2024-01-01 14:58:21 -05:00
|
|
|
// Copyright 2018-2024 the Deno authors. All rights reserved. MIT license.
|
2023-02-14 17:38:45 +01:00
|
|
|
// Copyright Joyent, Inc. and Node.js contributors. All rights reserved. MIT license.
|
|
|
|
|
2023-06-27 15:18:22 +09:00
|
|
|
// TODO(petamoriken): enable prefer-primordials for node polyfills
|
|
|
|
// deno-lint-ignore-file prefer-primordials
|
|
|
|
|
2024-08-07 08:43:58 +02:00
|
|
|
import {
|
|
|
|
op_node_create_private_key,
|
|
|
|
op_node_create_public_key,
|
2024-08-09 12:58:20 +02:00
|
|
|
op_node_get_asymmetric_key_type,
|
2024-08-07 08:43:58 +02:00
|
|
|
op_node_sign,
|
2024-08-09 12:58:20 +02:00
|
|
|
op_node_sign_ed25519,
|
2024-08-07 08:43:58 +02:00
|
|
|
op_node_verify,
|
2024-08-09 12:58:20 +02:00
|
|
|
op_node_verify_ed25519,
|
2024-08-07 08:43:58 +02:00
|
|
|
} from "ext:core/ops";
|
2024-01-11 07:37:25 +09:00
|
|
|
|
2023-04-19 23:24:26 +09:00
|
|
|
import {
|
|
|
|
validateFunction,
|
|
|
|
validateString,
|
|
|
|
} from "ext:deno_node/internal/validators.mjs";
|
2023-07-02 20:19:30 +02:00
|
|
|
import { Buffer } from "node:buffer";
|
2023-03-08 07:44:54 -04:00
|
|
|
import type { WritableOptions } from "ext:deno_node/_stream.d.ts";
|
2024-09-12 01:52:08 +01:00
|
|
|
import Writable from "node:_stream_writable";
|
2023-02-14 17:38:45 +01:00
|
|
|
import type {
|
|
|
|
BinaryLike,
|
|
|
|
BinaryToTextEncoding,
|
|
|
|
Encoding,
|
|
|
|
PrivateKeyInput,
|
|
|
|
PublicKeyInput,
|
2023-03-08 07:44:54 -04:00
|
|
|
} from "ext:deno_node/internal/crypto/types.ts";
|
2023-11-09 09:56:59 -08:00
|
|
|
import {
|
2024-08-07 08:43:58 +02:00
|
|
|
kConsumePrivate,
|
|
|
|
kConsumePublic,
|
2023-11-09 09:56:59 -08:00
|
|
|
KeyObject,
|
2023-12-03 09:58:13 +05:30
|
|
|
prepareAsymmetricKey,
|
2024-08-09 12:58:20 +02:00
|
|
|
PrivateKeyObject,
|
|
|
|
PublicKeyObject,
|
2023-11-09 09:56:59 -08:00
|
|
|
} from "ext:deno_node/internal/crypto/keys.ts";
|
2024-08-07 08:43:58 +02:00
|
|
|
import { createHash } from "ext:deno_node/internal/crypto/hash.ts";
|
2023-04-19 23:24:26 +09:00
|
|
|
import { ERR_CRYPTO_SIGN_KEY_REQUIRED } from "ext:deno_node/internal/errors.ts";
|
2023-03-28 21:46:48 +09:00
|
|
|
|
2023-02-14 17:38:45 +01:00
|
|
|
export type DSAEncoding = "der" | "ieee-p1363";
|
|
|
|
|
|
|
|
export interface SigningOptions {
|
|
|
|
padding?: number | undefined;
|
|
|
|
saltLength?: number | undefined;
|
|
|
|
dsaEncoding?: DSAEncoding | undefined;
|
|
|
|
}
|
|
|
|
|
|
|
|
export interface SignPrivateKeyInput extends PrivateKeyInput, SigningOptions {}
|
|
|
|
|
|
|
|
export interface SignKeyObjectInput extends SigningOptions {
|
|
|
|
key: KeyObject;
|
|
|
|
}
|
|
|
|
export interface VerifyPublicKeyInput extends PublicKeyInput, SigningOptions {}
|
|
|
|
|
|
|
|
export interface VerifyKeyObjectInput extends SigningOptions {
|
|
|
|
key: KeyObject;
|
|
|
|
}
|
|
|
|
|
2024-08-11 02:29:53 -07:00
|
|
|
function getSaltLength(options) {
|
|
|
|
return getIntOption("saltLength", options);
|
|
|
|
}
|
|
|
|
|
|
|
|
function getDSASignatureEncoding(options) {
|
|
|
|
if (typeof options === "object") {
|
|
|
|
const { dsaEncoding = "der" } = options;
|
|
|
|
if (dsaEncoding === "der") {
|
|
|
|
return 0;
|
|
|
|
} else if (dsaEncoding === "ieee-p1363") {
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
throw new ERR_INVALID_ARG_VALUE("options.dsaEncoding", dsaEncoding);
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
function getIntOption(name, options) {
|
|
|
|
const value = options[name];
|
|
|
|
if (value !== undefined) {
|
|
|
|
if (value === value >> 0) {
|
|
|
|
return value;
|
|
|
|
}
|
|
|
|
throw new ERR_INVALID_ARG_VALUE(`options.${name}`, value);
|
|
|
|
}
|
|
|
|
return undefined;
|
|
|
|
}
|
|
|
|
|
2023-02-14 17:38:45 +01:00
|
|
|
export type KeyLike = string | Buffer | KeyObject;
|
|
|
|
|
2023-04-19 23:24:26 +09:00
|
|
|
export class SignImpl extends Writable {
|
2023-03-28 21:46:48 +09:00
|
|
|
hash: Hash;
|
|
|
|
#digestType: string;
|
|
|
|
|
2023-02-14 17:38:45 +01:00
|
|
|
constructor(algorithm: string, _options?: WritableOptions) {
|
|
|
|
validateString(algorithm, "algorithm");
|
|
|
|
|
2023-03-28 21:46:48 +09:00
|
|
|
super({
|
|
|
|
write(chunk, enc, callback) {
|
|
|
|
this.update(chunk, enc);
|
|
|
|
callback();
|
|
|
|
},
|
|
|
|
});
|
|
|
|
|
|
|
|
algorithm = algorithm.toLowerCase();
|
|
|
|
|
|
|
|
this.#digestType = algorithm;
|
|
|
|
this.hash = createHash(this.#digestType);
|
2023-02-14 17:38:45 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
sign(
|
2024-08-07 08:43:58 +02:00
|
|
|
// deno-lint-ignore no-explicit-any
|
|
|
|
privateKey: any,
|
2023-03-28 21:46:48 +09:00
|
|
|
encoding?: BinaryToTextEncoding,
|
2023-02-14 17:38:45 +01:00
|
|
|
): Buffer | string {
|
2024-08-07 08:43:58 +02:00
|
|
|
const res = prepareAsymmetricKey(privateKey, kConsumePrivate);
|
2024-08-11 02:29:53 -07:00
|
|
|
|
|
|
|
// Options specific to RSA-PSS
|
|
|
|
const pssSaltLength = getSaltLength(privateKey);
|
|
|
|
|
|
|
|
// Options specific to (EC)DSA
|
|
|
|
const dsaSigEnc = getDSASignatureEncoding(privateKey);
|
|
|
|
|
2024-08-07 08:43:58 +02:00
|
|
|
let handle;
|
|
|
|
if ("handle" in res) {
|
|
|
|
handle = res.handle;
|
|
|
|
} else {
|
|
|
|
handle = op_node_create_private_key(
|
|
|
|
res.data,
|
|
|
|
res.format,
|
|
|
|
res.type ?? "",
|
|
|
|
res.passphrase,
|
|
|
|
);
|
|
|
|
}
|
2024-01-11 07:37:25 +09:00
|
|
|
const ret = Buffer.from(op_node_sign(
|
2024-08-07 08:43:58 +02:00
|
|
|
handle,
|
2023-03-28 21:46:48 +09:00
|
|
|
this.hash.digest(),
|
|
|
|
this.#digestType,
|
2024-08-11 02:29:53 -07:00
|
|
|
pssSaltLength,
|
|
|
|
dsaSigEnc,
|
2023-03-28 21:46:48 +09:00
|
|
|
));
|
|
|
|
return encoding ? ret.toString(encoding) : ret;
|
2023-02-14 17:38:45 +01:00
|
|
|
}
|
|
|
|
|
2023-03-28 21:46:48 +09:00
|
|
|
update(
|
|
|
|
data: BinaryLike | string,
|
|
|
|
encoding?: Encoding,
|
|
|
|
): this {
|
|
|
|
this.hash.update(data, encoding);
|
|
|
|
return this;
|
2023-02-14 17:38:45 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-04-19 23:24:26 +09:00
|
|
|
export function Sign(algorithm: string, options?: WritableOptions) {
|
|
|
|
return new SignImpl(algorithm, options);
|
|
|
|
}
|
|
|
|
|
|
|
|
Sign.prototype = SignImpl.prototype;
|
|
|
|
|
|
|
|
export class VerifyImpl extends Writable {
|
2023-04-18 21:04:51 +09:00
|
|
|
hash: Hash;
|
|
|
|
#digestType: string;
|
|
|
|
|
2023-02-14 17:38:45 +01:00
|
|
|
constructor(algorithm: string, _options?: WritableOptions) {
|
|
|
|
validateString(algorithm, "algorithm");
|
|
|
|
|
2023-04-18 21:04:51 +09:00
|
|
|
super({
|
|
|
|
write(chunk, enc, callback) {
|
|
|
|
this.update(chunk, enc);
|
|
|
|
callback();
|
|
|
|
},
|
|
|
|
});
|
|
|
|
|
|
|
|
algorithm = algorithm.toLowerCase();
|
2023-02-14 17:38:45 +01:00
|
|
|
|
2023-04-18 21:04:51 +09:00
|
|
|
this.#digestType = algorithm;
|
|
|
|
this.hash = createHash(this.#digestType);
|
2023-02-14 17:38:45 +01:00
|
|
|
}
|
|
|
|
|
2023-04-18 21:04:51 +09:00
|
|
|
update(data: BinaryLike, encoding?: string): this {
|
|
|
|
this.hash.update(data, encoding);
|
|
|
|
return this;
|
2023-02-14 17:38:45 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
verify(
|
2024-08-07 08:43:58 +02:00
|
|
|
// deno-lint-ignore no-explicit-any
|
|
|
|
publicKey: any,
|
2023-04-18 21:04:51 +09:00
|
|
|
signature: BinaryLike,
|
|
|
|
encoding?: BinaryToTextEncoding,
|
2023-02-14 17:38:45 +01:00
|
|
|
): boolean {
|
2024-08-07 08:43:58 +02:00
|
|
|
const res = prepareAsymmetricKey(publicKey, kConsumePublic);
|
2024-08-11 02:29:53 -07:00
|
|
|
|
|
|
|
// Options specific to RSA-PSS
|
|
|
|
const pssSaltLength = getSaltLength(publicKey);
|
|
|
|
|
|
|
|
// Options specific to (EC)DSA
|
|
|
|
const dsaSigEnc = getDSASignatureEncoding(publicKey);
|
|
|
|
|
2024-08-07 08:43:58 +02:00
|
|
|
let handle;
|
|
|
|
if ("handle" in res) {
|
|
|
|
handle = res.handle;
|
2023-04-18 21:04:51 +09:00
|
|
|
} else {
|
2024-08-07 08:43:58 +02:00
|
|
|
handle = op_node_create_public_key(
|
|
|
|
res.data,
|
|
|
|
res.format,
|
|
|
|
res.type ?? "",
|
|
|
|
res.passphrase,
|
2023-04-18 21:04:51 +09:00
|
|
|
);
|
|
|
|
}
|
2024-01-11 07:37:25 +09:00
|
|
|
return op_node_verify(
|
2024-08-07 08:43:58 +02:00
|
|
|
handle,
|
2023-04-18 21:04:51 +09:00
|
|
|
this.hash.digest(),
|
|
|
|
this.#digestType,
|
|
|
|
Buffer.from(signature, encoding),
|
2024-08-11 02:29:53 -07:00
|
|
|
pssSaltLength,
|
|
|
|
dsaSigEnc,
|
2023-04-18 21:04:51 +09:00
|
|
|
);
|
2023-02-14 17:38:45 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-04-19 23:24:26 +09:00
|
|
|
export function Verify(algorithm: string, options?: WritableOptions) {
|
|
|
|
return new VerifyImpl(algorithm, options);
|
|
|
|
}
|
|
|
|
|
|
|
|
Verify.prototype = VerifyImpl.prototype;
|
|
|
|
|
2023-02-14 17:38:45 +01:00
|
|
|
export function signOneShot(
|
|
|
|
algorithm: string | null | undefined,
|
|
|
|
data: ArrayBufferView,
|
|
|
|
key: KeyLike | SignKeyObjectInput | SignPrivateKeyInput,
|
2023-04-19 23:24:26 +09:00
|
|
|
callback?: (error: Error | null, data: Buffer) => void,
|
2023-02-14 17:38:45 +01:00
|
|
|
): Buffer | void {
|
2023-04-19 23:24:26 +09:00
|
|
|
if (algorithm != null) {
|
|
|
|
validateString(algorithm, "algorithm");
|
|
|
|
}
|
|
|
|
|
|
|
|
if (callback !== undefined) {
|
|
|
|
validateFunction(callback, "callback");
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!key) {
|
|
|
|
throw new ERR_CRYPTO_SIGN_KEY_REQUIRED();
|
|
|
|
}
|
|
|
|
|
2024-08-09 12:58:20 +02:00
|
|
|
const res = prepareAsymmetricKey(key, kConsumePrivate);
|
|
|
|
let handle;
|
|
|
|
if ("handle" in res) {
|
|
|
|
handle = res.handle;
|
|
|
|
} else {
|
|
|
|
handle = op_node_create_private_key(
|
|
|
|
res.data,
|
|
|
|
res.format,
|
|
|
|
res.type ?? "",
|
|
|
|
res.passphrase,
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
let result: Buffer;
|
|
|
|
if (op_node_get_asymmetric_key_type(handle) === "ed25519") {
|
|
|
|
if (algorithm != null && algorithm !== "sha512") {
|
|
|
|
throw new TypeError("Only 'sha512' is supported for Ed25519 keys");
|
|
|
|
}
|
|
|
|
result = new Buffer(64);
|
|
|
|
op_node_sign_ed25519(handle, data, result);
|
|
|
|
} else if (algorithm == null) {
|
|
|
|
throw new TypeError(
|
|
|
|
"Algorithm must be specified when using non-Ed25519 keys",
|
|
|
|
);
|
|
|
|
} else {
|
|
|
|
result = Sign(algorithm!).update(data)
|
|
|
|
.sign(new PrivateKeyObject(handle));
|
|
|
|
}
|
2023-04-19 23:24:26 +09:00
|
|
|
|
|
|
|
if (callback) {
|
|
|
|
setTimeout(() => callback(null, result));
|
|
|
|
} else {
|
|
|
|
return result;
|
|
|
|
}
|
2023-02-14 17:38:45 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
export function verifyOneShot(
|
|
|
|
algorithm: string | null | undefined,
|
2023-04-19 23:24:26 +09:00
|
|
|
data: BinaryLike,
|
2023-02-14 17:38:45 +01:00
|
|
|
key: KeyLike | VerifyKeyObjectInput | VerifyPublicKeyInput,
|
2023-04-19 23:24:26 +09:00
|
|
|
signature: BinaryLike,
|
|
|
|
callback?: (error: Error | null, result: boolean) => void,
|
2023-02-14 17:38:45 +01:00
|
|
|
): boolean | void {
|
2023-04-19 23:24:26 +09:00
|
|
|
if (algorithm != null) {
|
|
|
|
validateString(algorithm, "algorithm");
|
|
|
|
}
|
|
|
|
|
|
|
|
if (callback !== undefined) {
|
|
|
|
validateFunction(callback, "callback");
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!key) {
|
|
|
|
throw new ERR_CRYPTO_SIGN_KEY_REQUIRED();
|
|
|
|
}
|
|
|
|
|
2024-08-09 12:58:20 +02:00
|
|
|
const res = prepareAsymmetricKey(key, kConsumePublic);
|
|
|
|
let handle;
|
|
|
|
if ("handle" in res) {
|
|
|
|
handle = res.handle;
|
|
|
|
} else {
|
|
|
|
handle = op_node_create_public_key(
|
|
|
|
res.data,
|
|
|
|
res.format,
|
|
|
|
res.type ?? "",
|
|
|
|
res.passphrase,
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
let result: boolean;
|
|
|
|
if (op_node_get_asymmetric_key_type(handle) === "ed25519") {
|
|
|
|
if (algorithm != null && algorithm !== "sha512") {
|
|
|
|
throw new TypeError("Only 'sha512' is supported for Ed25519 keys");
|
|
|
|
}
|
|
|
|
result = op_node_verify_ed25519(handle, data, signature);
|
|
|
|
} else if (algorithm == null) {
|
|
|
|
throw new TypeError(
|
|
|
|
"Algorithm must be specified when using non-Ed25519 keys",
|
|
|
|
);
|
|
|
|
} else {
|
|
|
|
result = Verify(algorithm!).update(data)
|
|
|
|
.verify(new PublicKeyObject(handle), signature);
|
|
|
|
}
|
2023-04-19 23:24:26 +09:00
|
|
|
|
|
|
|
if (callback) {
|
|
|
|
setTimeout(() => callback(null, result));
|
|
|
|
} else {
|
|
|
|
return result;
|
|
|
|
}
|
2023-02-14 17:38:45 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
export default {
|
|
|
|
signOneShot,
|
|
|
|
verifyOneShot,
|
|
|
|
Sign,
|
|
|
|
Verify,
|
|
|
|
};
|