summaryrefslogtreecommitdiff
path: root/ext/node/ops/crypto/sign.rs
diff options
context:
space:
mode:
Diffstat (limited to 'ext/node/ops/crypto/sign.rs')
-rw-r--r--ext/node/ops/crypto/sign.rs148
1 files changed, 6 insertions, 142 deletions
diff --git a/ext/node/ops/crypto/sign.rs b/ext/node/ops/crypto/sign.rs
index 9aea3aab7..2dba15aba 100644
--- a/ext/node/ops/crypto/sign.rs
+++ b/ext/node/ops/crypto/sign.rs
@@ -2,12 +2,6 @@
use deno_core::error::generic_error;
use deno_core::error::type_error;
use deno_core::error::AnyError;
-use digest::Digest;
-use digest::FixedOutput;
-use digest::FixedOutputReset;
-use digest::OutputSizeUser;
-use digest::Reset;
-use digest::Update;
use rand::rngs::OsRng;
use rsa::signature::hazmat::PrehashSigner as _;
use rsa::signature::hazmat::PrehashVerifier as _;
@@ -146,29 +140,9 @@ impl KeyObjectHandle {
AsymmetricPrivateKey::X25519(_) => {
Err(type_error("x25519 key cannot be used for signing"))
}
- AsymmetricPrivateKey::Ed25519(key) => {
- if !matches!(
- digest_type,
- "rsa-sha512" | "sha512" | "sha512withrsaencryption"
- ) {
- return Err(type_error(format!(
- "digest not allowed for Ed25519 signature: {}",
- digest_type
- )));
- }
-
- let mut precomputed_digest = PrecomputedDigest([0; 64]);
- if digest.len() != precomputed_digest.0.len() {
- return Err(type_error("Invalid sha512 digest"));
- }
- precomputed_digest.0.copy_from_slice(digest);
-
- let signature = key
- .sign_prehashed(precomputed_digest, None)
- .map_err(|_| generic_error("failed to sign digest with Ed25519"))?;
-
- Ok(signature.to_bytes().into())
- }
+ AsymmetricPrivateKey::Ed25519(_) => Err(type_error(
+ "Ed25519 key cannot be used for prehashed signing",
+ )),
AsymmetricPrivateKey::Dh(_) => {
Err(type_error("DH key cannot be used for signing"))
}
@@ -275,122 +249,12 @@ impl KeyObjectHandle {
AsymmetricPublicKey::X25519(_) => {
Err(type_error("x25519 key cannot be used for verification"))
}
- AsymmetricPublicKey::Ed25519(key) => {
- if !matches!(
- digest_type,
- "rsa-sha512" | "sha512" | "sha512withrsaencryption"
- ) {
- return Err(type_error(format!(
- "digest not allowed for Ed25519 signature: {}",
- digest_type
- )));
- }
-
- let mut signature_fixed = [0u8; 64];
- if signature.len() != signature_fixed.len() {
- return Err(type_error("Invalid Ed25519 signature"));
- }
- signature_fixed.copy_from_slice(signature);
-
- let signature = ed25519_dalek::Signature::from_bytes(&signature_fixed);
-
- let mut precomputed_digest = PrecomputedDigest([0; 64]);
- precomputed_digest.0.copy_from_slice(digest);
-
- Ok(
- key
- .verify_prehashed_strict(precomputed_digest, None, &signature)
- .is_ok(),
- )
- }
+ AsymmetricPublicKey::Ed25519(_) => Err(type_error(
+ "Ed25519 key cannot be used for prehashed verification",
+ )),
AsymmetricPublicKey::Dh(_) => {
Err(type_error("DH key cannot be used for verification"))
}
}
}
}
-
-struct PrecomputedDigest([u8; 64]);
-
-impl OutputSizeUser for PrecomputedDigest {
- type OutputSize = <sha2::Sha512 as OutputSizeUser>::OutputSize;
-}
-
-impl Digest for PrecomputedDigest {
- fn new() -> Self {
- unreachable!()
- }
-
- fn new_with_prefix(_data: impl AsRef<[u8]>) -> Self {
- unreachable!()
- }
-
- fn update(&mut self, _data: impl AsRef<[u8]>) {
- unreachable!()
- }
-
- fn chain_update(self, _data: impl AsRef<[u8]>) -> Self {
- unreachable!()
- }
-
- fn finalize(self) -> digest::Output<Self> {
- self.0.into()
- }
-
- fn finalize_into(self, _out: &mut digest::Output<Self>) {
- unreachable!()
- }
-
- fn finalize_reset(&mut self) -> digest::Output<Self>
- where
- Self: digest::FixedOutputReset,
- {
- unreachable!()
- }
-
- fn finalize_into_reset(&mut self, _out: &mut digest::Output<Self>)
- where
- Self: digest::FixedOutputReset,
- {
- unreachable!()
- }
-
- fn reset(&mut self)
- where
- Self: digest::Reset,
- {
- unreachable!()
- }
-
- fn output_size() -> usize {
- unreachable!()
- }
-
- fn digest(_data: impl AsRef<[u8]>) -> digest::Output<Self> {
- unreachable!()
- }
-}
-
-impl Reset for PrecomputedDigest {
- fn reset(&mut self) {
- unreachable!()
- }
-}
-
-impl FixedOutputReset for PrecomputedDigest {
- fn finalize_into_reset(&mut self, _out: &mut digest::Output<Self>) {
- unreachable!()
- }
-}
-
-impl FixedOutput for PrecomputedDigest {
- fn finalize_into(self, _out: &mut digest::Output<Self>) {
- unreachable!()
- }
-}
-
-impl Update for PrecomputedDigest {
- fn update(&mut self, _data: &[u8]) {
- unreachable!()
- }
-}
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 08:46:27 +0000