigInteger === 'undefined') {
-  var BigInteger = forge.jsbn.BigInteger;
-}
-
-// shortcut for asn.1 API
-var asn1 = forge.asn1;
-
-/* Password-based encryption implementation. */
-var pki = forge.pki = forge.pki || {};
-pki.pbe = forge.pbe = forge.pbe || {};
-var oids = pki.oids;
-
-// validator for an EncryptedPrivateKeyInfo structure
-// Note: Currently only works w/algorithm params
-var encryptedPrivateKeyValidator = {
-  name: 'EncryptedPrivateKeyInfo',
-  tagClass: asn1.Class.UNIVERSAL,
-  type: asn1.Type.SEQUENCE,
-  constructed: true,
-  value: [{
-    name: 'EncryptedPrivateKeyInfo.encryptionAlgorithm',
-    tagClass: asn1.Class.UNIVERSAL,
-    type: asn1.Type.SEQUENCE,
-    constructed: true,
-    value: [{
-      name: 'AlgorithmIdentifier.algorithm',
-      tagClass: asn1.Class.UNIVERSAL,
-      type: asn1.Type.OID,
-      constructed: false,
-      capture: 'encryptionOid'
-    }, {
-      name: 'AlgorithmIdentifier.parameters',
-      tagClass: asn1.Class.UNIVERSAL,
-      type: asn1.Type.SEQUENCE,
-      constructed: true,
-      captureAsn1: 'encryptionParams'
-    }]
-  }, {
-    // encryptedData
-    name: 'EncryptedPrivateKeyInfo.encryptedData',
-    tagClass: asn1.Class.UNIVERSAL,
-    type: asn1.Type.OCTETSTRING,
-    constructed: false,
-    capture: 'encryptedData'
-  }]
-};
-
-// validator for a PBES2Algorithms structure
-// Note: Currently only works w/PBKDF2 + AES encryption schemes
-var PBES2AlgorithmsValidator = {
-  name: 'PBES2Algorithms',
-  tagClass: asn1.Class.UNIVERSAL,
-  type: asn1.Type.SEQUENCE,
-  constructed: true,
-  value: [{
-    name: 'PBES2Algorithms.keyDerivationFunc',
-    tagClass: asn1.Class.UNIVERSAL,
-    type: asn1.Type.SEQUENCE,
-    constructed: true,
-    value: [{
-      name: 'PBES2Algorithms.keyDerivationFunc.oid',
-      tagClass: asn1.Class.UNIVERSAL,
-      type: asn1.Type.OID,
-      constructed: false,
-      capture: 'kdfOid'
-    }, {
-      name: 'PBES2Algorithms.params',
-      tagClass: asn1.Class.UNIVERSAL,
-      type: asn1.Type.SEQUENCE,
-      constructed: true,
-      value: [{
-        name: 'PBES2Algorithms.params.salt',
-        tagClass: asn1.Class.UNIVERSAL,
-        type: asn1.Type.OCTETSTRING,
-        constructed: false,
-        capture: 'kdfSalt'
-      }, {
-        name: 'PBES2Algorithms.params.iterationCount',
-        tagClass: asn1.Class.UNIVERSAL,
-        type: asn1.Type.INTEGER,
-        onstructed: true,
-        capture: 'kdfIterationCount'
-      }]
-    }]
-  }, {
-    name: 'PBES2Algorithms.encryptionScheme',
-    tagClass: asn1.Class.UNIVERSAL,
-    type: asn1.Type.SEQUENCE,
-    constructed: true,
-    value: [{
-      name: 'PBES2Algorithms.encryptionScheme.oid',
-      tagClass: asn1.Class.UNIVERSAL,
-      type: asn1.Type.OID,
-      constructed: false,
-      capture: 'encOid'
-    }, {
-      name: 'PBES2Algorithms.encryptionScheme.iv',
-      tagClass: asn1.Class.UNIVERSAL,
-      type: asn1.Type.OCTETSTRING,
-      constructed: false,
-      capture: 'encIv'
-    }]
-  }]
-};
-
-var pkcs12PbeParamsValidator = {
-  name: 'pkcs-12PbeParams',
-  tagClass: asn1.Class.UNIVERSAL,
-  type: asn1.Type.SEQUENCE,
-  constructed: true,
-  value: [{
-    name: 'pkcs-12PbeParams.salt',
-    tagClass: asn1.Class.UNIVERSAL,
-    type: asn1.Type.OCTETSTRING,
-    constructed: false,
-    capture: 'salt'
-  }, {
-    name: 'pkcs-12PbeParams.iterations',
-    tagClass: asn1.Class.UNIVERSAL,
-    type: asn1.Type.INTEGER,
-    constructed: false,
-    capture: 'iterations'
-  }]
-};
-
-/**
- * Encrypts a ASN.1 PrivateKeyInfo object, producing an EncryptedPrivateKeyInfo.
- *
- * PBES2Algorithms ALGORITHM-IDENTIFIER ::=
- *   { {PBES2-params IDENTIFIED BY id-PBES2}, ...}
- *
- * id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13}
- *
- * PBES2-params ::= SEQUENCE {
- *   keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}},
- *   encryptionScheme AlgorithmIdentifier {{PBES2-Encs}}
- * }
- *
- * PBES2-KDFs ALGORITHM-IDENTIFIER ::=
- *   { {PBKDF2-params IDENTIFIED BY id-PBKDF2}, ... }
- *
- * PBES2-Encs ALGORITHM-IDENTIFIER ::= { ... }
- *
- * PBKDF2-params ::= SEQUENCE {
- *   salt CHOICE {
- *     specified OCTET STRING,
- *     otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}}
- *   },
- *   iterationCount INTEGER (1..MAX),
- *   keyLength INTEGER (1..MAX) OPTIONAL,
- *   prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1
- * }
- *
- * @param obj the ASN.1 PrivateKeyInfo object.
- * @param password the password to encrypt with.
- * @param options:
- *          algorithm the encryption algorithm to use
- *            ('aes128', 'aes192', 'aes256', '3des'), defaults to 'aes128'.
- *          count the iteration count to use.
- *          saltSize the salt size to use.
- *
- * @return the ASN.1 EncryptedPrivateKeyInfo.
- */
-pki.encryptPrivateKeyInfo = function(obj, password, options) {
-  // set default options
-  options = options || {};
-  options.saltSize = options.saltSize || 8;
-  options.count = options.count || 2048;
-  options.algorithm = options.algorithm || 'aes128';
-
-  // generate PBE params
-  var salt = forge.random.getBytesSync(options.saltSize);
-  var count = options.count;
-  var countBytes = asn1.integerToDer(count);
-  var dkLen;
-  var encryptionAlgorithm;
-  var encryptedData;
-  if(options.algorithm.indexOf('aes') === 0 || options.algorithm === 'des') {
-    // Do PBES2
-    var ivLen, encOid, cipherFn;
-    switch(options.algorithm) {
-    case 'aes128':
-      dkLen = 16;
-      ivLen = 16;
-      encOid = oids['aes128-CBC'];
-      cipherFn = forge.aes.createEncryptionCipher;
-      break;
-    case 'aes192':
-      dkLen = 24;
-      ivLen = 16;
-      encOid = oids['aes192-CBC'];
-      cipherFn = forge.aes.createEncryptionCipher;
-      break;
-    case 'aes256':
-      dkLen = 32;
-      ivLen = 16;
-      encOid = oids['aes256-CBC'];
-      cipherFn = forge.aes.createEncryptionCipher;
-      break;
-    case 'des':
-      dkLen = 8;
-      ivLen = 8;
-      encOid = oids['desCBC'];
-      cipherFn = forge.des.createEncryptionCipher;
-      break;
-    default:
-      var error = new Error('Cannot encrypt private key. Unknown encryption algorithm.');
-      error.algorithm = options.algorithm;
-      throw error;
-    }
-
-    // encrypt private key using pbe SHA-1 and AES/DES
-    var dk = forge.pkcs5.pbkdf2(password, salt, count, dkLen);
-    var iv = forge.random.getBytesSync(ivLen);
-    var cipher = cipherFn(dk);
-    cipher.start(iv);
-    cipher.update(asn1.toDer(obj));
-    cipher.finish();
-    encryptedData = cipher.output.getBytes();
-
-    encryptionAlgorithm = asn1.create(
-      asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
-      asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
-        asn1.oidToDer(oids['pkcs5PBES2']).getBytes()),
-      asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
-        // keyDerivationFunc
-        asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
-          asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
-            asn1.oidToDer(oids['pkcs5PBKDF2']).getBytes()),
-          // PBKDF2-params
-          asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
-            // salt
-            asn1.create(
-              asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, salt),
-            // iteration count
-            asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
-              countBytes.getBytes())
-          ])
-        ]),
-        // encryptionScheme
-        asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
-          asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
-            asn1.oidToDer(encOid).getBytes()),
-          // iv
-          asn1.create(
-            asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, iv)
-        ])
-      ])
-    ]);
-  } else if(options.algorithm === '3des') {
-    // Do PKCS12 PBE
-    dkLen = 24;
-
-    var saltBytes = new forge.util.ByteBuffer(salt);
-    var dk = pki.pbe.generatePkcs12Key(password, saltBytes, 1, count, dkLen);
-    var iv = pki.pbe.generatePkcs12Key(password, saltBytes, 2, count, dkLen);
-    var cipher = forge.des.createEncryptionCipher(dk);
-    cipher.start(iv);
-    cipher.update(asn1.toDer(obj));
-    cipher.finish();
-    encryptedData = cipher.output.getBytes();
-
-    encryptionAlgorithm = asn1.create(
-      asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
-      asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,
-        asn1.oidToDer(oids['pbeWithSHAAnd3-KeyTripleDES-CBC']).getBytes()),
-      // pkcs-12PbeParams
-      asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
-        // salt
-        asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, salt),
-        // iteration count
-        asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,
-          countBytes.getBytes())
-      ])
-    ]);
-  } else {
-    var error = new Error('Cannot encrypt private key. Unknown encryption algorithm.');
-    error.algorithm = options.algorithm;
-    throw error;
-  }
-
-  // EncryptedPrivateKeyInfo
-  var rval = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [
-    // encryptionAlgorithm
-    encryptionAlgorithm,
-    // encryptedData
-    asn1.create(
-      asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, encryptedData)
-  ]);
-  return rval;
-};
-
-/**
- * Decrypts a ASN.1 PrivateKeyInfo object.
- *
- * @param obj the ASN.1 EncryptedPrivateKeyInfo object.
- * @param password the password to decrypt with.
- *
- * @return the ASN.1 PrivateKeyInfo on success, null on failure.
- */
-pki.decryptPrivateKeyInfo = function(obj, password) {
-  var rval = null;
-
-  // get PBE params
-  var capture = {};
-  var errors = [];
-  if(!asn1.validate(obj, encryptedPrivateKeyValidator, capture, errors)) {
-    var error = new Error('Cannot read encrypted private key. ' +
-      'ASN.1 object is not a supported EncryptedPrivateKeyInfo.');
-    error.errors = errors;
-    throw error;
-  }
-
-  // get cipher
-  var oid = asn1.derToOid(capture.encryptionOid);
-  var cipher = pki.pbe.getCipher(oid, capture.encryptionParams, password);
-
-  // get encrypted data
-  var encrypted = forge.util.createBuffer(capture.encryptedData);
-
-  cipher.update(encrypted);
-  if(cipher.finish()) {
-    rval = asn1.fromDer(cipher.output);
-  }
-
-  return rval;
-};
-
-/**
- * Converts a EncryptedPrivateKeyInfo to PEM format.
- *
- * @param epki the EncryptedPrivateKeyInfo.
- * @param maxline the maximum characters per line, defaults to 64.
- *
- * @return the PEM-formatted encrypted private key.
- */
-pki.encryptedPrivateKeyToPem = function(epki, maxline) {
-  // convert to DER, then PEM-encode
-  var msg = {
-    type: 'ENCRYPTED PRIVATE KEY',
-    body: asn1.toDer(epki).getBytes()
-  };
-  return forge.pem.encode(msg, {maxline: maxline});
-};
-
-/**
- * Converts a PEM-encoded EncryptedPrivateKeyInfo to ASN.1 format. Decryption
- * is not performed.
- *
- * @param pem the EncryptedPrivateKeyInfo in PEM-format.
- *
- * @return the ASN.1 EncryptedPrivateKeyInfo.
- */
-pki.encryptedPrivateKeyFromPem = function(pem) {
-  var msg = forge.pem.decode(pem)[0];
-
-  if(msg.type !== 'ENCRYPTED PRIVATE KEY') {
-    var error = new Error('Could not convert encrypted private key from PEM; ' +
-      'PEM header type is "ENCRYPTED PRIVATE KEY".');
-    error.headerType = msg.type;
-    throw error;
-  }
-  if(msg.procType && msg.procType.type === 'ENCRYPTED') {
-    throw new Error('Could not convert encrypted private key from PEM; ' +
-      'PEM is encrypted.');
-  }
-
-  // convert DER to ASN.1 object
-  return asn1.fromDer(msg.body);
-};
-
-/**
- * Encrypts an RSA private key. By default, the key will be wrapped in
- * a PrivateKeyInfo and encrypted to produce a PKCS#8 EncryptedPrivateKeyInfo.
- * This is the standard, preferred way to encrypt a private key.
- *
- * To produce a non-standard PEM-encrypted private key that uses encapsulated
- * headers to indicate the encryption algorithm (old-style non-PKCS#8 OpenSSL
- * private key encryption), set the 'legacy' option to true. Note: Using this
- * option will cause the iteration count to be forced to 1.
- *
- * Note: The 'des' algorithm is supported, but it is not considered to be
- * secure because it only uses a single 56-bit key. If possible, it is highly
- * recommended that a different algorithm be used.
- *
- * @param rsaKey the RSA key to encrypt.
- * @param password the password to use.
- * @param options:
- *          algorithm: the encryption algorithm to use
- *            ('aes128', 'aes192', 'aes256', '3des', 'des').
- *          count: the iteration count to use.
- *          saltSize: the salt size to use.
- *          legacy: output an old non-PKCS#8 PEM-encrypted+encapsulated
- *            headers (DEK-Info) private key.
- *
- * @return the PEM-encoded ASN.1 EncryptedPrivateKeyInfo.
- */
-pki.encryptRsaPrivateKey = function(rsaKey, password, options) {
-  // standard PKCS#8
-  options = options || {};
-  if(!options.legacy) {
-    // encrypt PrivateKeyInfo
-    var rval = pki.wrapRsaPrivateKey(pki.privateKeyToAsn1(rsaKey));
-    rval = pki.encryptPrivateKeyInfo(rval, password, options);
-    return pki.encryptedPrivateKeyToPem(rval);
-  }
-
-  // legacy non-PKCS#8
-  var algorithm;
-  var iv;
-  var dkLen;
-  var cipherFn;
-  switch(options.algorithm) {
-  case 'aes128':
-    algorithm = 'AES-128-CBC';
-    dkLen = 16;
-    iv = forge.random.getBytesSync(16);
-    cipherFn = forge.aes.createEncryptionCipher;
-    break;
-  case 'aes192':
-    algorithm = 'AES-192-CBC';
-    dkLen = 24;
-    iv = forge.random.getBytesSync(16);
-    cipherFn = forge.aes.createEncryptionCipher;
-    break;
-  case 'aes256':
-    algorithm = 'AES-256-CBC';
-    dkLen = 32;
-    iv = forge.random.getBytesSync(16);
-    cipherFn = forge.aes.createEncryptionCipher;
-    break;
-  case '3des':
-    algorithm = 'DES-EDE3-CBC';
-    dkLen = 24;
-    iv = forge.random.getBytesSync(8);
-    cipherFn = forge.des.createEncryptionCipher;
-    break;
-  case 'des':
-    algorithm = 'DES-CBC';
-    dkLen = 8;
-    iv = forge.random.getBytesSync(8);
-    cipherFn = forge.des.createEncryptionCipher;
-    break;
-  default:
-    var error = new Error('Could not encrypt RSA private key; unsupported ' +
-      'encryption algorithm "' + options.algorithm + '".');
-    error.algorithm = options.algorithm;
-    throw error;
-  }
-
-  // encrypt private key using OpenSSL legacy key derivation
-  var dk = forge.pbe.opensslDeriveBytes(password, iv.substr(0, 8), dkLen);
-  var cipher = cipherFn(dk);
-  cipher.start(iv);
-  cipher.update(asn1.toDer(pki.privateKeyToAsn1(rsaKey)));
-  cipher.finish();
-
-  var msg = {
-    type: 'RSA PRIVATE KEY',
-    procType: {
-      version: '4',
-      type: 'ENCRYPTED'
-    },
-    dekInfo: {
-      algorithm: algorithm,
-      parameters: forge.util.bytesToHex(iv).toUpperCase()
-    },
-    body: cipher.output.getBytes()
-  };
-  return forge.pem.encode(msg);
-};
-
-/**
- * Decrypts an RSA private key.
- *
- * @param pem the PEM-formatted EncryptedPrivateKeyInfo to decrypt.
- * @param password the password to use.
- *
- * @return the RSA key on success, null on failure.
- */
-pki.decryptRsaPrivateKey = function(pem, password) {
-  var rval = null;
-
-  var msg = forge.pem.decode(pem)[0];
-
-  if(msg.type !== 'ENCRYPTED PRIVATE KEY' &&
-    msg.type !== 'PRIVATE KEY' &&
-    msg.type !== 'RSA PRIVATE KEY') {
-    var error = new Error('Could not convert private key from PEM; PEM header type ' +
-      'is not "ENCRYPTED PRIVATE KEY", "PRIVATE KEY", or "RSA PRIVATE KEY".');
-    error.headerType = error;
-    throw error;
-  }
-
-  if(msg.procType && msg.procType.type === 'ENCRYPTED') {
-    var dkLen;
-    var cipherFn;
-    switch(msg.dekInfo.algorithm) {
-    case 'DES-CBC':
-      dkLen = 8;
-      cipherFn = forge.des.createDecryptionCipher;
-      break;
-    case 'DES-EDE3-CBC':
-      dkLen = 24;
-      cipherFn = forge.des.createDecryptionCipher;
-      break;
-    case 'AES-128-CBC':
-      dkLen = 16;
-      cipherFn = forge.aes.createDecryptionCipher;
-      break;
-    case 'AES-192-CBC':
-      dkLen = 24;
-      cipherFn = forge.aes.createDecryptionCipher;
-      break;
-    case 'AES-256-CBC':
-      dkLen = 32;
-      cipherFn = forge.aes.createDecryptionCipher;
-      break;
-    case 'RC2-40-CBC':
-      dkLen = 5;
-      cipherFn = function(key) {
-        return forge.rc2.createDecryptionCipher(key, 40);
-      };
-      break;
-    case 'RC2-64-CBC':
-      dkLen = 8;
-      cipherFn = function(key) {
-        return forge.rc2.createDecryptionCipher(key, 64);
-      };
-      break;
-    case 'RC2-128-CBC':
-      dkLen = 16;
-      cipherFn = function(key) {
-        return forge.rc2.createDecryptionCipher(key, 128);
-      };
-      break;
-    default:
-      var error = new Error('Could not decrypt private key; unsupported ' +
-        'encryption algorithm "' + msg.dekInfo.algorithm + '".');
-      error.algorithm = msg.dekInfo.algorithm;
-      throw error;
-    }
-
-    // use OpenSSL legacy key derivation
-    var iv = forge.util.hexToBytes(msg.dekInfo.parameters);
-    var dk = forge.pbe.opensslDeriveBytes(password, iv.substr(0, 8), dkLen);
-    var cipher = cipherFn(dk);
-    cipher.start(iv);
-    cipher.update(forge.util.createBuffer(msg.body));
-    if(cipher.finish()) {
-      rval = cipher.output.getBytes();
-    } else {
-      return rval;
-    }
-  } else {
-    rval = msg.body;
-  }
-
-  if(msg.type === 'ENCRYPTED PRIVATE KEY') {
-    rval = pki.decryptPrivateKeyInfo(asn1.fromDer(rval), password);
-  } else {
-    // decryption already performed above
-    rval = asn1.fromDer(rval);
-  }
-
-  if(rval !== null) {
-    rval = pki.privateKeyFromAsn1(rval);
-  }
-
-  return rval;
-};
-
-/**
- * Derives a PKCS#12 key.
- *
- * @param password the password to derive the key material from, null or
- *          undefined for none.
- * @param salt the salt, as a ByteBuffer, to use.
- * @param id the PKCS#12 ID byte (1 = key material, 2 = IV, 3 = MAC).
- * @param iter the iteration count.
- * @param n the number of bytes to derive from the password.
- * @param md the message digest to use, defaults to SHA-1.
- *
- * @return a ByteBuffer with the bytes derived from the password.
- */
-pki.pbe.generatePkcs12Key = function(password, salt, id, iter, n, md) {
-  var j, l;
-
-  if(typeof md === 'undefined' || md === null) {
-    md = forge.md.sha1.create();
-  }
-
-  var u = md.digestLength;
-  var v = md.blockLength;
-  var result = new forge.util.ByteBuffer();
-
-  /* Convert password to Unicode byte buffer + trailing 0-byte. */
-  var passBuf = new forge.util.ByteBuffer();
-  if(password !== null && password !== undefined) {
-    for(l = 0; l < password.length; l++) {
-      passBuf.putInt16(password.charCodeAt(l));
-    }
-    passBuf.putInt16(0);
-  }
-
-  /* Length of salt and password in BYTES. */
-  var p = passBuf.length();
-  var s = salt.length();
-
-  /* 1. Construct a string, D (the "diversifier"), by concatenating
-        v copies of ID. */
-  var D = new forge.util.ByteBuffer();
-  D.fillWithByte(id, v);
-
-  /* 2. Concatenate copies of the salt together to create a string S of length
-        v * ceil(s / v) bytes (the final copy of the salt may be trunacted
-        to create S).
-        Note that if the salt is the empty string, then so is S. */
-  var Slen = v * Math.ceil(s / v);
-  var S = new forge.util.ByteBuffer();
-  for(l = 0; l < Slen; l ++) {
-    S.putByte(salt.at(l % s));
-  }
-
-  /* 3. Concatenate copies of the password together to create a string P of
-        length v * ceil(p / v) bytes (the final copy of the password may be
-        truncated to create P).
-        Note that if the password is the empty string, then so is P. */
-  var Plen = v * Math.ceil(p / v);
-  var P = new forge.util.ByteBuffer();
-  for(l = 0; l < Plen; l ++) {
-    P.putByte(passBuf.at(l % p));
-  }
-
-  /* 4. Set I=S||P to be the concatenation of S and P. */
-  var I = S;
-  I.putBuffer(P);
-
-  /* 5. Set c=ceil(n / u). */
-  var c = Math.ceil(n / u);
-
-  /* 6. For i=1, 2, ..., c, do the following: */
-  for(var i = 1; i <= c; i ++) {
-    /* a) Set Ai=H^r(D||I). (l.e. the rth hash of D||I, H(H(H(...H(D||I)))) */
-    var buf = new forge.util.ByteBuffer();
-    buf.putBytes(D.bytes());
-    buf.putBytes(I.bytes());
-    for(var round = 0; round < iter; round ++) {
-      md.start();
-      md.update(buf.getBytes());
-      buf = md.digest();
-    }
-
-    /* b) Concatenate copies of Ai to create a string B of length v bytes (the
-          final copy of Ai may be truncated to create B). */
-    var B = new forge.util.ByteBuffer();
-    for(l = 0; l < v; l ++) {
-      B.putByte(buf.at(l % u));
-    }
-
-    /* c) Treating I as a concatenation I0, I1, ..., Ik-1 of v-byte blocks,
-          where k=ceil(s / v) + ceil(p / v), modify I by setting
-          Ij=(Ij+B+1) mod 2v for each j.  */
-    var k = Math.ceil(s / v) + Math.ceil(p / v);
-    var Inew = new forge.util.ByteBuffer();
-    for(j = 0; j < k; j ++) {
-      var chunk = new forge.util.ByteBuffer(I.getBytes(v));
-      var x = 0x1ff;
-      for(l = B.length() - 1; l >= 0; l --) {
-        x = x >> 8;
-        x += B.at(l) + chunk.at(l);
-        chunk.setAt(l, x & 0xff);
-      }
-      Inew.putBuffer(chunk);
-    }
-    I = Inew;
-
-    /* Add Ai to A. */
-    result.putBuffer(buf);
-  }
-
-  result.truncate(result.length() - n);
-  return result;
-};
-
-/**
- * Get new Forge cipher object instance.
- *
- * @param oid the OID (in string notation).
- * @param params the ASN.1 params object.
- * @param password the password to decrypt with.
- *
- * @return new cipher object instance.
- */
-pki.pbe.getCipher = function(oid, params, password) {
-  switch(oid) {
-  case pki.oids['pkcs5PBES2']:
-    return pki.pbe.getCipherForPBES2(oid, params, password);
-
-  case pki.oids['pbeWithSHAAnd3-KeyTripleDES-CBC']:
-  case pki.oids['pbewithSHAAnd40BitRC2-CBC']:
-    return pki.pbe.getCipherForPKCS12PBE(oid, params, password);
-
-  default:
-    var error = new Error('Cannot read encrypted PBE data block. Unsupported OID.');
-    error.oid = oid;
-    error.supportedOids = [
-      'pkcs5PBES2',
-      'pbeWithSHAAnd3-KeyTripleDES-CBC',
-      'pbewithSHAAnd40BitRC2-CBC'
-    ];
-    throw error;
-  }
-};
-
-/**
- * Get new Forge cipher object instance according to PBES2 params block.
- *
- * The returned cipher instance is already started using the IV
- * from PBES2 parameter block.
- *
- * @param oid the PKCS#5 PBKDF2 OID (in string notation).
- * @param params the ASN.1 PBES2-params object.
- * @param password the password to decrypt with.
- *
- * @return new cipher object instance.
- */
-pki.pbe.getCipherForPBES2 = function(oid, params, password) {
-  // get PBE params
-  var capture = {};
-  var errors = [];
-  if(!asn1.validate(params, PBES2AlgorithmsValidator, capture, errors)) {
-    var error = new Error('Cannot read password-based-encryption algorithm ' +
-      'parameters. ASN.1 object is not a supported EncryptedPrivateKeyInfo.');
-    error.errors = errors;
-    throw error;
-  }
-
-  // check oids
-  oid = asn1.derToOid(capture.kdfOid);
-  if(oid !== pki.oids['pkcs5PBKDF2']) {
-    var error = new Error('Cannot read encrypted private key. ' +
-      'Unsupported key derivation function OID.');
-    error.oid = oid;
-    error.supportedOids = ['pkcs5PBKDF2'];
-    throw error;
-  }
-  oid = asn1.derToOid(capture.encOid);
-  if(oid !== pki.oids['aes128-CBC'] &&
-    oid !== pki.oids['aes192-CBC'] &&
-    oid !== pki.oids['aes256-CBC'] &&
-    oid !== pki.oids['des-EDE3-CBC'] &&
-    oid !== pki.oids['desCBC']) {
-    var error = new Error('Cannot read encrypted private key. ' +
-      'Unsupported encryption scheme OID.');
-    error.oid = oid;
-    error.supportedOids = [
-      'aes128-CBC', 'aes192-CBC', 'aes256-CBC', 'des-EDE3-CBC', 'desCBC'];
-    throw error;
-  }
-
-  // set PBE params
-  var salt = capture.kdfSalt;
-  var count = forge.util.createBuffer(capture.kdfIterationCount);
-  count = count.getInt(count.length() << 3);
-  var dkLen;
-  var cipherFn;
-  switch(pki.oids[oid]) {
-  case 'aes128-CBC':
-    dkLen = 16;
-    cipherFn = forge.aes.createDecryptionCipher;
-    break;
-  case 'aes192-CBC':
-    dkLen = 24;
-    cipherFn = forge.aes.createDecryptionCipher;
-    break;
-  case 'aes256-CBC':
-    dkLen = 32;
-    cipherFn = forge.aes.createDecryptionCipher;
-    break;
-  case 'des-EDE3-CBC':
-    dkLen = 24;
-    cipherFn = forge.des.createDecryptionCipher;
-    break;
-  case 'desCBC':
-    dkLen = 8;
-    cipherFn = forge.des.createDecryptionCipher;
-    break;
-  }
-
-  // decrypt private key using pbe SHA-1 and AES/DES
-  var dk = forge.pkcs5.pbkdf2(password, salt, count, dkLen);
-  var iv = capture.encIv;
-  var cipher = cipherFn(dk);
-  cipher.start(iv);
-
-  return cipher;
-};
-
-/**
- * Get new Forge cipher object instance for PKCS#12 PBE.
- *
- * The returned cipher instance is already started using the key & IV
- * derived from the provided password and PKCS#12 PBE salt.
- *
- * @param oid The PKCS#12 PBE OID (in string notation).
- * @param params The ASN.1 PKCS#12 PBE-params object.
- * @param password The password to decrypt with.
- *
- * @return the new cipher object instance.
- */
-pki.pbe.getCipherForPKCS12PBE = function(oid, params, password) {
-  // get PBE params
-  var capture = {};
-  var errors = [];
-  if(!asn1.validate(params, pkcs12PbeParamsValidator, capture, errors)) {
-    var error = new Error('Cannot read password-based-encryption algorithm ' +
-      'parameters. ASN.1 object is not a supported EncryptedPrivateKeyInfo.');
-    error.errors = errors;
-    throw error;
-  }
-
-  var salt = forge.util.createBuffer(capture.salt);
-  var count = forge.util.createBuffer(capture.iterations);
-  count = count.getInt(count.length() << 3);
-
-  var dkLen, dIvLen, cipherFn;
-  switch(oid) {
-    case pki.oids['pbeWithSHAAnd3-KeyTripleDES-CBC']:
-      dkLen = 24;
-      dIvLen = 8;
-      cipherFn = forge.des.startDecrypting;
-      break;
-
-    case pki.oids['pbewithSHAAnd40BitRC2-CBC']:
-      dkLen = 5;
-      dIvLen = 8;
-      cipherFn = function(key, iv) {
-        var cipher = forge.rc2.createDecryptionCipher(key, 40);
-        cipher.start(iv, null);
-        return cipher;
-      };
-      break;
-
-    default:
-      var error = new Error('Cannot read PKCS #12 PBE data block. Unsupported OID.');
-      error.oid = oid;
-      throw error;
-  }
-
-  var key = pki.pbe.generatePkcs12Key(password, salt, 1, count, dkLen);
-  var iv = pki.pbe.generatePkcs12Key(password, salt, 2, count, dIvLen);
-
-  return cipherFn(key, iv);
-};
-
-/**
- * OpenSSL's legacy key derivation function.
- *
- * See: http://www.openssl.org/docs/crypto/EVP_BytesToKey.html
- *
- * @param password the password to derive the key from.
- * @param salt the salt to use, null for none.
- * @param dkLen the number of bytes needed for the derived key.
- * @param [options] the options to use:
- *          [md] an optional message digest object to use.
- */
-pki.pbe.opensslDeriveBytes = function(password, salt, dkLen, md) {
-  if(typeof md === 'undefined' || md === null) {
-    md = forge.md.md5.create();
-  }
-  if(salt === null) {
-    salt = '';
-  }
-  var digests = [hash(md, password + salt)];
-  for(var length = 16, i = 1; length < dkLen; ++i, length += 16) {
-    digests.push(hash(md, digests[i - 1] + password + salt));
-  }
-  return digests.join('').substr(0, dkLen);
-};
-
-function hash(md, bytes) {
-  return md.start().update(bytes).digest().getBytes();
-}
-
-} // end module implementation
-
-/* ########## Begin module wrapper ########## */
-var name = 'pbe';
-if(typeof define !== 'function') {
-  // NodeJS -> AMD
-  if(typeof module === 'object' && module.exports) {
-    var nodeJS = true;
-    define = function(ids, factory) {
-      factory(require, module);
-    };
-  } else {
-    // <script>
-    if(typeof forge === 'undefined') {
-      forge = {};
-    }
-    return initModule(forge);
-  }
-}
-// AMD
-var deps;
-var defineFunc = function(require, module) {
-  module.exports = function(forge) {
-    var mods = deps.map(function(dep) {
-      return require(dep);
-    }).concat(initModule);
-    // handle circular dependencies
-    forge = forge || {};
-    forge.defined = forge.defined || {};
-    if(forge.defined[name]) {
-      return forge[name];
-    }
-    forge.defined[name] = true;
-    for(var i = 0; i < mods.length; ++i) {
-      mods[i](forge);
-    }
-    return forge[name];
-  };
-};
-var tmpDefine = define;
-define = function(ids, factory) {
-  deps = (typeof ids === 'string') ? factory.slice(2) : ids.slice(2);
-  if(nodeJS) {
-    delete define;
-    return tmpDefine.apply(null, Array.prototype.slice.call(arguments, 0));
-  }
-  define = tmpDefine;
-  return define.apply(null, Array.prototype.slice.call(arguments, 0));
-};
-define([
-  'require',
-  'module',
-  './aes',
-  './asn1',
-  './des',
-  './md',
-  './oids',
-  './pem',
-  './pbkdf2',
-  './random',
-  './rc2',
-  './rsa',
-  './util'
-], function() {
-  defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
-});
-})();
-- 
cgit