fix(ext/crypto): support md4 digest algorithm (#25656)

Fixes #25646
2024-11-21 15:04:11 -05:00 · 2024-09-16 13:04:40 +02:00 · 2024-09-16 13:04:40 +02:00 · 81c9e0ba25
commit 81c9e0ba25
parent eb8ee95f08
3 changed files with 45 additions and 11 deletions
--- a/ext/node/ops/crypto/digest.rs
+++ b/ext/node/ops/crypto/digest.rs
@ -80,6 +80,10 @@ macro_rules! match_fixed_digest_with_eager_block_buffer {
        type $type = ::sm3::Sm3;
        $body
      }
+      "rsa-md4" | "md4" | "md4withrsaencryption" => {
+        type $type = ::md4::Md4;
+        $body
+      }
      "md5-sha1" => {
        type $type = crate::ops::crypto::md5_sha1::Md5Sha1;
        $body
@ -260,6 +264,7 @@ impl Hash {

  pub fn get_hashes() -> Vec<&'static str> {
    vec![
+      "RSA-MD4",
      "RSA-MD5",
      "RSA-RIPEMD160",
      "RSA-SHA1",
@ -281,6 +286,8 @@ impl Hash {
      "id-rsassa-pkcs1-v1_5-with-sha3-256",
      "id-rsassa-pkcs1-v1_5-with-sha3-384",
      "id-rsassa-pkcs1-v1_5-with-sha3-512",
+      "md4",
+      "md4WithRSAEncryption",
      "md5",
      "md5-sha1",
      "md5WithRSAEncryption",
--- a/tests/unit_node/crypto/crypto_sign_test.ts
+++ b/tests/unit_node/crypto/crypto_sign_test.ts
@ -154,16 +154,21 @@ Deno.test("crypto.createSign|sign - compare with node", async (t) => {
    new URL(import.meta.resolve("../testdata/rsa_private.pem")),
  );
  for (const { digest, signature } of fixtures) {
-    await t.step(digest, () => {
-      let actual: string | null;
-      try {
-        const s = createSign(digest);
-        s.update(DATA);
-        actual = s.sign(privateKey).toString("hex");
-      } catch {
-        actual = null;
-      }
-      assertEquals(actual, signature);
+    await t.step({
+      name: digest,
+      // TODO(lucacasonato): our md4 implementation does not have an OID, so it can't sign/verify
+      ignore: digest.toLowerCase().includes("md4"),
+      fn: () => {
+        let actual: string | null;
+        try {
+          const s = createSign(digest);
+          s.update(DATA);
+          actual = s.sign(privateKey).toString("hex");
+        } catch {
+          actual = null;
+        }
+        assertEquals(actual, signature);
+      },
    });
  }
 });
@ -176,7 +181,8 @@ Deno.test("crypto.createVerify|verify - compare with node", async (t) => {
  for (const { digest, signature } of fixtures) {
    await t.step({
      name: digest,
-      ignore: signature === null,
+      // TODO(lucacasonato): our md4 implementation does not have an OID, so it can't sign/verify
+      ignore: signature === null || digest.toLowerCase().includes("md4"),
      fn: () => {
        const s = createVerify(digest);
        s.update(DATA);
--- a/tests/unit_node/testdata/crypto_digest_fixtures.json
+++ b/tests/unit_node/testdata/crypto_digest_fixtures.json
@ -1,4 +1,11 @@
 [
+  {
+    "digest": "RSA-MD4",
+    "hash": "0abe9ee1f376caa1bcecad9042f16e73",
+    "signature": "9e0ea2ddcde181d9304e0cc56fd5e83f3bcc7921aa8605c4abb47c3829e79f99e856e323555222765d2b92328ff72b34ccbbc9e417033e1214c79bc4cccaf9d3a7f73105ab8f54507aa6a1909ec4754bd5a3b0ac588836c10c79c28ab81294b91aa5fa622574112dfeb52e8d785aa16193713ff66c11f23277eb27cfc8a6cd658777e3310aa9eede84b638673565f41978d278ef51b68a7e9855543f70e0c7ca823a7dfcfd922ea4973360a58c41132472737c6d68d30c2b4ca50882092e12f3e3b017199f45180a897cd155107ddd7fccca3eea565521b3f75dd8db6b0e8817c20b96e7e0d2bfe5c73e10a2d1e720dc00809def92c419411fcdd6e029fb6053",
+    "pkdf2": "a94d60cc0f44f11f4dd836de5313642956fee6f36ed7460b91d80e5dbc4089f123d6c70c6da4de059248a863af93da1f2776fae7065f008cf3fc7ebfe7592d7a",
+    "hkdf": "0104d69f3cb07f15194061d20905c559fcd1e3e2f71012ef88c964b16dca5253cda26f4c84fbafab14e638be1d1a972109b8725d5fb4dfa50b95d6ad3c4b6a88"
+  },
  {
    "digest": "RSA-MD5",
    "hash": "6cd3556deb0da54bca060b4c39479839",
@ -146,6 +153,20 @@
    "pkdf2": "e1f0b454bf5d729fbb13e534229521a87aee130078555791d83834a8c51fb681ce4dfe02afd5f063082d8abba0b456084c677aeb6f8e0d70305322ec2ea97203",
    "hkdf": "f27d87f9f6b87718073c8d2ad6bae00b4162cecde350c856252dd611120c433373a0c0d3946a8582bf855bf581439a14ca4f355fcd18881331f4a3b1027e84b2"
  },
+  {
+    "digest": "md4",
+    "hash": "0abe9ee1f376caa1bcecad9042f16e73",
+    "signature": "9e0ea2ddcde181d9304e0cc56fd5e83f3bcc7921aa8605c4abb47c3829e79f99e856e323555222765d2b92328ff72b34ccbbc9e417033e1214c79bc4cccaf9d3a7f73105ab8f54507aa6a1909ec4754bd5a3b0ac588836c10c79c28ab81294b91aa5fa622574112dfeb52e8d785aa16193713ff66c11f23277eb27cfc8a6cd658777e3310aa9eede84b638673565f41978d278ef51b68a7e9855543f70e0c7ca823a7dfcfd922ea4973360a58c41132472737c6d68d30c2b4ca50882092e12f3e3b017199f45180a897cd155107ddd7fccca3eea565521b3f75dd8db6b0e8817c20b96e7e0d2bfe5c73e10a2d1e720dc00809def92c419411fcdd6e029fb6053",
+    "pkdf2": "a94d60cc0f44f11f4dd836de5313642956fee6f36ed7460b91d80e5dbc4089f123d6c70c6da4de059248a863af93da1f2776fae7065f008cf3fc7ebfe7592d7a",
+    "hkdf": "0104d69f3cb07f15194061d20905c559fcd1e3e2f71012ef88c964b16dca5253cda26f4c84fbafab14e638be1d1a972109b8725d5fb4dfa50b95d6ad3c4b6a88"
+  },
+  {
+    "digest": "md4WithRSAEncryption",
+    "hash": "0abe9ee1f376caa1bcecad9042f16e73",
+    "signature": "9e0ea2ddcde181d9304e0cc56fd5e83f3bcc7921aa8605c4abb47c3829e79f99e856e323555222765d2b92328ff72b34ccbbc9e417033e1214c79bc4cccaf9d3a7f73105ab8f54507aa6a1909ec4754bd5a3b0ac588836c10c79c28ab81294b91aa5fa622574112dfeb52e8d785aa16193713ff66c11f23277eb27cfc8a6cd658777e3310aa9eede84b638673565f41978d278ef51b68a7e9855543f70e0c7ca823a7dfcfd922ea4973360a58c41132472737c6d68d30c2b4ca50882092e12f3e3b017199f45180a897cd155107ddd7fccca3eea565521b3f75dd8db6b0e8817c20b96e7e0d2bfe5c73e10a2d1e720dc00809def92c419411fcdd6e029fb6053",
+    "pkdf2": "a94d60cc0f44f11f4dd836de5313642956fee6f36ed7460b91d80e5dbc4089f123d6c70c6da4de059248a863af93da1f2776fae7065f008cf3fc7ebfe7592d7a",
+    "hkdf": "0104d69f3cb07f15194061d20905c559fcd1e3e2f71012ef88c964b16dca5253cda26f4c84fbafab14e638be1d1a972109b8725d5fb4dfa50b95d6ad3c4b6a88"
+  },
  {
    "digest": "md5",
    "hash": "6cd3556deb0da54bca060b4c39479839",