diff options
author | Brian White <mscdex@mscdex.net> | 2019-03-12 09:17:10 -0400 |
---|---|---|
committer | Brian White <mscdex@mscdex.net> | 2019-03-28 21:57:53 -0400 |
commit | 7d0e50dcfef98ca56715adf74678bcaf4aa08796 (patch) | |
tree | 2458b8db07d8968ea1e35384f8160664ccaac36c /lib/internal/crypto | |
parent | 36e5fd2915e1ff9a8f0944b1a7783760fab38654 (diff) | |
download | android-node-v8-7d0e50dcfef98ca56715adf74678bcaf4aa08796.tar.gz android-node-v8-7d0e50dcfef98ca56715adf74678bcaf4aa08796.tar.bz2 android-node-v8-7d0e50dcfef98ca56715adf74678bcaf4aa08796.zip |
crypto: add crypto.sign() and crypto.verify()
These methods are added primarily to allow signing and verifying
using Ed25519 and Ed448 keys, which do not support streaming of
input data. However, any key type can be used with these new
APIs, to allow better performance when only signing/verifying
a single chunk.
Fixes: https://github.com/nodejs/node/issues/26320
PR-URL: https://github.com/nodejs/node/pull/26611
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Diffstat (limited to 'lib/internal/crypto')
-rw-r--r-- | lib/internal/crypto/sig.js | 77 |
1 files changed, 75 insertions, 2 deletions
diff --git a/lib/internal/crypto/sig.js b/lib/internal/crypto/sig.js index ed3693d6fe..9eacfec8c0 100644 --- a/lib/internal/crypto/sig.js +++ b/lib/internal/crypto/sig.js @@ -2,10 +2,16 @@ const { ERR_CRYPTO_SIGN_KEY_REQUIRED, + ERR_INVALID_ARG_TYPE, ERR_INVALID_OPT_VALUE } = require('internal/errors').codes; const { validateString } = require('internal/validators'); -const { Sign: _Sign, Verify: _Verify } = internalBinding('crypto'); +const { + Sign: _Sign, + Verify: _Verify, + signOneShot: _signOneShot, + verifyOneShot: _verifyOneShot +} = internalBinding('crypto'); const { RSA_PSS_SALTLEN_AUTO, RSA_PKCS1_PADDING @@ -22,6 +28,7 @@ const { preparePublicOrPrivateKey } = require('internal/crypto/keys'); const { Writable } = require('stream'); +const { isArrayBufferView } = require('internal/util/types'); function Sign(algorithm, options) { if (!(this instanceof Sign)) @@ -91,6 +98,35 @@ Sign.prototype.sign = function sign(options, encoding) { return ret; }; +function signOneShot(algorithm, data, key) { + if (algorithm != null) + validateString(algorithm, 'algorithm'); + + if (!isArrayBufferView(data)) { + throw new ERR_INVALID_ARG_TYPE( + 'data', + ['Buffer', 'TypedArray', 'DataView'], + data + ); + } + + if (!key) + throw new ERR_CRYPTO_SIGN_KEY_REQUIRED(); + + const { + data: keyData, + format: keyFormat, + type: keyType, + passphrase: keyPassphrase + } = preparePrivateKey(key); + + // Options specific to RSA + const rsaPadding = getPadding(key); + const pssSaltLength = getSaltLength(key); + + return _signOneShot(keyData, keyFormat, keyType, keyPassphrase, data, + algorithm, rsaPadding, pssSaltLength); +} function Verify(algorithm, options) { if (!(this instanceof Verify)) @@ -132,7 +168,44 @@ Verify.prototype.verify = function verify(options, signature, sigEncoding) { legacyNativeHandle(Verify); +function verifyOneShot(algorithm, data, key, signature) { + if (algorithm != null) + validateString(algorithm, 'algorithm'); + + if (!isArrayBufferView(data)) { + throw new ERR_INVALID_ARG_TYPE( + 'data', + ['Buffer', 'TypedArray', 'DataView'], + data + ); + } + + const { + data: keyData, + format: keyFormat, + type: keyType, + passphrase: keyPassphrase + } = preparePublicOrPrivateKey(key); + + // Options specific to RSA + const rsaPadding = getPadding(key); + const pssSaltLength = getSaltLength(key); + + if (!isArrayBufferView(signature)) { + throw new ERR_INVALID_ARG_TYPE( + 'signature', + ['Buffer', 'TypedArray', 'DataView'], + signature + ); + } + + return _verifyOneShot(keyData, keyFormat, keyType, keyPassphrase, signature, + data, algorithm, rsaPadding, pssSaltLength); +} + module.exports = { Sign, - Verify + signOneShot, + Verify, + verifyOneShot }; |