1 files changed, 53 insertions, 1 deletions

diff --git a/ext/node/crypto/mod.rs b/ext/node/crypto/mod.rs
index f818b96af..b45f36144 100644
--- a/ext/node/crypto/mod.rs
+++ b/ext/node/crypto/mod.rs
@@ -309,7 +309,7 @@ pub fn op_node_sign(
       use signature::hazmat::PrehashSigner;
       let key = match key_format {
         "pem" => RsaPrivateKey::from_pkcs8_pem((&key).try_into()?)
-          .map_err(|_| type_error("Invalid RSA key"))?,
+          .map_err(|_| type_error("Invalid RSA private key"))?,
         // TODO(kt3k): Support der and jwk formats
         _ => {
           return Err(type_error(format!(
@@ -353,6 +353,58 @@ pub fn op_node_sign(
   }
 }
 
+#[op]
+fn op_node_verify(
+  digest: &[u8],
+  digest_type: &str,
+  key: StringOrBuffer,
+  key_type: &str,
+  key_format: &str,
+  signature: &[u8],
+) -> Result<bool, AnyError> {
+  match key_type {
+    "rsa" => {
+      use rsa::pkcs1v15::VerifyingKey;
+      use signature::hazmat::PrehashVerifier;
+      let key = match key_format {
+        "pem" => RsaPublicKey::from_public_key_pem((&key).try_into()?)
+          .map_err(|_| type_error("Invalid RSA public key"))?,
+        // TODO(kt3k): Support der and jwk formats
+        _ => {
+          return Err(type_error(format!(
+            "Unsupported key format: {}",
+            key_format
+          )))
+        }
+      };
+      Ok(match digest_type {
+        "sha224" => VerifyingKey::<sha2::Sha224>::new_with_prefix(key)
+          .verify_prehash(digest, &signature.to_vec().try_into()?)
+          .is_ok(),
+        "sha256" => VerifyingKey::<sha2::Sha256>::new_with_prefix(key)
+          .verify_prehash(digest, &signature.to_vec().try_into()?)
+          .is_ok(),
+        "sha384" => VerifyingKey::<sha2::Sha384>::new_with_prefix(key)
+          .verify_prehash(digest, &signature.to_vec().try_into()?)
+          .is_ok(),
+        "sha512" => VerifyingKey::<sha2::Sha512>::new_with_prefix(key)
+          .verify_prehash(digest, &signature.to_vec().try_into()?)
+          .is_ok(),
+        _ => {
+          return Err(type_error(format!(
+            "Unknown digest algorithm: {}",
+            digest_type
+          )))
+        }
+      })
+    }
+    _ => Err(type_error(format!(
+      "Verifying with {} keys is not supported yet",
+      key_type
+    ))),
+  }
+}
+
 fn pbkdf2_sync(
   password: &[u8],
   salt: &[u8],