From 6c02d3bc1d4a256b421bae37fb21f68091953945 Mon Sep 17 00:00:00 2001 From: Refael Ackermann Date: Sun, 13 Aug 2017 08:12:05 -0400 Subject: [PATCH 1/4] crypto: synchronize with doc --- doc/api/crypto.md | 100 ++++++++++--------- lib/crypto.js | 248 +++++++++++++++++++++++----------------------- 2 files changed, 177 insertions(+), 171 deletions(-) diff --git a/doc/api/crypto.md b/doc/api/crypto.md index 3d4c1e26c192cb..3ef4355c497029 100644 --- a/doc/api/crypto.md +++ b/doc/api/crypto.md @@ -60,11 +60,12 @@ const cert1 = new crypto.Certificate(); const cert2 = crypto.Certificate(); ``` -### certificate.exportChallenge(spkac) +### certificate.exportChallenge(spkac[, encoding]) - `spkac` {string | Buffer | TypedArray | DataView} +- `encoding` {string} (Default `utf-8`) used to encode the `spkac` into a Buffer - Returns {Buffer} The challenge component of the `spkac` data structure, which includes a public key and a challenge. @@ -76,11 +77,12 @@ console.log(challenge.toString('utf8')); // Prints: the challenge as a UTF8 string ``` -### certificate.exportPublicKey(spkac) +### certificate.exportPublicKey(spkac[, encoding]) - `spkac` {string | Buffer | TypedArray | DataView} +- `encoding` {string} (Default `utf-8`) used to encode the `spkac` into a Buffer - Returns {Buffer} The public key component of the `spkac` data structure, which includes a public key and a challenge. @@ -174,7 +176,7 @@ console.log(encrypted); -- `outputEncoding` {string} +- `outputEncoding` {string} (Default [`DEFAULT_ENCODING`][]) Returns any remaining enciphered contents. If `outputEncoding` parameter is one of `'latin1'`, `'base64'` or `'hex'`, a string is returned. @@ -213,7 +215,7 @@ been completed using the [`cipher.final()`][] method. -- `autoPadding` {boolean} Defaults to `true`. +- `autoPadding` {boolean} (Default `true`) - Returns the {Cipher} for method chaining. When using block encryption algorithms, the `Cipher` class will automatically @@ -237,8 +239,8 @@ changes: description: The default `inputEncoding` changed from `binary` to `utf8`. --> - `data` {string | Buffer | TypedArray | DataView} -- `inputEncoding` {string} -- `outputEncoding` {string} +- `inputEncoding` {string} (Default [`DEFAULT_ENCODING`][]) +- `outputEncoding` {string} (Default [`DEFAULT_ENCODING`][]) Updates the cipher with `data`. If the `inputEncoding` argument is given, its value must be one of `'utf8'`, `'ascii'`, or `'latin1'` and the `data` @@ -327,7 +329,7 @@ console.log(decrypted); -- `outputEncoding` {string} +- `outputEncoding` {string} (Default [`DEFAULT_ENCODING`][]) Returns any remaining deciphered contents. If `outputEncoding` parameter is one of `'latin1'`, `'ascii'` or `'utf8'`, a string is returned. @@ -378,7 +380,7 @@ The `decipher.setAuthTag()` method must be called before -- `autoPadding` {boolean} Defaults to `true`. +- `autoPadding` {boolean} (Default `true`). - Returns the {Cipher} for method chaining. When data has been encrypted without standard block padding, calling @@ -400,8 +402,8 @@ changes: description: The default `inputEncoding` changed from `binary` to `utf8`. --> - `data` {string | Buffer | TypedArray | DataView} -- `inputEncoding` {string} -- `outputEncoding` {string} +- `inputEncoding` {string} (Default [`DEFAULT_ENCODING`][]) +- `outputEncoding` {string} (Default [`DEFAULT_ENCODING`][]) Updates the decipher with `data`. If the `inputEncoding` argument is given, its value must be one of `'latin1'`, `'base64'`, or `'hex'` and the `data` @@ -454,8 +456,8 @@ assert.strictEqual(aliceSecret.toString('hex'), bobSecret.toString('hex')); added: v0.5.0 --> - `otherPublicKey` {string | Buffer | TypedArray | DataView} -- `inputEncoding` {string} -- `outputEncoding` {string} +- `inputEncoding` {string} (Default [`DEFAULT_ENCODING`][]) +- `outputEncoding` {string} (Default [`DEFAULT_ENCODING`][]) Computes the shared secret using `otherPublicKey` as the other party's public key and returns the computed shared secret. The supplied @@ -472,7 +474,7 @@ If `outputEncoding` is given a string is returned; otherwise, a -- `encoding` {string} +- `encoding` {string} (Default [`DEFAULT_ENCODING`][]) Generates private and public Diffie-Hellman key values, and returns the public key in the specified `encoding`. This key should be @@ -484,7 +486,7 @@ or `'base64'`. If `encoding` is provided a string is returned; otherwise a -- `encoding` {string} +- `encoding` {string} (Default [`DEFAULT_ENCODING`][]) Returns the Diffie-Hellman generator in the specified `encoding`, which can be `'latin1'`, `'hex'`, or `'base64'`. If `encoding` is provided a string is @@ -494,7 +496,7 @@ returned; otherwise a [`Buffer`][] is returned. -- `encoding` {string} +- `encoding` {string} (Default [`DEFAULT_ENCODING`][]) Returns the Diffie-Hellman prime in the specified `encoding`, which can be `'latin1'`, `'hex'`, or `'base64'`. If `encoding` is provided a string is @@ -514,7 +516,7 @@ string is returned; otherwise a [`Buffer`][] is returned. -- `encoding` {string} +- `encoding` {string} (Default [`DEFAULT_ENCODING`][]) Returns the Diffie-Hellman public key in the specified `encoding`, which can be `'latin1'`, `'hex'`, or `'base64'`. If `encoding` is provided a @@ -525,7 +527,7 @@ string is returned; otherwise a [`Buffer`][] is returned. added: v0.5.0 --> - `privateKey` {string | Buffer | TypedArray | DataView} -- `encoding` {string} +- `encoding` {string} (Default [`DEFAULT_ENCODING`][]) Sets the Diffie-Hellman private key. If the `encoding` argument is provided and is either `'latin1'`, `'hex'`, or `'base64'`, `privateKey` is expected @@ -537,7 +539,7 @@ to be a [`Buffer`][], `TypedArray`, or `DataView`. added: v0.5.0 --> - `publicKey` {string | Buffer | TypedArray | DataView} -- `encoding` {string} +- `encoding` {string} (Default [`DEFAULT_ENCODING`][]) Sets the Diffie-Hellman public key. If the `encoding` argument is provided and is either `'latin1'`, `'hex'` or `'base64'`, `publicKey` is expected @@ -600,8 +602,8 @@ changes: description: The default `inputEncoding` changed from `binary` to `utf8`. --> - `otherPublicKey` {string | Buffer | TypedArray | DataView} -- `inputEncoding` {string} -- `outputEncoding` {string} +- `inputEncoding` {string} (Default [`DEFAULT_ENCODING`][]) +- `outputEncoding` {string} (Default [`DEFAULT_ENCODING`][]) Computes the shared secret using `otherPublicKey` as the other party's public key and returns the computed shared secret. The supplied @@ -618,7 +620,7 @@ If `outputEncoding` is given a string will be returned; otherwise a -- `encoding` {string} +- `encoding` {string} (Default [`DEFAULT_ENCODING`][]) - `format` {string} Defaults to `uncompressed`. Generates private and public EC Diffie-Hellman key values, and returns @@ -637,7 +639,7 @@ is returned. -- `encoding` {string} +- `encoding` {string} (Default [`DEFAULT_ENCODING`][]) Returns the EC Diffie-Hellman private key in the specified `encoding`, which can be `'latin1'`, `'hex'`, or `'base64'`. If `encoding` is provided @@ -647,7 +649,7 @@ a string is returned; otherwise a [`Buffer`][] is returned. -- `encoding` {string} +- `encoding` {string} (Default [`DEFAULT_ENCODING`][]) - `format` {string} Defaults to `uncompressed`. Returns the EC Diffie-Hellman public key in the specified `encoding` and @@ -666,7 +668,7 @@ returned. added: v0.11.14 --> - `privateKey` {string | Buffer | TypedArray | DataView} -- `encoding` {string} +- `encoding` {string} (Default [`DEFAULT_ENCODING`][]) Sets the EC Diffie-Hellman private key. The `encoding` can be `'latin1'`, `'hex'` or `'base64'`. If `encoding` is provided, `privateKey` is expected @@ -686,7 +688,7 @@ deprecated: v5.2.0 > Stability: 0 - Deprecated - `publicKey` {string | Buffer | TypedArray | DataView} -- `encoding` {string} +- `encoding` {string} (Default [`DEFAULT_ENCODING`][]) Sets the EC Diffie-Hellman public key. Key encoding can be `'latin1'`, `'hex'` or `'base64'`. If `encoding` is provided `publicKey` is expected to @@ -786,7 +788,7 @@ console.log(hash.digest('hex')); -- `encoding` {string} +- `encoding` {string} (Default [`DEFAULT_ENCODING`][]) Calculates the digest of all of the data passed to be hashed (using the [`hash.update()`][] method). The `encoding` can be `'hex'`, `'latin1'` or @@ -805,7 +807,7 @@ changes: description: The default `inputEncoding` changed from `binary` to `utf8`. --> - `data` {string | Buffer | TypedArray | DataView} -- `inputEncoding` {string} +- `inputEncoding` {string} (Default [`DEFAULT_ENCODING`][]) Updates the hash content with the given `data`, the encoding of which is given in `inputEncoding` and can be `'utf8'`, `'ascii'` or @@ -877,7 +879,7 @@ console.log(hmac.digest('hex')); -- `encoding` {string} +- `encoding` {string} (Default [`DEFAULT_ENCODING`][]) Calculates the HMAC digest of all of the data passed using [`hmac.update()`][]. The `encoding` can be `'hex'`, `'latin1'` or `'base64'`. If `encoding` is @@ -895,7 +897,7 @@ changes: description: The default `inputEncoding` changed from `binary` to `utf8`. --> - `data` {string | Buffer | TypedArray | DataView} -- `inputEncoding` {string} +- `inputEncoding` {string} (Default [`DEFAULT_ENCODING`][]) Updates the `Hmac` content with the given `data`, the encoding of which is given in `inputEncoding` and can be `'utf8'`, `'ascii'` or @@ -978,9 +980,11 @@ changes: description: Support for RSASSA-PSS and additional options was added. --> - `privateKey` {string | Object} - - `key` {string} + - `key` {string | Buffer | TypedArray | DataView} - `passphrase` {string} -- `outputFormat` {string} + - `padding` {string} + - `saltLength` {integer} +- `outputFormat` {string} (Default [`DEFAULT_ENCODING`][]) Calculates the signature on all the data passed through using either [`sign.update()`][] or [`sign.write()`][stream-writable-write]. @@ -1019,7 +1023,7 @@ changes: description: The default `inputEncoding` changed from `binary` to `utf8`. --> - `data` {string | Buffer | TypedArray | DataView} -- `inputEncoding` {string} +- `inputEncoding` {string} (Default [`DEFAULT_ENCODING`][]) Updates the `Sign` content with the given `data`, the encoding of which is given in `inputEncoding` and can be `'utf8'`, `'ascii'` or @@ -1102,8 +1106,11 @@ changes: description: Support for RSASSA-PSS and additional options was added. --> - `object` {string | Object} + - `key` {string | Buffer | TypedArray | DataView} + - `padding` {integer} + - `saltLength` {integer} - `signature` {string | Buffer | TypedArray | DataView} -- `signatureFormat` {string} +- `signatureFormat` {string} (Default [`DEFAULT_ENCODING`][]) Verifies the provided data using the given `object` and `signature`. The `object` argument can be either a string containing a PEM encoded object, @@ -1300,9 +1307,9 @@ changes: from `binary` to `utf8`. --> - `prime` {string | Buffer | TypedArray | DataView} -- `primeEncoding` {string} +- `primeEncoding` {string} (Default [`DEFAULT_ENCODING`][]) - `generator` {number | string | Buffer | TypedArray | DataView} Defaults to `2`. -- `generatorEncoding` {string} +- `generatorEncoding` {string} (Default [`DEFAULT_ENCODING`][]) Creates a `DiffieHellman` key exchange object using the supplied `prime` and an optional specific `generator`. @@ -1533,8 +1540,8 @@ changes: description: The default encoding for `password` if it is a string changed from `binary` to `utf8`. --> -- `password` {string} -- `salt` {string} +- `password` {string | Buffer | TypedArray | DataView} +- `salt` {string | Buffer | TypedArray | DataView} - `iterations` {number} - `keylen` {number} - `digest` {string} @@ -1589,8 +1596,8 @@ changes: description: The default encoding for `password` if it is a string changed from `binary` to `utf8`. --> -- `password` {string} -- `salt` {string} +- `password` {string | Buffer | TypedArray | DataView} +- `salt` {string | Buffer | TypedArray | DataView} - `iterations` {number} - `keylen` {number} - `digest` {string} @@ -1627,7 +1634,7 @@ An array of supported digest functions can be retrieved using added: v0.11.14 --> - `privateKey` {Object | string} - - `key` {string} A PEM encoded private key. + - `key` {string | Buffer | TypedArray | DataView} A PEM encoded private key. - `passphrase` {string} An optional passphrase for the private key. - `padding` {crypto.constants} An optional padding value defined in `crypto.constants`, which may be: `crypto.constants.RSA_NO_PADDING`, @@ -1644,7 +1651,7 @@ treated as the key with no passphrase and will use `RSA_PKCS1_OAEP_PADDING`. added: v1.1.0 --> - `privateKey` {Object | string} - - `key` {string} A PEM encoded private key. + - `key` {string | Buffer | TypedArray | DataView} A PEM encoded private key. - `passphrase` {string} An optional passphrase for the private key. - `padding` {crypto.constants} An optional padding value defined in `crypto.constants`, which may be: `crypto.constants.RSA_NO_PADDING` or @@ -1661,7 +1668,7 @@ treated as the key with no passphrase and will use `RSA_PKCS1_PADDING`. added: v1.1.0 --> - `publicKey` {Object | string} - - `key` {string} A PEM encoded private key. + - `key` {string | Buffer | TypedArray | DataView} A PEM encoded private key. - `passphrase` {string} An optional passphrase for the private key. - `padding` {crypto.constants} An optional padding value defined in `crypto.constants`, which may be: `crypto.constants.RSA_NO_PADDING` or @@ -1681,7 +1688,7 @@ be passed instead of a public key. added: v0.11.14 --> - `publicKey` {Object | string} - - `key` {string} A PEM encoded private key. + - `key` {string | Buffer | TypedArray | DataView} A PEM encoded private key. - `passphrase` {string} An optional passphrase for the private key. - `padding` {crypto.constants} An optional padding value defined in `crypto.constants`, which may be: `crypto.constants.RSA_NO_PADDING`, @@ -1701,7 +1708,7 @@ be passed instead of a public key. -- `size` {number} +- `size` {integer} - `callback` {Function} - `err` {Error} - `buf` {Buffer} @@ -1750,8 +1757,8 @@ added: v7.10.0 --> * `buffer` {Buffer|Uint8Array} Must be supplied. -* `offset` {number} Defaults to `0`. -* `size` {number} Defaults to `buffer.length - offset`. +* `offset` {integer} Defaults to `0`. +* `size` {integer} Defaults to `buffer.length - offset`. Synchronous version of [`crypto.randomFill()`][]. @@ -2268,6 +2275,7 @@ the `crypto`, `tls`, and `https` modules and are generally specific to OpenSSL. [`tls.createSecureContext()`]: tls.html#tls_tls_createsecurecontext_options [`verify.update()`]: #crypto_verify_update_data_inputencoding [`verify.verify()`]: #crypto_verify_verify_object_signature_signatureformat +[`DEFAULT_ENCODING`]: #crypto_crypto_DEFAULT_ENCODING [Caveats]: #crypto_support_for_weak_or_compromised_algorithms [Crypto Constants]: #crypto_crypto_constants_1 [HTML5's `keygen` element]: http://www.w3.org/TR/html5/forms.html#the-keygen-element diff --git a/lib/crypto.js b/lib/crypto.js index 56795e23f24af9..22c01d7e7b119f 100644 --- a/lib/crypto.js +++ b/lib/crypto.js @@ -92,27 +92,27 @@ Hash.prototype._flush = function _flush(callback) { callback(); }; -Hash.prototype.update = function update(data, encoding) { - encoding = encoding || exports.DEFAULT_ENCODING; - this._handle.update(data, encoding); +Hash.prototype.update = function update(data, inputEncoding) { + inputEncoding = inputEncoding || exports.DEFAULT_ENCODING; + this._handle.update(data, inputEncoding); return this; }; -Hash.prototype.digest = function digest(outputEncoding) { - outputEncoding = outputEncoding || exports.DEFAULT_ENCODING; +Hash.prototype.digest = function digest(encoding) { + encoding = encoding || exports.DEFAULT_ENCODING; // Explicit conversion for backward compatibility. - return this._handle.digest(`${outputEncoding}`); + return this._handle.digest(`${encoding}`); }; exports.createHmac = exports.Hmac = Hmac; -function Hmac(hmac, key, options) { +function Hmac(algorithm, key, options) { if (!(this instanceof Hmac)) - return new Hmac(hmac, key, options); + return new Hmac(algorithm, key, options); this._handle = new binding.Hmac(); - this._handle.init(hmac, toBuf(key)); + this._handle.init(algorithm, toBuf(key)); LazyTransform.call(this, options); } @@ -133,12 +133,12 @@ function getDecoder(decoder, encoding) { exports.createCipher = exports.Cipher = Cipher; -function Cipher(cipher, password, options) { +function Cipher(algorithm, password, options) { if (!(this instanceof Cipher)) - return new Cipher(cipher, password, options); + return new Cipher(algorithm, password, options); this._handle = new binding.CipherBase(true); - this._handle.init(cipher, toBuf(password)); + this._handle.init(algorithm, toBuf(password)); this._decoder = null; LazyTransform.call(this, options); @@ -199,22 +199,22 @@ Cipher.prototype.getAuthTag = function getAuthTag() { }; -Cipher.prototype.setAuthTag = function setAuthTag(tagbuf) { - this._handle.setAuthTag(tagbuf); +Cipher.prototype.setAuthTag = function setAuthTag(buffer) { + this._handle.setAuthTag(buffer); return this; }; -Cipher.prototype.setAAD = function setAAD(aadbuf) { - this._handle.setAAD(aadbuf); +Cipher.prototype.setAAD = function setAAD(buffer) { + this._handle.setAAD(buffer); return this; }; exports.createCipheriv = exports.Cipheriv = Cipheriv; -function Cipheriv(cipher, key, iv, options) { +function Cipheriv(algorithm, key, iv, options) { if (!(this instanceof Cipheriv)) - return new Cipheriv(cipher, key, iv, options); + return new Cipheriv(algorithm, key, iv, options); this._handle = new binding.CipherBase(true); - this._handle.initiv(cipher, toBuf(key), toBuf(iv)); + this._handle.initiv(algorithm, toBuf(key), toBuf(iv)); this._decoder = null; LazyTransform.call(this, options); @@ -232,12 +232,12 @@ Cipheriv.prototype.setAuthTag = Cipher.prototype.setAuthTag; Cipheriv.prototype.setAAD = Cipher.prototype.setAAD; exports.createDecipher = exports.Decipher = Decipher; -function Decipher(cipher, password, options) { +function Decipher(algorithm, password, options) { if (!(this instanceof Decipher)) - return new Decipher(cipher, password, options); + return new Decipher(algorithm, password, options); this._handle = new binding.CipherBase(false); - this._handle.init(cipher, toBuf(password)); + this._handle.init(algorithm, toBuf(password)); this._decoder = null; LazyTransform.call(this, options); @@ -257,12 +257,12 @@ Decipher.prototype.setAAD = Cipher.prototype.setAAD; exports.createDecipheriv = exports.Decipheriv = Decipheriv; -function Decipheriv(cipher, key, iv, options) { +function Decipheriv(algorithm, key, iv, options) { if (!(this instanceof Decipheriv)) - return new Decipheriv(cipher, key, iv, options); + return new Decipheriv(algorithm, key, iv, options); this._handle = new binding.CipherBase(false); - this._handle.initiv(cipher, toBuf(key), toBuf(iv)); + this._handle.initiv(algorithm, toBuf(key), toBuf(iv)); this._decoder = null; LazyTransform.call(this, options); @@ -300,27 +300,27 @@ Sign.prototype._write = function _write(chunk, encoding, callback) { Sign.prototype.update = Hash.prototype.update; -Sign.prototype.sign = function sign(options, encoding) { - if (!options) +Sign.prototype.sign = function sign(privateKey, outputFormat) { + if (!privateKey) throw new Error('No key provided to sign'); - var key = options.key || options; - var passphrase = options.passphrase || null; + var key = privateKey.key || privateKey; + var passphrase = privateKey.passphrase || null; // Options specific to RSA var rsaPadding = constants.RSA_PKCS1_PADDING; - if (options.hasOwnProperty('padding')) { - if (options.padding === options.padding >> 0) { - rsaPadding = options.padding; + if (privateKey.hasOwnProperty('padding')) { + if (privateKey.padding === privateKey.padding >> 0) { + rsaPadding = privateKey.padding; } else { throw new TypeError('padding must be an integer'); } } var pssSaltLength = constants.RSA_PSS_SALTLEN_AUTO; - if (options.hasOwnProperty('saltLength')) { - if (options.saltLength === options.saltLength >> 0) { - pssSaltLength = options.saltLength; + if (privateKey.hasOwnProperty('saltLength')) { + if (privateKey.saltLength === privateKey.saltLength >> 0) { + pssSaltLength = privateKey.saltLength; } else { throw new TypeError('saltLength must be an integer'); } @@ -329,9 +329,9 @@ Sign.prototype.sign = function sign(options, encoding) { var ret = this._handle.sign(toBuf(key), passphrase, rsaPadding, pssSaltLength); - encoding = encoding || exports.DEFAULT_ENCODING; - if (encoding && encoding !== 'buffer') - ret = ret.toString(encoding); + outputFormat = outputFormat || exports.DEFAULT_ENCODING; + if (outputFormat && outputFormat !== 'buffer') + ret = ret.toString(outputFormat); return ret; }; @@ -353,95 +353,87 @@ util.inherits(Verify, stream.Writable); Verify.prototype._write = Sign.prototype._write; Verify.prototype.update = Sign.prototype.update; -Verify.prototype.verify = function verify(options, signature, sigEncoding) { - var key = options.key || options; - sigEncoding = sigEncoding || exports.DEFAULT_ENCODING; +Verify.prototype.verify = function verify(object, signature, signatureFormat) { + var key = object.key || object; + signatureFormat = signatureFormat || exports.DEFAULT_ENCODING; // Options specific to RSA var rsaPadding = constants.RSA_PKCS1_PADDING; - if (options.hasOwnProperty('padding')) { - if (options.padding === options.padding >> 0) { - rsaPadding = options.padding; + if (object.hasOwnProperty('padding')) { + if (object.padding === object.padding >> 0) { + rsaPadding = object.padding; } else { throw new TypeError('padding must be an integer'); } } var pssSaltLength = constants.RSA_PSS_SALTLEN_AUTO; - if (options.hasOwnProperty('saltLength')) { - if (options.saltLength === options.saltLength >> 0) { - pssSaltLength = options.saltLength; + if (object.hasOwnProperty('saltLength')) { + if (object.saltLength === object.saltLength >> 0) { + pssSaltLength = object.saltLength; } else { throw new TypeError('saltLength must be an integer'); } } - return this._handle.verify(toBuf(key), toBuf(signature, sigEncoding), + return this._handle.verify(toBuf(key), toBuf(signature, signatureFormat), rsaPadding, pssSaltLength); }; -function rsaPublic(method, defaultPadding) { - return function(options, buffer) { - var key = options.key || options; - var padding = options.padding || defaultPadding; - var passphrase = options.passphrase || null; +function rsaBinder(method, defaultPadding) { + return function(argOne, buffer) { + var key = argOne.key || argOne; + var passphrase = argOne.passphrase || null; + var padding = argOne.padding || defaultPadding; return method(toBuf(key), buffer, padding, passphrase); }; } -function rsaPrivate(method, defaultPadding) { - return function(options, buffer) { - var key = options.key || options; - var passphrase = options.passphrase || null; - var padding = options.padding || defaultPadding; - return method(toBuf(key), buffer, padding, passphrase); - }; -} - -exports.publicEncrypt = rsaPublic(binding.publicEncrypt, +exports.publicEncrypt = rsaBinder(binding.publicEncrypt, constants.RSA_PKCS1_OAEP_PADDING); -exports.publicDecrypt = rsaPublic(binding.publicDecrypt, +exports.publicDecrypt = rsaBinder(binding.publicDecrypt, constants.RSA_PKCS1_PADDING); -exports.privateEncrypt = rsaPrivate(binding.privateEncrypt, - constants.RSA_PKCS1_PADDING); -exports.privateDecrypt = rsaPrivate(binding.privateDecrypt, - constants.RSA_PKCS1_OAEP_PADDING); +exports.privateEncrypt = rsaBinder(binding.privateEncrypt, + constants.RSA_PKCS1_PADDING); +exports.privateDecrypt = rsaBinder(binding.privateDecrypt, + constants.RSA_PKCS1_OAEP_PADDING); exports.createDiffieHellman = exports.DiffieHellman = DiffieHellman; -function DiffieHellman(sizeOrKey, keyEncoding, generator, genEncoding) { +function DiffieHellman(prime, primeEncoding, generator, generatorEncoding) { if (!(this instanceof DiffieHellman)) - return new DiffieHellman(sizeOrKey, keyEncoding, generator, genEncoding); + return new DiffieHellman(prime, primeEncoding, + generator, generatorEncoding); - if (typeof sizeOrKey !== 'number' && - typeof sizeOrKey !== 'string' && - !ArrayBuffer.isView(sizeOrKey)) { + if (typeof prime !== 'number' && + typeof prime !== 'string' && + !ArrayBuffer.isView(prime)) { throw new TypeError('First argument should be number, string, ' + 'Buffer, TypedArray, or DataView'); } - if (keyEncoding) { - if (typeof keyEncoding !== 'string' || - (!Buffer.isEncoding(keyEncoding) && keyEncoding !== 'buffer')) { - genEncoding = generator; - generator = keyEncoding; - keyEncoding = false; + if (primeEncoding) { + if (typeof primeEncoding !== 'string' || + (!Buffer.isEncoding(primeEncoding) && primeEncoding !== 'buffer')) { + generatorEncoding = generator; + generator = primeEncoding; + primeEncoding = false; } } - keyEncoding = keyEncoding || exports.DEFAULT_ENCODING; - genEncoding = genEncoding || exports.DEFAULT_ENCODING; + primeEncoding = primeEncoding || exports.DEFAULT_ENCODING; + generatorEncoding = generatorEncoding || exports.DEFAULT_ENCODING; - if (typeof sizeOrKey !== 'number') - sizeOrKey = toBuf(sizeOrKey, keyEncoding); + if (typeof prime !== 'number') + prime = toBuf(prime, primeEncoding); if (!generator) generator = DH_GENERATOR; else if (typeof generator !== 'number') - generator = toBuf(generator, genEncoding); + generator = toBuf(generator, generatorEncoding); - this._handle = new binding.DiffieHellman(sizeOrKey, generator); + this._handle = new binding.DiffieHellman(prime, generator); Object.defineProperty(this, 'verifyError', { enumerable: true, value: this._handle.verifyError, @@ -454,10 +446,10 @@ exports.DiffieHellmanGroup = exports.createDiffieHellmanGroup = exports.getDiffieHellman = DiffieHellmanGroup; -function DiffieHellmanGroup(name) { +function DiffieHellmanGroup(groupName) { if (!(this instanceof DiffieHellmanGroup)) - return new DiffieHellmanGroup(name); - this._handle = new binding.DiffieHellmanGroup(name); + return new DiffieHellmanGroup(groupName); + this._handle = new binding.DiffieHellmanGroup(groupName); Object.defineProperty(this, 'verifyError', { enumerable: true, value: this._handle.verifyError, @@ -483,12 +475,12 @@ DiffieHellmanGroup.prototype.computeSecret = DiffieHellman.prototype.computeSecret = dhComputeSecret; -function dhComputeSecret(key, inEnc, outEnc) { - inEnc = inEnc || exports.DEFAULT_ENCODING; - outEnc = outEnc || exports.DEFAULT_ENCODING; - var ret = this._handle.computeSecret(toBuf(key, inEnc)); - if (outEnc && outEnc !== 'buffer') - ret = ret.toString(outEnc); +function dhComputeSecret(otherPublicKey, inputEncoding, outputEncoding) { + inputEncoding = inputEncoding || exports.DEFAULT_ENCODING; + outputEncoding = outputEncoding || exports.DEFAULT_ENCODING; + var ret = this._handle.computeSecret(toBuf(otherPublicKey, inputEncoding)); + if (outputEncoding && outputEncoding !== 'buffer') + ret = ret.toString(outputEncoding); return ret; } @@ -545,16 +537,22 @@ function dhGetPrivateKey(encoding) { } -DiffieHellman.prototype.setPublicKey = function setPublicKey(key, encoding) { +DiffieHellman.prototype.setPublicKey = function setPublicKey( + publicKey, + encoding +) { encoding = encoding || exports.DEFAULT_ENCODING; - this._handle.setPublicKey(toBuf(key, encoding)); + this._handle.setPublicKey(toBuf(publicKey, encoding)); return this; }; -DiffieHellman.prototype.setPrivateKey = function setPrivateKey(key, encoding) { +DiffieHellman.prototype.setPrivateKey = function setPrivateKey( + publicKey, + encoding +) { encoding = encoding || exports.DEFAULT_ENCODING; - this._handle.setPrivateKey(toBuf(key, encoding)); + this._handle.setPrivateKey(toBuf(publicKey, encoding)); return this; }; @@ -566,8 +564,8 @@ function ECDH(curve) { this._handle = new binding.ECDH(curve); } -exports.createECDH = function createECDH(curve) { - return new ECDH(curve); +exports.createECDH = function createECDH(curveName) { + return new ECDH(curveName); }; ECDH.prototype.computeSecret = DiffieHellman.prototype.computeSecret; @@ -666,25 +664,25 @@ function Certificate() { } -Certificate.prototype.verifySpkac = function verifySpkac(object) { - return binding.certVerifySpkac(object); +Certificate.prototype.verifySpkac = function verifySpkac(spkac) { + return binding.certVerifySpkac(spkac); }; Certificate.prototype.exportPublicKey = - function exportPublicKey(object, encoding) { - return binding.certExportPublicKey(toBuf(object, encoding)); + function exportPublicKey(spkac, encoding) { + return binding.certExportPublicKey(toBuf(spkac, encoding)); }; Certificate.prototype.exportChallenge = - function exportChallenge(object, encoding) { - return binding.certExportChallenge(toBuf(object, encoding)); + function exportChallenge(spkac, encoding) { + return binding.certExportChallenge(toBuf(spkac, encoding)); }; -exports.setEngine = function setEngine(id, flags) { - if (typeof id !== 'string') +exports.setEngine = function setEngine(engine, flags) { + if (typeof engine !== 'string') throw new TypeError('"id" argument should be a string'); if (flags && typeof flags !== 'number') @@ -695,46 +693,46 @@ exports.setEngine = function setEngine(id, flags) { if (flags === 0) flags = constants.ENGINE_METHOD_ALL; - return binding.setEngine(id, flags); + return binding.setEngine(engine, flags); }; const kMaxUint32 = Math.pow(2, 32) - 1; -function randomFillSync(buf, offset = 0, size) { - if (!isUint8Array(buf)) { +function randomFillSync(buffer, offset = 0, size) { + if (!isUint8Array(buffer)) { throw new TypeError('"buf" argument must be a Buffer or Uint8Array'); } - assertOffset(offset, buf.length); + assertOffset(offset, buffer.length); - if (size === undefined) size = buf.length - offset; + if (size === undefined) size = buffer.length - offset; - assertSize(size, offset, buf.length); + assertSize(size, offset, buffer.length); - return binding.randomFill(buf, offset, size); + return binding.randomFill(buffer, offset, size); } exports.randomFillSync = randomFillSync; -function randomFill(buf, offset, size, cb) { - if (!isUint8Array(buf)) { +function randomFill(buffer, offset, size, callback) { + if (!isUint8Array(buffer)) { throw new TypeError('"buf" argument must be a Buffer or Uint8Array'); } if (typeof offset === 'function') { - cb = offset; + callback = offset; offset = 0; - size = buf.length; + size = buffer.length; } else if (typeof size === 'function') { - cb = size; - size = buf.length - offset; - } else if (typeof cb !== 'function') { + callback = size; + size = buffer.length - offset; + } else if (typeof callback !== 'function') { throw new TypeError('"cb" argument must be a function'); } - assertOffset(offset, buf.length); - assertSize(size, offset, buf.length); + assertOffset(offset, buffer.length); + assertSize(size, offset, buffer.length); - return binding.randomFill(buf, offset, size, cb); + return binding.randomFill(buffer, offset, size, callback); } exports.randomFill = randomFill; From c54ea14f44374b0ed03f1eeb766462fb38d3281b Mon Sep 17 00:00:00 2001 From: Refael Ackermann Date: Sun, 13 Aug 2017 09:26:36 -0400 Subject: [PATCH 2/4] [sqwsh] better names (addaleax) --- lib/crypto.js | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/lib/crypto.js b/lib/crypto.js index 22c01d7e7b119f..78143879978f2b 100644 --- a/lib/crypto.js +++ b/lib/crypto.js @@ -380,23 +380,23 @@ Verify.prototype.verify = function verify(object, signature, signatureFormat) { rsaPadding, pssSaltLength); }; -function rsaBinder(method, defaultPadding) { - return function(argOne, buffer) { - var key = argOne.key || argOne; - var passphrase = argOne.passphrase || null; - var padding = argOne.padding || defaultPadding; +function makeRSAMethod(method, defaultPadding) { + return function(options, buffer) { + var key = options.key || options; + var passphrase = options.passphrase || null; + var padding = options.padding || defaultPadding; return method(toBuf(key), buffer, padding, passphrase); }; } -exports.publicEncrypt = rsaBinder(binding.publicEncrypt, - constants.RSA_PKCS1_OAEP_PADDING); -exports.publicDecrypt = rsaBinder(binding.publicDecrypt, - constants.RSA_PKCS1_PADDING); -exports.privateEncrypt = rsaBinder(binding.privateEncrypt, - constants.RSA_PKCS1_PADDING); -exports.privateDecrypt = rsaBinder(binding.privateDecrypt, - constants.RSA_PKCS1_OAEP_PADDING); +exports.publicEncrypt = makeRSAMethod(binding.publicEncrypt, + constants.RSA_PKCS1_OAEP_PADDING); +exports.publicDecrypt = makeRSAMethod(binding.publicDecrypt, + constants.RSA_PKCS1_PADDING); +exports.privateEncrypt = makeRSAMethod(binding.privateEncrypt, + constants.RSA_PKCS1_PADDING); +exports.privateDecrypt = makeRSAMethod(binding.privateDecrypt, + constants.RSA_PKCS1_OAEP_PADDING); exports.createDiffieHellman = exports.DiffieHellman = DiffieHellman; From 88716d9ec894818280f742c6fbdde19e532d9ed0 Mon Sep 17 00:00:00 2001 From: Refael Ackermann Date: Sun, 13 Aug 2017 09:27:39 -0400 Subject: [PATCH 3/4] [sqwsh] tiny simplification --- lib/crypto.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/crypto.js b/lib/crypto.js index 78143879978f2b..122b4d13a2c8a6 100644 --- a/lib/crypto.js +++ b/lib/crypto.js @@ -382,10 +382,10 @@ Verify.prototype.verify = function verify(object, signature, signatureFormat) { function makeRSAMethod(method, defaultPadding) { return function(options, buffer) { - var key = options.key || options; + var key = toBuf(options.key || options); var passphrase = options.passphrase || null; var padding = options.padding || defaultPadding; - return method(toBuf(key), buffer, padding, passphrase); + return method(key, buffer, padding, passphrase); }; } From 4f24fe11baf2e6dca0c7fb3caab7a5623f47ed5d Mon Sep 17 00:00:00 2001 From: Refael Ackermann Date: Wed, 13 Sep 2017 18:57:50 -0400 Subject: [PATCH 4/4] [squash] comments --- doc/api/crypto.md | 17 +++++------------ lib/crypto.js | 6 +++--- 2 files changed, 8 insertions(+), 15 deletions(-) diff --git a/doc/api/crypto.md b/doc/api/crypto.md index 3ef4355c497029..86d45fb8e3c3b8 100644 --- a/doc/api/crypto.md +++ b/doc/api/crypto.md @@ -784,11 +784,11 @@ console.log(hash.digest('hex')); // 6a2da20943931e9834fc12cfe5bb47bbd9ae43489a30726962b576f4e3993e50 ``` -### hash.digest([encoding]) +### hash.digest([outputEncoding]) -- `encoding` {string} (Default [`DEFAULT_ENCODING`][]) +- `outputEncoding` {string} (Default [`DEFAULT_ENCODING`][]) Calculates the digest of all of the data passed to be hashed (using the [`hash.update()`][] method). The `encoding` can be `'hex'`, `'latin1'` or @@ -980,10 +980,6 @@ changes: description: Support for RSASSA-PSS and additional options was added. --> - `privateKey` {string | Object} - - `key` {string | Buffer | TypedArray | DataView} - - `passphrase` {string} - - `padding` {string} - - `saltLength` {integer} - `outputFormat` {string} (Default [`DEFAULT_ENCODING`][]) Calculates the signature on all the data passed through using either @@ -993,7 +989,7 @@ The `privateKey` argument can be an object or a string. If `privateKey` is a string, it is treated as a raw key with no passphrase. If `privateKey` is an object, it must contain one or more of the following properties: -* `key`: {string} - PEM encoded private key (required) +* `key`: {string | Buffer | TypedArray | DataView} - PEM encoded private key (required) * `passphrase`: {string} - passphrase for the private key * `padding`: {integer} - Optional padding value for RSA, one of the following: * `crypto.constants.RSA_PKCS1_PADDING` (default) @@ -1106,9 +1102,6 @@ changes: description: Support for RSASSA-PSS and additional options was added. --> - `object` {string | Object} - - `key` {string | Buffer | TypedArray | DataView} - - `padding` {integer} - - `saltLength` {integer} - `signature` {string | Buffer | TypedArray | DataView} - `signatureFormat` {string} (Default [`DEFAULT_ENCODING`][]) @@ -1117,7 +1110,7 @@ The `object` argument can be either a string containing a PEM encoded object, which can be an RSA public key, a DSA public key, or an X.509 certificate, or an object with one or more of the following properties: -* `key`: {string} - PEM encoded public key (required) +* `key`: {string | Buffer | TypedArray | DataView} - PEM encoded public key (required) * `padding`: {integer} - Optional padding value for RSA, one of the following: * `crypto.constants.RSA_PKCS1_PADDING` (default) * `crypto.constants.RSA_PKCS1_PSS_PADDING` @@ -2264,7 +2257,7 @@ the `crypto`, `tls`, and `https` modules and are generally specific to OpenSSL. [`ecdh.generateKeys()`]: #crypto_ecdh_generatekeys_encoding_format [`ecdh.setPrivateKey()`]: #crypto_ecdh_setprivatekey_privatekey_encoding [`ecdh.setPublicKey()`]: #crypto_ecdh_setpublickey_publickey_encoding -[`hash.digest()`]: #crypto_hash_digest_encoding +[`hash.digest()`]: #crypto_hash_digest_outputencoding [`hash.update()`]: #crypto_hash_update_data_inputencoding [`hmac.digest()`]: #crypto_hmac_digest_encoding [`hmac.update()`]: #crypto_hmac_update_data_inputencoding diff --git a/lib/crypto.js b/lib/crypto.js index 122b4d13a2c8a6..c0b5b12c78ae6e 100644 --- a/lib/crypto.js +++ b/lib/crypto.js @@ -99,10 +99,10 @@ Hash.prototype.update = function update(data, inputEncoding) { }; -Hash.prototype.digest = function digest(encoding) { - encoding = encoding || exports.DEFAULT_ENCODING; +Hash.prototype.digest = function digest(outputEncoding) { + outputEncoding = outputEncoding || exports.DEFAULT_ENCODING; // Explicit conversion for backward compatibility. - return this._handle.digest(`${encoding}`); + return this._handle.digest(`${outputEncoding}`); };