return Just(!result->IsEmpty());
}
-bool DHBitsTraits::DeriveBits(
- Environment* env,
- const DHBitsConfig& params,
- ByteSource* out) {
+bool DHBitsTraits::DeriveBits(Environment* env,
+ const DHBitsConfig& params,
+ ByteSource* out,
+ CryptoJobMode mode) {
*out = StatelessDiffieHellmanThreadsafe(
params.private_key->GetAsymmetricKey(),
params.public_key->GetAsymmetricKey());
unsigned int offset,
DHBitsConfig* params);
- static bool DeriveBits(
- Environment* env,
- const DHBitsConfig& params,
- ByteSource* out_);
+ static bool DeriveBits(Environment* env,
+ const DHBitsConfig& params,
+ ByteSource* out_,
+ CryptoJobMode mode);
static v8::Maybe<bool> EncodeOutput(
Environment* env,
bool ECDHBitsTraits::DeriveBits(Environment* env,
const ECDHBitsConfig& params,
- ByteSource* out) {
+ ByteSource* out,
+ CryptoJobMode mode) {
size_t len = 0;
ManagedEVPPKey m_privkey = params.private_->GetAsymmetricKey();
ManagedEVPPKey m_pubkey = params.public_->GetAsymmetricKey();
unsigned int offset,
ECDHBitsConfig* params);
- static bool DeriveBits(
- Environment* env,
- const ECDHBitsConfig& params,
- ByteSource* out_);
+ static bool DeriveBits(Environment* env,
+ const ECDHBitsConfig& params,
+ ByteSource* out_,
+ CryptoJobMode mode);
static v8::Maybe<bool> EncodeOutput(
Environment* env,
return Just(true);
}
-bool HashTraits::DeriveBits(
- Environment* env,
- const HashConfig& params,
- ByteSource* out) {
+bool HashTraits::DeriveBits(Environment* env,
+ const HashConfig& params,
+ ByteSource* out,
+ CryptoJobMode mode) {
EVPMDPointer ctx(EVP_MD_CTX_new());
if (UNLIKELY(!ctx ||
unsigned int offset,
HashConfig* params);
- static bool DeriveBits(
- Environment* env,
- const HashConfig& params,
- ByteSource* out);
+ static bool DeriveBits(Environment* env,
+ const HashConfig& params,
+ ByteSource* out,
+ CryptoJobMode mode);
static v8::Maybe<bool> EncodeOutput(
Environment* env,
return Just(true);
}
-bool HKDFTraits::DeriveBits(
- Environment* env,
- const HKDFConfig& params,
- ByteSource* out) {
+bool HKDFTraits::DeriveBits(Environment* env,
+ const HKDFConfig& params,
+ ByteSource* out,
+ CryptoJobMode mode) {
EVPKeyCtxPointer ctx =
EVPKeyCtxPointer(EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, nullptr));
if (!ctx || !EVP_PKEY_derive_init(ctx.get()) ||
unsigned int offset,
HKDFConfig* params);
- static bool DeriveBits(
- Environment* env,
- const HKDFConfig& params,
- ByteSource* out);
+ static bool DeriveBits(Environment* env,
+ const HKDFConfig& params,
+ ByteSource* out,
+ CryptoJobMode mode);
static v8::Maybe<bool> EncodeOutput(
Environment* env,
return Just(true);
}
-bool HmacTraits::DeriveBits(
- Environment* env,
- const HmacConfig& params,
- ByteSource* out) {
+bool HmacTraits::DeriveBits(Environment* env,
+ const HmacConfig& params,
+ ByteSource* out,
+ CryptoJobMode mode) {
HMACCtxPointer ctx(HMAC_CTX_new());
if (!ctx ||
unsigned int offset,
HmacConfig* params);
- static bool DeriveBits(
- Environment* env,
- const HmacConfig& params,
- ByteSource* out);
+ static bool DeriveBits(Environment* env,
+ const HmacConfig& params,
+ ByteSource* out,
+ CryptoJobMode mode);
static v8::Maybe<bool> EncodeOutput(
Environment* env,
return Just(true);
}
-bool PBKDF2Traits::DeriveBits(
- Environment* env,
- const PBKDF2Config& params,
- ByteSource* out) {
+bool PBKDF2Traits::DeriveBits(Environment* env,
+ const PBKDF2Config& params,
+ ByteSource* out,
+ CryptoJobMode mode) {
ByteSource::Builder buf(params.length);
// Both pass and salt may be zero length here.
unsigned int offset,
PBKDF2Config* params);
- static bool DeriveBits(
- Environment* env,
- const PBKDF2Config& params,
- ByteSource* out);
+ static bool DeriveBits(Environment* env,
+ const PBKDF2Config& params,
+ ByteSource* out,
+ CryptoJobMode mode);
static v8::Maybe<bool> EncodeOutput(
Environment* env,
return Just(true);
}
-bool RandomBytesTraits::DeriveBits(
- Environment* env,
- const RandomBytesConfig& params,
- ByteSource* unused) {
+bool RandomBytesTraits::DeriveBits(Environment* env,
+ const RandomBytesConfig& params,
+ ByteSource* unused,
+ CryptoJobMode mode) {
return CSPRNG(params.buffer, params.size).is_ok();
}
bool RandomPrimeTraits::DeriveBits(Environment* env,
const RandomPrimeConfig& params,
- ByteSource* unused) {
+ ByteSource* unused,
+ CryptoJobMode mode) {
// BN_generate_prime_ex() calls RAND_bytes_ex() internally.
// Make sure the CSPRNG is properly seeded.
CHECK(CSPRNG(nullptr, 0).is_ok());
return Just(true);
}
-bool CheckPrimeTraits::DeriveBits(
- Environment* env,
- const CheckPrimeConfig& params,
- ByteSource* out) {
-
+bool CheckPrimeTraits::DeriveBits(Environment* env,
+ const CheckPrimeConfig& params,
+ ByteSource* out,
+ CryptoJobMode mode) {
BignumCtxPointer ctx(BN_CTX_new());
int ret = BN_is_prime_ex(
unsigned int offset,
RandomBytesConfig* params);
- static bool DeriveBits(
- Environment* env,
- const RandomBytesConfig& params,
- ByteSource* out_);
+ static bool DeriveBits(Environment* env,
+ const RandomBytesConfig& params,
+ ByteSource* out_,
+ CryptoJobMode mode);
static v8::Maybe<bool> EncodeOutput(
Environment* env,
static bool DeriveBits(
Environment* env,
const RandomPrimeConfig& params,
- ByteSource* out_);
+ ByteSource* out_,
+ CryptoJobMode mode);
static v8::Maybe<bool> EncodeOutput(
Environment* env,
unsigned int offset,
CheckPrimeConfig* params);
- static bool DeriveBits(
- Environment* env,
- const CheckPrimeConfig& params,
- ByteSource* out);
+ static bool DeriveBits(Environment* env,
+ const CheckPrimeConfig& params,
+ ByteSource* out,
+ CryptoJobMode mode);
static v8::Maybe<bool> EncodeOutput(
Environment* env,
return Just(true);
}
-bool ScryptTraits::DeriveBits(
- Environment* env,
- const ScryptConfig& params,
- ByteSource* out) {
+bool ScryptTraits::DeriveBits(Environment* env,
+ const ScryptConfig& params,
+ ByteSource* out,
+ CryptoJobMode mode) {
ByteSource::Builder buf(params.length);
// Both the pass and salt may be zero-length at this point
unsigned int offset,
ScryptConfig* params);
- static bool DeriveBits(
- Environment* env,
- const ScryptConfig& params,
- ByteSource* out);
+ static bool DeriveBits(Environment* env,
+ const ScryptConfig& params,
+ ByteSource* out,
+ CryptoJobMode mode);
static v8::Maybe<bool> EncodeOutput(
Environment* env,
return Just(true);
}
-bool SignTraits::DeriveBits(
- Environment* env,
- const SignConfiguration& params,
- ByteSource* out) {
- ClearErrorOnReturn clear_error_on_return;
+bool SignTraits::DeriveBits(Environment* env,
+ const SignConfiguration& params,
+ ByteSource* out,
+ CryptoJobMode mode) {
+ bool can_throw = mode == CryptoJobMode::kCryptoJobSync;
EVPMDPointer context(EVP_MD_CTX_new());
+
EVP_PKEY_CTX* ctx = nullptr;
switch (params.mode) {
params.digest,
nullptr,
params.key.get())) {
- crypto::CheckThrow(env, SignBase::Error::kSignInit);
+ if (can_throw) crypto::CheckThrow(env, SignBase::Error::kSignInit);
return false;
}
break;
params.digest,
nullptr,
params.key.get())) {
- crypto::CheckThrow(env, SignBase::Error::kSignInit);
+ if (can_throw) crypto::CheckThrow(env, SignBase::Error::kSignInit);
return false;
}
break;
ctx,
padding,
salt_length)) {
- crypto::CheckThrow(env, SignBase::Error::kSignPrivateKey);
+ if (can_throw) crypto::CheckThrow(env, SignBase::Error::kSignPrivateKey);
return false;
}
&len,
params.data.data<unsigned char>(),
params.data.size())) {
- crypto::CheckThrow(env, SignBase::Error::kSignPrivateKey);
+ if (can_throw)
+ crypto::CheckThrow(env, SignBase::Error::kSignPrivateKey);
return false;
}
ByteSource::Builder buf(len);
&len,
params.data.data<unsigned char>(),
params.data.size())) {
- crypto::CheckThrow(env, SignBase::Error::kSignPrivateKey);
+ if (can_throw)
+ crypto::CheckThrow(env, SignBase::Error::kSignPrivateKey);
return false;
}
*out = std::move(buf).release(len);
params.data.data<unsigned char>(),
params.data.size()) ||
!EVP_DigestSignFinal(context.get(), nullptr, &len)) {
- crypto::CheckThrow(env, SignBase::Error::kSignPrivateKey);
+ if (can_throw)
+ crypto::CheckThrow(env, SignBase::Error::kSignPrivateKey);
return false;
}
ByteSource::Builder buf(len);
if (!EVP_DigestSignFinal(
context.get(), buf.data<unsigned char>(), &len)) {
- crypto::CheckThrow(env, SignBase::Error::kSignPrivateKey);
+ if (can_throw)
+ crypto::CheckThrow(env, SignBase::Error::kSignPrivateKey);
return false;
}
unsigned int offset,
SignConfiguration* params);
- static bool DeriveBits(
- Environment* env,
- const SignConfiguration& params,
- ByteSource* out);
+ static bool DeriveBits(Environment* env,
+ const SignConfiguration& params,
+ ByteSource* out,
+ CryptoJobMode mode);
static v8::Maybe<bool> EncodeOutput(
Environment* env,
std::move(params)) {}
void DoThreadPoolWork() override {
+ ClearErrorOnReturn clear_error_on_return;
if (!DeriveBitsTraits::DeriveBits(
AsyncWrap::env(),
- *CryptoJob<DeriveBitsTraits>::params(), &out_)) {
+ *CryptoJob<DeriveBitsTraits>::params(), &out_, this->mode())) {
CryptoErrorStore* errors = CryptoJob<DeriveBitsTraits>::errors();
errors->Capture();
if (errors->Empty())
})
.catch(common.mustNotCall());
}
+
+{
+ const untrustedKey = `-----BEGIN PUBLIC KEY-----
+MCowBQYDK2VuAyEA6pwGRbadNQAI/tYN8+/p/0/hbsdHfOEGr1ADiLVk/Gc=
+-----END PUBLIC KEY-----`;
+ const data = crypto.randomBytes(32);
+ const signature = crypto.randomBytes(16);
+
+ const expected = common.hasOpenSSL3 ?
+ /operation not supported for this keytype/ : /no default digest/;
+
+ crypto.verify(undefined, data, untrustedKey, signature, common.mustCall((err) => {
+ assert.ok(err);
+ assert.match(err.message, expected);
+ }));
+}
+
+{
+ const { privateKey } = crypto.generateKeyPairSync('rsa', {
+ modulusLength: 512
+ });
+ crypto.sign('sha512', 'message', privateKey, common.mustCall((err) => {
+ assert.ok(err);
+ assert.match(err.message, /digest too big for rsa key/);
+ }));
+}
projects / nodejs.git / commitdiff