Permalink
Browse files

crypto: support Uint8Array prime in createDH

PR-URL: #11983
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
  • Loading branch information...
addaleax committed Mar 22, 2017
1 parent c3efe72 commit 0db49fef4152e3642c2a0686c30bf59813e7ce1c
Showing with 76 additions and 46 deletions.
  1. +5 −2 doc/api/crypto.md
  2. +7 −4 lib/crypto.js
  3. +64 −40 test/parallel/test-crypto-dh.js
View
@@ -1237,12 +1237,15 @@ The `key` is the raw key used by the `algorithm` and `iv` is an
<!-- YAML
added: v0.11.12
changes:
- version: REPLACEME
pr-url: https://github.com/nodejs/node/pull/11983
description: The `prime` argument can be a `Uint8Array` now.
- version: v6.0.0
pr-url: https://github.com/nodejs/node/pull/5522
description: The default for the encoding parameters changed
from `binary` to `utf8`.
-->
- `prime` {string | Buffer}
- `prime` {string | Buffer | Uint8Array}
- `prime_encoding` {string}
- `generator` {number | string | Buffer | Uint8Array} Defaults to `2`.
- `generator_encoding` {string}
@@ -1257,7 +1260,7 @@ The `prime_encoding` and `generator_encoding` arguments can be `'latin1'`,
`'hex'`, or `'base64'`.
If `prime_encoding` is specified, `prime` is expected to be a string; otherwise
a [`Buffer`][] is expected.
a [`Buffer`][] or `Uint8Array` is expected.
If `generator_encoding` is specified, `generator` is expected to be a string;
otherwise either a number or [`Buffer`][] or `Uint8Array` is expected.
View
@@ -42,6 +42,7 @@ const timingSafeEqual = binding.timingSafeEqual;
const Buffer = require('buffer').Buffer;
const stream = require('stream');
const util = require('util');
const { isUint8Array } = process.binding('util');
const LazyTransform = require('internal/streams/lazy_transform');
const DH_GENERATOR = 2;
@@ -368,10 +369,12 @@ function DiffieHellman(sizeOrKey, keyEncoding, generator, genEncoding) {
if (!(this instanceof DiffieHellman))
return new DiffieHellman(sizeOrKey, keyEncoding, generator, genEncoding);
if (!(sizeOrKey instanceof Buffer) &&
typeof sizeOrKey !== 'number' &&
typeof sizeOrKey !== 'string')
throw new TypeError('First argument should be number, string or Buffer');
if (typeof sizeOrKey !== 'number' &&
typeof sizeOrKey !== 'string' &&
!isUint8Array(sizeOrKey)) {
throw new TypeError('First argument should be number, string, ' +
'Uint8Array or Buffer');
}
if (keyEncoding) {
if (typeof keyEncoding !== 'string' ||
@@ -24,7 +24,7 @@ assert.strictEqual(dh1.verifyError, 0);
assert.strictEqual(dh2.verifyError, 0);
const argumentsError =
/^TypeError: First argument should be number, string or Buffer$/;
/^TypeError: First argument should be number, string, Uint8Array or Buffer$/;
assert.throws(() => {
crypto.createDiffieHellman([0x1, 0x2]);
@@ -112,45 +112,69 @@ const modp2buf = Buffer.from([
0x1f, 0xe6, 0x49, 0x28, 0x66, 0x51, 0xec, 0xe6, 0x53, 0x81,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
]);
const exmodp2 = crypto.createDiffieHellman(modp2buf, Buffer.from([2]));
modp2.generateKeys();
exmodp2.generateKeys();
let modp2Secret = modp2.computeSecret(exmodp2.getPublicKey()).toString('hex');
const exmodp2Secret = exmodp2.computeSecret(modp2.getPublicKey())
.toString('hex');
assert.strictEqual(modp2Secret, exmodp2Secret);
assert.strictEqual(modp2.verifyError, DH_NOT_SUITABLE_GENERATOR);
assert.strictEqual(exmodp2.verifyError, DH_NOT_SUITABLE_GENERATOR);
// Ensure specific generator (string with encoding) works as expected.
const exmodp2_2 = crypto.createDiffieHellman(modp2buf, '02', 'hex');
exmodp2_2.generateKeys();
modp2Secret = modp2.computeSecret(exmodp2_2.getPublicKey()).toString('hex');
const exmodp2_2Secret = exmodp2_2.computeSecret(modp2.getPublicKey())
.toString('hex');
assert.strictEqual(modp2Secret, exmodp2_2Secret);
assert.strictEqual(exmodp2_2.verifyError, DH_NOT_SUITABLE_GENERATOR);
// Ensure specific generator (string without encoding) works as expected.
const exmodp2_3 = crypto.createDiffieHellman(modp2buf, '\x02');
exmodp2_3.generateKeys();
modp2Secret = modp2.computeSecret(exmodp2_3.getPublicKey()).toString('hex');
const exmodp2_3Secret = exmodp2_3.computeSecret(modp2.getPublicKey())
.toString('hex');
assert.strictEqual(modp2Secret, exmodp2_3Secret);
assert.strictEqual(exmodp2_3.verifyError, DH_NOT_SUITABLE_GENERATOR);
// Ensure specific generator (numeric) works as expected.
const exmodp2_4 = crypto.createDiffieHellman(modp2buf, 2);
exmodp2_4.generateKeys();
modp2Secret = modp2.computeSecret(exmodp2_4.getPublicKey()).toString('hex');
const exmodp2_4Secret = exmodp2_4.computeSecret(modp2.getPublicKey())
.toString('hex');
assert.strictEqual(modp2Secret, exmodp2_4Secret);
assert.strictEqual(exmodp2_4.verifyError, DH_NOT_SUITABLE_GENERATOR);
{
const exmodp2 = crypto.createDiffieHellman(modp2buf, Buffer.from([2]));
modp2.generateKeys();
exmodp2.generateKeys();
const modp2Secret = modp2.computeSecret(exmodp2.getPublicKey())
.toString('hex');
const exmodp2Secret = exmodp2.computeSecret(modp2.getPublicKey())
.toString('hex');
assert.strictEqual(modp2Secret, exmodp2Secret);
assert.strictEqual(modp2.verifyError, DH_NOT_SUITABLE_GENERATOR);
assert.strictEqual(exmodp2.verifyError, DH_NOT_SUITABLE_GENERATOR);
}
{
// Ensure specific generator (string with encoding) works as expected.
const exmodp2 = crypto.createDiffieHellman(modp2buf, '02', 'hex');
exmodp2.generateKeys();
const modp2Secret = modp2.computeSecret(exmodp2.getPublicKey())
.toString('hex');
const exmodp2Secret = exmodp2.computeSecret(modp2.getPublicKey())
.toString('hex');
assert.strictEqual(modp2Secret, exmodp2Secret);
assert.strictEqual(exmodp2.verifyError, DH_NOT_SUITABLE_GENERATOR);
}
{
// Ensure specific generator (string with encoding) works as expected,
// with a Uint8Array as the first argument to createDiffieHellman().
const exmodp2 = crypto.createDiffieHellman(new Uint8Array(modp2buf),
'02', 'hex');
exmodp2.generateKeys();
const modp2Secret = modp2.computeSecret(exmodp2.getPublicKey())
.toString('hex');
const exmodp2Secret = exmodp2.computeSecret(modp2.getPublicKey())
.toString('hex');
assert.strictEqual(modp2Secret, exmodp2Secret);
assert.strictEqual(exmodp2.verifyError, DH_NOT_SUITABLE_GENERATOR);
}
{
// Ensure specific generator (string without encoding) works as expected.
const exmodp2 = crypto.createDiffieHellman(modp2buf, '\x02');
exmodp2.generateKeys();
const modp2Secret = modp2.computeSecret(exmodp2.getPublicKey())
.toString('hex');
const exmodp2Secret = exmodp2.computeSecret(modp2.getPublicKey())
.toString('hex');
assert.strictEqual(modp2Secret, exmodp2Secret);
assert.strictEqual(exmodp2.verifyError, DH_NOT_SUITABLE_GENERATOR);
}
{
// Ensure specific generator (numeric) works as expected.
const exmodp2 = crypto.createDiffieHellman(modp2buf, 2);
exmodp2.generateKeys();
const modp2Secret = modp2.computeSecret(exmodp2.getPublicKey())
.toString('hex');
const exmodp2Secret = exmodp2.computeSecret(modp2.getPublicKey())
.toString('hex');
assert.strictEqual(modp2Secret, exmodp2Secret);
assert.strictEqual(exmodp2.verifyError, DH_NOT_SUITABLE_GENERATOR);
}
const p = 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74' +

0 comments on commit 0db49fe

Please sign in to comment.