diff options
| author | Luca Casonato <hello@lcas.dev> | 2024-08-09 12:58:20 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-08-09 12:58:20 +0200 |
| commit | fc023038424f3de81d7dd66c68634024a5b29eed (patch) | |
| tree | 24cf26fd44306c35bb898d017fc342bce0d319dc /ext/node/polyfills/internal/crypto/sig.ts | |
| parent | c9f626e2512d52fdc354e490b179eed7200b394b (diff) | |
fix(ext/node): ed25519 signing and cipheriv autopadding fixes (#24957)
- Return auth tag for GCM ciphers from auto padding shortcircuit
- Use _ring_ for ed25519 signing
---------
Co-authored-by: Divy Srivastava <dj.srivastava23@gmail.com>
Diffstat (limited to 'ext/node/polyfills/internal/crypto/sig.ts')
| -rw-r--r-- | ext/node/polyfills/internal/crypto/sig.ts | 62 |
1 files changed, 60 insertions, 2 deletions
diff --git a/ext/node/polyfills/internal/crypto/sig.ts b/ext/node/polyfills/internal/crypto/sig.ts index c711c7193..3dd6b7c58 100644 --- a/ext/node/polyfills/internal/crypto/sig.ts +++ b/ext/node/polyfills/internal/crypto/sig.ts @@ -7,8 +7,11 @@ import { op_node_create_private_key, op_node_create_public_key, + op_node_get_asymmetric_key_type, op_node_sign, + op_node_sign_ed25519, op_node_verify, + op_node_verify_ed25519, } from "ext:core/ops"; import { @@ -30,6 +33,8 @@ import { kConsumePublic, KeyObject, prepareAsymmetricKey, + PrivateKeyObject, + PublicKeyObject, } from "ext:deno_node/internal/crypto/keys.ts"; import { createHash } from "ext:deno_node/internal/crypto/hash.ts"; import { ERR_CRYPTO_SIGN_KEY_REQUIRED } from "ext:deno_node/internal/errors.ts"; @@ -191,7 +196,34 @@ export function signOneShot( throw new ERR_CRYPTO_SIGN_KEY_REQUIRED(); } - const result = Sign(algorithm!).update(data).sign(key); + const res = prepareAsymmetricKey(key, kConsumePrivate); + let handle; + if ("handle" in res) { + handle = res.handle; + } else { + handle = op_node_create_private_key( + res.data, + res.format, + res.type ?? "", + res.passphrase, + ); + } + + let result: Buffer; + if (op_node_get_asymmetric_key_type(handle) === "ed25519") { + if (algorithm != null && algorithm !== "sha512") { + throw new TypeError("Only 'sha512' is supported for Ed25519 keys"); + } + result = new Buffer(64); + op_node_sign_ed25519(handle, data, result); + } else if (algorithm == null) { + throw new TypeError( + "Algorithm must be specified when using non-Ed25519 keys", + ); + } else { + result = Sign(algorithm!).update(data) + .sign(new PrivateKeyObject(handle)); + } if (callback) { setTimeout(() => callback(null, result)); @@ -219,7 +251,33 @@ export function verifyOneShot( throw new ERR_CRYPTO_SIGN_KEY_REQUIRED(); } - const result = Verify(algorithm!).update(data).verify(key, signature); + const res = prepareAsymmetricKey(key, kConsumePublic); + let handle; + if ("handle" in res) { + handle = res.handle; + } else { + handle = op_node_create_public_key( + res.data, + res.format, + res.type ?? "", + res.passphrase, + ); + } + + let result: boolean; + if (op_node_get_asymmetric_key_type(handle) === "ed25519") { + if (algorithm != null && algorithm !== "sha512") { + throw new TypeError("Only 'sha512' is supported for Ed25519 keys"); + } + result = op_node_verify_ed25519(handle, data, signature); + } else if (algorithm == null) { + throw new TypeError( + "Algorithm must be specified when using non-Ed25519 keys", + ); + } else { + result = Verify(algorithm!).update(data) + .verify(new PublicKeyObject(handle), signature); + } if (callback) { setTimeout(() => callback(null, result)); |