-
Notifications
You must be signed in to change notification settings - Fork 29.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto: add sign/verify support for RSASSA-PSS #11705
Closed
Closed
Changes from all commits
Commits
Show all changes
17 commits
Select commit
Hold shift + click to select a range
a361f53
crypto: add sign/verify support for RSASSA-PSS
tniessen e467227
Various improvements related to PR #11705
tniessen 5a874a5
Minor linting fixes
tniessen 8a23882
Fix API description, error message
tniessen 15abaae
Use defined constants instead of values
tniessen d75601e
Improvements requested by sam-github
tniessen 5e78d9c
Changes requested by bnoordhuis
tniessen 5e5f2e4
Move application of RSA options out of sign/verify
tniessen b9a6779
Fix linter error
tniessen fcd7053
Move RSA option parsing to crypto.js
tniessen 287e2d6
Remove unused using
tniessen 8dc383e
Strict checks and more tests
tniessen 1679e0c
Fix linting
tniessen 8b64c04
Minor improvements
tniessen 44b71e9
Note about MGF1, test vectors
tniessen 4f695aa
Add RSASSA-PSS sign test
tniessen 8772278
Add changes to doc
tniessen File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -303,7 +303,28 @@ Sign.prototype.sign = function sign(options, encoding) { | |
|
||
var key = options.key || options; | ||
var passphrase = options.passphrase || null; | ||
var ret = this._handle.sign(toBuf(key), null, passphrase); | ||
|
||
// Options specific to RSA | ||
var rsaPadding = constants.RSA_PKCS1_PADDING; | ||
if (options.hasOwnProperty('padding')) { | ||
if (options.padding === options.padding >> 0) { | ||
rsaPadding = options.padding; | ||
} else { | ||
throw new TypeError('padding must be an integer'); | ||
} | ||
} | ||
|
||
var pssSaltLength = constants.RSA_PSS_SALTLEN_AUTO; | ||
if (options.hasOwnProperty('saltLength')) { | ||
if (options.saltLength === options.saltLength >> 0) { | ||
pssSaltLength = options.saltLength; | ||
} else { | ||
throw new TypeError('saltLength must be an integer'); | ||
} | ||
} | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. You could perhaps factor this out into a separate function but OTOH, this is fine too. |
||
|
||
var ret = this._handle.sign(toBuf(key), null, passphrase, rsaPadding, | ||
pssSaltLength); | ||
|
||
encoding = encoding || exports.DEFAULT_ENCODING; | ||
if (encoding && encoding !== 'buffer') | ||
|
@@ -329,9 +350,31 @@ util.inherits(Verify, stream.Writable); | |
Verify.prototype._write = Sign.prototype._write; | ||
Verify.prototype.update = Sign.prototype.update; | ||
|
||
Verify.prototype.verify = function verify(object, signature, sigEncoding) { | ||
Verify.prototype.verify = function verify(options, signature, sigEncoding) { | ||
var key = options.key || options; | ||
sigEncoding = sigEncoding || exports.DEFAULT_ENCODING; | ||
return this._handle.verify(toBuf(object), toBuf(signature, sigEncoding)); | ||
|
||
// Options specific to RSA | ||
var rsaPadding = constants.RSA_PKCS1_PADDING; | ||
if (options.hasOwnProperty('padding')) { | ||
if (options.padding === options.padding >> 0) { | ||
rsaPadding = options.padding; | ||
} else { | ||
throw new TypeError('padding must be an integer'); | ||
} | ||
} | ||
|
||
var pssSaltLength = constants.RSA_PSS_SALTLEN_AUTO; | ||
if (options.hasOwnProperty('saltLength')) { | ||
if (options.saltLength === options.saltLength >> 0) { | ||
pssSaltLength = options.saltLength; | ||
} else { | ||
throw new TypeError('saltLength must be an integer'); | ||
} | ||
} | ||
|
||
return this._handle.verify(toBuf(key), toBuf(signature, sigEncoding), null, | ||
rsaPadding, pssSaltLength); | ||
}; | ||
|
||
function rsaPublic(method, defaultPadding) { | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This change is also needed.