From d6f662ac8280511fb4ef0f81777a0a6c5c08c0fa Mon Sep 17 00:00:00 2001
From: Divy Srivastava <dj.srivastava23@gmail.com>
Date: Sun, 11 Aug 2024 02:29:53 -0700
Subject: fix(ext/node): support ieee-p1363 ECDSA signatures and pss salt len
 (#24981)

Fixes https://github.com/denoland/deno/issues/22919
---
 ext/node/polyfills/internal/crypto/sig.ts | 47 +++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)

(limited to 'ext/node/polyfills')

diff --git a/ext/node/polyfills/internal/crypto/sig.ts b/ext/node/polyfills/internal/crypto/sig.ts
index 3dd6b7c58..bcbcb469b 100644
--- a/ext/node/polyfills/internal/crypto/sig.ts
+++ b/ext/node/polyfills/internal/crypto/sig.ts
@@ -58,6 +58,35 @@ export interface VerifyKeyObjectInput extends SigningOptions {
   key: KeyObject;
 }
 
+function getSaltLength(options) {
+  return getIntOption("saltLength", options);
+}
+
+function getDSASignatureEncoding(options) {
+  if (typeof options === "object") {
+    const { dsaEncoding = "der" } = options;
+    if (dsaEncoding === "der") {
+      return 0;
+    } else if (dsaEncoding === "ieee-p1363") {
+      return 1;
+    }
+    throw new ERR_INVALID_ARG_VALUE("options.dsaEncoding", dsaEncoding);
+  }
+
+  return 0;
+}
+
+function getIntOption(name, options) {
+  const value = options[name];
+  if (value !== undefined) {
+    if (value === value >> 0) {
+      return value;
+    }
+    throw new ERR_INVALID_ARG_VALUE(`options.${name}`, value);
+  }
+  return undefined;
+}
+
 export type KeyLike = string | Buffer | KeyObject;
 
 export class SignImpl extends Writable {
@@ -86,6 +115,13 @@ export class SignImpl extends Writable {
     encoding?: BinaryToTextEncoding,
   ): Buffer | string {
     const res = prepareAsymmetricKey(privateKey, kConsumePrivate);
+
+    // Options specific to RSA-PSS
+    const pssSaltLength = getSaltLength(privateKey);
+
+    // Options specific to (EC)DSA
+    const dsaSigEnc = getDSASignatureEncoding(privateKey);
+
     let handle;
     if ("handle" in res) {
       handle = res.handle;
@@ -101,6 +137,8 @@ export class SignImpl extends Writable {
       handle,
       this.hash.digest(),
       this.#digestType,
+      pssSaltLength,
+      dsaSigEnc,
     ));
     return encoding ? ret.toString(encoding) : ret;
   }
@@ -152,6 +190,13 @@ export class VerifyImpl extends Writable {
     encoding?: BinaryToTextEncoding,
   ): boolean {
     const res = prepareAsymmetricKey(publicKey, kConsumePublic);
+
+    // Options specific to RSA-PSS
+    const pssSaltLength = getSaltLength(publicKey);
+
+    // Options specific to (EC)DSA
+    const dsaSigEnc = getDSASignatureEncoding(publicKey);
+
     let handle;
     if ("handle" in res) {
       handle = res.handle;
@@ -168,6 +213,8 @@ export class VerifyImpl extends Writable {
       this.hash.digest(),
       this.#digestType,
       Buffer.from(signature, encoding),
+      pssSaltLength,
+      dsaSigEnc,
     );
   }
 }
-- 
cgit v1.2.3