mirror of
https://github.com/nodejs/node.git
synced 2025-08-15 13:48:44 +02:00
823d86c47c
This commit makes multiple important changes: 1. A new key object API is introduced. The KeyObject class itself is not exposed to users, instead, several new APIs can be used to construct key objects: createSecretKey, createPrivateKey and createPublicKey. The new API also allows to convert between different key formats, and even though the API itself is not compatible to the WebCrypto standard in any way, it makes interoperability much simpler. 2. Key objects can be used instead of the raw key material in all relevant crypto APIs. 3. The handling of asymmetric keys has been unified and greatly improved. Node.js now fully supports both PEM-encoded and DER-encoded public and private keys. 4. Conversions between buffers and strings have been moved to native code for sensitive data such as symmetric keys due to security considerations such as zeroing temporary buffers. 5. For compatibility with older versions of the crypto API, this change allows to specify Buffers and strings as the "passphrase" option when reading or writing an encoded key. Note that this can result in unexpected behavior if the password contains a null byte. PR-URL: https://github.com/nodejs/node/pull/24234 Reviewed-By: Refael Ackermann <refack@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
134 lines
3.5 KiB
JavaScript
134 lines
3.5 KiB
JavaScript
'use strict';
|
|
|
|
const {
|
|
Hash: _Hash,
|
|
Hmac: _Hmac
|
|
} = process.binding('crypto');
|
|
|
|
const {
|
|
getDefaultEncoding,
|
|
kHandle,
|
|
legacyNativeHandle,
|
|
toBuf
|
|
} = require('internal/crypto/util');
|
|
|
|
const {
|
|
prepareSecretKey
|
|
} = require('internal/crypto/keys');
|
|
|
|
const { Buffer } = require('buffer');
|
|
|
|
const {
|
|
ERR_CRYPTO_HASH_DIGEST_NO_UTF16,
|
|
ERR_CRYPTO_HASH_FINALIZED,
|
|
ERR_CRYPTO_HASH_UPDATE_FAILED,
|
|
ERR_INVALID_ARG_TYPE
|
|
} = require('internal/errors').codes;
|
|
const { validateString } = require('internal/validators');
|
|
const { normalizeEncoding } = require('internal/util');
|
|
const { isArrayBufferView } = require('internal/util/types');
|
|
const LazyTransform = require('internal/streams/lazy_transform');
|
|
const kState = Symbol('kState');
|
|
const kFinalized = Symbol('kFinalized');
|
|
|
|
function Hash(algorithm, options) {
|
|
if (!(this instanceof Hash))
|
|
return new Hash(algorithm, options);
|
|
validateString(algorithm, 'algorithm');
|
|
this[kHandle] = new _Hash(algorithm);
|
|
this[kState] = {
|
|
[kFinalized]: false
|
|
};
|
|
LazyTransform.call(this, options);
|
|
}
|
|
|
|
Object.setPrototypeOf(Hash.prototype, LazyTransform.prototype);
|
|
Object.setPrototypeOf(Hash, LazyTransform);
|
|
|
|
Hash.prototype._transform = function _transform(chunk, encoding, callback) {
|
|
this[kHandle].update(chunk, encoding);
|
|
callback();
|
|
};
|
|
|
|
Hash.prototype._flush = function _flush(callback) {
|
|
this.push(this[kHandle].digest());
|
|
callback();
|
|
};
|
|
|
|
Hash.prototype.update = function update(data, encoding) {
|
|
const state = this[kState];
|
|
if (state[kFinalized])
|
|
throw new ERR_CRYPTO_HASH_FINALIZED();
|
|
|
|
if (typeof data !== 'string' && !isArrayBufferView(data)) {
|
|
throw new ERR_INVALID_ARG_TYPE('data',
|
|
['string', 'TypedArray', 'DataView'], data);
|
|
}
|
|
|
|
if (!this[kHandle].update(data, encoding || getDefaultEncoding()))
|
|
throw new ERR_CRYPTO_HASH_UPDATE_FAILED();
|
|
return this;
|
|
};
|
|
|
|
|
|
Hash.prototype.digest = function digest(outputEncoding) {
|
|
const state = this[kState];
|
|
if (state[kFinalized])
|
|
throw new ERR_CRYPTO_HASH_FINALIZED();
|
|
outputEncoding = outputEncoding || getDefaultEncoding();
|
|
if (normalizeEncoding(outputEncoding) === 'utf16le')
|
|
throw new ERR_CRYPTO_HASH_DIGEST_NO_UTF16();
|
|
|
|
// Explicit conversion for backward compatibility.
|
|
const ret = this[kHandle].digest(`${outputEncoding}`);
|
|
state[kFinalized] = true;
|
|
return ret;
|
|
};
|
|
|
|
legacyNativeHandle(Hash);
|
|
|
|
|
|
function Hmac(hmac, key, options) {
|
|
if (!(this instanceof Hmac))
|
|
return new Hmac(hmac, key, options);
|
|
validateString(hmac, 'hmac');
|
|
key = prepareSecretKey(key);
|
|
this[kHandle] = new _Hmac();
|
|
this[kHandle].init(hmac, toBuf(key));
|
|
this[kState] = {
|
|
[kFinalized]: false
|
|
};
|
|
LazyTransform.call(this, options);
|
|
}
|
|
|
|
Object.setPrototypeOf(Hmac.prototype, LazyTransform.prototype);
|
|
Object.setPrototypeOf(Hmac, LazyTransform);
|
|
|
|
Hmac.prototype.update = Hash.prototype.update;
|
|
|
|
Hmac.prototype.digest = function digest(outputEncoding) {
|
|
const state = this[kState];
|
|
outputEncoding = outputEncoding || getDefaultEncoding();
|
|
if (normalizeEncoding(outputEncoding) === 'utf16le')
|
|
throw new ERR_CRYPTO_HASH_DIGEST_NO_UTF16();
|
|
|
|
if (state[kFinalized]) {
|
|
const buf = Buffer.from('');
|
|
return outputEncoding === 'buffer' ? buf : buf.toString(outputEncoding);
|
|
}
|
|
|
|
// Explicit conversion for backward compatibility.
|
|
const ret = this[kHandle].digest(`${outputEncoding}`);
|
|
state[kFinalized] = true;
|
|
return ret;
|
|
};
|
|
|
|
Hmac.prototype._flush = Hash.prototype._flush;
|
|
Hmac.prototype._transform = Hash.prototype._transform;
|
|
|
|
legacyNativeHandle(Hmac);
|
|
|
|
module.exports = {
|
|
Hash,
|
|
Hmac
|
|
};
|