Envelope/mobile/lib/utils/encryption/rsa_key_helper.dart

import 'dart:convert';
import 'dart:math';
import 'dart:typed_data';
import 'package:pointycastle/export.dart';
import 'package:asn1lib/asn1lib.dart';

/*
var rsaKeyHelper = RsaKeyHelper();
var keyPair = rsaKeyHelper.generateRSAkeyPair();
var rsaPub = keyPair.publicKey;
var rsaPriv = keyPair.privateKey;
var cipherText = rsaKeyHelper.rsaEncrypt(rsaPub, Uint8List.fromList('Test Data'.codeUnits));
print(cipherText);
var plainText = rsaKeyHelper.rsaDecrypt(rsaPriv, cipherText);
print(String.fromCharCodes(plainText));
 */


List<int> decodePEM(String pem) {
    var startsWith = [
        '-----BEGIN PUBLIC KEY-----',
        '-----BEGIN PUBLIC KEY-----',
        '\n-----BEGIN PUBLIC KEY-----',
        '-----BEGIN PRIVATE KEY-----',
        '-----BEGIN PGP PUBLIC KEY BLOCK-----\r\nVersion: React-Native-OpenPGP.js 0.1\r\nComment: http://openpgpjs.org\r\n\r\n',
        '-----BEGIN PGP PRIVATE KEY BLOCK-----\r\nVersion: React-Native-OpenPGP.js 0.1\r\nComment: http://openpgpjs.org\r\n\r\n',
    ];
    var endsWith = [
        '-----END PUBLIC KEY-----',
        '-----END PRIVATE KEY-----',
        '-----END PGP PUBLIC KEY BLOCK-----',
        '-----END PGP PRIVATE KEY BLOCK-----',
    ];
    bool isOpenPgp = pem.contains('BEGIN PGP');

    for (var s in startsWith) {
        if (pem.startsWith(s)) {
            pem = pem.substring(s.length);
        }
    }

    for (var s in endsWith) {
        if (pem.endsWith(s)) {
            pem = pem.substring(0, pem.length - s.length);
        }
    }

    if (isOpenPgp) {
        var index = pem.indexOf('\r\n');
        pem = pem.substring(0, index);
    }

    pem = pem.replaceAll('\n', '');
    pem = pem.replaceAll('\r', '');

    return base64.decode(pem);
}


class RsaKeyHelper {

    // Generate secure random sequence for seed
    SecureRandom secureRandom() {
        var secureRandom = FortunaRandom();
        var random = Random.secure();
        List<int> seeds = [];
        for (int i = 0; i < 32; i++) {
            seeds.add(random.nextInt(255));
        }
        secureRandom.seed(KeyParameter(Uint8List.fromList(seeds)));

        return secureRandom;
    }

    // Generate RSA key pair
    AsymmetricKeyPair<RSAPublicKey, RSAPrivateKey> generateRSAkeyPair({int bitLength = 2048}) {
        var secureRandom = this.secureRandom();

        // final keyGen = KeyGenerator('RSA'); // Get using registry
        final keyGen = RSAKeyGenerator();

        keyGen.init(ParametersWithRandom(
                        RSAKeyGeneratorParameters(BigInt.parse('65537'), bitLength, 64),
                        secureRandom));

        // Use the generator

        final pair = keyGen.generateKeyPair();

        // Cast the generated key pair into the RSA key types

        final myPublic = pair.publicKey as RSAPublicKey;
        final myPrivate = pair.privateKey as RSAPrivateKey;

        return AsymmetricKeyPair<RSAPublicKey, RSAPrivateKey>(myPublic, myPrivate);
    }


    // Encrypt data using RSA key
    Uint8List rsaEncrypt(RSAPublicKey myPublic, Uint8List dataToEncrypt) {
        final encryptor = OAEPEncoding(RSAEngine())
                ..init(true, PublicKeyParameter<RSAPublicKey>(myPublic)); // true=encrypt

        return _processInBlocks(encryptor, dataToEncrypt);
    }


    // Decrypt data using RSA key
    Uint8List rsaDecrypt(RSAPrivateKey myPrivate, Uint8List cipherText) {
        final decryptor = OAEPEncoding(RSAEngine())
                ..init(false, PrivateKeyParameter<RSAPrivateKey>(myPrivate)); // false=decrypt

        return _processInBlocks(decryptor, cipherText);
    }


    // Process blocks after encryption/descryption
    Uint8List _processInBlocks(AsymmetricBlockCipher engine, Uint8List input) {
        final numBlocks = input.length ~/ engine.inputBlockSize +
                ((input.length % engine.inputBlockSize != 0) ? 1 : 0);

        final output = Uint8List(numBlocks * engine.outputBlockSize);

        var inputOffset = 0;
        var outputOffset = 0;
        while (inputOffset < input.length) {
            final chunkSize = (inputOffset + engine.inputBlockSize <= input.length)
                    ? engine.inputBlockSize
                    : input.length - inputOffset;

            outputOffset += engine.processBlock(
                    input, inputOffset, chunkSize, output, outputOffset);

            inputOffset += chunkSize;
        }

        return (output.length == outputOffset)
                ? output
                : output.sublist(0, outputOffset);
    }


    // Encode RSA public key to pem format
    static encodePublicKeyToPem(RSAPublicKey publicKey) {
        var algorithmSeq = ASN1Sequence();
        var algorithmAsn1Obj = ASN1Object.fromBytes(Uint8List.fromList([0x6, 0x9, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1, 0x1, 0x1]));
        var paramsAsn1Obj = ASN1Object.fromBytes(Uint8List.fromList([0x5, 0x0]));
        algorithmSeq.add(algorithmAsn1Obj);
        algorithmSeq.add(paramsAsn1Obj);

        var publicKeySeq = ASN1Sequence();
        publicKeySeq.add(ASN1Integer(publicKey.modulus!));
        publicKeySeq.add(ASN1Integer(publicKey.exponent!));
        var publicKeySeqBitString = ASN1BitString(Uint8List.fromList(publicKeySeq.encodedBytes));

        var topLevelSeq = ASN1Sequence();
        topLevelSeq.add(algorithmSeq);
        topLevelSeq.add(publicKeySeqBitString);
        var dataBase64 = base64.encode(topLevelSeq.encodedBytes);

        return """-----BEGIN PUBLIC KEY-----\r\n$dataBase64\r\n-----END PUBLIC KEY-----""";
    }

    // Parse public key PEM file
    static parsePublicKeyFromPem(pemString) {
        List<int> publicKeyDER = decodePEM(pemString);
        var asn1Parser = ASN1Parser(Uint8List.fromList(publicKeyDER));
        var topLevelSeq = asn1Parser.nextObject() as ASN1Sequence;
        var publicKeyBitString = topLevelSeq.elements[1];

        var publicKeyAsn = ASN1Parser(publicKeyBitString.contentBytes()!, relaxedParsing: true);
        var publicKeySeq = publicKeyAsn.nextObject() as ASN1Sequence;
        var modulus = publicKeySeq.elements[0] as ASN1Integer;
        var exponent = publicKeySeq.elements[1] as ASN1Integer;

        RSAPublicKey rsaPublicKey = RSAPublicKey(
                modulus.valueAsBigInteger!,
                exponent.valueAsBigInteger!
        );

        return rsaPublicKey;
    }


    // Encode RSA private key to pem format
    static encodePrivateKeyToPem(RSAPrivateKey privateKey) {
        var version = ASN1Integer(BigInt.zero);

        var algorithmSeq = ASN1Sequence();
        var algorithmAsn1Obj = ASN1Object.fromBytes(Uint8List.fromList([
            0x6, 0x9, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1, 0x1, 0x1
        ]));
        var paramsAsn1Obj = ASN1Object.fromBytes(Uint8List.fromList([0x5, 0x0]));
        algorithmSeq.add(algorithmAsn1Obj);
        algorithmSeq.add(paramsAsn1Obj);

        var privateKeySeq = ASN1Sequence();
        var modulus = ASN1Integer(privateKey.n!);
        var publicExponent = ASN1Integer(BigInt.parse('65537'));
        var privateExponent = ASN1Integer(privateKey.privateExponent!);
        var p = ASN1Integer(privateKey.p!);
        var q = ASN1Integer(privateKey.q!);
        var dP = privateKey.privateExponent! % (privateKey.p! - BigInt.one);
        var exp1 = ASN1Integer(dP);
        var dQ = privateKey.privateExponent! % (privateKey.q! - BigInt.one);
        var exp2 = ASN1Integer(dQ);
        var iQ = privateKey.q?.modInverse(privateKey.p!);
        var co = ASN1Integer(iQ!);

        privateKeySeq.add(version);
        privateKeySeq.add(modulus);
        privateKeySeq.add(publicExponent);
        privateKeySeq.add(privateExponent);
        privateKeySeq.add(p);
        privateKeySeq.add(q);
        privateKeySeq.add(exp1);
        privateKeySeq.add(exp2);
        privateKeySeq.add(co);
        var publicKeySeqOctetString = ASN1OctetString(Uint8List.fromList(privateKeySeq.encodedBytes));

        var topLevelSeq = ASN1Sequence();
        topLevelSeq.add(version);
        topLevelSeq.add(algorithmSeq);
        topLevelSeq.add(publicKeySeqOctetString);
        var dataBase64 = base64.encode(topLevelSeq.encodedBytes);

        return """-----BEGIN PRIVATE KEY-----\r\n$dataBase64\r\n-----END PRIVATE KEY-----""";
    }

    static parsePrivateKeyFromPem(pemString) {
        List<int> privateKeyDER = decodePEM(pemString);
        var asn1Parser = ASN1Parser(Uint8List.fromList(privateKeyDER));
        var topLevelSeq = asn1Parser.nextObject() as ASN1Sequence;
        var version = topLevelSeq.elements[0];
        var algorithm = topLevelSeq.elements[1];
        var privateKey = topLevelSeq.elements[2];

        asn1Parser = ASN1Parser(privateKey.contentBytes()!);
        var pkSeq = asn1Parser.nextObject() as ASN1Sequence;

        version = pkSeq.elements[0];
        var modulus = pkSeq.elements[1] as ASN1Integer;
        //var publicExponent = pkSeq.elements[2] as ASN1Integer;
        var privateExponent = pkSeq.elements[3] as ASN1Integer;
        var p = pkSeq.elements[4] as ASN1Integer;
        var q = pkSeq.elements[5] as ASN1Integer;
        var exp1 = pkSeq.elements[6] as ASN1Integer;
        var exp2 = pkSeq.elements[7] as ASN1Integer;
        var co = pkSeq.elements[8] as ASN1Integer;

        RSAPrivateKey rsaPrivateKey = RSAPrivateKey(
                modulus.valueAsBigInteger!,
                privateExponent.valueAsBigInteger!,
                p.valueAsBigInteger,
                q.valueAsBigInteger
        );

        return rsaPrivateKey;
    }
}