1 |
|
|
#include "crypto/crypto_pbkdf2.h" |
2 |
|
|
#include "async_wrap-inl.h" |
3 |
|
|
#include "crypto/crypto_util.h" |
4 |
|
|
#include "env-inl.h" |
5 |
|
|
#include "memory_tracker-inl.h" |
6 |
|
|
#include "node_buffer.h" |
7 |
|
|
#include "threadpoolwork-inl.h" |
8 |
|
|
#include "v8.h" |
9 |
|
|
|
10 |
|
|
namespace node { |
11 |
|
|
|
12 |
|
|
using v8::FunctionCallbackInfo; |
13 |
|
|
using v8::Int32; |
14 |
|
|
using v8::Just; |
15 |
|
|
using v8::Maybe; |
16 |
|
|
using v8::Nothing; |
17 |
|
|
using v8::Value; |
18 |
|
|
|
19 |
|
|
namespace crypto { |
20 |
|
60 |
PBKDF2Config::PBKDF2Config(PBKDF2Config&& other) noexcept |
21 |
|
60 |
: mode(other.mode), |
22 |
|
60 |
pass(std::move(other.pass)), |
23 |
|
60 |
salt(std::move(other.salt)), |
24 |
|
60 |
iterations(other.iterations), |
25 |
|
60 |
length(other.length), |
26 |
|
60 |
digest(other.digest) {} |
27 |
|
|
|
28 |
|
|
PBKDF2Config& PBKDF2Config::operator=(PBKDF2Config&& other) noexcept { |
29 |
|
|
if (&other == this) return *this; |
30 |
|
|
this->~PBKDF2Config(); |
31 |
|
|
return *new (this) PBKDF2Config(std::move(other)); |
32 |
|
|
} |
33 |
|
|
|
34 |
|
1 |
void PBKDF2Config::MemoryInfo(MemoryTracker* tracker) const { |
35 |
|
|
// The job is sync, the PBKDF2Config does not own the data. |
36 |
✓✗ |
1 |
if (mode == kCryptoJobAsync) { |
37 |
|
1 |
tracker->TrackFieldWithSize("pass", pass.size()); |
38 |
|
1 |
tracker->TrackFieldWithSize("salt", salt.size()); |
39 |
|
|
} |
40 |
|
1 |
} |
41 |
|
|
|
42 |
|
60 |
Maybe<bool> PBKDF2Traits::EncodeOutput( |
43 |
|
|
Environment* env, |
44 |
|
|
const PBKDF2Config& params, |
45 |
|
|
ByteSource* out, |
46 |
|
|
v8::Local<v8::Value>* result) { |
47 |
|
120 |
*result = out->ToArrayBuffer(env); |
48 |
|
60 |
return Just(!result->IsEmpty()); |
49 |
|
|
} |
50 |
|
|
|
51 |
|
|
// The input arguments for the job are: |
52 |
|
|
// 1. CryptoJobMode |
53 |
|
|
// 2. The password |
54 |
|
|
// 3. The salt |
55 |
|
|
// 4. The number of iterations |
56 |
|
|
// 5. The number of bytes to generate |
57 |
|
|
// 6. The digest algorithm name |
58 |
|
63 |
Maybe<bool> PBKDF2Traits::AdditionalConfig( |
59 |
|
|
CryptoJobMode mode, |
60 |
|
|
const FunctionCallbackInfo<Value>& args, |
61 |
|
|
unsigned int offset, |
62 |
|
|
PBKDF2Config* params) { |
63 |
|
63 |
Environment* env = Environment::GetCurrent(args); |
64 |
|
|
|
65 |
|
63 |
params->mode = mode; |
66 |
|
|
|
67 |
✓✗ |
189 |
ArrayBufferOrViewContents<char> pass(args[offset]); |
68 |
✓✗ |
189 |
ArrayBufferOrViewContents<char> salt(args[offset + 1]); |
69 |
|
|
|
70 |
✗✓ |
63 |
if (UNLIKELY(!pass.CheckSizeInt32())) { |
71 |
|
|
THROW_ERR_OUT_OF_RANGE(env, "pass is too large"); |
72 |
|
|
return Nothing<bool>(); |
73 |
|
|
} |
74 |
|
|
|
75 |
✗✓ |
63 |
if (UNLIKELY(!salt.CheckSizeInt32())) { |
76 |
|
|
THROW_ERR_OUT_OF_RANGE(env, "salt is too large"); |
77 |
|
|
return Nothing<bool>(); |
78 |
|
|
} |
79 |
|
|
|
80 |
|
|
params->pass = mode == kCryptoJobAsync |
81 |
✓✓ |
126 |
? pass.ToCopy() |
82 |
|
63 |
: pass.ToByteSource(); |
83 |
|
|
|
84 |
|
|
params->salt = mode == kCryptoJobAsync |
85 |
✓✓ |
126 |
? salt.ToCopy() |
86 |
|
63 |
: salt.ToByteSource(); |
87 |
|
|
|
88 |
✓✗✗✓
|
126 |
CHECK(args[offset + 2]->IsInt32()); // iteration_count |
89 |
✓✗✗✓
|
126 |
CHECK(args[offset + 3]->IsInt32()); // length |
90 |
✓✗✗✓
|
189 |
CHECK(args[offset + 4]->IsString()); // digest_name |
91 |
|
|
|
92 |
✓✗ |
189 |
params->iterations = args[offset + 2].As<Int32>()->Value(); |
93 |
✗✓ |
63 |
if (params->iterations < 0) { |
94 |
|
|
THROW_ERR_OUT_OF_RANGE(env, "iterations must be <= %d", INT_MAX); |
95 |
|
|
return Nothing<bool>(); |
96 |
|
|
} |
97 |
|
|
|
98 |
✓✗ |
189 |
params->length = args[offset + 3].As<Int32>()->Value(); |
99 |
✗✓ |
63 |
if (params->length < 0) { |
100 |
|
|
THROW_ERR_OUT_OF_RANGE(env, "length must be <= %d", INT_MAX); |
101 |
|
|
return Nothing<bool>(); |
102 |
|
|
} |
103 |
|
|
|
104 |
✓✗ |
189 |
Utf8Value name(args.GetIsolate(), args[offset + 4]); |
105 |
|
63 |
params->digest = EVP_get_digestbyname(*name); |
106 |
✓✓ |
63 |
if (params->digest == nullptr) { |
107 |
|
3 |
THROW_ERR_CRYPTO_INVALID_DIGEST(env, "Invalid digest: %s", *name); |
108 |
|
3 |
return Nothing<bool>(); |
109 |
|
|
} |
110 |
|
|
|
111 |
|
60 |
return Just(true); |
112 |
|
|
} |
113 |
|
|
|
114 |
|
60 |
bool PBKDF2Traits::DeriveBits( |
115 |
|
|
Environment* env, |
116 |
|
|
const PBKDF2Config& params, |
117 |
|
|
ByteSource* out) { |
118 |
|
60 |
char* data = MallocOpenSSL<char>(params.length); |
119 |
|
120 |
ByteSource buf = ByteSource::Allocated(data, params.length); |
120 |
|
60 |
unsigned char* ptr = reinterpret_cast<unsigned char*>(data); |
121 |
|
|
|
122 |
|
|
// Both pass and salt may be zero length here. |
123 |
|
|
// The generated bytes are stored in buf, which is |
124 |
|
|
// assigned to out on success. |
125 |
|
|
|
126 |
|
120 |
if (PKCS5_PBKDF2_HMAC( |
127 |
|
|
params.pass.get(), |
128 |
|
60 |
params.pass.size(), |
129 |
|
|
params.salt.data<unsigned char>(), |
130 |
|
60 |
params.salt.size(), |
131 |
|
60 |
params.iterations, |
132 |
|
60 |
params.digest, |
133 |
|
60 |
params.length, |
134 |
✗✓ |
60 |
ptr) <= 0) { |
135 |
|
|
return false; |
136 |
|
|
} |
137 |
|
60 |
*out = std::move(buf); |
138 |
|
60 |
return true; |
139 |
|
|
} |
140 |
|
|
|
141 |
|
|
} // namespace crypto |
142 |
|
|
} // namespace node |