From 81c9e0ba25acb6288330b85ba2c558f587d92782 Mon Sep 17 00:00:00 2001
From: Luca Casonato <hello@lcas.dev>
Date: Mon, 16 Sep 2024 13:04:40 +0200
Subject: [PATCH] fix(ext/crypto): support md4 digest algorithm (#25656)

Fixes #25646
---
 ext/node/ops/crypto/digest.rs                 |  7 +++++
 tests/unit_node/crypto/crypto_sign_test.ts    | 28 +++++++++++--------
 .../testdata/crypto_digest_fixtures.json      | 21 ++++++++++++++
 3 files changed, 45 insertions(+), 11 deletions(-)

diff --git a/ext/node/ops/crypto/digest.rs b/ext/node/ops/crypto/digest.rs
index 1bb028155c..293e8e0637 100644
--- a/ext/node/ops/crypto/digest.rs
+++ b/ext/node/ops/crypto/digest.rs
@@ -80,6 +80,10 @@ macro_rules! match_fixed_digest_with_eager_block_buffer {
         type $type = ::sm3::Sm3;
         $body
       }
+      "rsa-md4" | "md4" | "md4withrsaencryption" => {
+        type $type = ::md4::Md4;
+        $body
+      }
       "md5-sha1" => {
         type $type = crate::ops::crypto::md5_sha1::Md5Sha1;
         $body
@@ -260,6 +264,7 @@ impl Hash {
 
   pub fn get_hashes() -> Vec<&'static str> {
     vec![
+      "RSA-MD4",
       "RSA-MD5",
       "RSA-RIPEMD160",
       "RSA-SHA1",
@@ -281,6 +286,8 @@ impl Hash {
       "id-rsassa-pkcs1-v1_5-with-sha3-256",
       "id-rsassa-pkcs1-v1_5-with-sha3-384",
       "id-rsassa-pkcs1-v1_5-with-sha3-512",
+      "md4",
+      "md4WithRSAEncryption",
       "md5",
       "md5-sha1",
       "md5WithRSAEncryption",
diff --git a/tests/unit_node/crypto/crypto_sign_test.ts b/tests/unit_node/crypto/crypto_sign_test.ts
index c33c9758f4..97c80b28af 100644
--- a/tests/unit_node/crypto/crypto_sign_test.ts
+++ b/tests/unit_node/crypto/crypto_sign_test.ts
@@ -154,16 +154,21 @@ Deno.test("crypto.createSign|sign - compare with node", async (t) => {
     new URL(import.meta.resolve("../testdata/rsa_private.pem")),
   );
   for (const { digest, signature } of fixtures) {
-    await t.step(digest, () => {
-      let actual: string | null;
-      try {
-        const s = createSign(digest);
-        s.update(DATA);
-        actual = s.sign(privateKey).toString("hex");
-      } catch {
-        actual = null;
-      }
-      assertEquals(actual, signature);
+    await t.step({
+      name: digest,
+      // TODO(lucacasonato): our md4 implementation does not have an OID, so it can't sign/verify
+      ignore: digest.toLowerCase().includes("md4"),
+      fn: () => {
+        let actual: string | null;
+        try {
+          const s = createSign(digest);
+          s.update(DATA);
+          actual = s.sign(privateKey).toString("hex");
+        } catch {
+          actual = null;
+        }
+        assertEquals(actual, signature);
+      },
     });
   }
 });
@@ -176,7 +181,8 @@ Deno.test("crypto.createVerify|verify - compare with node", async (t) => {
   for (const { digest, signature } of fixtures) {
     await t.step({
       name: digest,
-      ignore: signature === null,
+      // TODO(lucacasonato): our md4 implementation does not have an OID, so it can't sign/verify
+      ignore: signature === null || digest.toLowerCase().includes("md4"),
       fn: () => {
         const s = createVerify(digest);
         s.update(DATA);
diff --git a/tests/unit_node/testdata/crypto_digest_fixtures.json b/tests/unit_node/testdata/crypto_digest_fixtures.json
index c5b65261df..984657d24f 100644
--- a/tests/unit_node/testdata/crypto_digest_fixtures.json
+++ b/tests/unit_node/testdata/crypto_digest_fixtures.json
@@ -1,4 +1,11 @@
 [
+  {
+    "digest": "RSA-MD4",
+    "hash": "0abe9ee1f376caa1bcecad9042f16e73",
+    "signature": "9e0ea2ddcde181d9304e0cc56fd5e83f3bcc7921aa8605c4abb47c3829e79f99e856e323555222765d2b92328ff72b34ccbbc9e417033e1214c79bc4cccaf9d3a7f73105ab8f54507aa6a1909ec4754bd5a3b0ac588836c10c79c28ab81294b91aa5fa622574112dfeb52e8d785aa16193713ff66c11f23277eb27cfc8a6cd658777e3310aa9eede84b638673565f41978d278ef51b68a7e9855543f70e0c7ca823a7dfcfd922ea4973360a58c41132472737c6d68d30c2b4ca50882092e12f3e3b017199f45180a897cd155107ddd7fccca3eea565521b3f75dd8db6b0e8817c20b96e7e0d2bfe5c73e10a2d1e720dc00809def92c419411fcdd6e029fb6053",
+    "pkdf2": "a94d60cc0f44f11f4dd836de5313642956fee6f36ed7460b91d80e5dbc4089f123d6c70c6da4de059248a863af93da1f2776fae7065f008cf3fc7ebfe7592d7a",
+    "hkdf": "0104d69f3cb07f15194061d20905c559fcd1e3e2f71012ef88c964b16dca5253cda26f4c84fbafab14e638be1d1a972109b8725d5fb4dfa50b95d6ad3c4b6a88"
+  },
   {
     "digest": "RSA-MD5",
     "hash": "6cd3556deb0da54bca060b4c39479839",
@@ -146,6 +153,20 @@
     "pkdf2": "e1f0b454bf5d729fbb13e534229521a87aee130078555791d83834a8c51fb681ce4dfe02afd5f063082d8abba0b456084c677aeb6f8e0d70305322ec2ea97203",
     "hkdf": "f27d87f9f6b87718073c8d2ad6bae00b4162cecde350c856252dd611120c433373a0c0d3946a8582bf855bf581439a14ca4f355fcd18881331f4a3b1027e84b2"
   },
+  {
+    "digest": "md4",
+    "hash": "0abe9ee1f376caa1bcecad9042f16e73",
+    "signature": "9e0ea2ddcde181d9304e0cc56fd5e83f3bcc7921aa8605c4abb47c3829e79f99e856e323555222765d2b92328ff72b34ccbbc9e417033e1214c79bc4cccaf9d3a7f73105ab8f54507aa6a1909ec4754bd5a3b0ac588836c10c79c28ab81294b91aa5fa622574112dfeb52e8d785aa16193713ff66c11f23277eb27cfc8a6cd658777e3310aa9eede84b638673565f41978d278ef51b68a7e9855543f70e0c7ca823a7dfcfd922ea4973360a58c41132472737c6d68d30c2b4ca50882092e12f3e3b017199f45180a897cd155107ddd7fccca3eea565521b3f75dd8db6b0e8817c20b96e7e0d2bfe5c73e10a2d1e720dc00809def92c419411fcdd6e029fb6053",
+    "pkdf2": "a94d60cc0f44f11f4dd836de5313642956fee6f36ed7460b91d80e5dbc4089f123d6c70c6da4de059248a863af93da1f2776fae7065f008cf3fc7ebfe7592d7a",
+    "hkdf": "0104d69f3cb07f15194061d20905c559fcd1e3e2f71012ef88c964b16dca5253cda26f4c84fbafab14e638be1d1a972109b8725d5fb4dfa50b95d6ad3c4b6a88"
+  },
+  {
+    "digest": "md4WithRSAEncryption",
+    "hash": "0abe9ee1f376caa1bcecad9042f16e73",
+    "signature": "9e0ea2ddcde181d9304e0cc56fd5e83f3bcc7921aa8605c4abb47c3829e79f99e856e323555222765d2b92328ff72b34ccbbc9e417033e1214c79bc4cccaf9d3a7f73105ab8f54507aa6a1909ec4754bd5a3b0ac588836c10c79c28ab81294b91aa5fa622574112dfeb52e8d785aa16193713ff66c11f23277eb27cfc8a6cd658777e3310aa9eede84b638673565f41978d278ef51b68a7e9855543f70e0c7ca823a7dfcfd922ea4973360a58c41132472737c6d68d30c2b4ca50882092e12f3e3b017199f45180a897cd155107ddd7fccca3eea565521b3f75dd8db6b0e8817c20b96e7e0d2bfe5c73e10a2d1e720dc00809def92c419411fcdd6e029fb6053",
+    "pkdf2": "a94d60cc0f44f11f4dd836de5313642956fee6f36ed7460b91d80e5dbc4089f123d6c70c6da4de059248a863af93da1f2776fae7065f008cf3fc7ebfe7592d7a",
+    "hkdf": "0104d69f3cb07f15194061d20905c559fcd1e3e2f71012ef88c964b16dca5253cda26f4c84fbafab14e638be1d1a972109b8725d5fb4dfa50b95d6ad3c4b6a88"
+  },
   {
     "digest": "md5",
     "hash": "6cd3556deb0da54bca060b4c39479839",