diff options
| author | Tobias Nießen <tniessen@tnie.de> | 2019-03-16 23:51:26 +0100 |
|---|---|---|
| committer | Daniel Bevenius <daniel.bevenius@gmail.com> | 2019-04-08 09:22:32 +0200 |
| commit | 969bd1eb7b56fda3573ad3d41745a491f2b06dde (patch) | |
| tree | eb6a429995c6bc99105ab944a72cc0b85c463043 /lib/internal/crypto | |
| parent | d834275a48bc1f85e2289bf7e52a5035a4d97f7e (diff) | |
| download | android-node-v8-969bd1eb7b56fda3573ad3d41745a491f2b06dde.tar.gz android-node-v8-969bd1eb7b56fda3573ad3d41745a491f2b06dde.tar.bz2 android-node-v8-969bd1eb7b56fda3573ad3d41745a491f2b06dde.zip | |
crypto: add support for RSA-PSS keys
This commit adds support for RSA-PSS keys, including
- KeyObjects of type rsa-pss,
- key pair generation for RSA-PSS, and
- signing and verification using RSA-PSS keys.
PR-URL: https://github.com/nodejs/node/pull/26960
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Diffstat (limited to 'lib/internal/crypto')
| -rw-r--r-- | lib/internal/crypto/keygen.js | 30 | ||||
| -rw-r--r-- | lib/internal/crypto/sig.js | 12 |
2 files changed, 28 insertions, 14 deletions
diff --git a/lib/internal/crypto/keygen.js b/lib/internal/crypto/keygen.js index cff58f15f2..10ab49760b 100644 --- a/lib/internal/crypto/keygen.js +++ b/lib/internal/crypto/keygen.js @@ -3,6 +3,7 @@ const { AsyncWrap, Providers } = internalBinding('async_wrap'); const { generateKeyPairRSA, + generateKeyPairRSAPSS, generateKeyPairDSA, generateKeyPairEC, generateKeyPairNid, @@ -141,6 +142,7 @@ function check(type, options, callback) { let impl; switch (type) { case 'rsa': + case 'rsa-pss': { const { modulusLength } = needOptions(); if (!isUint32(modulusLength)) @@ -153,10 +155,27 @@ function check(type, options, callback) { throw new ERR_INVALID_OPT_VALUE('publicExponent', publicExponent); } - impl = (wrap) => generateKeyPairRSA(modulusLength, publicExponent, - publicFormat, publicType, - privateFormat, privateType, - cipher, passphrase, wrap); + if (type === 'rsa') { + impl = (wrap) => generateKeyPairRSA(modulusLength, publicExponent, + publicFormat, publicType, + privateFormat, privateType, + cipher, passphrase, wrap); + break; + } + + const { hash, mgf1Hash, saltLength } = options; + if (hash !== undefined && typeof hash !== 'string') + throw new ERR_INVALID_OPT_VALUE('hash', hash); + if (mgf1Hash !== undefined && typeof mgf1Hash !== 'string') + throw new ERR_INVALID_OPT_VALUE('mgf1Hash', mgf1Hash); + if (saltLength !== undefined && !isUint32(saltLength)) + throw new ERR_INVALID_OPT_VALUE('saltLength', saltLength); + + impl = (wrap) => generateKeyPairRSAPSS(modulusLength, publicExponent, + hash, mgf1Hash, saltLength, + publicFormat, publicType, + privateFormat, privateType, + cipher, passphrase, wrap); } break; case 'dsa': @@ -225,8 +244,7 @@ function check(type, options, callback) { break; default: throw new ERR_INVALID_ARG_VALUE('type', type, - "must be one of 'rsa', 'dsa', 'ec', " + - "'ed25519', 'ed448', 'x25519', 'x448'"); + 'must be a supported key type'); } if (options) { diff --git a/lib/internal/crypto/sig.js b/lib/internal/crypto/sig.js index 2dbebcdd80..eb75907217 100644 --- a/lib/internal/crypto/sig.js +++ b/lib/internal/crypto/sig.js @@ -13,10 +13,6 @@ const { verifyOneShot: _verifyOneShot } = internalBinding('crypto'); const { - RSA_PSS_SALTLEN_AUTO, - RSA_PKCS1_PADDING -} = internalBinding('constants').crypto; -const { getDefaultEncoding, kHandle, toBuf, @@ -56,14 +52,14 @@ Sign.prototype.update = function update(data, encoding) { }; function getPadding(options) { - return getIntOption('padding', RSA_PKCS1_PADDING, options); + return getIntOption('padding', options); } function getSaltLength(options) { - return getIntOption('saltLength', RSA_PSS_SALTLEN_AUTO, options); + return getIntOption('saltLength', options); } -function getIntOption(name, defaultValue, options) { +function getIntOption(name, options) { const value = options[name]; if (value !== undefined) { if (value === value >> 0) { @@ -72,7 +68,7 @@ function getIntOption(name, defaultValue, options) { throw new ERR_INVALID_OPT_VALUE(name, value); } } - return defaultValue; + return undefined; } Sign.prototype.sign = function sign(options, encoding) { |