diff options
| author | Luca Casonato <hello@lcas.dev> | 2024-08-07 08:43:58 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-08-07 08:43:58 +0200 |
| commit | 4fa8869f2487749a9f190cb3047f4f3e6d571f27 (patch) | |
| tree | 640c13e45e0bf1c63340c15f64b08b614ddcf120 /tests/unit_node/crypto/generate_keys.mjs | |
| parent | 9a83efa04b6e733ca0fdbf9e780c4b77f0d9f4be (diff) | |
feat(ext/node): rewrite crypto keys (#24463)
This completely rewrites how we handle key material in ext/node. Changes
in this
PR:
- **Signing**
- RSA
- RSA-PSS 🆕
- DSA 🆕
- EC
- ED25519 🆕
- **Verifying**
- RSA
- RSA-PSS 🆕
- DSA 🆕
- EC 🆕
- ED25519 🆕
- **Private key import**
- Passphrase encrypted private keys 🆕
- RSA
- PEM
- DER (PKCS#1) 🆕
- DER (PKCS#8) 🆕
- RSA-PSS
- PEM
- DER (PKCS#1) 🆕
- DER (PKCS#8) 🆕
- DSA 🆕
- EC
- PEM
- DER (SEC1) 🆕
- DER (PKCS#8) 🆕
- X25519 🆕
- ED25519 🆕
- DH
- **Public key import**
- RSA
- PEM
- DER (PKCS#1) 🆕
- DER (PKCS#8) 🆕
- RSA-PSS 🆕
- DSA 🆕
- EC 🆕
- X25519 🆕
- ED25519 🆕
- DH 🆕
- **Private key export**
- RSA 🆕
- DSA 🆕
- EC 🆕
- X25519 🆕
- ED25519 🆕
- DH 🆕
- **Public key export**
- RSA
- DSA 🆕
- EC 🆕
- X25519 🆕
- ED25519 🆕
- DH 🆕
- **Key pair generation**
- Overhauled, but supported APIs unchanged
This PR adds a lot of new individual functionality. But most importantly
because
of the new key material representation, it is now trivial to add new
algorithms
(as shown by this PR).
Now, when adding a new algorithm, it is also widely supported - for
example
previously we supported ED25519 key pair generation, but we could not
import,
export, sign or verify with ED25519. We can now do all of those things.
Diffstat (limited to 'tests/unit_node/crypto/generate_keys.mjs')
| -rw-r--r-- | tests/unit_node/crypto/generate_keys.mjs | 147 |
1 files changed, 147 insertions, 0 deletions
diff --git a/tests/unit_node/crypto/generate_keys.mjs b/tests/unit_node/crypto/generate_keys.mjs new file mode 100644 index 000000000..8646fbcd1 --- /dev/null +++ b/tests/unit_node/crypto/generate_keys.mjs @@ -0,0 +1,147 @@ +import { writeFileSync } from "node:fs"; +import { join } from "node:path"; +import crypto from "node:crypto"; +import console from "node:console"; + +const keyTypes = [ + { + type: "rsa", + modulusLength: 2048, + }, + { + type: "rsa", + modulusLength: 3072, + }, + { + type: "rsa-pss", + modulusLength: 2048, + }, + { + type: "rsa-pss", + modulusLength: 3072, + }, + { + type: "rsa-pss", + modulusLength: 2048, + saltLength: 32, + }, + { + type: "rsa-pss", + modulusLength: 2048, + hashAlgorithm: "sha512", + }, + { + type: "dsa", + modulusLength: 2048, + }, + { + type: "dsa", + modulusLength: 3072, + }, + { + type: "ec", + namedCurve: "P-224", + }, + { + type: "ec", + namedCurve: "P-256", + }, + { + type: "ec", + namedCurve: "P-384", + }, + { + type: "x25519", + }, + { + type: "ed25519", + }, + { + type: "dh", + group: "modp14", + }, +]; + +const data = "Hello, World!"; + +const entries = []; + +for (const keyType of keyTypes) { + console.log(keyType); + const { privateKey, publicKey } = crypto.generateKeyPairSync(keyType.type, { + modulusLength: keyType.modulusLength, + namedCurve: keyType.namedCurve, + group: keyType.group, + saltLength: keyType.saltLength, + hashAlgorithm: keyType.hashAlgorithm, + }); + + let name = keyType.type; + if (keyType.type === "rsa-pss") { + name += `_${keyType.modulusLength}_${keyType.saltLength ?? "nosalt"}_${ + keyType.hashAlgorithm ?? "nohash" + }`; + } else if (keyType.type === "rsa" || keyType.type === "dsa") { + name += `_${keyType.modulusLength}`; + } else if (keyType.type === "ec") { + name += `_${keyType.namedCurve}`; + } else if (keyType.type === "dh") { + name += `_${keyType.group}`; + } + + exportAndWrite(name, privateKey, "pem", "pkcs8"); + exportAndWrite(name, privateKey, "der", "pkcs8"); + exportAndWrite(name, publicKey, "pem", "spki"); + exportAndWrite(name, publicKey, "der", "spki"); + + if (keyType.type === "rsa") { + exportAndWrite(name, privateKey, "pem", "pkcs1"); + exportAndWrite(name, privateKey, "der", "pkcs1"); + exportAndWrite(name, publicKey, "pem", "pkcs1"); + exportAndWrite(name, publicKey, "der", "pkcs1"); + } + if (keyType.type === "ec") { + exportAndWrite(name, privateKey, "pem", "sec1"); + exportAndWrite(name, privateKey, "der", "sec1"); + } + + let signed; + if (keyType.type === "ed25519") { + signed = crypto + .sign(null, Buffer.from(data), privateKey) + .toString("base64"); + } else if (keyType.type !== "x25519" && keyType.type !== "dh") { + console.log("signing", keyType.type); + signed = crypto + .createSign("sha512") + .update(data) + .sign(privateKey, "base64"); + } + + entries.push({ + name, + keyType: keyType.type, + signed, + }); +} + +writeFileSync( + join("tests", "unit_node", "crypto", "testdata", "asymmetric.json"), + JSON.stringify(entries, null, 2), +); + +function exportAndWrite(name, key, format, type) { + const pem = key.export({ + format, + type, + }); + const filename = join( + "tests", + "unit_node", + "crypto", + "testdata", + "asymmetric", + `${name}.${type}.${format}`, + ); + writeFileSync(filename, pem); +} |