GCC Code Coverage Report
Directory: ../ Exec Total Coverage
File: /home/iojs/build/workspace/node-test-commit-linux-coverage-daily/nodes/benchmark/out/../src/node_crypto.h Lines: 43 65 66.2 %
Date: 2020-05-27 22:15:15 Branches: 5 10 50.0 %

Line Branch Exec Source
1
// Copyright Joyent, Inc. and other Node contributors.
2
//
3
// Permission is hereby granted, free of charge, to any person obtaining a
4
// copy of this software and associated documentation files (the
5
// "Software"), to deal in the Software without restriction, including
6
// without limitation the rights to use, copy, modify, merge, publish,
7
// distribute, sublicense, and/or sell copies of the Software, and to permit
8
// persons to whom the Software is furnished to do so, subject to the
9
// following conditions:
10
//
11
// The above copyright notice and this permission notice shall be included
12
// in all copies or substantial portions of the Software.
13
//
14
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
17
// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
18
// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
19
// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
20
// USE OR OTHER DEALINGS IN THE SOFTWARE.
21
22
#ifndef SRC_NODE_CRYPTO_H_
23
#define SRC_NODE_CRYPTO_H_
24
25
#if defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS
26
27
// ClientHelloParser
28
#include "node_crypto_clienthello.h"
29
30
#include "env.h"
31
#include "base_object.h"
32
#include "util.h"
33
34
#include "v8.h"
35
36
#include <openssl/err.h>
37
#include <openssl/ssl.h>
38
#include <openssl/bn.h>
39
#include <openssl/dh.h>
40
#include <openssl/ec.h>
41
#include <openssl/rsa.h>
42
43
namespace node {
44
namespace crypto {
45
46
// Forcibly clear OpenSSL's error stack on return. This stops stale errors
47
// from popping up later in the lifecycle of crypto operations where they
48
// would cause spurious failures. It's a rather blunt method, though.
49
// ERR_clear_error() isn't necessarily cheap either.
50
struct ClearErrorOnReturn {
51
8460
  ~ClearErrorOnReturn() { ERR_clear_error(); }
52
};
53
54
// Pop errors from OpenSSL's error stack that were added
55
// between when this was constructed and destructed.
56
struct MarkPopErrorOnReturn {
57
17274
  MarkPopErrorOnReturn() { ERR_set_mark(); }
58
17273
  ~MarkPopErrorOnReturn() { ERR_pop_to_mark(); }
59
};
60
61
// Define smart pointers for the most commonly used OpenSSL types:
62
using X509Pointer = DeleteFnPtr<X509, X509_free>;
63
using BIOPointer = DeleteFnPtr<BIO, BIO_free_all>;
64
using SSLCtxPointer = DeleteFnPtr<SSL_CTX, SSL_CTX_free>;
65
using SSLSessionPointer = DeleteFnPtr<SSL_SESSION, SSL_SESSION_free>;
66
using SSLPointer = DeleteFnPtr<SSL, SSL_free>;
67
using PKCS8Pointer = DeleteFnPtr<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free>;
68
using EVPKeyPointer = DeleteFnPtr<EVP_PKEY, EVP_PKEY_free>;
69
using EVPKeyCtxPointer = DeleteFnPtr<EVP_PKEY_CTX, EVP_PKEY_CTX_free>;
70
using EVPMDPointer = DeleteFnPtr<EVP_MD_CTX, EVP_MD_CTX_free>;
71
using RSAPointer = DeleteFnPtr<RSA, RSA_free>;
72
using ECPointer = DeleteFnPtr<EC_KEY, EC_KEY_free>;
73
using BignumPointer = DeleteFnPtr<BIGNUM, BN_free>;
74
using NetscapeSPKIPointer = DeleteFnPtr<NETSCAPE_SPKI, NETSCAPE_SPKI_free>;
75
using ECGroupPointer = DeleteFnPtr<EC_GROUP, EC_GROUP_free>;
76
using ECPointPointer = DeleteFnPtr<EC_POINT, EC_POINT_free>;
77
using ECKeyPointer = DeleteFnPtr<EC_KEY, EC_KEY_free>;
78
using DHPointer = DeleteFnPtr<DH, DH_free>;
79
using ECDSASigPointer = DeleteFnPtr<ECDSA_SIG, ECDSA_SIG_free>;
80
81
extern int VerifyCallback(int preverify_ok, X509_STORE_CTX* ctx);
82
83
extern void UseExtraCaCerts(const std::string& file);
84
85
void InitCryptoOnce();
86
87
class SecureContext final : public BaseObject {
88
 public:
89
  ~SecureContext() override;
90
91
  static void Initialize(Environment* env, v8::Local<v8::Object> target);
92
93
  SSL_CTX* operator*() const { return ctx_.get(); }
94
95
  // TODO(joyeecheung): track the memory used by OpenSSL types
96
1
  SET_NO_MEMORY_INFO()
97
1
  SET_MEMORY_INFO_NAME(SecureContext)
98
1
  SET_SELF_SIZE(SecureContext)
99
100
  SSLCtxPointer ctx_;
101
  X509Pointer cert_;
102
  X509Pointer issuer_;
103
#ifndef OPENSSL_NO_ENGINE
104
  bool client_cert_engine_provided_ = false;
105
  std::unique_ptr<ENGINE, std::function<void(ENGINE*)>> private_key_engine_;
106
#endif  // !OPENSSL_NO_ENGINE
107
108
  static const int kMaxSessionSize = 10 * 1024;
109
110
  // See TicketKeyCallback
111
  static const int kTicketKeyReturnIndex = 0;
112
  static const int kTicketKeyHMACIndex = 1;
113
  static const int kTicketKeyAESIndex = 2;
114
  static const int kTicketKeyNameIndex = 3;
115
  static const int kTicketKeyIVIndex = 4;
116
117
  unsigned char ticket_key_name_[16];
118
  unsigned char ticket_key_aes_[16];
119
  unsigned char ticket_key_hmac_[16];
120
121
 protected:
122
  // OpenSSL structures are opaque. This is sizeof(SSL_CTX) for OpenSSL 1.1.1b:
123
  static const int64_t kExternalSize = 1024;
124
125
  static void New(const v8::FunctionCallbackInfo<v8::Value>& args);
126
  static void Init(const v8::FunctionCallbackInfo<v8::Value>& args);
127
  static void SetKey(const v8::FunctionCallbackInfo<v8::Value>& args);
128
#ifndef OPENSSL_NO_ENGINE
129
  static void SetEngineKey(const v8::FunctionCallbackInfo<v8::Value>& args);
130
#endif  // !OPENSSL_NO_ENGINE
131
  static void SetCert(const v8::FunctionCallbackInfo<v8::Value>& args);
132
  static void AddCACert(const v8::FunctionCallbackInfo<v8::Value>& args);
133
  static void AddCRL(const v8::FunctionCallbackInfo<v8::Value>& args);
134
  static void AddRootCerts(const v8::FunctionCallbackInfo<v8::Value>& args);
135
  static void SetCipherSuites(const v8::FunctionCallbackInfo<v8::Value>& args);
136
  static void SetCiphers(const v8::FunctionCallbackInfo<v8::Value>& args);
137
  static void SetSigalgs(const v8::FunctionCallbackInfo<v8::Value>& args);
138
  static void SetECDHCurve(const v8::FunctionCallbackInfo<v8::Value>& args);
139
  static void SetDHParam(const v8::FunctionCallbackInfo<v8::Value>& args);
140
  static void SetOptions(const v8::FunctionCallbackInfo<v8::Value>& args);
141
  static void SetSessionIdContext(
142
      const v8::FunctionCallbackInfo<v8::Value>& args);
143
  static void SetSessionTimeout(
144
      const v8::FunctionCallbackInfo<v8::Value>& args);
145
  static void SetMinProto(const v8::FunctionCallbackInfo<v8::Value>& args);
146
  static void SetMaxProto(const v8::FunctionCallbackInfo<v8::Value>& args);
147
  static void GetMinProto(const v8::FunctionCallbackInfo<v8::Value>& args);
148
  static void GetMaxProto(const v8::FunctionCallbackInfo<v8::Value>& args);
149
  static void Close(const v8::FunctionCallbackInfo<v8::Value>& args);
150
  static void LoadPKCS12(const v8::FunctionCallbackInfo<v8::Value>& args);
151
#ifndef OPENSSL_NO_ENGINE
152
  static void SetClientCertEngine(
153
      const v8::FunctionCallbackInfo<v8::Value>& args);
154
#endif  // !OPENSSL_NO_ENGINE
155
  static void GetTicketKeys(const v8::FunctionCallbackInfo<v8::Value>& args);
156
  static void SetTicketKeys(const v8::FunctionCallbackInfo<v8::Value>& args);
157
  static void SetFreeListLength(
158
      const v8::FunctionCallbackInfo<v8::Value>& args);
159
  static void EnableTicketKeyCallback(
160
      const v8::FunctionCallbackInfo<v8::Value>& args);
161
  static void CtxGetter(const v8::FunctionCallbackInfo<v8::Value>& info);
162
163
  template <bool primary>
164
  static void GetCertificate(const v8::FunctionCallbackInfo<v8::Value>& args);
165
166
  static int TicketKeyCallback(SSL* ssl,
167
                               unsigned char* name,
168
                               unsigned char* iv,
169
                               EVP_CIPHER_CTX* ectx,
170
                               HMAC_CTX* hctx,
171
                               int enc);
172
173
  static int TicketCompatibilityCallback(SSL* ssl,
174
                                         unsigned char* name,
175
                                         unsigned char* iv,
176
                                         EVP_CIPHER_CTX* ectx,
177
                                         HMAC_CTX* hctx,
178
                                         int enc);
179
180
  SecureContext(Environment* env, v8::Local<v8::Object> wrap);
181
  void Reset();
182
};
183
184
// SSLWrap implicitly depends on the inheriting class' handle having an
185
// internal pointer to the Base class.
186
template <class Base>
187
class SSLWrap {
188
 public:
189
  enum Kind {
190
    kClient,
191
    kServer
192
  };
193
194
12177
  SSLWrap(Environment* env, SecureContext* sc, Kind kind)
195
      : env_(env),
196
        kind_(kind),
197
        next_sess_(nullptr),
198
        session_callbacks_(false),
199
        awaiting_new_session_(false),
200
        cert_cb_(nullptr),
201
        cert_cb_arg_(nullptr),
202
24354
        cert_cb_running_(false) {
203
12177
    ssl_.reset(SSL_new(sc->ctx_.get()));
204
12177
    CHECK(ssl_);
205
12177
    env_->isolate()->AdjustAmountOfExternalAllocatedMemory(kExternalSize);
206
12177
  }
207
208
12151
  virtual ~SSLWrap() {
209
12151
    DestroySSL();
210
36453
  }
211
212
209
  inline void enable_session_callbacks() { session_callbacks_ = true; }
213
38916
  inline bool is_server() const { return kind_ == kServer; }
214
13244
  inline bool is_client() const { return kind_ == kClient; }
215
15024
  inline bool is_awaiting_new_session() const { return awaiting_new_session_; }
216
854
  inline bool is_waiting_cert_cb() const { return cert_cb_ != nullptr; }
217
218
  void MemoryInfo(MemoryTracker* tracker) const;
219
220
 protected:
221
  typedef void (*CertCb)(void* arg);
222
223
  // OpenSSL structures are opaque. Estimate SSL memory size for OpenSSL 1.1.1b:
224
  //   SSL: 6224
225
  //   SSL->SSL3_STATE: 1040
226
  //   ...some buffers: 42 * 1024
227
  // NOTE: Actually it is much more than this
228
  static const int64_t kExternalSize = 6224 + 1040 + 42 * 1024;
229
230
  static void ConfigureSecureContext(SecureContext* sc);
231
  static void AddMethods(Environment* env, v8::Local<v8::FunctionTemplate> t);
232
233
  static SSL_SESSION* GetSessionCallback(SSL* s,
234
                                         const unsigned char* key,
235
                                         int len,
236
                                         int* copy);
237
  static int NewSessionCallback(SSL* s, SSL_SESSION* sess);
238
  static void KeylogCallback(const SSL* s, const char* line);
239
  static void OnClientHello(void* arg,
240
                            const ClientHelloParser::ClientHello& hello);
241
242
  static void GetPeerCertificate(
243
      const v8::FunctionCallbackInfo<v8::Value>& args);
244
  static void GetCertificate(const v8::FunctionCallbackInfo<v8::Value>& args);
245
  static void GetFinished(const v8::FunctionCallbackInfo<v8::Value>& args);
246
  static void GetPeerFinished(const v8::FunctionCallbackInfo<v8::Value>& args);
247
  static void GetSession(const v8::FunctionCallbackInfo<v8::Value>& args);
248
  static void SetSession(const v8::FunctionCallbackInfo<v8::Value>& args);
249
  static void LoadSession(const v8::FunctionCallbackInfo<v8::Value>& args);
250
  static void IsSessionReused(const v8::FunctionCallbackInfo<v8::Value>& args);
251
  static void VerifyError(const v8::FunctionCallbackInfo<v8::Value>& args);
252
  static void GetCipher(const v8::FunctionCallbackInfo<v8::Value>& args);
253
  static void GetSharedSigalgs(const v8::FunctionCallbackInfo<v8::Value>& args);
254
  static void ExportKeyingMaterial(
255
      const v8::FunctionCallbackInfo<v8::Value>& args);
256
  static void EndParser(const v8::FunctionCallbackInfo<v8::Value>& args);
257
  static void CertCbDone(const v8::FunctionCallbackInfo<v8::Value>& args);
258
  static void Renegotiate(const v8::FunctionCallbackInfo<v8::Value>& args);
259
  static void GetTLSTicket(const v8::FunctionCallbackInfo<v8::Value>& args);
260
  static void NewSessionDone(const v8::FunctionCallbackInfo<v8::Value>& args);
261
  static void SetOCSPResponse(const v8::FunctionCallbackInfo<v8::Value>& args);
262
  static void RequestOCSP(const v8::FunctionCallbackInfo<v8::Value>& args);
263
  static void GetEphemeralKeyInfo(
264
      const v8::FunctionCallbackInfo<v8::Value>& args);
265
  static void GetProtocol(const v8::FunctionCallbackInfo<v8::Value>& args);
266
267
#ifdef SSL_set_max_send_fragment
268
  static void SetMaxSendFragment(
269
      const v8::FunctionCallbackInfo<v8::Value>& args);
270
#endif  // SSL_set_max_send_fragment
271
272
  static void GetALPNNegotiatedProto(
273
      const v8::FunctionCallbackInfo<v8::Value>& args);
274
  static void SetALPNProtocols(const v8::FunctionCallbackInfo<v8::Value>& args);
275
  static int SelectALPNCallback(SSL* s,
276
                                const unsigned char** out,
277
                                unsigned char* outlen,
278
                                const unsigned char* in,
279
                                unsigned int inlen,
280
                                void* arg);
281
  static int TLSExtStatusCallback(SSL* s, void* arg);
282
  static int SSLCertCallback(SSL* s, void* arg);
283
284
  void DestroySSL();
285
  void WaitForCertCb(CertCb cb, void* arg);
286
  int SetCACerts(SecureContext* sc);
287
288
2295
  inline Environment* ssl_env() const {
289
2295
    return env_;
290
  }
291
292
  Environment* const env_;
293
  Kind kind_;
294
  SSLSessionPointer next_sess_;
295
  SSLPointer ssl_;
296
  bool session_callbacks_;
297
  bool awaiting_new_session_;
298
299
  // SSL_set_cert_cb
300
  CertCb cert_cb_;
301
  void* cert_cb_arg_;
302
  bool cert_cb_running_;
303
304
  ClientHelloParser hello_parser_;
305
306
  v8::Global<v8::ArrayBufferView> ocsp_response_;
307
  BaseObjectPtr<SecureContext> sni_context_;
308
309
  friend class SecureContext;
310
};
311
312
// A helper class representing a read-only byte array. When deallocated, its
313
// contents are zeroed.
314
class ByteSource {
315
 public:
316
1357
  ByteSource() = default;
317
  ByteSource(ByteSource&& other);
318
  ~ByteSource();
319
320
  ByteSource& operator=(ByteSource&& other);
321
322
  const char* get() const;
323
  size_t size() const;
324
325
17
  inline operator bool() const {
326
17
    return data_ != nullptr;
327
  }
328
329
  static ByteSource Allocated(char* data, size_t size);
330
  static ByteSource Foreign(const char* data, size_t size);
331
332
  static ByteSource FromStringOrBuffer(Environment* env,
333
                                       v8::Local<v8::Value> value);
334
335
  static ByteSource FromString(Environment* env,
336
                               v8::Local<v8::String> str,
337
                               bool ntc = false);
338
339
  static ByteSource FromBuffer(v8::Local<v8::Value> buffer,
340
                               bool ntc = false);
341
342
  static ByteSource NullTerminatedCopy(Environment* env,
343
                                       v8::Local<v8::Value> value);
344
345
  static ByteSource FromSymmetricKeyObject(v8::Local<v8::Value> handle);
346
347
  ByteSource(const ByteSource&) = delete;
348
  ByteSource& operator=(const ByteSource&) = delete;
349
350
 private:
351
  const char* data_ = nullptr;
352
  char* allocated_data_ = nullptr;
353
  size_t size_ = 0;
354
355
  ByteSource(const char* data, char* allocated_data, size_t size);
356
};
357
358
enum PKEncodingType {
359
  // RSAPublicKey / RSAPrivateKey according to PKCS#1.
360
  kKeyEncodingPKCS1,
361
  // PrivateKeyInfo or EncryptedPrivateKeyInfo according to PKCS#8.
362
  kKeyEncodingPKCS8,
363
  // SubjectPublicKeyInfo according to X.509.
364
  kKeyEncodingSPKI,
365
  // ECPrivateKey according to SEC1.
366
  kKeyEncodingSEC1
367
};
368
369
enum PKFormatType {
370
  kKeyFormatDER,
371
  kKeyFormatPEM
372
};
373
374
1401
struct AsymmetricKeyEncodingConfig {
375
  bool output_key_object_;
376
  PKFormatType format_;
377
  v8::Maybe<PKEncodingType> type_ = v8::Nothing<PKEncodingType>();
378
};
379
380
typedef AsymmetricKeyEncodingConfig PublicKeyEncodingConfig;
381
382
7690
struct PrivateKeyEncodingConfig : public AsymmetricKeyEncodingConfig {
383
  const EVP_CIPHER* cipher_;
384
  ByteSource passphrase_;
385
};
386
387
enum KeyType {
388
  kKeyTypeSecret,
389
  kKeyTypePublic,
390
  kKeyTypePrivate
391
};
392
393
// This uses the built-in reference counter of OpenSSL to manage an EVP_PKEY
394
// which is slightly more efficient than using a shared pointer and easier to
395
// use.
396
1759
class ManagedEVPPKey {
397
 public:
398
116
  ManagedEVPPKey() = default;
399
  explicit ManagedEVPPKey(EVPKeyPointer&& pkey);
400
  ManagedEVPPKey(const ManagedEVPPKey& that);
401
  ManagedEVPPKey& operator=(const ManagedEVPPKey& that);
402
403
  operator bool() const;
404
  EVP_PKEY* get() const;
405
406
 private:
407
  EVPKeyPointer pkey_;
408
};
409
410
232
class KeyObject : public BaseObject {
411
 public:
412
  static v8::Local<v8::Function> Initialize(Environment* env,
413
                                            v8::Local<v8::Object> target);
414
415
  static v8::MaybeLocal<v8::Object> Create(Environment* env,
416
                                           KeyType type,
417
                                           const ManagedEVPPKey& pkey);
418
419
  // TODO(tniessen): track the memory used by OpenSSL types
420
  SET_NO_MEMORY_INFO()
421
  SET_MEMORY_INFO_NAME(KeyObject)
422
  SET_SELF_SIZE(KeyObject)
423
424
  KeyType GetKeyType() const;
425
426
  // These functions allow unprotected access to the raw key material and should
427
  // only be used to implement cryptograohic operations requiring the key.
428
  ManagedEVPPKey GetAsymmetricKey() const;
429
  const char* GetSymmetricKey() const;
430
  size_t GetSymmetricKeySize() const;
431
432
 protected:
433
  static void New(const v8::FunctionCallbackInfo<v8::Value>& args);
434
435
  static void Init(const v8::FunctionCallbackInfo<v8::Value>& args);
436
  void InitSecret(v8::Local<v8::ArrayBufferView> abv);
437
  void InitPublic(const ManagedEVPPKey& pkey);
438
  void InitPrivate(const ManagedEVPPKey& pkey);
439
440
  static void GetAsymmetricKeyType(
441
      const v8::FunctionCallbackInfo<v8::Value>& args);
442
  v8::Local<v8::Value> GetAsymmetricKeyType() const;
443
444
  static void GetSymmetricKeySize(
445
      const v8::FunctionCallbackInfo<v8::Value>& args);
446
447
  static void Export(const v8::FunctionCallbackInfo<v8::Value>& args);
448
  v8::Local<v8::Value> ExportSecretKey() const;
449
  v8::MaybeLocal<v8::Value> ExportPublicKey(
450
      const PublicKeyEncodingConfig& config) const;
451
  v8::MaybeLocal<v8::Value> ExportPrivateKey(
452
      const PrivateKeyEncodingConfig& config) const;
453
454
  KeyObject(Environment* env, v8::Local<v8::Object> wrap, KeyType key_type);
455
456
 private:
457
  const KeyType key_type_;
458
  std::unique_ptr<char, std::function<void(char*)>> symmetric_key_;
459
  unsigned int symmetric_key_len_;
460
  ManagedEVPPKey asymmetric_key_;
461
};
462
463
2530
class CipherBase : public BaseObject {
464
 public:
465
  static void Initialize(Environment* env, v8::Local<v8::Object> target);
466
467
  // TODO(joyeecheung): track the memory used by OpenSSL types
468
  SET_NO_MEMORY_INFO()
469
  SET_MEMORY_INFO_NAME(CipherBase)
470
  SET_SELF_SIZE(CipherBase)
471
472
 protected:
473
  enum CipherKind {
474
    kCipher,
475
    kDecipher
476
  };
477
  enum UpdateResult {
478
    kSuccess,
479
    kErrorMessageSize,
480
    kErrorState
481
  };
482
  enum AuthTagState {
483
    kAuthTagUnknown,
484
    kAuthTagKnown,
485
    kAuthTagPassedToOpenSSL
486
  };
487
  static const unsigned kNoAuthTagLength = static_cast<unsigned>(-1);
488
489
  void CommonInit(const char* cipher_type,
490
                  const EVP_CIPHER* cipher,
491
                  const unsigned char* key,
492
                  int key_len,
493
                  const unsigned char* iv,
494
                  int iv_len,
495
                  unsigned int auth_tag_len);
496
  void Init(const char* cipher_type,
497
            const char* key_buf,
498
            int key_buf_len,
499
            unsigned int auth_tag_len);
500
  void InitIv(const char* cipher_type,
501
              const unsigned char* key,
502
              int key_len,
503
              const unsigned char* iv,
504
              int iv_len,
505
              unsigned int auth_tag_len);
506
  bool InitAuthenticated(const char* cipher_type, int iv_len,
507
                         unsigned int auth_tag_len);
508
  bool CheckCCMMessageLength(int message_len);
509
  UpdateResult Update(const char* data, int len, AllocatedBuffer* out);
510
  bool Final(AllocatedBuffer* out);
511
  bool SetAutoPadding(bool auto_padding);
512
513
  bool IsAuthenticatedMode() const;
514
  bool SetAAD(const char* data, unsigned int len, int plaintext_len);
515
  bool MaybePassAuthTagToOpenSSL();
516
517
  static void New(const v8::FunctionCallbackInfo<v8::Value>& args);
518
  static void Init(const v8::FunctionCallbackInfo<v8::Value>& args);
519
  static void InitIv(const v8::FunctionCallbackInfo<v8::Value>& args);
520
  static void Update(const v8::FunctionCallbackInfo<v8::Value>& args);
521
  static void Final(const v8::FunctionCallbackInfo<v8::Value>& args);
522
  static void SetAutoPadding(const v8::FunctionCallbackInfo<v8::Value>& args);
523
524
  static void GetAuthTag(const v8::FunctionCallbackInfo<v8::Value>& args);
525
  static void SetAuthTag(const v8::FunctionCallbackInfo<v8::Value>& args);
526
  static void SetAAD(const v8::FunctionCallbackInfo<v8::Value>& args);
527
528
  CipherBase(Environment* env, v8::Local<v8::Object> wrap, CipherKind kind);
529
530
 private:
531
  DeleteFnPtr<EVP_CIPHER_CTX, EVP_CIPHER_CTX_free> ctx_;
532
  const CipherKind kind_;
533
  AuthTagState auth_tag_state_;
534
  unsigned int auth_tag_len_;
535
  char auth_tag_[EVP_GCM_TLS_TAG_LEN];
536
  bool pending_auth_failed_;
537
  int max_message_size_;
538
};
539
540
328
class Hmac : public BaseObject {
541
 public:
542
  static void Initialize(Environment* env, v8::Local<v8::Object> target);
543
544
  // TODO(joyeecheung): track the memory used by OpenSSL types
545
  SET_NO_MEMORY_INFO()
546
  SET_MEMORY_INFO_NAME(Hmac)
547
  SET_SELF_SIZE(Hmac)
548
549
 protected:
550
  void HmacInit(const char* hash_type, const char* key, int key_len);
551
  bool HmacUpdate(const char* data, int len);
552
553
  static void New(const v8::FunctionCallbackInfo<v8::Value>& args);
554
  static void HmacInit(const v8::FunctionCallbackInfo<v8::Value>& args);
555
  static void HmacUpdate(const v8::FunctionCallbackInfo<v8::Value>& args);
556
  static void HmacDigest(const v8::FunctionCallbackInfo<v8::Value>& args);
557
558
  Hmac(Environment* env, v8::Local<v8::Object> wrap);
559
560
 private:
561
  DeleteFnPtr<HMAC_CTX, HMAC_CTX_free> ctx_;
562
};
563
564
class Hash final : public BaseObject {
565
 public:
566
  ~Hash() override;
567
568
  static void Initialize(Environment* env, v8::Local<v8::Object> target);
569
570
  // TODO(joyeecheung): track the memory used by OpenSSL types
571
  SET_NO_MEMORY_INFO()
572
  SET_MEMORY_INFO_NAME(Hash)
573
  SET_SELF_SIZE(Hash)
574
575
  bool HashInit(const EVP_MD* md, v8::Maybe<unsigned int> xof_md_len);
576
  bool HashUpdate(const char* data, int len);
577
578
 protected:
579
  static void New(const v8::FunctionCallbackInfo<v8::Value>& args);
580
  static void HashUpdate(const v8::FunctionCallbackInfo<v8::Value>& args);
581
  static void HashDigest(const v8::FunctionCallbackInfo<v8::Value>& args);
582
583
  Hash(Environment* env, v8::Local<v8::Object> wrap);
584
585
 private:
586
  EVPMDPointer mdctx_;
587
  bool has_md_;
588
  unsigned int md_len_;
589
  unsigned char* md_value_;
590
};
591
592
728
class SignBase : public BaseObject {
593
 public:
594
  typedef enum {
595
    kSignOk,
596
    kSignUnknownDigest,
597
    kSignInit,
598
    kSignNotInitialised,
599
    kSignUpdate,
600
    kSignPrivateKey,
601
    kSignPublicKey,
602
    kSignMalformedSignature
603
  } Error;
604
605
  SignBase(Environment* env, v8::Local<v8::Object> wrap);
606
607
  Error Init(const char* sign_type);
608
  Error Update(const char* data, int len);
609
610
  // TODO(joyeecheung): track the memory used by OpenSSL types
611
  SET_NO_MEMORY_INFO()
612
  SET_MEMORY_INFO_NAME(SignBase)
613
  SET_SELF_SIZE(SignBase)
614
615
 protected:
616
  void CheckThrow(Error error);
617
618
  EVPMDPointer mdctx_;
619
};
620
621
enum DSASigEnc {
622
  kSigEncDER, kSigEncP1363
623
};
624
625
278
class Sign : public SignBase {
626
 public:
627
  static void Initialize(Environment* env, v8::Local<v8::Object> target);
628
629
112
  struct SignResult {
630
    Error error;
631
    AllocatedBuffer signature;
632
633
112
    explicit SignResult(
634
        Error err,
635
        AllocatedBuffer&& sig = AllocatedBuffer())
636
112
      : error(err), signature(std::move(sig)) {}
637
  };
638
639
  SignResult SignFinal(
640
      const ManagedEVPPKey& pkey,
641
      int padding,
642
      const v8::Maybe<int>& saltlen,
643
      DSASigEnc dsa_sig_enc);
644
645
 protected:
646
  static void New(const v8::FunctionCallbackInfo<v8::Value>& args);
647
  static void SignInit(const v8::FunctionCallbackInfo<v8::Value>& args);
648
  static void SignUpdate(const v8::FunctionCallbackInfo<v8::Value>& args);
649
  static void SignFinal(const v8::FunctionCallbackInfo<v8::Value>& args);
650
651
  Sign(Environment* env, v8::Local<v8::Object> wrap);
652
};
653
654
1178
class Verify : public SignBase {
655
 public:
656
  static void Initialize(Environment* env, v8::Local<v8::Object> target);
657
658
  Error VerifyFinal(const ManagedEVPPKey& key,
659
                    const ByteSource& sig,
660
                    int padding,
661
                    const v8::Maybe<int>& saltlen,
662
                    bool* verify_result);
663
664
 protected:
665
  static void New(const v8::FunctionCallbackInfo<v8::Value>& args);
666
  static void VerifyInit(const v8::FunctionCallbackInfo<v8::Value>& args);
667
  static void VerifyUpdate(const v8::FunctionCallbackInfo<v8::Value>& args);
668
  static void VerifyFinal(const v8::FunctionCallbackInfo<v8::Value>& args);
669
670
  Verify(Environment* env, v8::Local<v8::Object> wrap);
671
};
672
673
class PublicKeyCipher {
674
 public:
675
  typedef int (*EVP_PKEY_cipher_init_t)(EVP_PKEY_CTX* ctx);
676
  typedef int (*EVP_PKEY_cipher_t)(EVP_PKEY_CTX* ctx,
677
                                   unsigned char* out, size_t* outlen,
678
                                   const unsigned char* in, size_t inlen);
679
680
  enum Operation {
681
    kPublic,
682
    kPrivate
683
  };
684
685
  template <Operation operation,
686
            EVP_PKEY_cipher_init_t EVP_PKEY_cipher_init,
687
            EVP_PKEY_cipher_t EVP_PKEY_cipher>
688
  static bool Cipher(Environment* env,
689
                     const ManagedEVPPKey& pkey,
690
                     int padding,
691
                     const EVP_MD* digest,
692
                     const void* oaep_label,
693
                     size_t oaep_label_size,
694
                     const unsigned char* data,
695
                     int len,
696
                     AllocatedBuffer* out);
697
698
  template <Operation operation,
699
            EVP_PKEY_cipher_init_t EVP_PKEY_cipher_init,
700
            EVP_PKEY_cipher_t EVP_PKEY_cipher>
701
  static void Cipher(const v8::FunctionCallbackInfo<v8::Value>& args);
702
};
703
704
112
class DiffieHellman : public BaseObject {
705
 public:
706
  static void Initialize(Environment* env, v8::Local<v8::Object> target);
707
708
  bool Init(int primeLength, int g);
709
  bool Init(const char* p, int p_len, int g);
710
  bool Init(const char* p, int p_len, const char* g, int g_len);
711
712
 protected:
713
  static void DiffieHellmanGroup(
714
      const v8::FunctionCallbackInfo<v8::Value>& args);
715
  static void New(const v8::FunctionCallbackInfo<v8::Value>& args);
716
  static void GenerateKeys(const v8::FunctionCallbackInfo<v8::Value>& args);
717
  static void GetPrime(const v8::FunctionCallbackInfo<v8::Value>& args);
718
  static void GetGenerator(const v8::FunctionCallbackInfo<v8::Value>& args);
719
  static void GetPublicKey(const v8::FunctionCallbackInfo<v8::Value>& args);
720
  static void GetPrivateKey(const v8::FunctionCallbackInfo<v8::Value>& args);
721
  static void ComputeSecret(const v8::FunctionCallbackInfo<v8::Value>& args);
722
  static void SetPublicKey(const v8::FunctionCallbackInfo<v8::Value>& args);
723
  static void SetPrivateKey(const v8::FunctionCallbackInfo<v8::Value>& args);
724
  static void VerifyErrorGetter(
725
      const v8::FunctionCallbackInfo<v8::Value>& args);
726
727
  DiffieHellman(Environment* env, v8::Local<v8::Object> wrap);
728
729
  // TODO(joyeecheung): track the memory used by OpenSSL types
730
  SET_NO_MEMORY_INFO()
731
  SET_MEMORY_INFO_NAME(DiffieHellman)
732
  SET_SELF_SIZE(DiffieHellman)
733
734
 private:
735
  static void GetField(const v8::FunctionCallbackInfo<v8::Value>& args,
736
                       const BIGNUM* (*get_field)(const DH*),
737
                       const char* err_if_null);
738
  static void SetKey(const v8::FunctionCallbackInfo<v8::Value>& args,
739
                     int (*set_field)(DH*, BIGNUM*), const char* what);
740
  bool VerifyContext();
741
742
  int verifyError_;
743
  DHPointer dh_;
744
};
745
746
class ECDH final : public BaseObject {
747
 public:
748
  ~ECDH() override;
749
750
  static void Initialize(Environment* env, v8::Local<v8::Object> target);
751
  static ECPointPointer BufferToPoint(Environment* env,
752
                                      const EC_GROUP* group,
753
                                      v8::Local<v8::Value> buf);
754
755
  // TODO(joyeecheung): track the memory used by OpenSSL types
756
  SET_NO_MEMORY_INFO()
757
  SET_MEMORY_INFO_NAME(ECDH)
758
  SET_SELF_SIZE(ECDH)
759
760
 protected:
761
  ECDH(Environment* env, v8::Local<v8::Object> wrap, ECKeyPointer&& key);
762
763
  static void New(const v8::FunctionCallbackInfo<v8::Value>& args);
764
  static void GenerateKeys(const v8::FunctionCallbackInfo<v8::Value>& args);
765
  static void ComputeSecret(const v8::FunctionCallbackInfo<v8::Value>& args);
766
  static void GetPrivateKey(const v8::FunctionCallbackInfo<v8::Value>& args);
767
  static void SetPrivateKey(const v8::FunctionCallbackInfo<v8::Value>& args);
768
  static void GetPublicKey(const v8::FunctionCallbackInfo<v8::Value>& args);
769
  static void SetPublicKey(const v8::FunctionCallbackInfo<v8::Value>& args);
770
771
  bool IsKeyPairValid();
772
  bool IsKeyValidForCurve(const BignumPointer& private_key);
773
774
  ECKeyPointer key_;
775
  const EC_GROUP* group_;
776
};
777
778
bool EntropySource(unsigned char* buffer, size_t length);
779
#ifndef OPENSSL_NO_ENGINE
780
void SetEngine(const v8::FunctionCallbackInfo<v8::Value>& args);
781
#endif  // !OPENSSL_NO_ENGINE
782
void InitCrypto(v8::Local<v8::Object> target);
783
784
void ThrowCryptoError(Environment* env,
785
                      unsigned long err,  // NOLINT(runtime/int)
786
                      const char* message = nullptr);
787
788
template <typename T>
789
334045
inline T* MallocOpenSSL(size_t count) {
790
334045
  void* mem = OPENSSL_malloc(MultiplyWithOverflowCheck(count, sizeof(T)));
791


334045
  CHECK_IMPLIES(mem == nullptr, count == 0);
792
334045
  return static_cast<T*>(mem);
793
}
794
795
}  // namespace crypto
796
}  // namespace node
797
798
#endif  // defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS
799
800
#endif  // SRC_NODE_CRYPTO_H_