diff options
| author | Divy Srivastava <dj.srivastava23@gmail.com> | 2024-08-11 02:29:53 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-08-11 14:59:53 +0530 |
| commit | d6f662ac8280511fb4ef0f81777a0a6c5c08c0fa (patch) | |
| tree | 4e26499934d124e83f96692af46df87746284fd7 /ext/node/polyfills/internal/crypto | |
| parent | feba133711d0ab79528134d05f1e38168305adfc (diff) | |
fix(ext/node): support ieee-p1363 ECDSA signatures and pss salt len (#24981)
Fixes https://github.com/denoland/deno/issues/22919
Diffstat (limited to 'ext/node/polyfills/internal/crypto')
| -rw-r--r-- | ext/node/polyfills/internal/crypto/sig.ts | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/ext/node/polyfills/internal/crypto/sig.ts b/ext/node/polyfills/internal/crypto/sig.ts index 3dd6b7c58..bcbcb469b 100644 --- a/ext/node/polyfills/internal/crypto/sig.ts +++ b/ext/node/polyfills/internal/crypto/sig.ts @@ -58,6 +58,35 @@ export interface VerifyKeyObjectInput extends SigningOptions { key: KeyObject; } +function getSaltLength(options) { + return getIntOption("saltLength", options); +} + +function getDSASignatureEncoding(options) { + if (typeof options === "object") { + const { dsaEncoding = "der" } = options; + if (dsaEncoding === "der") { + return 0; + } else if (dsaEncoding === "ieee-p1363") { + return 1; + } + throw new ERR_INVALID_ARG_VALUE("options.dsaEncoding", dsaEncoding); + } + + return 0; +} + +function getIntOption(name, options) { + const value = options[name]; + if (value !== undefined) { + if (value === value >> 0) { + return value; + } + throw new ERR_INVALID_ARG_VALUE(`options.${name}`, value); + } + return undefined; +} + export type KeyLike = string | Buffer | KeyObject; export class SignImpl extends Writable { @@ -86,6 +115,13 @@ export class SignImpl extends Writable { encoding?: BinaryToTextEncoding, ): Buffer | string { const res = prepareAsymmetricKey(privateKey, kConsumePrivate); + + // Options specific to RSA-PSS + const pssSaltLength = getSaltLength(privateKey); + + // Options specific to (EC)DSA + const dsaSigEnc = getDSASignatureEncoding(privateKey); + let handle; if ("handle" in res) { handle = res.handle; @@ -101,6 +137,8 @@ export class SignImpl extends Writable { handle, this.hash.digest(), this.#digestType, + pssSaltLength, + dsaSigEnc, )); return encoding ? ret.toString(encoding) : ret; } @@ -152,6 +190,13 @@ export class VerifyImpl extends Writable { encoding?: BinaryToTextEncoding, ): boolean { const res = prepareAsymmetricKey(publicKey, kConsumePublic); + + // Options specific to RSA-PSS + const pssSaltLength = getSaltLength(publicKey); + + // Options specific to (EC)DSA + const dsaSigEnc = getDSASignatureEncoding(publicKey); + let handle; if ("handle" in res) { handle = res.handle; @@ -168,6 +213,8 @@ export class VerifyImpl extends Writable { this.hash.digest(), this.#digestType, Buffer.from(signature, encoding), + pssSaltLength, + dsaSigEnc, ); } } |