1 |
|
|
#include "crypto/crypto_pbkdf2.h" |
2 |
|
|
#include "crypto/crypto_util.h" |
3 |
|
|
#include "allocated_buffer-inl.h" |
4 |
|
|
#include "async_wrap-inl.h" |
5 |
|
|
#include "env-inl.h" |
6 |
|
|
#include "memory_tracker-inl.h" |
7 |
|
|
#include "node_buffer.h" |
8 |
|
|
#include "threadpoolwork-inl.h" |
9 |
|
|
#include "v8.h" |
10 |
|
|
|
11 |
|
|
namespace node { |
12 |
|
|
|
13 |
|
|
using v8::FunctionCallbackInfo; |
14 |
|
|
using v8::Int32; |
15 |
|
|
using v8::Just; |
16 |
|
|
using v8::Maybe; |
17 |
|
|
using v8::Nothing; |
18 |
|
|
using v8::Value; |
19 |
|
|
|
20 |
|
|
namespace crypto { |
21 |
|
60 |
PBKDF2Config::PBKDF2Config(PBKDF2Config&& other) noexcept |
22 |
|
60 |
: mode(other.mode), |
23 |
|
60 |
pass(std::move(other.pass)), |
24 |
|
60 |
salt(std::move(other.salt)), |
25 |
|
60 |
iterations(other.iterations), |
26 |
|
60 |
length(other.length), |
27 |
|
60 |
digest(other.digest) {} |
28 |
|
|
|
29 |
|
|
PBKDF2Config& PBKDF2Config::operator=(PBKDF2Config&& other) noexcept { |
30 |
|
|
if (&other == this) return *this; |
31 |
|
|
this->~PBKDF2Config(); |
32 |
|
|
return *new (this) PBKDF2Config(std::move(other)); |
33 |
|
|
} |
34 |
|
|
|
35 |
|
1 |
void PBKDF2Config::MemoryInfo(MemoryTracker* tracker) const { |
36 |
|
|
// The job is sync, the PBKDF2Config does not own the data. |
37 |
✓✗ |
1 |
if (mode == kCryptoJobAsync) { |
38 |
|
1 |
tracker->TrackFieldWithSize("pass", pass.size()); |
39 |
|
1 |
tracker->TrackFieldWithSize("salt", salt.size()); |
40 |
|
|
} |
41 |
|
1 |
} |
42 |
|
|
|
43 |
|
60 |
Maybe<bool> PBKDF2Traits::EncodeOutput( |
44 |
|
|
Environment* env, |
45 |
|
|
const PBKDF2Config& params, |
46 |
|
|
ByteSource* out, |
47 |
|
|
v8::Local<v8::Value>* result) { |
48 |
|
120 |
*result = out->ToArrayBuffer(env); |
49 |
|
60 |
return Just(!result->IsEmpty()); |
50 |
|
|
} |
51 |
|
|
|
52 |
|
|
// The input arguments for the job are: |
53 |
|
|
// 1. CryptoJobMode |
54 |
|
|
// 2. The password |
55 |
|
|
// 3. The salt |
56 |
|
|
// 4. The number of iterations |
57 |
|
|
// 5. The number of bytes to generate |
58 |
|
|
// 6. The digest algorithm name |
59 |
|
63 |
Maybe<bool> PBKDF2Traits::AdditionalConfig( |
60 |
|
|
CryptoJobMode mode, |
61 |
|
|
const FunctionCallbackInfo<Value>& args, |
62 |
|
|
unsigned int offset, |
63 |
|
|
PBKDF2Config* params) { |
64 |
|
63 |
Environment* env = Environment::GetCurrent(args); |
65 |
|
|
|
66 |
|
63 |
params->mode = mode; |
67 |
|
|
|
68 |
✓✗ |
189 |
ArrayBufferOrViewContents<char> pass(args[offset]); |
69 |
✓✗ |
189 |
ArrayBufferOrViewContents<char> salt(args[offset + 1]); |
70 |
|
|
|
71 |
✗✓ |
63 |
if (UNLIKELY(!pass.CheckSizeInt32())) { |
72 |
|
|
THROW_ERR_OUT_OF_RANGE(env, "pass is too large"); |
73 |
|
|
return Nothing<bool>(); |
74 |
|
|
} |
75 |
|
|
|
76 |
✗✓ |
63 |
if (UNLIKELY(!salt.CheckSizeInt32())) { |
77 |
|
|
THROW_ERR_OUT_OF_RANGE(env, "salt is too large"); |
78 |
|
|
return Nothing<bool>(); |
79 |
|
|
} |
80 |
|
|
|
81 |
|
|
params->pass = mode == kCryptoJobAsync |
82 |
✓✓ |
126 |
? pass.ToCopy() |
83 |
|
63 |
: pass.ToByteSource(); |
84 |
|
|
|
85 |
|
|
params->salt = mode == kCryptoJobAsync |
86 |
✓✓ |
126 |
? salt.ToCopy() |
87 |
|
63 |
: salt.ToByteSource(); |
88 |
|
|
|
89 |
✓✗✗✓
|
126 |
CHECK(args[offset + 2]->IsInt32()); // iteration_count |
90 |
✓✗✗✓
|
126 |
CHECK(args[offset + 3]->IsInt32()); // length |
91 |
✓✗✗✓
|
189 |
CHECK(args[offset + 4]->IsString()); // digest_name |
92 |
|
|
|
93 |
✓✗ |
189 |
params->iterations = args[offset + 2].As<Int32>()->Value(); |
94 |
✗✓ |
63 |
if (params->iterations < 0) { |
95 |
|
|
THROW_ERR_OUT_OF_RANGE(env, "iterations must be <= %d", INT_MAX); |
96 |
|
|
return Nothing<bool>(); |
97 |
|
|
} |
98 |
|
|
|
99 |
✓✗ |
189 |
params->length = args[offset + 3].As<Int32>()->Value(); |
100 |
✗✓ |
63 |
if (params->length < 0) { |
101 |
|
|
THROW_ERR_OUT_OF_RANGE(env, "length must be <= %d", INT_MAX); |
102 |
|
|
return Nothing<bool>(); |
103 |
|
|
} |
104 |
|
|
|
105 |
✓✗ |
189 |
Utf8Value name(args.GetIsolate(), args[offset + 4]); |
106 |
|
63 |
params->digest = EVP_get_digestbyname(*name); |
107 |
✓✓ |
63 |
if (params->digest == nullptr) { |
108 |
|
3 |
THROW_ERR_CRYPTO_INVALID_DIGEST(env, "Invalid digest: %s", *name); |
109 |
|
3 |
return Nothing<bool>(); |
110 |
|
|
} |
111 |
|
|
|
112 |
|
60 |
return Just(true); |
113 |
|
|
} |
114 |
|
|
|
115 |
|
60 |
bool PBKDF2Traits::DeriveBits( |
116 |
|
|
Environment* env, |
117 |
|
|
const PBKDF2Config& params, |
118 |
|
|
ByteSource* out) { |
119 |
|
60 |
char* data = MallocOpenSSL<char>(params.length); |
120 |
|
120 |
ByteSource buf = ByteSource::Allocated(data, params.length); |
121 |
|
60 |
unsigned char* ptr = reinterpret_cast<unsigned char*>(data); |
122 |
|
|
|
123 |
|
|
// Both pass and salt may be zero length here. |
124 |
|
|
// The generated bytes are stored in buf, which is |
125 |
|
|
// assigned to out on success. |
126 |
|
|
|
127 |
|
120 |
if (PKCS5_PBKDF2_HMAC( |
128 |
|
|
params.pass.get(), |
129 |
|
60 |
params.pass.size(), |
130 |
|
|
params.salt.data<unsigned char>(), |
131 |
|
60 |
params.salt.size(), |
132 |
|
60 |
params.iterations, |
133 |
|
60 |
params.digest, |
134 |
|
60 |
params.length, |
135 |
✗✓ |
60 |
ptr) <= 0) { |
136 |
|
|
return false; |
137 |
|
|
} |
138 |
|
60 |
*out = std::move(buf); |
139 |
|
60 |
return true; |
140 |
|
|
} |
141 |
|
|
|
142 |
|
|
} // namespace crypto |
143 |
|
|
} // namespace node |