From 2879518d2e991d0bbdf868d6cff003803fd135c4 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Thu, 2 Jun 2022 10:41:00 +0200 Subject: [PATCH 1/2] crypto: remove Node.js-specific webcrypto extensions --- doc/api/webcrypto.md | 333 ++---------------- lib/internal/crypto/aes.js | 20 -- lib/internal/crypto/cfrg.js | 16 - lib/internal/crypto/diffiehellman.js | 221 ------------ lib/internal/crypto/dsa.js | 225 ------------ lib/internal/crypto/ec.js | 11 - lib/internal/crypto/hashnames.js | 6 - lib/internal/crypto/mac.js | 14 - lib/internal/crypto/rsa.js | 10 - lib/internal/crypto/scrypt.js | 44 --- lib/internal/crypto/util.js | 8 +- lib/internal/crypto/webcrypto.js | 73 +--- test/fixtures/crypto/dsa.js | 93 ----- test/parallel/test-crypto-key-objects.js | 23 -- .../test-webcrypto-derivebits-node-dh.js | 219 ------------ test/parallel/test-webcrypto-derivebits.js | 32 -- test/parallel/test-webcrypto-derivekey.js | 34 -- .../test-webcrypto-export-import-cfrg.js | 10 - .../test-webcrypto-export-import-dsa.js | 164 --------- .../test-webcrypto-export-import-ec.js | 10 - .../test-webcrypto-export-import-rsa.js | 10 - test/parallel/test-webcrypto-export-import.js | 7 - test/parallel/test-webcrypto-keygen.js | 132 ------- .../test-webcrypto-sign-verify-node-dsa.js | 220 ------------ tools/doc/type-parser.mjs | 6 - 25 files changed, 40 insertions(+), 1901 deletions(-) delete mode 100644 lib/internal/crypto/dsa.js delete mode 100644 test/fixtures/crypto/dsa.js delete mode 100644 test/parallel/test-webcrypto-derivebits-node-dh.js delete mode 100644 test/parallel/test-webcrypto-export-import-dsa.js delete mode 100644 test/parallel/test-webcrypto-sign-verify-node-dsa.js diff --git a/doc/api/webcrypto.md b/doc/api/webcrypto.md index 8973ce9d820545..0771f4a378a3ab 100644 --- a/doc/api/webcrypto.md +++ b/doc/api/webcrypto.md @@ -2,6 +2,13 @@ -* Type: {AesKeyGenParams|RsaHashedKeyGenParams|EcKeyGenParams|HmacKeyGenParams|NodeDsaKeyGenParams|NodeDhKeyGenParams} +* Type: {AesKeyGenParams|RsaHashedKeyGenParams|EcKeyGenParams|HmacKeyGenParams} @@ -477,20 +482,17 @@ Valid key usages depend on the key algorithm (identified by | `'AES-GCM'` | ✔ | ✔ | | | | | ✔ | ✔ | | `'AES-KW'` | | | | | | | ✔ | ✔ | | `'ECDH'` | | | | | ✔ | ✔ | | | -| `'X25519'`[^2] | | | | | ✔ | ✔ | | | -| `'X448'`[^2] | | | | | ✔ | ✔ | | | +| `'X25519'`[^1] | | | | | ✔ | ✔ | | | +| `'X448'`[^1] | | | | | ✔ | ✔ | | | | `'ECDSA'` | | | ✔ | ✔ | | | | | -| `'Ed25519'`[^2] | | | ✔ | ✔ | | | | | -| `'Ed448'`[^2] | | | ✔ | ✔ | | | | | +| `'Ed25519'`[^1] | | | ✔ | ✔ | | | | | +| `'Ed448'`[^1] | | | ✔ | ✔ | | | | | | `'HDKF'` | | | | | ✔ | ✔ | | | | `'HMAC'` | | | ✔ | ✔ | | | | | | `'PBKDF2'` | | | | | ✔ | ✔ | | | | `'RSA-OAEP'` | ✔ | ✔ | | | | | ✔ | ✔ | | `'RSA-PSS'` | | | ✔ | ✔ | | | | | | `'RSASSA-PKCS1-v1_5'` | | | ✔ | ✔ | | | | | -| `'NODE-DSA'`[^1] | | | ✔ | ✔ | | | | | -| `'NODE-DH'`[^1] | | | | | ✔ | ✔ | | | -| `'NODE-SCRYPT'`[^1] | | | | | ✔ | ✔ | | | ## Class: `CryptoKeyPair` @@ -558,7 +560,7 @@ changes: -* `algorithm`: {AlgorithmIdentifier|EcdhKeyDeriveParams|HkdfParams|Pbkdf2Params|NodeDhDeriveBitsParams|NodeScryptParams} +* `algorithm`: {AlgorithmIdentifier|EcdhKeyDeriveParams|HkdfParams|Pbkdf2Params} * `baseKey`: {CryptoKey} * `length`: {number} * Returns: {Promise} containing {ArrayBuffer} @@ -576,8 +578,6 @@ The algorithms currently supported include: * `'ECDH'` * `'HKDF'` * `'PBKDF2'` -* `'NODE-DH'`[^1] -* `'NODE-SCRYPT'`[^1] ### `subtle.deriveKey(algorithm, baseKey, derivedKeyAlgorithm, extractable, keyUsages)` @@ -591,7 +591,7 @@ changes: -* `algorithm`: {AlgorithmIdentifier|EcdhKeyDeriveParams|HkdfParams|Pbkdf2Params|NodeDhDeriveBitsParams|NodeScryptParams} +* `algorithm`: {AlgorithmIdentifier|EcdhKeyDeriveParams|HkdfParams|Pbkdf2Params} * `baseKey`: {CryptoKey} * `derivedKeyAlgorithm`: {HmacKeyGenParams|AesKeyGenParams} * `extractable`: {boolean} @@ -614,8 +614,6 @@ The algorithms currently supported include: * `'ECDH'` * `'HKDF'` * `'PBKDF2'` -* `'NODE-DH'`[^1] -* '`NODE-SCRYPT'`[^1] ### `subtle.digest(algorithm, data)` @@ -677,11 +675,9 @@ changes: description: Removed `'NODE-DSA'` JWK export. --> -* `format`: {string} Must be one of `'raw'`, `'pkcs8'`, `'spki'`, `'jwk'`, or - `'node.keyObject'`. +* `format`: {string} Must be one of `'raw'`, `'pkcs8'`, `'spki'`, or `'jwk'`. * `key`: {CryptoKey} -* Returns: {Promise} containing {ArrayBuffer}, or, if `format` is - `'node.keyObject'`, a {KeyObject}. +* Returns: {Promise} containing {ArrayBuffer}. Exports the given key into the specified format, if supported. @@ -695,9 +691,6 @@ When `format` is `'jwk'` and the export is successful, the returned promise will be resolved with a JavaScript object conforming to the [JSON Web Key][] specification. -The special `'node.keyObject'` value for `format` is a Node.js-specific -extension that allows converting a {CryptoKey} into a Node.js {KeyObject}. - | Key Type | `'spki'` | `'pkcs8'` | `'jwk'` | `'raw'` | | --------------------- | -------- | --------- | ------- | ------- | | `'AES-CBC'` | | | ✔ | ✔ | @@ -706,17 +699,14 @@ extension that allows converting a {CryptoKey} into a Node.js {KeyObject}. | `'AES-KW'` | | | ✔ | ✔ | | `'ECDH'` | ✔ | ✔ | ✔ | ✔ | | `'ECDSA'` | ✔ | ✔ | ✔ | ✔ | -| `'Ed25519'`[^2] | ✔ | ✔ | ✔ | ✔ | -| `'Ed448'`[^2] | ✔ | ✔ | ✔ | ✔ | +| `'Ed25519'`[^1] | ✔ | ✔ | ✔ | ✔ | +| `'Ed448'`[^1] | ✔ | ✔ | ✔ | ✔ | | `'HDKF'` | | | | | | `'HMAC'` | | | ✔ | ✔ | | `'PBKDF2'` | | | | | | `'RSA-OAEP'` | ✔ | ✔ | ✔ | | | `'RSA-PSS'` | ✔ | ✔ | ✔ | | | `'RSASSA-PKCS1-v1_5'` | ✔ | ✔ | ✔ | | -| `'NODE-DSA'`[^1] | ✔ | ✔ | | | -| `'NODE-DH'`[^1] | ✔ | ✔ | | | -| `'NODE-SCRYPT'`[^1] | | | | | ### `subtle.generateKey(algorithm, extractable, keyUsages)` @@ -726,7 +716,7 @@ added: v15.0.0 -* `algorithm`: {AlgorithmIdentifier|RsaHashedKeyGenParams|EcKeyGenParams|HmacKeyGenParams|AesKeyGenParams|NodeDsaKeyGenParams|NodeDhKeyGenParams} +* `algorithm`: {AlgorithmIdentifier|RsaHashedKeyGenParams|EcKeyGenParams|HmacKeyGenParams|AesKeyGenParams} @@ -745,13 +735,11 @@ include: * `'RSA-PSS'` * `'RSA-OAEP'` * `'ECDSA'` -* `'Ed25519'`[^2] -* `'Ed448'`[^2] +* `'Ed25519'`[^1] +* `'Ed448'`[^1] * `'ECDH'` -* `'X25519'`[^2] -* `'X448'`[^2] -* `'NODE-DSA'`[^1] -* `'NODE-DH'`[^1] +* `'X25519'`[^1] +* `'X448'`[^1] The {CryptoKey} (secret key) generating algorithms supported include: @@ -775,13 +763,12 @@ changes: description: Removed `'NODE-DSA'` JWK import. --> -* `format`: {string} Must be one of `'raw'`, `'pkcs8'`, `'spki'`, `'jwk'`, or - `'node.keyObject'`. +* `format`: {string} Must be one of `'raw'`, `'pkcs8'`, `'spki'`, or `'jwk'`. * `keyData`: {ArrayBuffer|TypedArray|DataView|Buffer|KeyObject} -* `algorithm`: {AlgorithmIdentifier|RsaHashedImportParams|EcKeyImportParams|HmacImportParams|NodeDsaImportParams} +* `algorithm`: {AlgorithmIdentifier|RsaHashedImportParams|EcKeyImportParams|HmacImportParams} @@ -794,9 +781,6 @@ as the given `format` to create a {CryptoKey} instance using the provided `algorithm`, `extractable`, and `keyUsages` arguments. If the import is successful, the returned promise will be resolved with the created {CryptoKey}. -The special `'node.keyObject'` value for `format` is a Node.js-specific -extension that allows converting a Node.js {KeyObject} into a {CryptoKey}. - If importing a `'PBKDF2'` key, `extractable` must be `false`. The algorithms currently supported include: @@ -808,20 +792,17 @@ The algorithms currently supported include: | `'AES-GCM'` | | | ✔ | ✔ | | `'AES-KW'` | | | ✔ | ✔ | | `'ECDH'` | ✔ | ✔ | ✔ | ✔ | -| `'X25519'`[^2] | ✔ | ✔ | ✔ | ✔ | -| `'X448'`[^2] | ✔ | ✔ | ✔ | ✔ | +| `'X25519'`[^1] | ✔ | ✔ | ✔ | ✔ | +| `'X448'`[^1] | ✔ | ✔ | ✔ | ✔ | | `'ECDSA'` | ✔ | ✔ | ✔ | ✔ | -| `'Ed25519'`[^2] | ✔ | ✔ | ✔ | ✔ | -| `'Ed448'`[^2] | ✔ | ✔ | ✔ | ✔ | +| `'Ed25519'`[^1] | ✔ | ✔ | ✔ | ✔ | +| `'Ed448'`[^1] | ✔ | ✔ | ✔ | ✔ | | `'HDKF'` | | | | ✔ | | `'HMAC'` | | | ✔ | ✔ | | `'PBKDF2'` | | | | ✔ | | `'RSA-OAEP'` | ✔ | ✔ | ✔ | | | `'RSA-PSS'` | ✔ | ✔ | ✔ | | | `'RSASSA-PKCS1-v1_5'` | ✔ | ✔ | ✔ | | -| `'NODE-DSA'`[^1] | ✔ | ✔ | | | -| `'NODE-DH'`[^1] | ✔ | ✔ | | | -| `'NODE-SCRYPT'`[^1] | | | | ✔ | ### `subtle.sign(algorithm, key, data)` @@ -852,10 +833,9 @@ The algorithms currently supported include: * `'RSASSA-PKCS1-v1_5'` * `'RSA-PSS'` * `'ECDSA'` -* `'Ed25519'`[^2] -* `'Ed448'`[^2] +* `'Ed25519'`[^1] +* `'Ed448'`[^1] * `'HMAC'` -* `'NODE-DSA'`[^1] ### `subtle.unwrapKey(format, wrappedKey, unwrappingKey, unwrapAlgo, unwrappedKeyAlgo, extractable, keyUsages)` @@ -907,8 +887,6 @@ The unwrapped key algorithms supported include: * `'AES-CBC'` * `'AES-GCM'` * `'AES-KW'` -* `'NODE-DSA'`[^1] -* `'NODE-DH'`[^1] ### `subtle.verify(algorithm, key, signature, data)` @@ -940,10 +918,9 @@ The algorithms currently supported include: * `'RSASSA-PKCS1-v1_5'` * `'RSA-PSS'` * `'ECDSA'` -* `'Ed25519'`[^2] -* `'Ed448'`[^2] +* `'Ed25519'`[^1] +* `'Ed448'`[^1] * `'HMAC'` -* `'NODE-DSA'`[^1] ### `subtle.wrapKey(format, key, wrappingKey, wrapAlgo)` @@ -1606,241 +1583,7 @@ added: v15.0.0 The length (in bytes) of the random salt to use. -## Node.js-specific extensions - -The Node.js Web Crypto API extends various aspects of the Web Crypto API. -These extensions are consistently identified by prepending names with the -`node.` prefix. For instance, the `'node.keyObject'` key format can be -used with the `subtle.exportKey()` and `subtle.importKey()` methods to -convert between a WebCrypto {CryptoKey} object and a Node.js {KeyObject}. - -Care should be taken when using Node.js-specific extensions as they are -not supported by other WebCrypto implementations and reduce the portability -of code to other environments. - -### `NODE-DH` Algorithm - - - -The `NODE-DH` algorithm is the common implementation of Diffie-Hellman -key agreement. - -#### Class: `NodeDhKeyGenParams` - - - -##### `nodeDhKeyGenParams.generator` - - - -* Type: {number} A custom generator. - -##### `nodeDhKeyGenParams.group` - - - -* Type: {string} The Diffie-Hellman group name. - -##### `nodeDhKeyGenParams.prime` - - - -* Type: {Buffer} The prime parameter. - -##### `nodeDhKeyGenParams.primeLength` - - - -* Type: {number} The length in bits of the prime. - -#### Class: NodeDhDeriveBitsParams - - - -##### `nodeDhDeriveBitsParams.public` - - - -* Type: {CryptoKey} The other parties public key. - -### `NODE-DSA` Algorithm - - - -The `NODE-DSA` algorithm is the common implementation of the DSA digital -signature algorithm. - -#### Class: `NodeDsaImportParams` - - - -##### `nodeDsaImportParams.hash` - - - -* Type: {string|Object} - -If represented as a {string}, the value must be one of: - -* `'SHA-1'` -* `'SHA-256'` -* `'SHA-384'` -* `'SHA-512'` - -If represented as an {Object}, the object must have a `name` property -whose value is one of the above listed values. - -##### `nodeDsaImportParams.name` - - - -* Type: {string} Must be `'NODE-DSA'`. - -#### Class: `NodeDsaKeyGenParams` - - - -##### `nodeDsaKeyGenParams.divisorLength` - - - -* Type: {number} - -The optional length in bits of the DSA divisor. - -##### `nodeDsaKeyGenParams.hash` - - - -* Type: {string|Object} - -If represented as a {string}, the value must be one of: - -* `'SHA-1'` -* `'SHA-256'` -* `'SHA-384'` -* `'SHA-512'` - -If represented as an {Object}, the object must have a `name` property -whose value is one of the above listed values. - -##### `nodeDsaKeyGenParams.modulusLength` - - - -* Type: {number} - -The length in bits of the DSA modulus. As a best practice, this should be -at least `2048`. - -##### `nodeDsaKeyGenParams.name` - - - -* Type: {string} Must be `'NODE-DSA'`. - -### `NODE-SCRYPT` Algorithm - - - -The `NODE-SCRYPT` algorithm is the common implementation of the scrypt key -derivation algorithm. - -#### Class: `NodeScryptParams` - - - -##### `nodeScryptParams.encoding` - - - -* Type: {string} The string encoding when `salt` is a string. - -##### `nodeScryptParams.maxmem` - - - -* Type: {number} Memory upper bound. It is an error when (approximately) - `127 * N * r > maxmem`. **Default:** `32 * 1024 * 1024`. - -##### `nodeScryptParams.N` - - - -* Type: {number} The CPU/memory cost parameter. Must e a power of two - greater than 1. **Default:** `16384`. - -##### `nodeScryptParams.p` - - - -* Type: {number} Parallelization parameter. **Default:** `1`. - -##### `nodeScryptParams.r` - - - -* Type: {number} Block size parameter. **Default:** `8`. - -##### `nodeScryptParams.salt` - - - -* Type: {string|ArrayBuffer|Buffer|TypedArray|DataView} - -[^1]: Non-standard Node.js-specific extension - -[^2]: An experimental implementation of +[^1]: An experimental implementation of [Secure Curves in the Web Cryptography API][] as of 05 May 2022 [JSON Web Key]: https://tools.ietf.org/html/rfc7517 diff --git a/lib/internal/crypto/aes.js b/lib/internal/crypto/aes.js index 9136913b7b9d14..2c74a49139a70a 100644 --- a/lib/internal/crypto/aes.js +++ b/lib/internal/crypto/aes.js @@ -50,17 +50,10 @@ const { const { PromiseReject } = primordials; -const { - codes: { - ERR_INVALID_ARG_TYPE, - } -} = require('internal/errors'); - const { InternalCryptoKey, SecretKeyObject, createSecretKey, - isKeyObject, } = require('internal/crypto/keys'); const { @@ -283,19 +276,6 @@ async function aesImportKey( let keyObject; let length; switch (format) { - case 'node.keyObject': { - if (!isKeyObject(keyData)) - throw new ERR_INVALID_ARG_TYPE('keyData', 'KeyObject', keyData); - - if (keyData.type !== 'secret') { - throw lazyDOMException( - `Unable to import AES key with format ${format}`, - 'NotSupportedError'); - } - - keyObject = keyData; - break; - } case 'raw': { validateKeyLength(keyData.byteLength * 8); keyObject = createSecretKey(keyData); diff --git a/lib/internal/crypto/cfrg.js b/lib/internal/crypto/cfrg.js index 041f2d824a79bf..826610a5fd6b8e 100644 --- a/lib/internal/crypto/cfrg.js +++ b/lib/internal/crypto/cfrg.js @@ -18,12 +18,6 @@ const { kSignJobModeVerify, } = internalBinding('crypto'); -const { - codes: { - ERR_INVALID_ARG_TYPE, - }, -} = require('internal/errors'); - const { getArrayBufferOrView, getUsagesUnion, @@ -49,7 +43,6 @@ const { PublicKeyObject, createPrivateKey, createPublicKey, - isKeyObject, } = require('internal/crypto/keys'); function verifyAcceptableCfrgKeyUse(name, type, usages) { @@ -226,15 +219,6 @@ async function cfrgImportKey( let keyObject; const usagesSet = new SafeSet(keyUsages); switch (format) { - case 'node.keyObject': { - if (!isKeyObject(keyData)) - throw new ERR_INVALID_ARG_TYPE('keyData', 'KeyObject', keyData); - if (keyData.type === 'secret') - throw lazyDOMException('Invalid key type', 'InvalidAccessException'); - verifyAcceptableCfrgKeyUse(name, keyData.type, usagesSet); - keyObject = keyData; - break; - } case 'spki': { verifyAcceptableCfrgKeyUse(name, 'public', usagesSet); keyObject = createPublicKey({ diff --git a/lib/internal/crypto/diffiehellman.js b/lib/internal/crypto/diffiehellman.js index b0dad2db233f52..85f2be16007c74 100644 --- a/lib/internal/crypto/diffiehellman.js +++ b/lib/internal/crypto/diffiehellman.js @@ -12,8 +12,6 @@ const { const { Buffer } = require('buffer'); const { - DHBitsJob, - DHKeyExportJob, DiffieHellman: _DiffieHellman, DiffieHellmanGroup: _DiffieHellmanGroup, ECDH: _ECDH, @@ -53,23 +51,12 @@ const { const { KeyObject, - InternalCryptoKey, - createPrivateKey, - createPublicKey, isCryptoKey, - isKeyObject, } = require('internal/crypto/keys'); -const { - generateKeyPair, -} = require('internal/crypto/keygen'); - const { getArrayBufferOrView, getDefaultEncoding, - getUsagesUnion, - hasAnyNotIn, - jobPromise, toBuf, kHandle, kKeyObject, @@ -345,89 +332,6 @@ function deriveBitsECDH(name, publicKey, privateKey, callback) { job.run(); } -// The deriveBitsDH function is part of the Web Crypto API and serves both -// deriveKeys and deriveBits functions. -function deriveBitsDH(publicKey, privateKey, callback) { - validateObject(publicKey, 'publicKey'); - validateObject(privateKey, 'privateKey'); - validateFunction(callback, 'callback'); - const job = new DHBitsJob(kCryptoJobAsync, publicKey, privateKey); - job.ondone = (error, bits) => { - if (error) return FunctionPrototypeCall(callback, job, error); - FunctionPrototypeCall(callback, job, null, bits); - }; - job.run(); -} - -function verifyAcceptableDhKeyUse(name, type, usages) { - let checkSet; - switch (type) { - case 'private': - checkSet = ['deriveBits', 'deriveKey']; - break; - case 'public': - checkSet = []; - break; - } - if (hasAnyNotIn(usages, checkSet)) { - throw lazyDOMException( - `Unsupported key usage for an ${name} key`, - 'SyntaxError'); - } -} - -async function dhGenerateKey( - algorithm, - extractable, - keyUsages) { - const usageSet = new SafeSet(keyUsages); - - if (hasAnyNotIn(usageSet, ['deriveKey', 'deriveBits'])) { - throw lazyDOMException( - 'Unsupported key usage for a DH key', - 'SyntaxError'); - } - - const { - name, - primeLength, - generator, - group - } = algorithm; - let { prime } = algorithm; - - if (prime !== undefined) - prime = getArrayBufferOrView(prime); - - return new Promise((resolve, reject) => { - generateKeyPair('dh', { - prime, - primeLength, - generator, - group, - }, (err, pubKey, privKey) => { - if (err) { - return reject(lazyDOMException( - 'The operation failed for an operation-specific reason', - 'OperationError')); - } - - const algorithm = { name, prime, primeLength, generator, group }; - - const publicKey = new InternalCryptoKey(pubKey, algorithm, [], true); - - const privateKey = - new InternalCryptoKey( - privKey, - algorithm, - getUsagesUnion(usageSet, 'deriveBits', 'deriveKey'), - extractable); - - resolve({ publicKey, privateKey }); - }); - }); -} - async function asyncDeriveBitsECDH(algorithm, baseKey, length) { const { 'public': key } = algorithm; @@ -498,136 +402,11 @@ async function asyncDeriveBitsECDH(algorithm, baseKey, length) { ArrayBufferPrototypeSlice(bits, 0, length); } -async function asyncDeriveBitsDH(algorithm, baseKey, length) { - const { 'public': key } = algorithm; - // Null has a specific meaning for DH - if (length !== null) - validateUint32(length, 'length'); - if (!isCryptoKey(key)) - throw new ERR_INVALID_ARG_TYPE('algorithm.public', 'CryptoKey', key); - - if (key.type !== 'public') { - throw lazyDOMException( - 'algorithm.public must be a public key', 'InvalidAccessError'); - } - if (baseKey.type !== 'private') { - throw lazyDOMException( - 'baseKey must be a private key', 'InvalidAccessError'); - } - - if (key.algorithm.name !== 'NODE-DH') - throw lazyDOMException('Keys must be DH keys', 'InvalidAccessError'); - - if (key.algorithm.name !== baseKey.algorithm.name) { - throw lazyDOMException( - 'The public and private keys must be of the same type', - 'InvalidAccessError'); - } - - const bits = await new Promise((resolve, reject) => { - deriveBitsDH( - key[kKeyObject][kHandle], - baseKey[kKeyObject][kHandle], (err, bits) => { - if (err) return reject(err); - resolve(bits); - }); - }); - - // If a length is not specified, return the full derived secret - if (length === null) - return bits; - - // If the length is not a multiple of 8, it will be truncated - // down to the nearest multiple of 8. - length = MathFloor(length / 8); - const { byteLength } = bits; - - // If the length is larger than the derived secret, throw. - // Otherwise, we either return the secret or a truncated - // slice. - if (byteLength < length) - throw lazyDOMException('derived bit length is too small', 'OperationError'); - - return length === byteLength ? - bits : - ArrayBufferPrototypeSlice(bits, 0, length); -} - -function dhExportKey(key, format) { - return jobPromise(new DHKeyExportJob( - kCryptoJobAsync, - format, - key[kKeyObject][kHandle])); -} - -async function dhImportKey( - format, - keyData, - algorithm, - extractable, - keyUsages) { - const usagesSet = new SafeSet(keyUsages); - let keyObject; - switch (format) { - case 'node.keyObject': { - if (!isKeyObject(keyData)) - throw new ERR_INVALID_ARG_TYPE('keyData', 'KeyObject', keyData); - if (keyData.type === 'secret') - throw lazyDOMException('Invalid key type', 'InvalidAccessException'); - verifyAcceptableDhKeyUse(algorithm.name, keyData.type, usagesSet); - keyObject = keyData; - break; - } - case 'spki': { - verifyAcceptableDhKeyUse(algorithm.name, 'public', usagesSet); - keyObject = createPublicKey({ - key: keyData, - format: 'der', - type: 'spki' - }); - break; - } - case 'pkcs8': { - verifyAcceptableDhKeyUse(algorithm.name, 'private', usagesSet); - keyObject = createPrivateKey({ - key: keyData, - format: 'der', - type: 'pkcs8' - }); - break; - } - default: - throw lazyDOMException( - `Unable to import DH key with format ${format}`, - 'NotSupportedError'); - } - - const { - prime, - primeLength, - generator, - group, - } = keyObject[kHandle].keyDetail({}); - - return new InternalCryptoKey(keyObject, { - name: algorithm.name, - prime, - primeLength, - generator, - group, - }, keyUsages, extractable); -} - module.exports = { DiffieHellman, DiffieHellmanGroup, ECDH, diffieHellman, deriveBitsECDH, - deriveBitsDH, - dhGenerateKey, asyncDeriveBitsECDH, - asyncDeriveBitsDH, - dhExportKey, - dhImportKey, }; diff --git a/lib/internal/crypto/dsa.js b/lib/internal/crypto/dsa.js deleted file mode 100644 index faaf7d6b889c07..00000000000000 --- a/lib/internal/crypto/dsa.js +++ /dev/null @@ -1,225 +0,0 @@ -'use strict'; - -const { - Promise, - SafeSet, -} = primordials; - -const { - DSAKeyExportJob, - SignJob, - kCryptoJobAsync, - kSigEncDER, - kSignJobModeSign, - kSignJobModeVerify, -} = internalBinding('crypto'); - -const { - codes: { - ERR_INVALID_ARG_TYPE, - ERR_MISSING_OPTION, - } -} = require('internal/errors'); - -const { - validateUint32, -} = require('internal/validators'); - -const { - InternalCryptoKey, - createPrivateKey, - createPublicKey, - isKeyObject, -} = require('internal/crypto/keys'); - -const { - generateKeyPair, -} = require('internal/crypto/keygen'); - -const { - getUsagesUnion, - hasAnyNotIn, - jobPromise, - normalizeHashName, - kKeyObject, - kHandle, -} = require('internal/crypto/util'); - -const { - lazyDOMException, -} = require('internal/util'); - -function verifyAcceptableDsaKeyUse(name, type, usages) { - let checkSet; - switch (type) { - case 'private': - checkSet = ['sign']; - break; - case 'public': - checkSet = ['verify']; - break; - } - if (hasAnyNotIn(usages, checkSet)) { - throw lazyDOMException( - `Unsupported key usage for an ${name} key`, - 'SyntaxError'); - } -} - -async function dsaGenerateKey( - algorithm, - extractable, - keyUsages) { - const { - name, - modulusLength, - divisorLength, - hash - } = algorithm; - - if (hash === undefined) - throw new ERR_MISSING_OPTION('algorithm.hash'); - validateUint32(modulusLength, 'algorithm.modulusLength'); - - const usageSet = new SafeSet(keyUsages); - - if (hasAnyNotIn(usageSet, ['sign', 'verify'])) { - throw lazyDOMException( - 'Unsupported key usage for a DSA key', - 'SyntaxError'); - } - - return new Promise((resolve, reject) => { - generateKeyPair('dsa', { - modulusLength, - divisorLength, - }, (err, pubKey, privKey) => { - if (err) { - return reject(lazyDOMException( - 'The operation failed for an operation-specific reason', - 'OperationError')); - } - - const algorithm = { - name, - modulusLength, - divisorLength, - hash: { name: hash.name } - }; - - const publicKey = - new InternalCryptoKey( - pubKey, - algorithm, - getUsagesUnion(usageSet, 'verify'), - true); - - const privateKey = - new InternalCryptoKey( - privKey, - algorithm, - getUsagesUnion(usageSet, 'sign'), - extractable); - - resolve({ publicKey, privateKey }); - }); - }); -} - -function dsaExportKey(key, format) { - return jobPromise(new DSAKeyExportJob( - kCryptoJobAsync, - format, - key[kKeyObject][kHandle])); -} - -async function dsaImportKey( - format, - keyData, - algorithm, - extractable, - keyUsages) { - const { hash } = algorithm; - if (hash === undefined) - throw new ERR_MISSING_OPTION('algorithm.hash'); - - const usagesSet = new SafeSet(keyUsages); - let keyObject; - switch (format) { - case 'node.keyObject': { - if (!isKeyObject(keyData)) - throw new ERR_INVALID_ARG_TYPE('keyData', 'KeyObject', keyData); - if (keyData.type === 'secret') - throw lazyDOMException('Invalid key type', 'InvalidAccessException'); - verifyAcceptableDsaKeyUse(algorithm.name, keyData.type, usagesSet); - keyObject = keyData; - break; - } - case 'spki': { - verifyAcceptableDsaKeyUse(algorithm.name, 'public', usagesSet); - keyObject = createPublicKey({ - key: keyData, - format: 'der', - type: 'spki' - }); - break; - } - case 'pkcs8': { - verifyAcceptableDsaKeyUse(algorithm.name, 'private', usagesSet); - keyObject = createPrivateKey({ - key: keyData, - format: 'der', - type: 'pkcs8' - }); - break; - } - default: - throw lazyDOMException( - `Unable to import DSA key with format ${format}`, - 'NotSupportedError'); - } - - if (keyObject.asymmetricKeyType !== 'dsa') - throw lazyDOMException('Invalid key type', 'DataError'); - - const { - modulusLength, - divisorLength, - } = keyObject[kHandle].keyDetail({}); - - return new InternalCryptoKey(keyObject, { - name: algorithm.name, - modulusLength, - divisorLength, - hash: algorithm.hash - }, keyUsages, extractable); -} - -function dsaSignVerify(key, data, algorithm, signature) { - const mode = signature === undefined ? kSignJobModeSign : kSignJobModeVerify; - const type = mode === kSignJobModeSign ? 'private' : 'public'; - - if (key.type !== type) - throw lazyDOMException(`Key must be a ${type} key`, 'InvalidAccessError'); - - return jobPromise(new SignJob( - kCryptoJobAsync, - signature === undefined ? kSignJobModeSign : kSignJobModeVerify, - key[kKeyObject][kHandle], - undefined, - undefined, - undefined, - data, - normalizeHashName(key.algorithm.hash.name), - undefined, // Salt-length is not used in DSA - undefined, // Padding is not used in DSA - kSigEncDER, - signature)); -} - -module.exports = { - dsaExportKey, - dsaGenerateKey, - dsaImportKey, - dsaSignVerify, -}; diff --git a/lib/internal/crypto/ec.js b/lib/internal/crypto/ec.js index f7614b8f5d78d4..980c0f57cb046e 100644 --- a/lib/internal/crypto/ec.js +++ b/lib/internal/crypto/ec.js @@ -24,7 +24,6 @@ const { const { codes: { - ERR_INVALID_ARG_TYPE, ERR_MISSING_OPTION, } } = require('internal/errors'); @@ -55,7 +54,6 @@ const { PublicKeyObject, createPrivateKey, createPublicKey, - isKeyObject, } = require('internal/crypto/keys'); function verifyAcceptableEcKeyUse(name, type, usages) { @@ -178,15 +176,6 @@ async function ecImportKey( let keyObject; const usagesSet = new SafeSet(keyUsages); switch (format) { - case 'node.keyObject': { - if (!isKeyObject(keyData)) - throw new ERR_INVALID_ARG_TYPE('keyData', 'KeyObject', keyData); - if (keyData.type === 'secret') - throw lazyDOMException('Invalid key type', 'InvalidAccessException'); - verifyAcceptableEcKeyUse(name, keyData.type, usagesSet); - keyObject = keyData; - break; - } case 'spki': { verifyAcceptableEcKeyUse(name, 'public', usagesSet); keyObject = createPublicKey({ diff --git a/lib/internal/crypto/hashnames.js b/lib/internal/crypto/hashnames.js index be5064532c86c9..5c0051e0a8f563 100644 --- a/lib/internal/crypto/hashnames.js +++ b/lib/internal/crypto/hashnames.js @@ -11,7 +11,6 @@ const kHashContextJwkRsa = 3; const kHashContextJwkRsaPss = 4; const kHashContextJwkRsaOaep = 5; const kHashContextJwkHmac = 6; -const kHashContextJwkDsa = 7; // WebCrypto and JWK use a bunch of different names for the // standard set of SHA-* digest algorithms... which is ... fun. @@ -26,7 +25,6 @@ const kHashNames = { [kHashContextJwkRsaPss]: 'PS1', [kHashContextJwkRsaOaep]: 'RSA-OAEP', [kHashContextJwkHmac]: 'HS1', - [kHashContextJwkDsa]: 'NODE-DSA-SHA-1', }, sha256: { [kHashContextNode]: 'sha256', @@ -35,7 +33,6 @@ const kHashNames = { [kHashContextJwkRsaPss]: 'PS256', [kHashContextJwkRsaOaep]: 'RSA-OAEP-256', [kHashContextJwkHmac]: 'HS256', - [kHashContextJwkDsa]: 'NODE-DSA-SHA-256', }, sha384: { [kHashContextNode]: 'sha384', @@ -44,7 +41,6 @@ const kHashNames = { [kHashContextJwkRsaPss]: 'PS384', [kHashContextJwkRsaOaep]: 'RSA-OAEP-384', [kHashContextJwkHmac]: 'HS384', - [kHashContextJwkDsa]: 'NODE-DSA-SHA-384', }, sha512: { [kHashContextNode]: 'sha512', @@ -53,7 +49,6 @@ const kHashNames = { [kHashContextJwkRsaPss]: 'PS512', [kHashContextJwkRsaOaep]: 'RSA-OAEP-512', [kHashContextJwkHmac]: 'HS512', - [kHashContextJwkDsa]: 'NODE-DSA-SHA-512', } }; @@ -85,6 +80,5 @@ normalizeHashName.kContextJwkRsa = kHashContextJwkRsa; normalizeHashName.kContextJwkRsaPss = kHashContextJwkRsaPss; normalizeHashName.kContextJwkRsaOaep = kHashContextJwkRsaOaep; normalizeHashName.kContextJwkHmac = kHashContextJwkHmac; -normalizeHashName.kContextJwkDsa = kHashContextJwkDsa; module.exports = normalizeHashName; diff --git a/lib/internal/crypto/mac.js b/lib/internal/crypto/mac.js index 61fcc88a923dad..3054f66b27d4f2 100644 --- a/lib/internal/crypto/mac.js +++ b/lib/internal/crypto/mac.js @@ -32,7 +32,6 @@ const { const { codes: { ERR_MISSING_OPTION, - ERR_INVALID_ARG_TYPE, } } = require('internal/errors'); @@ -44,7 +43,6 @@ const { InternalCryptoKey, SecretKeyObject, createSecretKey, - isKeyObject, } = require('internal/crypto/keys'); async function hmacGenerateKey(algorithm, extractable, keyUsages) { @@ -99,18 +97,6 @@ async function hmacImportKey( } let keyObject; switch (format) { - case 'node.keyObject': { - if (!isKeyObject(keyData)) - throw new ERR_INVALID_ARG_TYPE('keyData', 'KeyObject', keyData); - - if (keyData.type !== 'secret') { - throw lazyDOMException( - `Unable to import HMAC key with format ${format}`); - } - - keyObject = keyData; - break; - } case 'raw': { const checkLength = keyData.byteLength * 8; diff --git a/lib/internal/crypto/rsa.js b/lib/internal/crypto/rsa.js index 524227fef69659..27b5803db4f77d 100644 --- a/lib/internal/crypto/rsa.js +++ b/lib/internal/crypto/rsa.js @@ -61,7 +61,6 @@ const { PublicKeyObject, createPublicKey, createPrivateKey, - isKeyObject, } = require('internal/crypto/keys'); const { @@ -247,15 +246,6 @@ async function rsaImportKey( const usagesSet = new SafeSet(keyUsages); let keyObject; switch (format) { - case 'node.keyObject': { - if (!isKeyObject(keyData)) - throw new ERR_INVALID_ARG_TYPE('keyData', 'KeyObject', keyData); - if (keyData.type === 'secret') - throw lazyDOMException('Invalid key type', 'InvalidAccessException'); - verifyAcceptableRsaKeyUse(algorithm.name, keyData.type, usagesSet); - keyObject = keyData; - break; - } case 'spki': { verifyAcceptableRsaKeyUse(algorithm.name, 'public', usagesSet); keyObject = createPublicKey({ diff --git a/lib/internal/crypto/scrypt.js b/lib/internal/crypto/scrypt.js index a36fb6dfba5260..3e6565b85d36f0 100644 --- a/lib/internal/crypto/scrypt.js +++ b/lib/internal/crypto/scrypt.js @@ -2,7 +2,6 @@ const { FunctionPrototypeCall, - Promise, } = primordials; const { Buffer } = require('buffer'); @@ -30,13 +29,8 @@ const { const { getArrayBufferOrView, getDefaultEncoding, - kKeyObject, } = require('internal/crypto/util'); -const { - lazyDOMException, -} = require('internal/util'); - const defaults = { N: 16384, r: 8, @@ -141,45 +135,7 @@ function check(password, salt, keylen, options) { return { password, salt, keylen, N, r, p, maxmem }; } -async function scryptDeriveBits(algorithm, baseKey, length) { - validateUint32(length, 'length'); - const { - N = 16384, - r = 8, - p = 1, - maxmem = 32 * 1024 * 1024, - encoding, - } = algorithm; - validateUint32(N, 'algorithm.N'); - validateUint32(r, 'algorithm.r'); - validateUint32(p, 'algorithm.p'); - validateUint32(maxmem, 'algorithm.maxmem'); - const salt = getArrayBufferOrView(algorithm.salt, 'algorithm.salt', encoding); - - const raw = baseKey[kKeyObject].export(); - - let byteLength = 64; // the default - if (length !== undefined) { - if (length === 0) - throw lazyDOMException('length cannot be zero', 'OperationError'); - if (length % 8) { - throw lazyDOMException( - 'length must be a multiple of 8', - 'OperationError'); - } - byteLength = length / 8; - } - - return new Promise((resolve, reject) => { - scrypt(raw, salt, byteLength, { N, r, p, maxmem }, (err, result) => { - if (err) return reject(err); - resolve(result.buffer); - }); - }); -} - module.exports = { scrypt, scryptSync, - scryptDeriveBits, }; diff --git a/lib/internal/crypto/util.js b/lib/internal/crypto/util.js index 83926451edd490..40a677606bf3f0 100644 --- a/lib/internal/crypto/util.js +++ b/lib/internal/crypto/util.js @@ -170,11 +170,6 @@ const kAlgorithms = { 'ed448': 'Ed448', 'x25519': 'X25519', 'x448': 'X448', - // Following here are Node.js specific extensions. All - // should be prefixed with 'node-' - 'node-dsa': 'NODE-DSA', - 'node-dh': 'NODE-DH', - 'node-scrypt': 'NODE-SCRYPT', }; const kAlgorithmsKeys = ObjectKeys(kAlgorithms); @@ -184,8 +179,7 @@ const kExportFormats = [ 'raw', 'pkcs8', 'spki', - 'jwk', - 'node.keyObject']; + 'jwk']; // These are the only hash algorithms we currently support via // the Web Crypto API. diff --git a/lib/internal/crypto/webcrypto.js b/lib/internal/crypto/webcrypto.js index 503603a9f0aa63..a5f442b0e57cfb 100644 --- a/lib/internal/crypto/webcrypto.js +++ b/lib/internal/crypto/webcrypto.js @@ -43,7 +43,6 @@ const { InternalCryptoKey, createSecretKey, isCryptoKey, - isKeyObject, } = require('internal/crypto/keys'); const { @@ -124,15 +123,6 @@ async function generateKey( case 'AES-KW': return lazyRequire('internal/crypto/aes') .aesGenerateKey(algorithm, extractable, keyUsages); - - // Following are Node.js specific extensions. Names must be prefixed - // with the `NODE-` - case 'NODE-DSA': - return lazyRequire('internal/crypto/dsa') - .dsaGenerateKey(algorithm, extractable, keyUsages); - case 'NODE-DH': - return lazyRequire('internal/crypto/diffiehellman') - .dhGenerateKey(algorithm, extractable, keyUsages); default: throw lazyDOMException('Unrecognized name.'); } @@ -164,12 +154,6 @@ async function deriveBits(algorithm, baseKey, length) { case 'PBKDF2': return lazyRequire('internal/crypto/pbkdf2') .pbkdf2DeriveBits(algorithm, baseKey, length); - case 'NODE-SCRYPT': - return lazyRequire('internal/crypto/scrypt') - .scryptDeriveBits(algorithm, baseKey, length); - case 'NODE-DH': - return lazyRequire('internal/crypto/diffiehellman') - .asyncDeriveBitsDH(algorithm, baseKey, length); } throw lazyDOMException('Unrecognized name.'); } @@ -252,14 +236,6 @@ async function deriveKey( bits = await lazyRequire('internal/crypto/pbkdf2') .pbkdf2DeriveBits(algorithm, baseKey, length); break; - case 'NODE-SCRYPT': - bits = await lazyRequire('internal/crypto/scrypt') - .scryptDeriveBits(algorithm, baseKey, length); - break; - case 'NODE-DH': - bits = await lazyRequire('internal/crypto/diffiehellman') - .asyncDeriveBitsDH(algorithm, baseKey, length); - break; default: throw lazyDOMException('Unrecognized name.'); } @@ -303,18 +279,6 @@ async function exportKeySpki(key) { .cfrgExportKey(key, kWebCryptoKeyFormatSPKI); } break; - case 'NODE-DSA': - if (key.type === 'public') { - return lazyRequire('internal/crypto/dsa') - .dsaExportKey(key, kWebCryptoKeyFormatSPKI); - } - break; - case 'NODE-DH': - if (key.type === 'public') { - return lazyRequire('internal/crypto/diffiehellman') - .dhExportKey(key, kWebCryptoKeyFormatSPKI); - } - break; } throw lazyDOMException( @@ -354,18 +318,6 @@ async function exportKeyPkcs8(key) { .cfrgExportKey(key, kWebCryptoKeyFormatPKCS8); } break; - case 'NODE-DSA': - if (key.type === 'private') { - return lazyRequire('internal/crypto/dsa') - .dsaExportKey(key, kWebCryptoKeyFormatPKCS8); - } - break; - case 'NODE-DH': - if (key.type === 'private') { - return lazyRequire('internal/crypto/diffiehellman') - .dhExportKey(key, kWebCryptoKeyFormatPKCS8); - } - break; } throw lazyDOMException( @@ -482,7 +434,6 @@ async function exportKey(format, key) { throw lazyDOMException('key is not extractable', 'InvalidAccessException'); switch (format) { - case 'node.keyObject': return key[kKeyObject]; case 'spki': return exportKeySpki(key); case 'pkcs8': return exportKeyPkcs8(key); case 'jwk': return exportKeyJWK(key); @@ -509,15 +460,6 @@ async function importGenericSecretKey( } switch (format) { - case 'node.keyObject': { - if (!isKeyObject(keyData)) - throw new ERR_INVALID_ARG_TYPE('keyData', 'KeyObject', keyData); - - if (keyData.type === 'secret') - return new InternalCryptoKey(keyData, { name }, keyUsages, extractable); - - break; - } case 'raw': { if (hasAnyNotIn(usagesSet, ['deriveKey', 'deriveBits'])) { throw lazyDOMException( @@ -557,7 +499,7 @@ async function importKey( if (this !== subtle) throw new ERR_INVALID_THIS('SubtleCrypto'); validateString(format, 'format'); validateOneOf(format, 'format', kExportFormats); - if (format !== 'node.keyObject' && format !== 'jwk') + if (format !== 'jwk') keyData = getArrayBufferOrView(keyData, 'keyData'); algorithm = normalizeAlgorithm(algorithm); validateBoolean(extractable, 'extractable'); @@ -598,8 +540,6 @@ async function importKey( .aesImportKey(algorithm, format, keyData, extractable, keyUsages); case 'HKDF': // Fall through - case 'NODE-SCRYPT': - // Fall through case 'PBKDF2': return importGenericSecretKey( algorithm, @@ -607,12 +547,6 @@ async function importKey( keyData, extractable, keyUsages); - case 'NODE-DSA': - return lazyRequire('internal/crypto/dsa') - .dsaImportKey(format, keyData, algorithm, extractable, keyUsages); - case 'NODE-DH': - return lazyRequire('internal/crypto/diffiehellman') - .dhImportKey(format, keyData, algorithm, extractable, keyUsages); } throw lazyDOMException('Unrecognized name.', 'NotSupportedError'); @@ -716,11 +650,6 @@ function signVerify(algorithm, key, data, signature) { case 'HMAC': return lazyRequire('internal/crypto/mac') .hmacSignVerify(key, data, algorithm, signature); - // The following are Node.js specific extensions. They must begin with - // the `NODE-` prefix - case 'NODE-DSA': - return lazyRequire('internal/crypto/dsa') - .dsaSignVerify(key, data, algorithm, signature); } throw lazyDOMException('Unrecognized named.', 'NotSupportedError'); } diff --git a/test/fixtures/crypto/dsa.js b/test/fixtures/crypto/dsa.js deleted file mode 100644 index c88720220c5e03..00000000000000 --- a/test/fixtures/crypto/dsa.js +++ /dev/null @@ -1,93 +0,0 @@ -'use strict'; - -module.exports = function() { - const pkcs8 = Buffer.from( - '3082015b0201003082013406072a8648ce3804013082012702818100d5f35aa5730e2' + - '6166fd3ea81f8f0eeb05bd1250e164b7c76b180b6dae95096d13dee6956e15a9aea7c' + - 'f18a0df7c5dc326ccef1cbf97636d22f870b76f2607f9a867db2756aecf65505aa48f' + - 'dea5f5ee54f508a05d9dae76bf262b4ca3662cc176b7c628c7bee2076df07f9a64e04' + - '02630dfee63eaf0ed64d48b469fe1c9ac4a1021d00b14213226cfcfb59e3a0379e559' + - 'c74ff8a7383eb4c41cecb6f3732b702818100a0865b7f8954e7ae587c8e6a89e391e8' + - '2657c58f05ccd94de61748e89e217efab3d9b5fa842ebc62525966916ad2b7af422a9' + - 'b2407817a5b382b6581434fd1a169c75ad4d0e3862a3f484e9f9f2a816f943a8e6060' + - 'f26fe27c533587b765e57948439084e76fd6a4fd004f5c78d972cf7f100ec9494a902' + - '645baca4b4c6f3993041e021c600daa0a9c4cc674c98bb07956374c84ac1c33af8816' + - '3ea7e2587876', 'hex'); - - const spki = Buffer.from( - '308201c03082013406072a8648ce3804013082012702818100d5f35aa5730e26166fd' + - '3ea81f8f0eeb05bd1250e164b7c76b180b6dae95096d13dee6956e15a9aea7cf18a0d' + - 'f7c5dc326ccef1cbf97636d22f870b76f2607f9a867db2756aecf65505aa48fdea5f5' + - 'ee54f508a05d9dae76bf262b4ca3662cc176b7c628c7bee2076df07f9a64e0402630d' + - 'fee63eaf0ed64d48b469fe1c9ac4a1021d00b14213226cfcfb59e3a0379e559c74ff8' + - 'a7383eb4c41cecb6f3732b702818100a0865b7f8954e7ae587c8e6a89e391e82657c5' + - '8f05ccd94de61748e89e217efab3d9b5fa842ebc62525966916ad2b7af422a9b24078' + - '17a5b382b6581434fd1a169c75ad4d0e3862a3f484e9f9f2a816f943a8e6060f26fe2' + - '7c533587b765e57948439084e76fd6a4fd004f5c78d972cf7f100ec9494a902645bac' + - 'a4b4c6f399303818500028181009a8df69f2fe321869e2094e387bc1dc2b5f3bff2a2' + - 'e23cfba51d3c119fba6b4c15a49485fa811b6955d91d28c9e2e0445a79ddc5426b2fe' + - '44e00a6c9254c776f13fd10dbc934262077b1df72c16bc848817c61fb6a607abe60c7' + - 'd11528ab9bdf55de45495733a047bd75a48b8166f1aa3deab681a2574a4f35106f0d7' + - '8b641d7', 'hex'); - - const plaintext = Buffer.from( - '5f4dba4f320c0ce876725afce5fbd25bf83e5a7125a08cafe73c3ebac421779df9d55' + - 'd180c3ae9942645e1d82fee8c9d294b3cb1a08a9931201b3c0e81fc47cacf8315a2af' + - '66324113c3b66230c34608c4f4593634ce02b267362277f0a840ca74bc3d1a6236952' + - 'c5ed7aaf8a8fecbddfa7584e6978cea5d2a5b9fb7f1b48c8b0be58a305202754d8376' + - '107374793cf026aaee5300727d836cd71e71b345ddb2e44446ffc5b901635413890d9' + - '10ea380984a90191031323f16dbcc9d6be168b84885384ca03e12600ac1c248028af3' + - '726cc93463882ea8c02aab', 'hex'); - - const signatures = { - 'sha-1': Buffer.from( - '303d021c685192dc48fbd8c6dd80536eaf92050ca07aa85af5a25a41a93bc8ea021' + - 'd009a032a19182ceca7b202d7e0ce327fe5830a9937a37714d4c6801ae9', 'hex'), - 'sha-256': Buffer.from( - '303d021c7b660d1b2b40237d0f615877efbf2a3f51577bc42a3cb4e280c0a6a9021' + - 'd008393a01a9bcabce267dfcc6bc867d348911f6eda3db96d3078a380c1', 'hex'), - 'sha-384': Buffer.from( - '303e021d00ab84d3c306aea1c5e69e126d21dafc03ee9c7aa8fa38884de5015d510' + - '21d0099030adacdc6787dcb1dc3b05fa122ad72d4ddc281cc619565dba947', 'hex'), - 'sha-512': Buffer.from( - '303c021c069c40654607388a56d3cb827c11121d07850b3b62ed203c1d92ce7f021' + - 'c0e69f41933d0ee3b1c1b184d742f3813ee3b32d053f13fbb93ab8229', 'hex'), - } - - const vectors = [ - { - publicKeyBuffer: spki, - privateKeyBuffer: pkcs8, - algorithm: { name: 'NODE-DSA' }, - hash: 'SHA-1', - plaintext, - signature: signatures['sha-1'] - }, - { - publicKeyBuffer: spki, - privateKeyBuffer: pkcs8, - algorithm: { name: 'NODE-DSA' }, - hash: 'SHA-256', - plaintext, - signature: signatures['sha-256'] - }, - { - publicKeyBuffer: spki, - privateKeyBuffer: pkcs8, - algorithm: { name: 'NODE-DSA'}, - hash: 'SHA-384', - plaintext, - signature: signatures['sha-384'] - }, - { - publicKeyBuffer: spki, - privateKeyBuffer: pkcs8, - algorithm: { name: 'NODE-DSA' }, - hash: 'SHA-512', - plaintext, - signature: signatures['sha-512'] - } - ]; - - return vectors; -}; diff --git a/test/parallel/test-crypto-key-objects.js b/test/parallel/test-crypto-key-objects.js index 40a982ea7b6cd6..ce8de4d0cdba2d 100644 --- a/test/parallel/test-crypto-key-objects.js +++ b/test/parallel/test-crypto-key-objects.js @@ -5,7 +5,6 @@ if (!common.hasCrypto) common.skip('missing crypto'); const assert = require('assert'); -const { types: { isKeyObject } } = require('util'); const { createCipheriv, createDecipheriv, @@ -23,7 +22,6 @@ const { getCurves, generateKeySync, generateKeyPairSync, - webcrypto, } = require('crypto'); const fixtures = require('../common/fixtures'); @@ -825,27 +823,6 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem', }); } -{ - const buffer = Buffer.from('Hello World'); - const keyObject = createSecretKey(buffer); - const keyPair = generateKeyPairSync('ec', { namedCurve: 'P-256' }); - assert(isKeyObject(keyPair.publicKey)); - assert(isKeyObject(keyPair.privateKey)); - assert(isKeyObject(keyObject)); - - assert(!isKeyObject(buffer)); - - webcrypto.subtle.importKey( - 'node.keyObject', - keyPair.publicKey, - { name: 'ECDH', namedCurve: 'P-256' }, - false, - [], - ).then((cryptoKey) => { - assert(!isKeyObject(cryptoKey)); - }); -} - { const first = Buffer.from('Hello'); const second = Buffer.from('World'); diff --git a/test/parallel/test-webcrypto-derivebits-node-dh.js b/test/parallel/test-webcrypto-derivebits-node-dh.js deleted file mode 100644 index 2503bc17032e0d..00000000000000 --- a/test/parallel/test-webcrypto-derivebits-node-dh.js +++ /dev/null @@ -1,219 +0,0 @@ -'use strict'; - -const common = require('../common'); - -if (!common.hasCrypto) - common.skip('missing crypto'); - -const assert = require('assert'); -const { subtle } = require('crypto').webcrypto; - -const kTestData = { - pkcs8: '308203260201003082019706092a864886f70d010301308201880282018100ff' + - 'ffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc7402' + - '0bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374f' + - 'e1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee' + - '386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598' + - 'da48361c55d39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9e' + - 'd529077096966d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be3' + - '9e772c180e86039b2783a2ec07a28fb5c55df06f4c52c9de2bcbf69558171839' + - '95497cea956ae515d2261898fa051015728e5a8aaac42dad33170d04507a33a8' + - '5521abdf1cba64ecfb850458dbef0a8aea71575d060c7db3970f85a6e1e4c7ab' + - 'f5ae8cdb0933d71e8c94e04a25619dcee3d2261ad2ee6bf12ffa06d98a0864d8' + - '7602733ec86a64521f2b18177b200cbbe117577a615d6c770988c0bad946e208' + - 'e24fa074e5ab3143db5bfce0fd108e4b82d120a93ad2caffffffffffffffff02' + - '010204820184028201806ba21bec44fe29bee2d1f6f5d717b9af1c62973b342c' + - '28b850d2e39b31abf3ce7f58a26da0cdf538b3328648ee8738e49434bdf697ff' + - '2ac5da64d308fa0abbd75f0554bcef58fd1a688bf93af00ffbdb9ba05558a8e6' + - '16db9818769e2c7e37ba0c07bca10fffd19cb7aa44876170f0a8fe0c1bdba2f9' + - 'b0606d479796e1b6bdab153188b03f684584fd909814c5055fc184eaf05577f7' + - 'f447fcc2dd90889ab853830993d8fbf087f942d8e7a9f331570e7eee5954fb7a' + - 'a6920f4df2f8a33d5cb59961162b1216a4382f984cce02512f0100e20f15e480' + - 'a9d19bb01414a75c74d0854595e58ed060f7bb0f4b451f82b476dc039cc1bb8c' + - '1a05999e6abb20915a3cfca40f314538c00f42d0c4f2070cb163788d6dea0adb' + - '03c75d8001c7057ef61e60b407272adffc2669b82e634ebebda45826229bb2f8' + - 'ed742ee97429e34de06c41c25563025285d5f8a43acdc57cf12779222ae125d5' + - '438857d6bf6341815b9aebf6878fd23944cfd240e74caea13419163fde5ec1ec' + - 'fe2fb2e740b9301a9c04', - spki: '308203253082019706092a864886f70d010301308201880282018100fffffffff' + - 'fffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b' + - '139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d5' + - '1c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a89' + - '9fa5ae9f24117c4b1fe649286651ece45b3dc2007cb8a163bf0598da48361c55d' + - '39a69163fa8fd24cf5f83655d23dca3ad961c62f356208552bb9ed52907709696' + - '6d670c354e4abc9804f1746c08ca18217c32905e462e36ce3be39e772c180e860' + - '39b2783a2ec07a28fb5c55df06f4c52c9de2bcbf6955817183995497cea956ae5' + - '15d2261898fa051015728e5a8aaac42dad33170d04507a33a85521abdf1cba64e' + - 'cfb850458dbef0a8aea71575d060c7db3970f85a6e1e4c7abf5ae8cdb0933d71e' + - '8c94e04a25619dcee3d2261ad2ee6bf12ffa06d98a0864d87602733ec86a64521' + - 'f2b18177b200cbbe117577a615d6c770988c0bad946e208e24fa074e5ab3143db' + - '5bfce0fd108e4b82d120a93ad2caffffffffffffffff020102038201860002820' + - '1810098b01807f77a722cd30fe0390f8cdd0b3f7e0fb33fd3e0ca3d573a7b481e' + - 'dc0fc9f7bc58bfc4509f34efe118ba48bcefbbd57c4878e87b4d0fbb4b661d771' + - '19055cf190b5e8ad05c4821ff0445f4e12049e708ee83e2272c2c269b8b3bfa1b' + - '37df8dc4ec77a430ed6b89beb69093ceeca48497d8ab3ceac25429df58e96d2df' + - 'd01a94b1d164697b93475ed3d5962fd7c300de959474568aecc15c880c36b14a7' + - '9c2144ad4207c9760c11fbcc9ccbb29727a7f5a7789d47f1fa7a154289f83c528' + - '1fb97e01c37f937a25b4057017961ebd52b936f6b8f6d9ad35e3e094c3850cde2' + - '9e98895eaa9b56bff17dc6d8c03edce51c0aa009864da9cbe49a2063bddc64f11' + - '67beb0ab1c5d9bccf9a10078d0236237986f53c4074f30399deb829c544026fe0' + - '532e54e1bc9d933bd4db8dbfd43cf7839a9f64c135d2188896294d54cb7812e6e' + - '9586a03e91893edf7240011e8cda8f59a4dde0ce6d3c40d85847a3985fa25967f' + - 'a2c9598b269ac28da067704f15eb5bb4d8afdea8c67f56f9b604e172bc', - result: '42e77c77568f4387858771b006bebf213a2894efed8efdcfe23640bbd6df765' + - '1b2afa9f5acfba5b1d3db5401fd3427cd9226f6c2fdbd2b8fd7948e12cc7e016' + - 'eb2ed0e0fb02ce434c68c5d511ded05c1150718cf4c8b9db0adcc639a8b52b74' + - 'c2c90e2df5f6f55462d38e2d2769b4bd23bf0db8b4a82253addc1d5d6d19289d' + - '9e60ddabe1203aa3f45956f4dd32683f55fc2f7400e92712e5bb4dea737e03ad' + - '4b94640ccd63a0b8485dfa63f3b98232a34354aa91aebb3e86bb67a48b50ac21' + - 'e62dbce80c0913a9dba92c1c2333f4a43efe9c6c24ce23c252c7ff37e9e74a78' + - '6a8c5b82453fda8b6b40463461d22765e26d4f444272254ee6a492d3e6737e52' + - 'a94440aeddde3c0b449c52ca64bdc698f683ba6cb27794b84edcab7694cadfe8' + - 'f76ce94bf127ca42323b1995a863bcecab455f5d6283eb0eed44942aad3d1a46' + - '79713ed4757917f95d1a61ecae45b9978a863b16e199418bfe6e98435ad146a4' + - '7bd9c8cad9f787a29888954ae58fa683ea163921eb9d3e7a5aa2f52f74ec15333', -}; - -async function prepareKeys() { - const [ - privateKey, - publicKey, - ] = await Promise.all([ - subtle.importKey( - 'pkcs8', - Buffer.from(kTestData.pkcs8, 'hex'), - { name: 'NODE-DH' }, - true, - ['deriveKey', 'deriveBits']), - subtle.importKey( - 'spki', - Buffer.from(kTestData.spki, 'hex'), - { name: 'NODE-DH' }, - true, []), - ]); - return { - privateKey, - publicKey, - result: kTestData.result, - }; -} - -(async function() { - const { - publicKey, - privateKey, - result - } = await prepareKeys(); - - { - // Good parameters - const bits = await subtle.deriveBits({ - name: 'NODE-DH', - public: publicKey - }, privateKey, null); - - assert(bits instanceof ArrayBuffer); - assert.strictEqual(Buffer.from(bits).toString('hex'), result); - } - - { - // Case insensitivity - const bits = await subtle.deriveBits({ - name: 'node-dH', - public: publicKey - }, privateKey, null); - - assert.strictEqual(Buffer.from(bits).toString('hex'), result); - } - - { - // Short Result - const bits = await subtle.deriveBits({ - name: 'NODE-DH', - public: publicKey - }, privateKey, 16); - - assert.strictEqual( - Buffer.from(bits).toString('hex'), - result.slice(0, 4)); - } - - { - // Too long result - await assert.rejects(subtle.deriveBits({ - name: 'NODE-DH', - public: publicKey - }, privateKey, result.length * 16), { - message: /derived bit length is too small/ - }); - } - - { - // Non-multiple of 8 - const bits = await subtle.deriveBits({ - name: 'NODE-DH', - public: publicKey - }, privateKey, 15); - - assert.strictEqual( - Buffer.from(bits).toString('hex'), - result.slice(0, 2)); - } - - // Error tests - { - // Missing public property - await assert.rejects( - subtle.deriveBits( - { name: 'NODE-DH' }, - privateKey, - null), - { code: 'ERR_INVALID_ARG_TYPE' }); - } - - { - // The public property is not a CryptoKey - await assert.rejects( - subtle.deriveBits( - { - name: 'NODE-DH', - public: { message: 'Not a CryptoKey' } - }, - privateKey, - null), - { code: 'ERR_INVALID_ARG_TYPE' }); - } - - { - // Incorrect public key algorithm - const { publicKey } = await subtle.generateKey( - { - name: 'ECDSA', - namedCurve: 'P-521' - }, false, ['verify']); - - await assert.rejects(subtle.deriveBits({ - name: 'NODE-DH', - public: publicKey - }, privateKey, null), { - message: /Keys must be DH keys/ - }); - } - - { - // Private key does not have correct usages - const privateKey = await subtle.importKey( - 'pkcs8', - Buffer.from(kTestData.pkcs8, 'hex'), - { - name: 'NODE-DH', - }, false, ['deriveKey']); - - await assert.rejects(subtle.deriveBits({ - name: 'NODE-DH', - public: publicKey, - }, privateKey, null), { - message: /baseKey does not have deriveBits usage/ - }); - } -})().then(common.mustCall()); diff --git a/test/parallel/test-webcrypto-derivebits.js b/test/parallel/test-webcrypto-derivebits.js index d4c0f8cbe239b0..442423954b10b2 100644 --- a/test/parallel/test-webcrypto-derivebits.js +++ b/test/parallel/test-webcrypto-derivebits.js @@ -9,8 +9,6 @@ if (!common.hasCrypto) const assert = require('assert'); const { subtle } = require('crypto').webcrypto; -const { internalBinding } = require('internal/test/binding'); - // This is only a partial test. The WebCrypto Web Platform Tests // will provide much greater coverage. @@ -103,36 +101,6 @@ const { internalBinding } = require('internal/test/binding'); tests.then(common.mustCall()); } -// Test Scrypt bit derivation -if (typeof internalBinding('crypto').ScryptJob === 'function') { - async function test(pass, salt, length, expected) { - const ec = new TextEncoder(); - const key = await subtle.importKey( - 'raw', - ec.encode(pass), - { name: 'NODE-SCRYPT' }, - false, ['deriveBits']); - const secret = await subtle.deriveBits({ - name: 'NODE-SCRYPT', - salt: ec.encode(salt), - }, key, length); - assert(secret instanceof ArrayBuffer); - assert.strictEqual(Buffer.from(secret).toString('hex'), expected); - } - - const kTests = [ - ['hello', 'there', 512, - '30ddda6feabaac788eb81cc38f496cd5d9a165d320c537ea05331fe720db1061b3a27' + - 'b91a8428e49d44078c1fa395cb1c6db336ba44ccb80faa6d74918769374'], - ['hello', 'there', 128, - '30ddda6feabaac788eb81cc38f496cd5'], - ]; - - const tests = Promise.all(kTests.map((args) => test(...args))); - - tests.then(common.mustCall()); -} - // Test X25519 and X448 bit derivation { async function test(name) { diff --git a/test/parallel/test-webcrypto-derivekey.js b/test/parallel/test-webcrypto-derivekey.js index 67513252545368..f8eb996000ec89 100644 --- a/test/parallel/test-webcrypto-derivekey.js +++ b/test/parallel/test-webcrypto-derivekey.js @@ -9,8 +9,6 @@ if (!common.hasCrypto) const assert = require('assert'); const { webcrypto: { subtle }, KeyObject } = require('crypto'); -const { internalBinding } = require('internal/test/binding'); - // This is only a partial test. The WebCrypto Web Platform Tests // will provide much greater coverage. @@ -121,38 +119,6 @@ const { internalBinding } = require('internal/test/binding'); tests.then(common.mustCall()); } -// Test Scrypt key derivation -if (typeof internalBinding('crypto').ScryptJob === 'function') { - async function test(pass, salt, expected) { - const ec = new TextEncoder(); - const key = await subtle.importKey( - 'raw', - ec.encode(pass), - { name: 'NODE-SCRYPT' }, - false, ['deriveKey']); - const secret = await subtle.deriveKey({ - name: 'NODE-SCRYPT', - salt: ec.encode(salt), - }, key, { - name: 'AES-CTR', - length: 256 - }, true, ['encrypt']); - - const raw = await subtle.exportKey('raw', secret); - - assert.strictEqual(Buffer.from(raw).toString('hex'), expected); - } - - const kTests = [ - ['hello', 'there', - '30ddda6feabaac788eb81cc38f496cd5d9a165d320c537ea05331fe720db1061'], - ]; - - const tests = Promise.all(kTests.map((args) => test(...args))); - - tests.then(common.mustCall()); -} - // Test default key lengths { const vectors = [ diff --git a/test/parallel/test-webcrypto-export-import-cfrg.js b/test/parallel/test-webcrypto-export-import-cfrg.js index 9f73701ad246e8..c37c1535747917 100644 --- a/test/parallel/test-webcrypto-export-import-cfrg.js +++ b/test/parallel/test-webcrypto-export-import-cfrg.js @@ -284,16 +284,6 @@ async function testImportJwk({ name, publicUsages, privateUsages }, extractable) 'Ed25519': ['verify', 'sign'], 'X448': ['deriveBits', 'deriveBits'], })) { - assert.rejects(subtle.importKey( - 'node.keyObject', - rsaPublic, - { name }, - true, [publicUsage]), { message: /Invalid key type/ }); - assert.rejects(subtle.importKey( - 'node.keyObject', - rsaPrivate, - { name }, - true, [privateUsage]), { message: /Invalid key type/ }); assert.rejects(subtle.importKey( 'spki', rsaPublic.export({ format: 'der', type: 'spki' }), diff --git a/test/parallel/test-webcrypto-export-import-dsa.js b/test/parallel/test-webcrypto-export-import-dsa.js deleted file mode 100644 index 01e31d747942ae..00000000000000 --- a/test/parallel/test-webcrypto-export-import-dsa.js +++ /dev/null @@ -1,164 +0,0 @@ -'use strict'; - -const common = require('../common'); -const fixtures = require('../common/fixtures'); - -if (!common.hasCrypto) - common.skip('missing crypto'); - -const assert = require('assert'); -const crypto = require('crypto'); -const { subtle } = crypto.webcrypto; - -const sizes = [1024]; - -const hashes = [ - 'SHA-1', - 'SHA-256', - 'SHA-384', - 'SHA-512', -]; - -const keyData = { - 1024: { - spki: Buffer.from( - '308201c03082013406072a8648ce3804013082012702818100d5f35aa5730e26166fd' + - '3ea81f8f0eeb05bd1250e164b7c76b180b6dae95096d13dee6956e15a9aea7cf18a0d' + - 'f7c5dc326ccef1cbf97636d22f870b76f2607f9a867db2756aecf65505aa48fdea5f5' + - 'ee54f508a05d9dae76bf262b4ca3662cc176b7c628c7bee2076df07f9a64e0402630d' + - 'fee63eaf0ed64d48b469fe1c9ac4a1021d00b14213226cfcfb59e3a0379e559c74ff8' + - 'a7383eb4c41cecb6f3732b702818100a0865b7f8954e7ae587c8e6a89e391e82657c5' + - '8f05ccd94de61748e89e217efab3d9b5fa842ebc62525966916ad2b7af422a9b24078' + - '17a5b382b6581434fd1a169c75ad4d0e3862a3f484e9f9f2a816f943a8e6060f26fe2' + - '7c533587b765e57948439084e76fd6a4fd004f5c78d972cf7f100ec9494a902645bac' + - 'a4b4c6f399303818500028181009a8df69f2fe321869e2094e387bc1dc2b5f3bff2a2' + - 'e23cfba51d3c119fba6b4c15a49485fa811b6955d91d28c9e2e0445a79ddc5426b2fe' + - '44e00a6c9254c776f13fd10dbc934262077b1df72c16bc848817c61fb6a607abe60c7' + - 'd11528ab9bdf55de45495733a047bd75a48b8166f1aa3deab681a2574a4f35106f0d7' + - '8b641d7', 'hex'), - pkcs8: Buffer.from( - '3082015b0201003082013406072a8648ce3804013082012702818100d5f35aa5730e2' + - '6166fd3ea81f8f0eeb05bd1250e164b7c76b180b6dae95096d13dee6956e15a9aea7c' + - 'f18a0df7c5dc326ccef1cbf97636d22f870b76f2607f9a867db2756aecf65505aa48f' + - 'dea5f5ee54f508a05d9dae76bf262b4ca3662cc176b7c628c7bee2076df07f9a64e04' + - '02630dfee63eaf0ed64d48b469fe1c9ac4a1021d00b14213226cfcfb59e3a0379e559' + - 'c74ff8a7383eb4c41cecb6f3732b702818100a0865b7f8954e7ae587c8e6a89e391e8' + - '2657c58f05ccd94de61748e89e217efab3d9b5fa842ebc62525966916ad2b7af422a9' + - 'b2407817a5b382b6581434fd1a169c75ad4d0e3862a3f484e9f9f2a816f943a8e6060' + - 'f26fe27c533587b765e57948439084e76fd6a4fd004f5c78d972cf7f100ec9494a902' + - '645baca4b4c6f3993041e021c600daa0a9c4cc674c98bb07956374c84ac1c33af8816' + - '3ea7e2587876', 'hex'), - }, -}; - -async function testImportSpki({ name, publicUsages }, size, hash, extractable) { - const key = await subtle.importKey( - 'spki', - keyData[size].spki, - { name, hash }, - extractable, - publicUsages); - - assert.strictEqual(key.type, 'public'); - assert.strictEqual(key.extractable, extractable); - assert.deepStrictEqual(key.usages, publicUsages); - assert.strictEqual(key.algorithm.name, name); - assert.strictEqual(key.algorithm.modulusLength, size); - assert.strictEqual(key.algorithm.hash.name, hash); - - if (extractable) { - const spki = await subtle.exportKey('spki', key); - assert.strictEqual( - Buffer.from(spki).toString('hex'), - keyData[size].spki.toString('hex')); - } else { - await assert.rejects( - subtle.exportKey('spki', key), { - message: /key is not extractable/ - }); - } -} - -async function testImportPkcs8( - { name, privateUsages }, - size, - hash, - extractable) { - const key = await subtle.importKey( - 'pkcs8', - keyData[size].pkcs8, - { name, hash }, - extractable, - privateUsages); - - assert.strictEqual(key.type, 'private'); - assert.strictEqual(key.extractable, extractable); - assert.deepStrictEqual(key.usages, privateUsages); - assert.strictEqual(key.algorithm.name, name); - assert.strictEqual(key.algorithm.modulusLength, size); - assert.strictEqual(key.algorithm.hash.name, hash); - - if (extractable) { - const pkcs8 = await subtle.exportKey('pkcs8', key); - assert.strictEqual( - Buffer.from(pkcs8).toString('hex'), - keyData[size].pkcs8.toString('hex')); - } else { - await assert.rejects( - subtle.exportKey('pkcs8', key), { - message: /key is not extractable/ - }); - } -} - -// combinations to test -const testVectors = [ - { - name: 'NODE-DSA', - privateUsages: ['sign'], - publicUsages: ['verify'] - }, -]; - -(async function() { - const variations = []; - sizes.forEach((size) => { - hashes.forEach((hash) => { - [true, false].forEach((extractable) => { - testVectors.forEach((vector) => { - variations.push(testImportSpki(vector, size, hash, extractable)); - variations.push(testImportPkcs8(vector, size, hash, extractable)); - }); - }); - }); - }); - await Promise.all(variations); -})().then(common.mustCall()); - -{ - const ecPublic = crypto.createPublicKey( - fixtures.readKey('ec_p256_public.pem')); - const ecPrivate = crypto.createPrivateKey( - fixtures.readKey('ec_p256_private.pem')); - - assert.rejects(subtle.importKey( - 'node.keyObject', - ecPublic, - { name: 'NODE-DSA', hash: 'SHA-256' }, - true, ['verify']), { message: /Invalid key type/ }); - assert.rejects(subtle.importKey( - 'node.keyObject', - ecPrivate, - { name: 'NODE-DSA', hash: 'SHA-256' }, - true, ['sign']), { message: /Invalid key type/ }); - assert.rejects(subtle.importKey( - 'spki', - ecPublic.export({ format: 'der', type: 'spki' }), - { name: 'NODE-DSA', hash: 'SHA-256' }, - true, ['verify']), { message: /Invalid key type/ }); - assert.rejects(subtle.importKey( - 'pkcs8', - ecPrivate.export({ format: 'der', type: 'pkcs8' }), - { name: 'NODE-DSA', hash: 'SHA-256' }, - true, ['sign']), { message: /Invalid key type/ }); -} diff --git a/test/parallel/test-webcrypto-export-import-ec.js b/test/parallel/test-webcrypto-export-import-ec.js index 682d5f54be5563..931323620c932c 100644 --- a/test/parallel/test-webcrypto-export-import-ec.js +++ b/test/parallel/test-webcrypto-export-import-ec.js @@ -287,16 +287,6 @@ async function testImportJwk( 'ECDSA': ['verify', 'sign'], 'ECDH': ['deriveBits', 'deriveBits'], })) { - assert.rejects(subtle.importKey( - 'node.keyObject', - rsaPublic, - { name, hash: 'SHA-256', namedCurve: 'P-256' }, - true, [publicUsage]), { message: /Invalid key type/ }); - assert.rejects(subtle.importKey( - 'node.keyObject', - rsaPrivate, - { name, hash: 'SHA-256', namedCurve: 'P-256' }, - true, [privateUsage]), { message: /Invalid key type/ }); assert.rejects(subtle.importKey( 'spki', rsaPublic.export({ format: 'der', type: 'spki' }), diff --git a/test/parallel/test-webcrypto-export-import-rsa.js b/test/parallel/test-webcrypto-export-import-rsa.js index 3a2ea7b279852d..1efc69b70aa971 100644 --- a/test/parallel/test-webcrypto-export-import-rsa.js +++ b/test/parallel/test-webcrypto-export-import-rsa.js @@ -492,16 +492,6 @@ const testVectors = [ 'RSASSA-PKCS1-v1_5': ['verify', 'sign'], 'RSA-OAEP': ['encrypt', 'decrypt'], })) { - assert.rejects(subtle.importKey( - 'node.keyObject', - ecPublic, - { name, hash: 'SHA-256' }, - true, [publicUsage]), { message: /Invalid key type/ }); - assert.rejects(subtle.importKey( - 'node.keyObject', - ecPrivate, - { name, hash: 'SHA-256' }, - true, [privateUsage]), { message: /Invalid key type/ }); assert.rejects(subtle.importKey( 'spki', ecPublic.export({ format: 'der', type: 'spki' }), diff --git a/test/parallel/test-webcrypto-export-import.js b/test/parallel/test-webcrypto-export-import.js index b4fd26b0cda6ae..02e178f72628d5 100644 --- a/test/parallel/test-webcrypto-export-import.js +++ b/test/parallel/test-webcrypto-export-import.js @@ -42,13 +42,6 @@ const { subtle } = webcrypto; name: 'SyntaxError', message: 'Unsupported key usage for an HMAC key' }); - await assert.rejects( - subtle.importKey('node.keyObject', '', { - name: 'HMAC', - hash: 'SHA-256' - }, false, ['sign', 'verify']), { - code: 'ERR_INVALID_ARG_TYPE' - }); await assert.rejects( subtle.importKey('raw', keyData, { name: 'HMAC', diff --git a/test/parallel/test-webcrypto-keygen.js b/test/parallel/test-webcrypto-keygen.js index 17f6924caec286..948c755a9114bc 100644 --- a/test/parallel/test-webcrypto-keygen.js +++ b/test/parallel/test-webcrypto-keygen.js @@ -163,17 +163,6 @@ const vectors = { 'deriveBits', ] }, - 'NODE-DSA': { - algorithm: { modulusLength: 1024, hash: 'SHA-256' }, - usages: [ - 'sign', - 'verify', - ], - mandatoryUsages: [ - 'sign', - 'verify', - ] - } }; // Test invalid algorithms @@ -569,127 +558,6 @@ const vectors = { tests.then(common.mustCall()); } -// Test NODE-DSA key generation -{ - async function test( - name, - modulusLength, - hash, - privateUsages, - publicUsages = privateUsages) { - let usages = privateUsages; - if (publicUsages !== privateUsages) - usages = usages.concat(publicUsages); - const { publicKey, privateKey } = await subtle.generateKey({ - name, - modulusLength, - hash - }, true, usages); - - assert(publicKey); - assert(privateKey); - assert(isCryptoKey(publicKey)); - assert(isCryptoKey(privateKey)); - - assert.strictEqual(publicKey.type, 'public'); - assert.strictEqual(privateKey.type, 'private'); - assert.strictEqual(publicKey.extractable, true); - assert.strictEqual(privateKey.extractable, true); - assert.deepStrictEqual(publicKey.usages, publicUsages); - assert.deepStrictEqual(privateKey.usages, privateUsages); - assert.strictEqual(publicKey.algorithm.name, name); - assert.strictEqual(publicKey.algorithm.modulusLength, modulusLength); - assert.strictEqual(publicKey.algorithm.hash.name, hash); - assert.strictEqual(privateKey.algorithm.name, name); - assert.strictEqual(privateKey.algorithm.modulusLength, modulusLength); - assert.strictEqual(privateKey.algorithm.hash.name, hash); - - // Missing parameters - await assert.rejects( - subtle.generateKey({ name, hash }, true, usages), { - code: 'ERR_INVALID_ARG_TYPE' - }); - - await assert.rejects( - subtle.generateKey({ name, modulusLength }, true, usages), { - code: 'ERR_MISSING_OPTION' - }); - - await Promise.all(['', true, {}].map((modulusLength) => { - return assert.rejects(subtle.generateKey({ - name, - modulusLength, - hash - }, true, usages), { - code: 'ERR_INVALID_ARG_TYPE' - }); - })); - - await Promise.all([true, {}, 1, []].map((hash) => { - return assert.rejects(subtle.generateKey({ - name, - modulusLength, - hash - }, true, usages), { - message: /Unrecognized name/ - }); - })); - - await Promise.all(['', {}, 1, []].map((extractable) => { - return assert.rejects(subtle.generateKey({ - name, - modulusLength, - hash - }, extractable, usages), { - code: 'ERR_INVALID_ARG_TYPE' - }); - })); - - await Promise.all(['', {}, 1, false].map((usages) => { - return assert.rejects(subtle.generateKey({ - name, - modulusLength, - hash - }, true, usages), { - code: 'ERR_INVALID_ARG_TYPE' - }); - })); - } - - const kTests = [ - [ - 'NODE-DSA', - 1024, - 'SHA-256', - ['sign'], - ['verify'], - ], - ]; - - const tests = kTests.map((args) => test(...args)); - - Promise.all(tests).then(common.mustCall()); -} - -// Test NODE-DH key generation -(async function() { - const { publicKey, privateKey } = - await subtle.generateKey({ - name: 'NODE-DH', - group: 'modp15' - }, true, ['deriveKey']); - assert(publicKey); - assert(privateKey); - assert(isCryptoKey(publicKey)); - assert(isCryptoKey(privateKey)); - assert.strictEqual(publicKey.type, 'public'); - assert.strictEqual(privateKey.type, 'private'); - assert.strictEqual(publicKey.algorithm.name, 'NODE-DH'); - assert.strictEqual(privateKey.algorithm.name, 'NODE-DH'); - assert.strictEqual(publicKey.algorithm.group, 'modp15'); - assert.strictEqual(privateKey.algorithm.group, 'modp15'); -})().then(common.mustCall()); - // End user code cannot create CryptoKey directly assert.throws(() => new CryptoKey(), { code: 'ERR_ILLEGAL_CONSTRUCTOR' }); diff --git a/test/parallel/test-webcrypto-sign-verify-node-dsa.js b/test/parallel/test-webcrypto-sign-verify-node-dsa.js deleted file mode 100644 index 73b006b9236249..00000000000000 --- a/test/parallel/test-webcrypto-sign-verify-node-dsa.js +++ /dev/null @@ -1,220 +0,0 @@ -'use strict'; - -const common = require('../common'); - -if (!common.hasCrypto) - common.skip('missing crypto'); - -const assert = require('assert'); -const { subtle } = require('crypto').webcrypto; - -const dsa = require('../fixtures/crypto/dsa'); - -async function testVerify({ algorithm, - hash, - publicKeyBuffer, - privateKeyBuffer, - signature, - plaintext }) { - const [ - publicKey, - noVerifyPublicKey, - privateKey, - hmacKey, - wrongKeys, - ] = await Promise.all([ - subtle.importKey( - 'spki', - publicKeyBuffer, - { name: algorithm.name, hash }, - false, - ['verify']), - subtle.importKey( - 'spki', - publicKeyBuffer, - { name: algorithm.name, hash }, - false, - [ /* No usages */ ]), - subtle.importKey( - 'pkcs8', - privateKeyBuffer, - { name: algorithm.name, hash }, - false, - ['sign']), - subtle.generateKey( - { name: 'HMAC', hash: 'SHA-256' }, - false, - ['sign']), - subtle.generateKey( - { - name: 'ECDSA', - namedCurve: 'P-521', - hash: 'SHA-256', - }, - false, - ['sign']), - ]); - - assert(await subtle.verify(algorithm, publicKey, signature, plaintext)); - - // Test verification with altered buffers - const copy = Buffer.from(plaintext); - const sigcopy = Buffer.from(signature); - const p = subtle.verify(algorithm, publicKey, sigcopy, copy); - copy[0] = 255 - copy[0]; - sigcopy[0] = 255 - sigcopy[0]; - assert(await p); - - // Test failure when using wrong key - await assert.rejects( - subtle.verify(algorithm, privateKey, signature, plaintext), { - message: /Unable to use this key to verify/ - }); - - await assert.rejects( - subtle.verify(algorithm, noVerifyPublicKey, signature, plaintext), { - message: /Unable to use this key to verify/ - }); - - // Test failure when using the wrong algorithms - await assert.rejects( - subtle.verify(algorithm, hmacKey, signature, plaintext), { - message: /Unable to use this key to verify/ - }); - - await assert.rejects( - subtle.verify(algorithm, wrongKeys.publicKey, signature, plaintext), { - message: /Unable to use this key to verify/ - }); - - // Test failure when signature is altered - { - const copy = Buffer.from(signature); - copy[0] = 255 - copy[0]; - assert(!(await subtle.verify(algorithm, publicKey, copy, plaintext))); - assert(!(await subtle.verify( - algorithm, - publicKey, - copy.slice(1), - plaintext))); - } - - // Test failure when data is altered - { - const copy = Buffer.from(plaintext); - copy[0] = 255 - copy[0]; - assert(!(await subtle.verify(algorithm, publicKey, signature, copy))); - } - - // Test failure when wrong hash is used - { - const otherhash = hash === 'SHA-1' ? 'SHA-256' : 'SHA-1'; - assert(!(await subtle.verify({ - ...algorithm, - hash: otherhash - }, publicKey, signature, copy))); - } - - await assert.rejects( - subtle.verify( - { ...algorithm, hash: 'sha256' }, - publicKey, - signature, - copy), - { message: /Unrecognized name/ }); -} - -async function testSign({ - algorithm, - hash, - publicKeyBuffer, - privateKeyBuffer, - signature, - plaintext, -}) { - const [ - publicKey, - noSignPrivateKey, - privateKey, - hmacKey, - wrongKeys, - ] = await Promise.all([ - subtle.importKey( - 'spki', - publicKeyBuffer, - { name: algorithm.name, hash }, - false, - ['verify']), - subtle.importKey( - 'pkcs8', - privateKeyBuffer, - { name: algorithm.name, hash }, - false, - [ /* No usages */ ]), - subtle.importKey( - 'pkcs8', - privateKeyBuffer, - { name: algorithm.name, hash }, - false, - ['sign']), - subtle.generateKey( - { name: 'HMAC', hash: 'SHA-256' }, - false, - ['sign']), - subtle.generateKey( - { - name: 'ECDSA', - namedCurve: 'P-521', - hash: 'SHA-256', - }, - false, - ['sign']), - ]); - - { - const sig = await subtle.sign(algorithm, privateKey, plaintext); - assert(await subtle.verify(algorithm, publicKey, sig, plaintext)); - } - - { - const copy = Buffer.from(plaintext); - const p = subtle.sign(algorithm, privateKey, copy); - copy[0] = 255 - copy[0]; - const sig = await p; - assert(await subtle.verify(algorithm, publicKey, sig, plaintext)); - } - - // Test failure when using wrong key - await assert.rejects( - subtle.sign(algorithm, publicKey, plaintext), { - message: /Unable to use this key to sign/ - }); - - // Test failure when no sign usage - await assert.rejects( - subtle.sign(algorithm, noSignPrivateKey, plaintext), { - message: /Unable to use this key to sign/ - }); - - // Test failure when using the wrong algorithms - await assert.rejects( - subtle.sign(algorithm, hmacKey, plaintext), { - message: /Unable to use this key to sign/ - }); - - await assert.rejects( - subtle.sign(algorithm, wrongKeys.privateKey, plaintext), { - message: /Unable to use this key to sign/ - }); -} - -(async function() { - const variations = []; - - dsa().forEach((vector) => { - variations.push(testVerify(vector)); - variations.push(testSign(vector)); - }); - - await Promise.all(variations); -})().then(common.mustCall()); diff --git a/tools/doc/type-parser.mjs b/tools/doc/type-parser.mjs index be55cadc287001..09a3cabc57afa0 100644 --- a/tools/doc/type-parser.mjs +++ b/tools/doc/type-parser.mjs @@ -103,12 +103,6 @@ const customTypesMap = { 'EcdsaParams': 'webcrypto.html#class-ecdsaparams', 'RsaPssParams': 'webcrypto.html#class-rsapssparams', 'Ed448Params': 'webcrypto.html#class-ed448params', - 'NodeDhKeyGenParams': 'webcrypto.html#class-nodedhkeygenparams', - 'NodeDhDeriveBitsParams': - 'webcrypto.html#class-nodedhderivebitsparams', - 'NodeDsaImportParams': 'webcrypto.html#class-nodedsaimportparams', - 'NodeDsaKeyGenParams': 'webcrypto.html#class-nodedsakeygenparams', - 'NodeScryptParams': 'webcrypto.html#class-nodescryptparams', 'dgram.Socket': 'dgram.html#class-dgramsocket', From 2367fa2989738c1dbe4e8b066b7b7dc99f49e17e Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Sat, 4 Jun 2022 08:52:21 +0200 Subject: [PATCH 2/2] fixup! crypto: remove Node.js-specific Web Crypto API extensions --- doc/api/webcrypto.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/api/webcrypto.md b/doc/api/webcrypto.md index 0771f4a378a3ab..6377bb32bfa27c 100644 --- a/doc/api/webcrypto.md +++ b/doc/api/webcrypto.md @@ -3,10 +3,10 @@