GCC Code Coverage Report
Directory: ../ Exec Total Coverage
File: /home/iojs/build/workspace/node-test-commit-linux-coverage-daily/nodes/benchmark/out/../src/node_crypto.h Lines: 5 96 5.2 %
Date: 2019-02-01 22:03:38 Branches: 1 28 3.6 %

Line Branch Exec Source
1
// Copyright Joyent, Inc. and other Node contributors.
2
//
3
// Permission is hereby granted, free of charge, to any person obtaining a
4
// copy of this software and associated documentation files (the
5
// "Software"), to deal in the Software without restriction, including
6
// without limitation the rights to use, copy, modify, merge, publish,
7
// distribute, sublicense, and/or sell copies of the Software, and to permit
8
// persons to whom the Software is furnished to do so, subject to the
9
// following conditions:
10
//
11
// The above copyright notice and this permission notice shall be included
12
// in all copies or substantial portions of the Software.
13
//
14
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
17
// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
18
// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
19
// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
20
// USE OR OTHER DEALINGS IN THE SOFTWARE.
21
22
#ifndef SRC_NODE_CRYPTO_H_
23
#define SRC_NODE_CRYPTO_H_
24
25
#if defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS
26
27
#include "node.h"
28
// ClientHelloParser
29
#include "node_crypto_clienthello.h"
30
31
#include "node_buffer.h"
32
33
#include "env.h"
34
#include "async_wrap-inl.h"
35
#include "base_object-inl.h"
36
37
#include "v8.h"
38
39
#include <openssl/ssl.h>
40
#include <openssl/ec.h>
41
#include <openssl/ecdh.h>
42
#ifndef OPENSSL_NO_ENGINE
43
# include <openssl/engine.h>
44
#endif  // !OPENSSL_NO_ENGINE
45
#include <openssl/err.h>
46
#include <openssl/evp.h>
47
// TODO(shigeki) Remove this after upgrading to 1.1.1
48
#include <openssl/obj_mac.h>
49
#include <openssl/pem.h>
50
#include <openssl/x509.h>
51
#include <openssl/x509v3.h>
52
#include <openssl/hmac.h>
53
#include <openssl/rand.h>
54
#include <openssl/pkcs12.h>
55
56
namespace node {
57
namespace crypto {
58
59
// Forcibly clear OpenSSL's error stack on return. This stops stale errors
60
// from popping up later in the lifecycle of crypto operations where they
61
// would cause spurious failures. It's a rather blunt method, though.
62
// ERR_clear_error() isn't necessarily cheap either.
63
struct ClearErrorOnReturn {
64
  ~ClearErrorOnReturn() { ERR_clear_error(); }
65
};
66
67
// Pop errors from OpenSSL's error stack that were added
68
// between when this was constructed and destructed.
69
struct MarkPopErrorOnReturn {
70
  MarkPopErrorOnReturn() { ERR_set_mark(); }
71
  ~MarkPopErrorOnReturn() { ERR_pop_to_mark(); }
72
};
73
74
// Define smart pointers for the most commonly used OpenSSL types:
75
using X509Pointer = DeleteFnPtr<X509, X509_free>;
76
using BIOPointer = DeleteFnPtr<BIO, BIO_free_all>;
77
using SSLCtxPointer = DeleteFnPtr<SSL_CTX, SSL_CTX_free>;
78
using SSLSessionPointer = DeleteFnPtr<SSL_SESSION, SSL_SESSION_free>;
79
using SSLPointer = DeleteFnPtr<SSL, SSL_free>;
80
using EVPKeyPointer = DeleteFnPtr<EVP_PKEY, EVP_PKEY_free>;
81
using EVPKeyCtxPointer = DeleteFnPtr<EVP_PKEY_CTX, EVP_PKEY_CTX_free>;
82
using EVPMDPointer = DeleteFnPtr<EVP_MD_CTX, EVP_MD_CTX_free>;
83
using RSAPointer = DeleteFnPtr<RSA, RSA_free>;
84
using ECPointer = DeleteFnPtr<EC_KEY, EC_KEY_free>;
85
using BignumPointer = DeleteFnPtr<BIGNUM, BN_free>;
86
using NetscapeSPKIPointer = DeleteFnPtr<NETSCAPE_SPKI, NETSCAPE_SPKI_free>;
87
using ECGroupPointer = DeleteFnPtr<EC_GROUP, EC_GROUP_free>;
88
using ECPointPointer = DeleteFnPtr<EC_POINT, EC_POINT_free>;
89
using ECKeyPointer = DeleteFnPtr<EC_KEY, EC_KEY_free>;
90
using DHPointer = DeleteFnPtr<DH, DH_free>;
91
92
extern int VerifyCallback(int preverify_ok, X509_STORE_CTX* ctx);
93
94
extern void UseExtraCaCerts(const std::string& file);
95
96
void InitCryptoOnce();
97
98
class SecureContext : public BaseObject {
99
 public:
100
  ~SecureContext() override {
101
    Reset();
102
  }
103
104
  static void Initialize(Environment* env, v8::Local<v8::Object> target);
105
106
  // TODO(joyeecheung): track the memory used by OpenSSL types
107
  SET_NO_MEMORY_INFO()
108
  SET_MEMORY_INFO_NAME(SecureContext)
109
  SET_SELF_SIZE(SecureContext)
110
111
  SSLCtxPointer ctx_;
112
  X509Pointer cert_;
113
  X509Pointer issuer_;
114
#ifndef OPENSSL_NO_ENGINE
115
  bool client_cert_engine_provided_ = false;
116
#endif  // !OPENSSL_NO_ENGINE
117
118
  static const int kMaxSessionSize = 10 * 1024;
119
120
  // See TicketKeyCallback
121
  static const int kTicketKeyReturnIndex = 0;
122
  static const int kTicketKeyHMACIndex = 1;
123
  static const int kTicketKeyAESIndex = 2;
124
  static const int kTicketKeyNameIndex = 3;
125
  static const int kTicketKeyIVIndex = 4;
126
127
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
128
  unsigned char ticket_key_name_[16];
129
  unsigned char ticket_key_aes_[16];
130
  unsigned char ticket_key_hmac_[16];
131
#endif
132
133
 protected:
134
#if OPENSSL_VERSION_NUMBER < 0x10100000L
135
  static const int64_t kExternalSize = sizeof(SSL_CTX);
136
#else
137
  // OpenSSL 1.1.0 has opaque structures. This is an estimate based on the size
138
  // as of OpenSSL 1.1.0f.
139
  static const int64_t kExternalSize = 872;
140
#endif
141
142
  static void New(const v8::FunctionCallbackInfo<v8::Value>& args);
143
  static void Init(const v8::FunctionCallbackInfo<v8::Value>& args);
144
  static void SetKey(const v8::FunctionCallbackInfo<v8::Value>& args);
145
  static void SetCert(const v8::FunctionCallbackInfo<v8::Value>& args);
146
  static void AddCACert(const v8::FunctionCallbackInfo<v8::Value>& args);
147
  static void AddCRL(const v8::FunctionCallbackInfo<v8::Value>& args);
148
  static void AddRootCerts(const v8::FunctionCallbackInfo<v8::Value>& args);
149
  static void SetCiphers(const v8::FunctionCallbackInfo<v8::Value>& args);
150
  static void SetECDHCurve(const v8::FunctionCallbackInfo<v8::Value>& args);
151
  static void SetDHParam(const v8::FunctionCallbackInfo<v8::Value>& args);
152
  static void SetOptions(const v8::FunctionCallbackInfo<v8::Value>& args);
153
  static void SetSessionIdContext(
154
      const v8::FunctionCallbackInfo<v8::Value>& args);
155
  static void SetSessionTimeout(
156
      const v8::FunctionCallbackInfo<v8::Value>& args);
157
  static void Close(const v8::FunctionCallbackInfo<v8::Value>& args);
158
  static void LoadPKCS12(const v8::FunctionCallbackInfo<v8::Value>& args);
159
#ifndef OPENSSL_NO_ENGINE
160
  static void SetClientCertEngine(
161
      const v8::FunctionCallbackInfo<v8::Value>& args);
162
#endif  // !OPENSSL_NO_ENGINE
163
  static void GetTicketKeys(const v8::FunctionCallbackInfo<v8::Value>& args);
164
  static void SetTicketKeys(const v8::FunctionCallbackInfo<v8::Value>& args);
165
  static void SetFreeListLength(
166
      const v8::FunctionCallbackInfo<v8::Value>& args);
167
  static void EnableTicketKeyCallback(
168
      const v8::FunctionCallbackInfo<v8::Value>& args);
169
  static void CtxGetter(const v8::FunctionCallbackInfo<v8::Value>& info);
170
171
  template <bool primary>
172
  static void GetCertificate(const v8::FunctionCallbackInfo<v8::Value>& args);
173
174
  static int TicketKeyCallback(SSL* ssl,
175
                               unsigned char* name,
176
                               unsigned char* iv,
177
                               EVP_CIPHER_CTX* ectx,
178
                               HMAC_CTX* hctx,
179
                               int enc);
180
181
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
182
  static int TicketCompatibilityCallback(SSL* ssl,
183
                                         unsigned char* name,
184
                                         unsigned char* iv,
185
                                         EVP_CIPHER_CTX* ectx,
186
                                         HMAC_CTX* hctx,
187
                                         int enc);
188
#endif
189
190
  SecureContext(Environment* env, v8::Local<v8::Object> wrap)
191
      : BaseObject(env, wrap) {
192
    MakeWeak();
193
    env->isolate()->AdjustAmountOfExternalAllocatedMemory(kExternalSize);
194
  }
195
196
  inline void Reset() {
197
    if (ctx_ != nullptr) {
198
      env()->isolate()->AdjustAmountOfExternalAllocatedMemory(-kExternalSize);
199
    }
200
    ctx_.reset();
201
    cert_.reset();
202
    issuer_.reset();
203
  }
204
};
205
206
// SSLWrap implicitly depends on the inheriting class' handle having an
207
// internal pointer to the Base class.
208
template <class Base>
209
class SSLWrap {
210
 public:
211
  enum Kind {
212
    kClient,
213
    kServer
214
  };
215
216
  SSLWrap(Environment* env, SecureContext* sc, Kind kind)
217
      : env_(env),
218
        kind_(kind),
219
        next_sess_(nullptr),
220
        session_callbacks_(false),
221
        awaiting_new_session_(false),
222
        cert_cb_(nullptr),
223
        cert_cb_arg_(nullptr),
224
        cert_cb_running_(false) {
225
    ssl_.reset(SSL_new(sc->ctx_.get()));
226
    CHECK(ssl_);
227
    env_->isolate()->AdjustAmountOfExternalAllocatedMemory(kExternalSize);
228
  }
229
230
  virtual ~SSLWrap() {
231
    DestroySSL();
232
  }
233
234
  inline void enable_session_callbacks() { session_callbacks_ = true; }
235
  inline bool is_server() const { return kind_ == kServer; }
236
  inline bool is_client() const { return kind_ == kClient; }
237
  inline bool is_awaiting_new_session() const { return awaiting_new_session_; }
238
  inline bool is_waiting_cert_cb() const { return cert_cb_ != nullptr; }
239
240
 protected:
241
  typedef void (*CertCb)(void* arg);
242
243
#if OPENSSL_VERSION_NUMBER < 0x10100000L
244
  // Size allocated by OpenSSL: one for SSL structure, one for SSL3_STATE and
245
  // some for buffers.
246
  // NOTE: Actually it is much more than this
247
  static const int64_t kExternalSize =
248
      sizeof(SSL) + sizeof(SSL3_STATE) + 42 * 1024;
249
#else
250
  // OpenSSL 1.1.0 has opaque structures. This is an estimate based on the size
251
  // as of OpenSSL 1.1.0f.
252
  static const int64_t kExternalSize = 4448 + 1024 + 42 * 1024;
253
#endif
254
255
  static void ConfigureSecureContext(SecureContext* sc);
256
  static void AddMethods(Environment* env, v8::Local<v8::FunctionTemplate> t);
257
258
#if OPENSSL_VERSION_NUMBER < 0x10100000L
259
  static SSL_SESSION* GetSessionCallback(SSL* s,
260
                                         unsigned char* key,
261
                                         int len,
262
                                         int* copy);
263
#else
264
  static SSL_SESSION* GetSessionCallback(SSL* s,
265
                                         const unsigned char* key,
266
                                         int len,
267
                                         int* copy);
268
#endif
269
  static int NewSessionCallback(SSL* s, SSL_SESSION* sess);
270
  static void OnClientHello(void* arg,
271
                            const ClientHelloParser::ClientHello& hello);
272
273
  static void GetPeerCertificate(
274
      const v8::FunctionCallbackInfo<v8::Value>& args);
275
  static void GetCertificate(const v8::FunctionCallbackInfo<v8::Value>& args);
276
  static void GetFinished(const v8::FunctionCallbackInfo<v8::Value>& args);
277
  static void GetPeerFinished(const v8::FunctionCallbackInfo<v8::Value>& args);
278
  static void GetSession(const v8::FunctionCallbackInfo<v8::Value>& args);
279
  static void SetSession(const v8::FunctionCallbackInfo<v8::Value>& args);
280
  static void LoadSession(const v8::FunctionCallbackInfo<v8::Value>& args);
281
  static void IsSessionReused(const v8::FunctionCallbackInfo<v8::Value>& args);
282
  static void IsInitFinished(const v8::FunctionCallbackInfo<v8::Value>& args);
283
  static void VerifyError(const v8::FunctionCallbackInfo<v8::Value>& args);
284
  static void GetCurrentCipher(const v8::FunctionCallbackInfo<v8::Value>& args);
285
  static void EndParser(const v8::FunctionCallbackInfo<v8::Value>& args);
286
  static void CertCbDone(const v8::FunctionCallbackInfo<v8::Value>& args);
287
  static void Renegotiate(const v8::FunctionCallbackInfo<v8::Value>& args);
288
  static void Shutdown(const v8::FunctionCallbackInfo<v8::Value>& args);
289
  static void GetTLSTicket(const v8::FunctionCallbackInfo<v8::Value>& args);
290
  static void NewSessionDone(const v8::FunctionCallbackInfo<v8::Value>& args);
291
  static void SetOCSPResponse(const v8::FunctionCallbackInfo<v8::Value>& args);
292
  static void RequestOCSP(const v8::FunctionCallbackInfo<v8::Value>& args);
293
  static void GetEphemeralKeyInfo(
294
      const v8::FunctionCallbackInfo<v8::Value>& args);
295
  static void GetProtocol(const v8::FunctionCallbackInfo<v8::Value>& args);
296
297
#ifdef SSL_set_max_send_fragment
298
  static void SetMaxSendFragment(
299
      const v8::FunctionCallbackInfo<v8::Value>& args);
300
#endif  // SSL_set_max_send_fragment
301
302
  static void GetALPNNegotiatedProto(
303
      const v8::FunctionCallbackInfo<v8::Value>& args);
304
  static void SetALPNProtocols(const v8::FunctionCallbackInfo<v8::Value>& args);
305
  static int SelectALPNCallback(SSL* s,
306
                                const unsigned char** out,
307
                                unsigned char* outlen,
308
                                const unsigned char* in,
309
                                unsigned int inlen,
310
                                void* arg);
311
  static int TLSExtStatusCallback(SSL* s, void* arg);
312
  static int SSLCertCallback(SSL* s, void* arg);
313
314
  void DestroySSL();
315
  void WaitForCertCb(CertCb cb, void* arg);
316
  void SetSNIContext(SecureContext* sc);
317
  int SetCACerts(SecureContext* sc);
318
319
  inline Environment* ssl_env() const {
320
    return env_;
321
  }
322
323
  Environment* const env_;
324
  Kind kind_;
325
  SSLSessionPointer next_sess_;
326
  SSLPointer ssl_;
327
  bool session_callbacks_;
328
  bool awaiting_new_session_;
329
330
  // SSL_set_cert_cb
331
  CertCb cert_cb_;
332
  void* cert_cb_arg_;
333
  bool cert_cb_running_;
334
335
  ClientHelloParser hello_parser_;
336
337
  Persistent<v8::Object> ocsp_response_;
338
  Persistent<v8::Value> sni_context_;
339
340
  friend class SecureContext;
341
};
342
343
// A helper class representing a read-only byte array. When deallocated, its
344
// contents are zeroed.
345
class ByteSource {
346
 public:
347
  ByteSource() = default;
348
  ByteSource(ByteSource&& other);
349
  ~ByteSource();
350
351
  ByteSource& operator=(ByteSource&& other);
352
353
  const char* get() const;
354
  size_t size() const;
355
356
  static ByteSource FromStringOrBuffer(Environment* env,
357
                                       v8::Local<v8::Value> value);
358
359
  static ByteSource FromString(Environment* env,
360
                               v8::Local<v8::String> str,
361
                               bool ntc = false);
362
363
  static ByteSource FromBuffer(v8::Local<v8::Value> buffer,
364
                               bool ntc = false);
365
366
  static ByteSource NullTerminatedCopy(Environment* env,
367
                                       v8::Local<v8::Value> value);
368
369
  static ByteSource FromSymmetricKeyObject(v8::Local<v8::Value> handle);
370
371
 private:
372
  const char* data_ = nullptr;
373
  char* allocated_data_ = nullptr;
374
  size_t size_ = 0;
375
376
  ByteSource(const char* data, char* allocated_data, size_t size);
377
378
  static ByteSource Allocated(char* data, size_t size);
379
  static ByteSource Foreign(const char* data, size_t size);
380
381
  DISALLOW_COPY_AND_ASSIGN(ByteSource);
382
};
383
384
enum PKEncodingType {
385
  // RSAPublicKey / RSAPrivateKey according to PKCS#1.
386
  kKeyEncodingPKCS1,
387
  // PrivateKeyInfo or EncryptedPrivateKeyInfo according to PKCS#8.
388
  kKeyEncodingPKCS8,
389
  // SubjectPublicKeyInfo according to X.509.
390
  kKeyEncodingSPKI,
391
  // ECPrivateKey according to SEC1.
392
  kKeyEncodingSEC1
393
};
394
395
enum PKFormatType {
396
  kKeyFormatDER,
397
  kKeyFormatPEM
398
};
399
400
struct AsymmetricKeyEncodingConfig {
401
  bool output_key_object_;
402
  PKFormatType format_;
403
  v8::Maybe<PKEncodingType> type_ = v8::Nothing<PKEncodingType>();
404
};
405
406
typedef AsymmetricKeyEncodingConfig PublicKeyEncodingConfig;
407
408
struct PrivateKeyEncodingConfig : public AsymmetricKeyEncodingConfig {
409
  const EVP_CIPHER* cipher_;
410
  ByteSource passphrase_;
411
};
412
413
enum KeyType {
414
  kKeyTypeSecret,
415
  kKeyTypePublic,
416
  kKeyTypePrivate
417
};
418
419
// This uses the built-in reference counter of OpenSSL to manage an EVP_PKEY
420
// which is slightly more efficient than using a shared pointer and easier to
421
// use.
422
class ManagedEVPPKey {
423
 public:
424
  ManagedEVPPKey();
425
  explicit ManagedEVPPKey(EVP_PKEY* pkey);
426
  ManagedEVPPKey(const ManagedEVPPKey& key);
427
  ManagedEVPPKey(ManagedEVPPKey&& key);
428
  ~ManagedEVPPKey();
429
430
  ManagedEVPPKey& operator=(const ManagedEVPPKey& key);
431
  ManagedEVPPKey& operator=(ManagedEVPPKey&& key);
432
433
  operator bool() const;
434
  EVP_PKEY* get() const;
435
436
 private:
437
  EVP_PKEY* pkey_;
438
};
439
440
class KeyObject : public BaseObject {
441
 public:
442
  static v8::Local<v8::Function> Initialize(Environment* env,
443
                                            v8::Local<v8::Object> target);
444
445
  static v8::MaybeLocal<v8::Object> Create(Environment* env,
446
                                           KeyType type,
447
                                           const ManagedEVPPKey& pkey);
448
449
  // TODO(tniessen): track the memory used by OpenSSL types
450
  SET_NO_MEMORY_INFO()
451
  SET_MEMORY_INFO_NAME(KeyObject)
452
  SET_SELF_SIZE(KeyObject)
453
454
  KeyType GetKeyType() const;
455
456
  // These functions allow unprotected access to the raw key material and should
457
  // only be used to implement cryptograohic operations requiring the key.
458
  ManagedEVPPKey GetAsymmetricKey() const;
459
  const char* GetSymmetricKey() const;
460
  size_t GetSymmetricKeySize() const;
461
462
 protected:
463
  static void New(const v8::FunctionCallbackInfo<v8::Value>& args);
464
465
  static void Init(const v8::FunctionCallbackInfo<v8::Value>& args);
466
  void InitSecret(const char* key, size_t key_len);
467
  void InitPublic(const ManagedEVPPKey& pkey);
468
  void InitPrivate(const ManagedEVPPKey& pkey);
469
470
  static void GetAsymmetricKeyType(
471
      const v8::FunctionCallbackInfo<v8::Value>& args);
472
  v8::Local<v8::String> GetAsymmetricKeyType() const;
473
474
  static void GetSymmetricKeySize(
475
      const v8::FunctionCallbackInfo<v8::Value>& args);
476
477
  static void Export(const v8::FunctionCallbackInfo<v8::Value>& args);
478
  v8::Local<v8::Value> ExportSecretKey() const;
479
  v8::MaybeLocal<v8::Value> ExportPublicKey(
480
      const PublicKeyEncodingConfig& config) const;
481
  v8::MaybeLocal<v8::Value> ExportPrivateKey(
482
      const PrivateKeyEncodingConfig& config) const;
483
484
  KeyObject(Environment* env,
485
            v8::Local<v8::Object> wrap,
486
            KeyType key_type)
487
      : BaseObject(env, wrap),
488
        key_type_(key_type),
489
        symmetric_key_(nullptr, nullptr) {
490
    MakeWeak();
491
  }
492
493
 private:
494
  const KeyType key_type_;
495
  std::unique_ptr<char, std::function<void(char*)>> symmetric_key_;
496
  unsigned int symmetric_key_len_;
497
  ManagedEVPPKey asymmetric_key_;
498
};
499
500
class CipherBase : public BaseObject {
501
 public:
502
  static void Initialize(Environment* env, v8::Local<v8::Object> target);
503
504
  // TODO(joyeecheung): track the memory used by OpenSSL types
505
  SET_NO_MEMORY_INFO()
506
  SET_MEMORY_INFO_NAME(CipherBase)
507
  SET_SELF_SIZE(CipherBase)
508
509
 protected:
510
  enum CipherKind {
511
    kCipher,
512
    kDecipher
513
  };
514
  enum UpdateResult {
515
    kSuccess,
516
    kErrorMessageSize,
517
    kErrorState
518
  };
519
  enum AuthTagState {
520
    kAuthTagUnknown,
521
    kAuthTagKnown,
522
    kAuthTagPassedToOpenSSL
523
  };
524
  static const unsigned kNoAuthTagLength = static_cast<unsigned>(-1);
525
526
  void CommonInit(const char* cipher_type,
527
                  const EVP_CIPHER* cipher,
528
                  const unsigned char* key,
529
                  int key_len,
530
                  const unsigned char* iv,
531
                  int iv_len,
532
                  unsigned int auth_tag_len);
533
  void Init(const char* cipher_type,
534
            const char* key_buf,
535
            int key_buf_len,
536
            unsigned int auth_tag_len);
537
  void InitIv(const char* cipher_type,
538
              const unsigned char* key,
539
              int key_len,
540
              const unsigned char* iv,
541
              int iv_len,
542
              unsigned int auth_tag_len);
543
  bool InitAuthenticated(const char* cipher_type, int iv_len,
544
                         unsigned int auth_tag_len);
545
  bool CheckCCMMessageLength(int message_len);
546
  UpdateResult Update(const char* data, int len, unsigned char** out,
547
                      int* out_len);
548
  bool Final(unsigned char** out, int* out_len);
549
  bool SetAutoPadding(bool auto_padding);
550
551
  bool IsAuthenticatedMode() const;
552
  bool SetAAD(const char* data, unsigned int len, int plaintext_len);
553
  bool MaybePassAuthTagToOpenSSL();
554
555
  static void New(const v8::FunctionCallbackInfo<v8::Value>& args);
556
  static void Init(const v8::FunctionCallbackInfo<v8::Value>& args);
557
  static void InitIv(const v8::FunctionCallbackInfo<v8::Value>& args);
558
  static void Update(const v8::FunctionCallbackInfo<v8::Value>& args);
559
  static void Final(const v8::FunctionCallbackInfo<v8::Value>& args);
560
  static void SetAutoPadding(const v8::FunctionCallbackInfo<v8::Value>& args);
561
562
  static void GetAuthTag(const v8::FunctionCallbackInfo<v8::Value>& args);
563
  static void SetAuthTag(const v8::FunctionCallbackInfo<v8::Value>& args);
564
  static void SetAAD(const v8::FunctionCallbackInfo<v8::Value>& args);
565
566
  CipherBase(Environment* env,
567
             v8::Local<v8::Object> wrap,
568
             CipherKind kind)
569
      : BaseObject(env, wrap),
570
        ctx_(nullptr),
571
        kind_(kind),
572
        auth_tag_state_(kAuthTagUnknown),
573
        auth_tag_len_(kNoAuthTagLength),
574
        pending_auth_failed_(false) {
575
    MakeWeak();
576
  }
577
578
 private:
579
  DeleteFnPtr<EVP_CIPHER_CTX, EVP_CIPHER_CTX_free> ctx_;
580
  const CipherKind kind_;
581
  AuthTagState auth_tag_state_;
582
  unsigned int auth_tag_len_;
583
  char auth_tag_[EVP_GCM_TLS_TAG_LEN];
584
  bool pending_auth_failed_;
585
  int max_message_size_;
586
};
587
588
class Hmac : public BaseObject {
589
 public:
590
  static void Initialize(Environment* env, v8::Local<v8::Object> target);
591
592
  // TODO(joyeecheung): track the memory used by OpenSSL types
593
  SET_NO_MEMORY_INFO()
594
  SET_MEMORY_INFO_NAME(Hmac)
595
  SET_SELF_SIZE(Hmac)
596
597
 protected:
598
  void HmacInit(const char* hash_type, const char* key, int key_len);
599
  bool HmacUpdate(const char* data, int len);
600
601
  static void New(const v8::FunctionCallbackInfo<v8::Value>& args);
602
  static void HmacInit(const v8::FunctionCallbackInfo<v8::Value>& args);
603
  static void HmacUpdate(const v8::FunctionCallbackInfo<v8::Value>& args);
604
  static void HmacDigest(const v8::FunctionCallbackInfo<v8::Value>& args);
605
606
  Hmac(Environment* env, v8::Local<v8::Object> wrap)
607
      : BaseObject(env, wrap),
608
        ctx_(nullptr) {
609
    MakeWeak();
610
  }
611
612
 private:
613
  DeleteFnPtr<HMAC_CTX, HMAC_CTX_free> ctx_;
614
};
615
616
18
class Hash : public BaseObject {
617
 public:
618
  static void Initialize(Environment* env, v8::Local<v8::Object> target);
619
620
  // TODO(joyeecheung): track the memory used by OpenSSL types
621
  SET_NO_MEMORY_INFO()
622
  SET_MEMORY_INFO_NAME(Hash)
623
  SET_SELF_SIZE(Hash)
624
625
  bool HashInit(const char* hash_type);
626
  bool HashUpdate(const char* data, int len);
627
628
 protected:
629
  static void New(const v8::FunctionCallbackInfo<v8::Value>& args);
630
  static void HashUpdate(const v8::FunctionCallbackInfo<v8::Value>& args);
631
  static void HashDigest(const v8::FunctionCallbackInfo<v8::Value>& args);
632
633
140
  Hash(Environment* env, v8::Local<v8::Object> wrap)
634
      : BaseObject(env, wrap),
635
140
        mdctx_(nullptr) {
636
140
    MakeWeak();
637
140
  }
638
639
 private:
640
  EVPMDPointer mdctx_;
641
};
642
643
class SignBase : public BaseObject {
644
 public:
645
  typedef enum {
646
    kSignOk,
647
    kSignUnknownDigest,
648
    kSignInit,
649
    kSignNotInitialised,
650
    kSignUpdate,
651
    kSignPrivateKey,
652
    kSignPublicKey
653
  } Error;
654
655
  SignBase(Environment* env, v8::Local<v8::Object> wrap)
656
      : BaseObject(env, wrap) {
657
  }
658
659
  Error Init(const char* sign_type);
660
  Error Update(const char* data, int len);
661
662
  // TODO(joyeecheung): track the memory used by OpenSSL types
663
  SET_NO_MEMORY_INFO()
664
  SET_MEMORY_INFO_NAME(SignBase)
665
  SET_SELF_SIZE(SignBase)
666
667
 protected:
668
  void CheckThrow(Error error);
669
670
  EVPMDPointer mdctx_;
671
};
672
673
class Sign : public SignBase {
674
 public:
675
  static void Initialize(Environment* env, v8::Local<v8::Object> target);
676
677
  struct SignResult {
678
    Error error;
679
    MallocedBuffer<unsigned char> signature;
680
681
    explicit SignResult(
682
        Error err,
683
        MallocedBuffer<unsigned char>&& sig = MallocedBuffer<unsigned char>())
684
      : error(err), signature(std::move(sig)) {}
685
  };
686
687
  SignResult SignFinal(
688
      const ManagedEVPPKey& pkey,
689
      int padding,
690
      int saltlen);
691
692
 protected:
693
  static void New(const v8::FunctionCallbackInfo<v8::Value>& args);
694
  static void SignInit(const v8::FunctionCallbackInfo<v8::Value>& args);
695
  static void SignUpdate(const v8::FunctionCallbackInfo<v8::Value>& args);
696
  static void SignFinal(const v8::FunctionCallbackInfo<v8::Value>& args);
697
698
  Sign(Environment* env, v8::Local<v8::Object> wrap) : SignBase(env, wrap) {
699
    MakeWeak();
700
  }
701
};
702
703
class Verify : public SignBase {
704
 public:
705
  static void Initialize(Environment* env, v8::Local<v8::Object> target);
706
707
  Error VerifyFinal(const ManagedEVPPKey& key,
708
                    const char* sig,
709
                    int siglen,
710
                    int padding,
711
                    int saltlen,
712
                    bool* verify_result);
713
714
 protected:
715
  static void New(const v8::FunctionCallbackInfo<v8::Value>& args);
716
  static void VerifyInit(const v8::FunctionCallbackInfo<v8::Value>& args);
717
  static void VerifyUpdate(const v8::FunctionCallbackInfo<v8::Value>& args);
718
  static void VerifyFinal(const v8::FunctionCallbackInfo<v8::Value>& args);
719
720
  Verify(Environment* env, v8::Local<v8::Object> wrap) : SignBase(env, wrap) {
721
    MakeWeak();
722
  }
723
};
724
725
class PublicKeyCipher {
726
 public:
727
  typedef int (*EVP_PKEY_cipher_init_t)(EVP_PKEY_CTX* ctx);
728
  typedef int (*EVP_PKEY_cipher_t)(EVP_PKEY_CTX* ctx,
729
                                   unsigned char* out, size_t* outlen,
730
                                   const unsigned char* in, size_t inlen);
731
732
  enum Operation {
733
    kPublic,
734
    kPrivate
735
  };
736
737
  template <Operation operation,
738
            EVP_PKEY_cipher_init_t EVP_PKEY_cipher_init,
739
            EVP_PKEY_cipher_t EVP_PKEY_cipher>
740
  static bool Cipher(const ManagedEVPPKey& pkey,
741
                     int padding,
742
                     const unsigned char* data,
743
                     int len,
744
                     unsigned char** out,
745
                     size_t* out_len);
746
747
  template <Operation operation,
748
            EVP_PKEY_cipher_init_t EVP_PKEY_cipher_init,
749
            EVP_PKEY_cipher_t EVP_PKEY_cipher>
750
  static void Cipher(const v8::FunctionCallbackInfo<v8::Value>& args);
751
};
752
753
class DiffieHellman : public BaseObject {
754
 public:
755
  static void Initialize(Environment* env, v8::Local<v8::Object> target);
756
757
  bool Init(int primeLength, int g);
758
  bool Init(const char* p, int p_len, int g);
759
  bool Init(const char* p, int p_len, const char* g, int g_len);
760
761
 protected:
762
  static void DiffieHellmanGroup(
763
      const v8::FunctionCallbackInfo<v8::Value>& args);
764
  static void New(const v8::FunctionCallbackInfo<v8::Value>& args);
765
  static void GenerateKeys(const v8::FunctionCallbackInfo<v8::Value>& args);
766
  static void GetPrime(const v8::FunctionCallbackInfo<v8::Value>& args);
767
  static void GetGenerator(const v8::FunctionCallbackInfo<v8::Value>& args);
768
  static void GetPublicKey(const v8::FunctionCallbackInfo<v8::Value>& args);
769
  static void GetPrivateKey(const v8::FunctionCallbackInfo<v8::Value>& args);
770
  static void ComputeSecret(const v8::FunctionCallbackInfo<v8::Value>& args);
771
  static void SetPublicKey(const v8::FunctionCallbackInfo<v8::Value>& args);
772
  static void SetPrivateKey(const v8::FunctionCallbackInfo<v8::Value>& args);
773
  static void VerifyErrorGetter(
774
      const v8::FunctionCallbackInfo<v8::Value>& args);
775
776
  DiffieHellman(Environment* env, v8::Local<v8::Object> wrap)
777
      : BaseObject(env, wrap),
778
        verifyError_(0) {
779
    MakeWeak();
780
  }
781
782
  // TODO(joyeecheung): track the memory used by OpenSSL types
783
  SET_NO_MEMORY_INFO()
784
  SET_MEMORY_INFO_NAME(DiffieHellman)
785
  SET_SELF_SIZE(DiffieHellman)
786
787
 private:
788
  static void GetField(const v8::FunctionCallbackInfo<v8::Value>& args,
789
                       const BIGNUM* (*get_field)(const DH*),
790
                       const char* err_if_null);
791
  static void SetKey(const v8::FunctionCallbackInfo<v8::Value>& args,
792
                     int (*set_field)(DH*, BIGNUM*), const char* what);
793
  bool VerifyContext();
794
795
  int verifyError_;
796
  DHPointer dh_;
797
};
798
799
class ECDH : public BaseObject {
800
 public:
801
  ~ECDH() override {
802
    group_ = nullptr;
803
  }
804
805
  static void Initialize(Environment* env, v8::Local<v8::Object> target);
806
  static ECPointPointer BufferToPoint(Environment* env,
807
                                      const EC_GROUP* group,
808
                                      char* data,
809
                                      size_t len);
810
811
  // TODO(joyeecheung): track the memory used by OpenSSL types
812
  SET_NO_MEMORY_INFO()
813
  SET_MEMORY_INFO_NAME(ECDH)
814
  SET_SELF_SIZE(ECDH)
815
816
 protected:
817
  ECDH(Environment* env, v8::Local<v8::Object> wrap, ECKeyPointer&& key)
818
      : BaseObject(env, wrap),
819
        key_(std::move(key)),
820
        group_(EC_KEY_get0_group(key_.get())) {
821
    MakeWeak();
822
    CHECK_NOT_NULL(group_);
823
  }
824
825
  static void New(const v8::FunctionCallbackInfo<v8::Value>& args);
826
  static void GenerateKeys(const v8::FunctionCallbackInfo<v8::Value>& args);
827
  static void ComputeSecret(const v8::FunctionCallbackInfo<v8::Value>& args);
828
  static void GetPrivateKey(const v8::FunctionCallbackInfo<v8::Value>& args);
829
  static void SetPrivateKey(const v8::FunctionCallbackInfo<v8::Value>& args);
830
  static void GetPublicKey(const v8::FunctionCallbackInfo<v8::Value>& args);
831
  static void SetPublicKey(const v8::FunctionCallbackInfo<v8::Value>& args);
832
833
  bool IsKeyPairValid();
834
  bool IsKeyValidForCurve(const BignumPointer& private_key);
835
836
  ECKeyPointer key_;
837
  const EC_GROUP* group_;
838
};
839
840
bool EntropySource(unsigned char* buffer, size_t length);
841
#ifndef OPENSSL_NO_ENGINE
842
void SetEngine(const v8::FunctionCallbackInfo<v8::Value>& args);
843
#endif  // !OPENSSL_NO_ENGINE
844
void InitCrypto(v8::Local<v8::Object> target);
845
846
}  // namespace crypto
847
}  // namespace node
848
849
#endif  // defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS
850
851
#endif  // SRC_NODE_CRYPTO_H_