From f30c7c49117e721f1699148ff3985fa3cf6be696 Mon Sep 17 00:00:00 2001 From: Sam Roberts Date: Thu, 15 Nov 2018 10:11:29 -0800 Subject: [PATCH] tls: include RSA bit size in X.509 public key info MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit For symmetricality with the EC public key info, and because its useful. PR-URL: https://github.com/nodejs/node/pull/24358 Reviewed-By: Ben Noordhuis Reviewed-By: Tobias Nießen --- doc/api/tls.md | 1 + src/node_crypto.cc | 4 ++++ test/parallel/test-tls-peer-certificate.js | 5 +++++ 3 files changed, 10 insertions(+) diff --git a/doc/api/tls.md b/doc/api/tls.md index 4c6d37224dbb62..1ea6c3799e8940 100644 --- a/doc/api/tls.md +++ b/doc/api/tls.md @@ -688,6 +688,7 @@ The certificate may contain information about the public key, depending on the key type. For RSA keys, the following properties may be defined: +* `bits` {number} The RSA bit size. Example: `1024`. * `exponent` {string} The RSA exponent, as a string in hexadecimal number notation. Example: `'0x010001'`. * `modulus` {string} The RSA modulus, as a hexadecimal string. Example: diff --git a/src/node_crypto.cc b/src/node_crypto.cc index 41565da1563805..1f8cdc2ef5a93e 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -1662,6 +1662,10 @@ static Local X509ToObject(Environment* env, X509* cert) { mem->length).ToLocalChecked()).FromJust(); USE(BIO_reset(bio.get())); + int bits = BN_num_bits(n); + info->Set(context, env->bits_string(), + Integer::New(env->isolate(), bits)).FromJust(); + uint64_t exponent_word = static_cast(BN_get_word(e)); uint32_t lo = static_cast(exponent_word); uint32_t hi = static_cast(exponent_word >> 32); diff --git a/test/parallel/test-tls-peer-certificate.js b/test/parallel/test-tls-peer-certificate.js index 2a48665e4d9357..523638d4a39649 100644 --- a/test/parallel/test-tls-peer-certificate.js +++ b/test/parallel/test-tls-peer-certificate.js @@ -55,6 +55,11 @@ connect({ assert.strictEqual(peerCert.subject.emailAddress, 'ry@tinyclouds.org'); assert.strictEqual(peerCert.serialNumber, 'ECC9B856270DA9A8'); assert.strictEqual(peerCert.exponent, '0x10001'); + assert.strictEqual(peerCert.bits, 1024); + // The conversion to bits is odd because modulus isn't a buffer, its a hex + // string. There are two hex chars for every byte of modulus, and 8 bits per + // byte. + assert.strictEqual(peerCert.modulus.length / 2 * 8, peerCert.bits); assert.strictEqual( peerCert.fingerprint, 'D7:FD:F6:42:92:A8:83:51:8E:80:48:62:66:DA:85:C2:EE:A6:A1:CD'