fix(ext/node): ed25519 signing and cipheriv autopadding fixes (#24957)

- Return auth tag for GCM ciphers from auto padding shortcircuit - Use _ring_ for ed25519 signing --------- Co-authored-by: Divy Srivastava <dj.srivastava23@gmail.com>
author: Luca Casonato <hello@lcas.dev> 2024-08-09 12:58:20 +0200
committer: GitHub <noreply@github.com> 2024-08-09 12:58:20 +0200
commit: fc023038424f3de81d7dd66c68634024a5b29eed (patch)
tree: 24cf26fd44306c35bb898d017fc342bce0d319dc /ext/node/ops/crypto/mod.rs
parent: c9f626e2512d52fdc354e490b179eed7200b394b (diff)
1 files changed, 60 insertions, 0 deletions
diff --git a/ext/node/ops/crypto/mod.rs b/ext/node/ops/crypto/mod.rs
index 8780495a4..05501fa87 100644
--- a/ext/node/ops/crypto/mod.rs
+++ b/ext/node/ops/crypto/mod.rs
@@ -20,6 +20,7 @@ use num_bigint_dig::BigUint;
 use rand::distributions::Distribution;
 use rand::distributions::Uniform;
 use rand::Rng;
+use ring::signature::Ed25519KeyPair;
 use std::future::Future;
 use std::rc::Rc;
 
@@ -272,6 +273,18 @@ pub fn op_node_cipheriv_final(
   context.r#final(auto_pad, input, output)
 }
 
+#[op2]
+#[buffer]
+pub fn op_node_cipheriv_take(
+  state: &mut OpState,
+  #[smi] rid: u32,
+) -> Result<Option<Vec<u8>>, AnyError> {
+  let context = state.resource_table.take::<cipher::CipherContext>(rid)?;
+  let context = Rc::try_unwrap(context)
+    .map_err(|_| type_error("Cipher context is already in use"))?;
+  Ok(context.take_tag())
+}
+
 #[op2(fast)]
 #[smi]
 pub fn op_node_create_decipheriv(
@@ -938,3 +951,50 @@ pub fn op_node_diffie_hellman(
 
   Ok(res)
 }
+
+#[op2(fast)]
+pub fn op_node_sign_ed25519(
+  #[cppgc] key: &KeyObjectHandle,
+  #[buffer] data: &[u8],
+  #[buffer] signature: &mut [u8],
+) -> Result<(), AnyError> {
+  let private = key
+    .as_private_key()
+    .ok_or_else(|| type_error("Expected private key"))?;
+
+  let ed25519 = match private {
+    AsymmetricPrivateKey::Ed25519(private) => private,
+    _ => return Err(type_error("Expected Ed25519 private key")),
+  };
+
+  let pair = Ed25519KeyPair::from_seed_unchecked(ed25519.as_bytes().as_slice())
+    .map_err(|_| type_error("Invalid Ed25519 private key"))?;
+  signature.copy_from_slice(pair.sign(data).as_ref());
+
+  Ok(())
+}
+
+#[op2(fast)]
+pub fn op_node_verify_ed25519(
+  #[cppgc] key: &KeyObjectHandle,
+  #[buffer] data: &[u8],
+  #[buffer] signature: &[u8],
+) -> Result<bool, AnyError> {
+  let public = key
+    .as_public_key()
+    .ok_or_else(|| type_error("Expected public key"))?;
+
+  let ed25519 = match &*public {
+    AsymmetricPublicKey::Ed25519(public) => public,
+    _ => return Err(type_error("Expected Ed25519 public key")),
+  };
+
+  let verified = ring::signature::UnparsedPublicKey::new(
+    &ring::signature::ED25519,
+    ed25519.as_bytes().as_slice(),
+  )
+  .verify(data, signature)
+  .is_ok();
+
+  Ok(verified)
+}
author	Luca Casonato <hello@lcas.dev>	2024-08-09 12:58:20 +0200
committer	GitHub <noreply@github.com>	2024-08-09 12:58:20 +0200
commit	fc023038424f3de81d7dd66c68634024a5b29eed (patch)
tree	24cf26fd44306c35bb898d017fc342bce0d319dc /ext/node/ops/crypto/mod.rs
parent	c9f626e2512d52fdc354e490b179eed7200b394b (diff)