1 |
|
|
#include "crypto/crypto_hkdf.h" |
2 |
|
|
#include "crypto/crypto_keys.h" |
3 |
|
|
#include "allocated_buffer-inl.h" |
4 |
|
|
#include "async_wrap-inl.h" |
5 |
|
|
#include "base_object-inl.h" |
6 |
|
|
#include "env-inl.h" |
7 |
|
|
#include "memory_tracker-inl.h" |
8 |
|
|
#include "threadpoolwork-inl.h" |
9 |
|
|
#include "v8.h" |
10 |
|
|
|
11 |
|
|
namespace node { |
12 |
|
|
|
13 |
|
|
using v8::FunctionCallbackInfo; |
14 |
|
|
using v8::Just; |
15 |
|
|
using v8::Maybe; |
16 |
|
|
using v8::Nothing; |
17 |
|
|
using v8::Uint32; |
18 |
|
|
using v8::Value; |
19 |
|
|
|
20 |
|
|
namespace crypto { |
21 |
|
444 |
HKDFConfig::HKDFConfig(HKDFConfig&& other) noexcept |
22 |
|
444 |
: mode(other.mode), |
23 |
|
444 |
length(other.length), |
24 |
|
444 |
digest(other.digest), |
25 |
|
444 |
key(other.key), |
26 |
|
444 |
salt(std::move(other.salt)), |
27 |
|
444 |
info(std::move(other.info)) {} |
28 |
|
|
|
29 |
|
|
HKDFConfig& HKDFConfig::operator=(HKDFConfig&& other) noexcept { |
30 |
|
|
if (&other == this) return *this; |
31 |
|
|
this->~HKDFConfig(); |
32 |
|
|
return *new (this) HKDFConfig(std::move(other)); |
33 |
|
|
} |
34 |
|
|
|
35 |
|
444 |
Maybe<bool> HKDFTraits::EncodeOutput( |
36 |
|
|
Environment* env, |
37 |
|
|
const HKDFConfig& params, |
38 |
|
|
ByteSource* out, |
39 |
|
|
v8::Local<v8::Value>* result) { |
40 |
|
888 |
*result = out->ToArrayBuffer(env); |
41 |
|
444 |
return Just(!result->IsEmpty()); |
42 |
|
|
} |
43 |
|
|
|
44 |
|
448 |
Maybe<bool> HKDFTraits::AdditionalConfig( |
45 |
|
|
CryptoJobMode mode, |
46 |
|
|
const FunctionCallbackInfo<Value>& args, |
47 |
|
|
unsigned int offset, |
48 |
|
|
HKDFConfig* params) { |
49 |
|
448 |
Environment* env = Environment::GetCurrent(args); |
50 |
|
|
|
51 |
|
448 |
params->mode = mode; |
52 |
|
|
|
53 |
✓✗✗✓
|
1344 |
CHECK(args[offset]->IsString()); // Hash |
54 |
✓✗✗✓
|
896 |
CHECK(args[offset + 1]->IsObject()); // Key |
55 |
✓✗✗✓
|
896 |
CHECK(IsAnyByteSource(args[offset + 2])); // Salt |
56 |
✓✗✗✓
|
896 |
CHECK(IsAnyByteSource(args[offset + 3])); // Info |
57 |
✓✗✗✓
|
896 |
CHECK(args[offset + 4]->IsUint32()); // Length |
58 |
|
|
|
59 |
✓✗ |
1344 |
Utf8Value hash(env->isolate(), args[offset]); |
60 |
|
448 |
params->digest = EVP_get_digestbyname(*hash); |
61 |
✓✓ |
448 |
if (params->digest == nullptr) { |
62 |
|
2 |
THROW_ERR_CRYPTO_INVALID_DIGEST(env); |
63 |
|
2 |
return Nothing<bool>(); |
64 |
|
|
} |
65 |
|
|
|
66 |
|
|
KeyObjectHandle* key; |
67 |
✓✗✗✓
|
892 |
ASSIGN_OR_RETURN_UNWRAP(&key, args[offset + 1], Nothing<bool>()); |
68 |
|
446 |
params->key = key->Data(); |
69 |
|
|
|
70 |
✓✗ |
1338 |
ArrayBufferOrViewContents<char> salt(args[offset + 2]); |
71 |
✓✗ |
1338 |
ArrayBufferOrViewContents<char> info(args[offset + 3]); |
72 |
|
|
|
73 |
✗✓ |
446 |
if (UNLIKELY(!salt.CheckSizeInt32())) { |
74 |
|
|
THROW_ERR_OUT_OF_RANGE(env, "salt is too big"); |
75 |
|
|
return Nothing<bool>(); |
76 |
|
|
} |
77 |
✗✓ |
446 |
if (UNLIKELY(!info.CheckSizeInt32())) { |
78 |
|
|
THROW_ERR_OUT_OF_RANGE(env, "info is too big"); |
79 |
|
|
return Nothing<bool>(); |
80 |
|
|
} |
81 |
|
|
|
82 |
|
|
params->salt = mode == kCryptoJobAsync |
83 |
✓✓ |
892 |
? salt.ToCopy() |
84 |
|
446 |
: salt.ToByteSource(); |
85 |
|
|
|
86 |
|
|
params->info = mode == kCryptoJobAsync |
87 |
✓✓ |
892 |
? info.ToCopy() |
88 |
|
446 |
: info.ToByteSource(); |
89 |
|
|
|
90 |
✓✗ |
1338 |
params->length = args[offset + 4].As<Uint32>()->Value(); |
91 |
|
446 |
size_t max_length = EVP_MD_size(params->digest) * kMaxDigestMultiplier; |
92 |
✓✓ |
446 |
if (params->length > max_length) { |
93 |
|
2 |
THROW_ERR_CRYPTO_INVALID_KEYLEN(env); |
94 |
|
2 |
return Nothing<bool>(); |
95 |
|
|
} |
96 |
|
|
|
97 |
|
444 |
return Just(true); |
98 |
|
|
} |
99 |
|
|
|
100 |
|
444 |
bool HKDFTraits::DeriveBits( |
101 |
|
|
Environment* env, |
102 |
|
|
const HKDFConfig& params, |
103 |
|
|
ByteSource* out) { |
104 |
|
|
EVPKeyCtxPointer ctx = |
105 |
|
888 |
EVPKeyCtxPointer(EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, nullptr)); |
106 |
✓✗ |
888 |
if (!ctx || |
107 |
✓✗ |
888 |
!EVP_PKEY_derive_init(ctx.get()) || |
108 |
|
444 |
!EVP_PKEY_CTX_hkdf_mode( |
109 |
✓✗ |
444 |
ctx.get(), EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND) || |
110 |
✓✗ |
888 |
!EVP_PKEY_CTX_set_hkdf_md(ctx.get(), params.digest) || |
111 |
|
444 |
!EVP_PKEY_CTX_set1_hkdf_salt( |
112 |
|
|
ctx.get(), |
113 |
|
444 |
reinterpret_cast<const unsigned char*>(params.salt.get()), |
114 |
✓✗ |
888 |
params.salt.size()) || |
115 |
|
444 |
!EVP_PKEY_CTX_set1_hkdf_key( |
116 |
|
|
ctx.get(), |
117 |
|
444 |
reinterpret_cast<const unsigned char*>(params.key->GetSymmetricKey()), |
118 |
✓✗✗✓
✗✓ |
1332 |
params.key->GetSymmetricKeySize()) || |
119 |
|
444 |
!EVP_PKEY_CTX_add1_hkdf_info( |
120 |
|
|
ctx.get(), |
121 |
|
444 |
reinterpret_cast<const unsigned char*>(params.info.get()), |
122 |
|
444 |
params.info.size())) { |
123 |
|
|
return false; |
124 |
|
|
} |
125 |
|
|
|
126 |
|
444 |
size_t length = params.length; |
127 |
|
444 |
char* data = MallocOpenSSL<char>(length); |
128 |
|
888 |
ByteSource buf = ByteSource::Allocated(data, length); |
129 |
|
444 |
unsigned char* ptr = reinterpret_cast<unsigned char*>(data); |
130 |
✗✓ |
444 |
if (EVP_PKEY_derive(ctx.get(), ptr, &length) <= 0) |
131 |
|
|
return false; |
132 |
|
|
|
133 |
|
444 |
*out = std::move(buf); |
134 |
|
444 |
return true; |
135 |
|
|
} |
136 |
|
|
|
137 |
|
|
void HKDFConfig::MemoryInfo(MemoryTracker* tracker) const { |
138 |
|
|
tracker->TrackField("key", key); |
139 |
|
|
// If the job is sync, then the HKDFConfig does not own the data |
140 |
|
|
if (mode == kCryptoJobAsync) { |
141 |
|
|
tracker->TrackFieldWithSize("salt", salt.size()); |
142 |
|
|
tracker->TrackFieldWithSize("info", info.size()); |
143 |
|
|
} |
144 |
|
|
} |
145 |
|
|
|
146 |
|
|
} // namespace crypto |
147 |
|
|
} // namespace node |