2022-01-07 22:09:52 -05:00
// Copyright 2018-2022 the Deno authors. All rights reserved. MIT license.
2020-09-06 02:34:02 +02:00
2022-01-11 01:44:47 -03:00
use aes_kw ::KekAes128 ;
use aes_kw ::KekAes192 ;
use aes_kw ::KekAes256 ;
2021-07-06 17:46:04 +05:30
use deno_core ::error ::custom_error ;
use deno_core ::error ::not_supported ;
use deno_core ::error ::type_error ;
2020-09-14 18:48:57 +02:00
use deno_core ::error ::AnyError ;
2021-04-28 18:41:50 +02:00
use deno_core ::include_js_files ;
2022-03-14 23:14:15 +05:30
use deno_core ::op ;
2021-04-28 18:41:50 +02:00
use deno_core ::Extension ;
2020-09-10 09:57:45 -04:00
use deno_core ::OpState ;
2020-04-23 05:51:07 -04:00
use deno_core ::ZeroCopyBuf ;
2021-07-06 17:46:04 +05:30
use serde ::Deserialize ;
2022-01-11 01:44:47 -03:00
use shared ::operation_error ;
2021-07-06 17:46:04 +05:30
2021-12-16 13:28:43 -03:00
use p256 ::elliptic_curve ::sec1 ::FromEncodedPoint ;
2022-06-20 16:53:57 +05:30
use p256 ::pkcs8 ::DecodePrivateKey ;
2021-07-06 17:46:04 +05:30
use rand ::rngs ::OsRng ;
2020-09-18 20:39:47 +02:00
use rand ::rngs ::StdRng ;
2019-08-14 17:03:02 +02:00
use rand ::thread_rng ;
use rand ::Rng ;
2021-04-28 18:41:50 +02:00
use rand ::SeedableRng ;
2021-06-06 18:57:10 +08:00
use ring ::digest ;
2021-09-12 02:24:03 +05:30
use ring ::hkdf ;
2021-07-06 17:46:04 +05:30
use ring ::hmac ::Algorithm as HmacAlgorithm ;
use ring ::hmac ::Key as HmacKey ;
2021-08-26 16:18:07 +05:30
use ring ::pbkdf2 ;
2021-07-06 17:46:04 +05:30
use ring ::rand as RingRand ;
use ring ::signature ::EcdsaKeyPair ;
use ring ::signature ::EcdsaSigningAlgorithm ;
2021-09-12 02:19:53 +05:30
use ring ::signature ::EcdsaVerificationAlgorithm ;
use ring ::signature ::KeyPair ;
2021-07-06 17:46:04 +05:30
use rsa ::padding ::PaddingScheme ;
2022-06-20 16:53:57 +05:30
use rsa ::pkcs1 ::der ::Decode ;
use rsa ::pkcs1 ::der ::Encode ;
use rsa ::pkcs1 ::DecodeRsaPrivateKey ;
use rsa ::pkcs1 ::DecodeRsaPublicKey ;
2021-09-13 15:03:28 +05:30
use rsa ::pkcs8 ::der ::asn1 ;
2021-07-12 18:15:36 +05:30
use rsa ::PublicKey ;
2021-08-06 13:40:50 +05:30
use rsa ::RsaPrivateKey ;
use rsa ::RsaPublicKey ;
2021-07-06 17:46:04 +05:30
use sha1 ::Sha1 ;
use sha2 ::Digest ;
use sha2 ::Sha256 ;
use sha2 ::Sha384 ;
use sha2 ::Sha512 ;
2022-01-11 01:44:47 -03:00
use std ::convert ::TryFrom ;
2022-06-20 16:53:57 +05:30
use std ::num ::NonZeroU32 ;
2022-03-16 20:25:44 -04:00
use std ::path ::PathBuf ;
2019-08-14 17:03:02 +02:00
2020-11-14 02:31:57 +05:30
pub use rand ; // Re-export rand
2021-12-20 20:37:36 +05:30
mod decrypt ;
2021-12-15 22:18:26 +01:00
mod encrypt ;
2021-12-13 13:22:03 +01:00
mod export_key ;
2021-12-13 18:45:08 +01:00
mod generate_key ;
2021-12-10 15:06:03 +01:00
mod import_key ;
2021-07-06 17:46:04 +05:30
mod key ;
2021-12-10 15:06:03 +01:00
mod shared ;
2021-07-06 17:46:04 +05:30
2021-12-20 20:37:36 +05:30
pub use crate ::decrypt ::op_crypto_decrypt ;
2021-12-15 22:18:26 +01:00
pub use crate ::encrypt ::op_crypto_encrypt ;
2021-12-13 18:45:08 +01:00
pub use crate ::export_key ::op_crypto_export_key ;
pub use crate ::generate_key ::op_crypto_generate_key ;
pub use crate ::import_key ::op_crypto_import_key ;
2021-07-06 17:46:04 +05:30
use crate ::key ::Algorithm ;
use crate ::key ::CryptoHash ;
use crate ::key ::CryptoNamedCurve ;
2021-09-12 02:24:03 +05:30
use crate ::key ::HkdfOutput ;
2022-01-11 01:44:47 -03:00
use crate ::shared ::RawKeyData ;
2021-12-10 15:06:03 +01:00
use crate ::shared ::ID_MFG1 ;
use crate ::shared ::ID_P_SPECIFIED ;
use crate ::shared ::ID_SHA1_OID ;
2021-12-19 02:44:42 +05:30
use once_cell ::sync ::Lazy ;
2021-07-06 17:46:04 +05:30
2021-04-28 18:41:50 +02:00
pub fn init ( maybe_seed : Option < u64 > ) -> Extension {
2021-04-29 00:16:45 +02:00
Extension ::builder ( )
. js ( include_js_files! (
2021-08-11 12:27:05 +02:00
prefix " deno:ext/crypto " ,
2021-07-06 17:46:04 +05:30
" 00_crypto.js " ,
" 01_webidl.js " ,
2021-04-29 00:16:45 +02:00
) )
2021-06-05 14:46:24 +02:00
. ops ( vec! [
2022-03-14 23:14:15 +05:30
op_crypto_get_random_values ::decl ( ) ,
op_crypto_generate_key ::decl ( ) ,
op_crypto_sign_key ::decl ( ) ,
op_crypto_verify_key ::decl ( ) ,
op_crypto_derive_bits ::decl ( ) ,
op_crypto_import_key ::decl ( ) ,
op_crypto_export_key ::decl ( ) ,
op_crypto_encrypt ::decl ( ) ,
op_crypto_decrypt ::decl ( ) ,
op_crypto_subtle_digest ::decl ( ) ,
op_crypto_random_uuid ::decl ( ) ,
op_crypto_wrap_key ::decl ( ) ,
op_crypto_unwrap_key ::decl ( ) ,
2021-06-05 14:46:24 +02:00
] )
2021-04-29 00:16:45 +02:00
. state ( move | state | {
2021-04-28 18:41:50 +02:00
if let Some ( seed ) = maybe_seed {
state . put ( StdRng ::seed_from_u64 ( seed ) ) ;
}
Ok ( ( ) )
2021-04-29 00:16:45 +02:00
} )
. build ( )
2019-10-11 11:41:54 -07:00
}
2022-03-14 23:14:15 +05:30
#[ op ]
2021-01-15 01:24:38 +01:00
pub fn op_crypto_get_random_values (
2020-09-10 09:57:45 -04:00
state : & mut OpState ,
2021-06-05 19:30:20 +02:00
mut zero_copy : ZeroCopyBuf ,
2021-04-05 18:40:24 +02:00
) -> Result < ( ) , AnyError > {
2021-06-05 19:30:20 +02:00
if zero_copy . len ( ) > 65536 {
return Err (
deno_web ::DomExceptionQuotaExceededError ::new ( & format! ( " The ArrayBufferView's byte length ( {} ) exceeds the number of bytes of entropy available via this API (65536) " , zero_copy . len ( ) ) )
. into ( ) ,
) ;
}
2020-09-18 20:39:47 +02:00
let maybe_seeded_rng = state . try_borrow_mut ::< StdRng > ( ) ;
if let Some ( seeded_rng ) = maybe_seeded_rng {
2021-04-02 15:47:57 +02:00
seeded_rng . fill ( & mut * zero_copy ) ;
2019-08-14 17:03:02 +02:00
} else {
let mut rng = thread_rng ( ) ;
2021-04-02 15:47:57 +02:00
rng . fill ( & mut * zero_copy ) ;
2019-08-14 17:03:02 +02:00
}
2021-04-05 18:40:24 +02:00
Ok ( ( ) )
2019-08-14 17:03:02 +02:00
}
2021-02-26 22:36:26 +05:30
2021-07-06 17:46:04 +05:30
#[ derive(Deserialize) ]
#[ serde(rename_all = " lowercase " ) ]
pub enum KeyFormat {
Raw ,
Pkcs8 ,
2021-10-06 14:48:12 +05:30
Spki ,
2021-07-06 17:46:04 +05:30
}
2021-12-09 20:32:55 +01:00
#[ derive(Deserialize) ]
#[ serde(rename_all = " lowercase " ) ]
pub enum KeyType {
Secret ,
Private ,
Public ,
}
2021-07-06 17:46:04 +05:30
#[ derive(Deserialize) ]
#[ serde(rename_all = " lowercase " ) ]
pub struct KeyData {
2021-12-09 20:32:55 +01:00
r#type : KeyType ,
2021-07-06 17:46:04 +05:30
data : ZeroCopyBuf ,
}
#[ derive(Deserialize) ]
#[ serde(rename_all = " camelCase " ) ]
pub struct SignArg {
key : KeyData ,
algorithm : Algorithm ,
salt_length : Option < u32 > ,
hash : Option < CryptoHash > ,
named_curve : Option < CryptoNamedCurve > ,
}
2022-03-14 23:14:15 +05:30
#[ op ]
2021-07-06 17:46:04 +05:30
pub async fn op_crypto_sign_key (
args : SignArg ,
2021-10-05 22:38:27 +02:00
zero_copy : ZeroCopyBuf ,
2021-07-06 17:46:04 +05:30
) -> Result < ZeroCopyBuf , AnyError > {
let data = & * zero_copy ;
let algorithm = args . algorithm ;
let signature = match algorithm {
Algorithm ::RsassaPkcs1v15 = > {
2021-09-13 15:03:28 +05:30
let private_key = RsaPrivateKey ::from_pkcs1_der ( & * args . key . data ) ? ;
2021-07-07 20:03:58 +05:30
let ( padding , hashed ) = match args
2021-07-06 17:46:04 +05:30
. hash
. ok_or_else ( | | type_error ( " Missing argument hash " . to_string ( ) ) ) ?
{
2021-07-07 20:03:58 +05:30
CryptoHash ::Sha1 = > {
let mut hasher = Sha1 ::new ( ) ;
hasher . update ( & data ) ;
(
PaddingScheme ::PKCS1v15Sign {
hash : Some ( rsa ::hash ::Hash ::SHA1 ) ,
} ,
hasher . finalize ( ) [ .. ] . to_vec ( ) ,
)
}
CryptoHash ::Sha256 = > {
let mut hasher = Sha256 ::new ( ) ;
hasher . update ( & data ) ;
(
PaddingScheme ::PKCS1v15Sign {
hash : Some ( rsa ::hash ::Hash ::SHA2_256 ) ,
} ,
hasher . finalize ( ) [ .. ] . to_vec ( ) ,
)
}
CryptoHash ::Sha384 = > {
let mut hasher = Sha384 ::new ( ) ;
hasher . update ( & data ) ;
(
PaddingScheme ::PKCS1v15Sign {
hash : Some ( rsa ::hash ::Hash ::SHA2_384 ) ,
} ,
hasher . finalize ( ) [ .. ] . to_vec ( ) ,
)
}
CryptoHash ::Sha512 = > {
let mut hasher = Sha512 ::new ( ) ;
hasher . update ( & data ) ;
(
PaddingScheme ::PKCS1v15Sign {
hash : Some ( rsa ::hash ::Hash ::SHA2_512 ) ,
} ,
hasher . finalize ( ) [ .. ] . to_vec ( ) ,
)
}
2021-07-06 17:46:04 +05:30
} ;
2021-07-07 20:03:58 +05:30
private_key . sign ( padding , & hashed ) ?
2021-07-06 17:46:04 +05:30
}
Algorithm ::RsaPss = > {
2021-09-13 15:03:28 +05:30
let private_key = RsaPrivateKey ::from_pkcs1_der ( & * args . key . data ) ? ;
2021-07-06 17:46:04 +05:30
let salt_len = args
. salt_length
. ok_or_else ( | | type_error ( " Missing argument saltLength " . to_string ( ) ) ) ?
as usize ;
let rng = OsRng ;
let ( padding , digest_in ) = match args
. hash
. ok_or_else ( | | type_error ( " Missing argument hash " . to_string ( ) ) ) ?
{
CryptoHash ::Sha1 = > {
let mut hasher = Sha1 ::new ( ) ;
hasher . update ( & data ) ;
(
PaddingScheme ::new_pss_with_salt ::< Sha1 , _ > ( rng , salt_len ) ,
hasher . finalize ( ) [ .. ] . to_vec ( ) ,
)
}
CryptoHash ::Sha256 = > {
let mut hasher = Sha256 ::new ( ) ;
hasher . update ( & data ) ;
(
PaddingScheme ::new_pss_with_salt ::< Sha256 , _ > ( rng , salt_len ) ,
hasher . finalize ( ) [ .. ] . to_vec ( ) ,
)
}
CryptoHash ::Sha384 = > {
let mut hasher = Sha384 ::new ( ) ;
hasher . update ( & data ) ;
(
PaddingScheme ::new_pss_with_salt ::< Sha384 , _ > ( rng , salt_len ) ,
hasher . finalize ( ) [ .. ] . to_vec ( ) ,
)
}
CryptoHash ::Sha512 = > {
let mut hasher = Sha512 ::new ( ) ;
hasher . update ( & data ) ;
(
PaddingScheme ::new_pss_with_salt ::< Sha512 , _ > ( rng , salt_len ) ,
hasher . finalize ( ) [ .. ] . to_vec ( ) ,
)
}
} ;
// Sign data based on computed padding and return buffer
private_key . sign ( padding , & digest_in ) ?
}
Algorithm ::Ecdsa = > {
let curve : & EcdsaSigningAlgorithm =
args . named_curve . ok_or_else ( not_supported ) ? . try_into ( ) ? ;
let key_pair = EcdsaKeyPair ::from_pkcs8 ( curve , & * args . key . data ) ? ;
// We only support P256-SHA256 & P384-SHA384. These are recommended signature pairs.
// https://briansmith.org/rustdoc/ring/signature/index.html#statics
if let Some ( hash ) = args . hash {
match hash {
CryptoHash ::Sha256 | CryptoHash ::Sha384 = > ( ) ,
_ = > return Err ( type_error ( " Unsupported algorithm " ) ) ,
}
} ;
let rng = RingRand ::SystemRandom ::new ( ) ;
2021-07-30 22:03:41 +09:00
let signature = key_pair . sign ( & rng , data ) ? ;
2021-07-06 17:46:04 +05:30
// Signature data as buffer.
signature . as_ref ( ) . to_vec ( )
}
Algorithm ::Hmac = > {
let hash : HmacAlgorithm = args . hash . ok_or_else ( not_supported ) ? . into ( ) ;
let key = HmacKey ::new ( hash , & * args . key . data ) ;
2021-07-30 22:03:41 +09:00
let signature = ring ::hmac ::sign ( & key , data ) ;
2021-07-06 17:46:04 +05:30
signature . as_ref ( ) . to_vec ( )
}
_ = > return Err ( type_error ( " Unsupported algorithm " . to_string ( ) ) ) ,
} ;
Ok ( signature . into ( ) )
}
2021-07-12 18:15:36 +05:30
#[ derive(Deserialize) ]
#[ serde(rename_all = " camelCase " ) ]
pub struct VerifyArg {
key : KeyData ,
algorithm : Algorithm ,
salt_length : Option < u32 > ,
hash : Option < CryptoHash > ,
signature : ZeroCopyBuf ,
2021-09-12 02:19:53 +05:30
named_curve : Option < CryptoNamedCurve > ,
2021-07-12 18:15:36 +05:30
}
2022-03-14 23:14:15 +05:30
#[ op ]
2021-07-12 18:15:36 +05:30
pub async fn op_crypto_verify_key (
args : VerifyArg ,
2021-10-05 22:38:27 +02:00
zero_copy : ZeroCopyBuf ,
2021-07-12 18:15:36 +05:30
) -> Result < bool , AnyError > {
let data = & * zero_copy ;
let algorithm = args . algorithm ;
let verification = match algorithm {
Algorithm ::RsassaPkcs1v15 = > {
2021-12-09 20:32:55 +01:00
let public_key = read_rsa_public_key ( args . key ) ? ;
2021-07-12 18:15:36 +05:30
let ( padding , hashed ) = match args
. hash
. ok_or_else ( | | type_error ( " Missing argument hash " . to_string ( ) ) ) ?
{
CryptoHash ::Sha1 = > {
let mut hasher = Sha1 ::new ( ) ;
hasher . update ( & data ) ;
(
PaddingScheme ::PKCS1v15Sign {
hash : Some ( rsa ::hash ::Hash ::SHA1 ) ,
} ,
hasher . finalize ( ) [ .. ] . to_vec ( ) ,
)
}
CryptoHash ::Sha256 = > {
let mut hasher = Sha256 ::new ( ) ;
hasher . update ( & data ) ;
(
PaddingScheme ::PKCS1v15Sign {
hash : Some ( rsa ::hash ::Hash ::SHA2_256 ) ,
} ,
hasher . finalize ( ) [ .. ] . to_vec ( ) ,
)
}
CryptoHash ::Sha384 = > {
let mut hasher = Sha384 ::new ( ) ;
hasher . update ( & data ) ;
(
PaddingScheme ::PKCS1v15Sign {
hash : Some ( rsa ::hash ::Hash ::SHA2_384 ) ,
} ,
hasher . finalize ( ) [ .. ] . to_vec ( ) ,
)
}
CryptoHash ::Sha512 = > {
let mut hasher = Sha512 ::new ( ) ;
hasher . update ( & data ) ;
(
PaddingScheme ::PKCS1v15Sign {
hash : Some ( rsa ::hash ::Hash ::SHA2_512 ) ,
} ,
hasher . finalize ( ) [ .. ] . to_vec ( ) ,
)
}
} ;
public_key
. verify ( padding , & hashed , & * args . signature )
. is_ok ( )
}
Algorithm ::RsaPss = > {
let salt_len = args
. salt_length
. ok_or_else ( | | type_error ( " Missing argument saltLength " . to_string ( ) ) ) ?
as usize ;
2021-12-09 20:32:55 +01:00
let public_key = read_rsa_public_key ( args . key ) ? ;
2021-07-12 18:15:36 +05:30
let rng = OsRng ;
let ( padding , hashed ) = match args
. hash
. ok_or_else ( | | type_error ( " Missing argument hash " . to_string ( ) ) ) ?
{
CryptoHash ::Sha1 = > {
let mut hasher = Sha1 ::new ( ) ;
hasher . update ( & data ) ;
(
PaddingScheme ::new_pss_with_salt ::< Sha1 , _ > ( rng , salt_len ) ,
hasher . finalize ( ) [ .. ] . to_vec ( ) ,
)
}
CryptoHash ::Sha256 = > {
let mut hasher = Sha256 ::new ( ) ;
hasher . update ( & data ) ;
(
PaddingScheme ::new_pss_with_salt ::< Sha256 , _ > ( rng , salt_len ) ,
hasher . finalize ( ) [ .. ] . to_vec ( ) ,
)
}
CryptoHash ::Sha384 = > {
let mut hasher = Sha384 ::new ( ) ;
hasher . update ( & data ) ;
(
PaddingScheme ::new_pss_with_salt ::< Sha384 , _ > ( rng , salt_len ) ,
hasher . finalize ( ) [ .. ] . to_vec ( ) ,
)
}
CryptoHash ::Sha512 = > {
let mut hasher = Sha512 ::new ( ) ;
hasher . update ( & data ) ;
(
PaddingScheme ::new_pss_with_salt ::< Sha512 , _ > ( rng , salt_len ) ,
hasher . finalize ( ) [ .. ] . to_vec ( ) ,
)
}
} ;
public_key
. verify ( padding , & hashed , & * args . signature )
. is_ok ( )
}
2021-08-05 01:19:27 +05:30
Algorithm ::Hmac = > {
let hash : HmacAlgorithm = args . hash . ok_or_else ( not_supported ) ? . into ( ) ;
let key = HmacKey ::new ( hash , & * args . key . data ) ;
ring ::hmac ::verify ( & key , data , & * args . signature ) . is_ok ( )
}
2021-09-12 02:19:53 +05:30
Algorithm ::Ecdsa = > {
let signing_alg : & EcdsaSigningAlgorithm =
args . named_curve . ok_or_else ( not_supported ) ? . try_into ( ) ? ;
let verify_alg : & EcdsaVerificationAlgorithm =
args . named_curve . ok_or_else ( not_supported ) ? . try_into ( ) ? ;
2021-12-16 13:28:43 -03:00
let private_key ;
let public_key_bytes = match args . key . r#type {
KeyType ::Private = > {
private_key = EcdsaKeyPair ::from_pkcs8 ( signing_alg , & * args . key . data ) ? ;
private_key . public_key ( ) . as_ref ( )
}
KeyType ::Public = > & * args . key . data ,
_ = > return Err ( type_error ( " Invalid Key format " . to_string ( ) ) ) ,
} ;
2021-09-12 02:19:53 +05:30
let public_key =
ring ::signature ::UnparsedPublicKey ::new ( verify_alg , public_key_bytes ) ;
public_key . verify ( data , & * args . signature ) . is_ok ( )
}
2021-07-12 18:15:36 +05:30
_ = > return Err ( type_error ( " Unsupported algorithm " . to_string ( ) ) ) ,
} ;
Ok ( verification )
}
2021-08-26 16:18:07 +05:30
#[ derive(Deserialize) ]
#[ serde(rename_all = " camelCase " ) ]
pub struct DeriveKeyArg {
key : KeyData ,
algorithm : Algorithm ,
hash : Option < CryptoHash > ,
length : usize ,
iterations : Option < u32 > ,
2021-10-08 20:59:36 +05:30
// ECDH
public_key : Option < KeyData > ,
named_curve : Option < CryptoNamedCurve > ,
// HKDF
2021-09-12 02:24:03 +05:30
info : Option < ZeroCopyBuf > ,
2021-08-26 16:18:07 +05:30
}
2022-03-14 23:14:15 +05:30
#[ op ]
2021-08-26 16:18:07 +05:30
pub async fn op_crypto_derive_bits (
args : DeriveKeyArg ,
2021-10-08 20:59:36 +05:30
zero_copy : Option < ZeroCopyBuf > ,
2021-08-26 16:18:07 +05:30
) -> Result < ZeroCopyBuf , AnyError > {
let algorithm = args . algorithm ;
match algorithm {
Algorithm ::Pbkdf2 = > {
2021-10-08 20:59:36 +05:30
let zero_copy = zero_copy . ok_or_else ( not_supported ) ? ;
let salt = & * zero_copy ;
2021-08-26 16:18:07 +05:30
// The caller must validate these cases.
assert! ( args . length > 0 ) ;
assert! ( args . length % 8 = = 0 ) ;
let algorithm = match args . hash . ok_or_else ( not_supported ) ? {
CryptoHash ::Sha1 = > pbkdf2 ::PBKDF2_HMAC_SHA1 ,
CryptoHash ::Sha256 = > pbkdf2 ::PBKDF2_HMAC_SHA256 ,
CryptoHash ::Sha384 = > pbkdf2 ::PBKDF2_HMAC_SHA384 ,
CryptoHash ::Sha512 = > pbkdf2 ::PBKDF2_HMAC_SHA512 ,
} ;
// This will never panic. We have already checked length earlier.
let iterations =
NonZeroU32 ::new ( args . iterations . ok_or_else ( not_supported ) ? ) . unwrap ( ) ;
let secret = args . key . data ;
let mut out = vec! [ 0 ; args . length / 8 ] ;
pbkdf2 ::derive ( algorithm , iterations , salt , & secret , & mut out ) ;
Ok ( out . into ( ) )
}
2021-10-08 20:59:36 +05:30
Algorithm ::Ecdh = > {
let named_curve = args
. named_curve
. ok_or_else ( | | type_error ( " Missing argument namedCurve " . to_string ( ) ) ) ? ;
let public_key = args
. public_key
2021-12-16 13:28:43 -03:00
. ok_or_else ( | | type_error ( " Missing argument publicKey " ) ) ? ;
2021-10-08 20:59:36 +05:30
match named_curve {
CryptoNamedCurve ::P256 = > {
2021-12-16 13:28:43 -03:00
let secret_key = p256 ::SecretKey ::from_pkcs8_der ( & args . key . data )
. map_err ( | _ | type_error ( " Unexpected error decoding private key " ) ) ? ;
let public_key = match public_key . r#type {
KeyType ::Private = > {
p256 ::SecretKey ::from_pkcs8_der ( & public_key . data )
. map_err ( | _ | {
type_error ( " Unexpected error decoding private key " )
} ) ?
. public_key ( )
}
KeyType ::Public = > {
let point = p256 ::EncodedPoint ::from_bytes ( public_key . data )
. map_err ( | _ | {
type_error ( " Unexpected error decoding private key " )
} ) ? ;
2022-06-20 16:53:57 +05:30
let pk = p256 ::PublicKey ::from_encoded_point ( & point ) ;
// pk is a constant time Option.
if pk . is_some ( ) . into ( ) {
pk . unwrap ( )
2021-12-16 13:28:43 -03:00
} else {
return Err ( type_error (
" Unexpected error decoding private key " ,
) ) ;
}
}
_ = > unreachable! ( ) ,
} ;
2021-10-08 20:59:36 +05:30
let shared_secret = p256 ::elliptic_curve ::ecdh ::diffie_hellman (
2022-06-20 16:53:57 +05:30
secret_key . to_nonzero_scalar ( ) ,
2021-10-08 20:59:36 +05:30
public_key . as_affine ( ) ,
) ;
2022-06-20 16:53:57 +05:30
// raw serialized x-coordinate of the computed point
Ok ( shared_secret . raw_secret_bytes ( ) . to_vec ( ) . into ( ) )
2021-10-08 20:59:36 +05:30
}
// TODO(@littledivy): support for P384
// https://github.com/RustCrypto/elliptic-curves/issues/240
_ = > Err ( type_error ( " Unsupported namedCurve " . to_string ( ) ) ) ,
}
}
2021-09-12 02:24:03 +05:30
Algorithm ::Hkdf = > {
2021-10-08 20:59:36 +05:30
let zero_copy = zero_copy . ok_or_else ( not_supported ) ? ;
let salt = & * zero_copy ;
2021-09-12 02:24:03 +05:30
let algorithm = match args . hash . ok_or_else ( not_supported ) ? {
CryptoHash ::Sha1 = > hkdf ::HKDF_SHA1_FOR_LEGACY_USE_ONLY ,
CryptoHash ::Sha256 = > hkdf ::HKDF_SHA256 ,
CryptoHash ::Sha384 = > hkdf ::HKDF_SHA384 ,
CryptoHash ::Sha512 = > hkdf ::HKDF_SHA512 ,
} ;
let info = args
. info
. ok_or_else ( | | type_error ( " Missing argument info " . to_string ( ) ) ) ? ;
// IKM
let secret = args . key . data ;
// L
let length = args . length / 8 ;
let salt = hkdf ::Salt ::new ( algorithm , salt ) ;
let prk = salt . extract ( & secret ) ;
let info = & [ & * info ] ;
2021-11-11 14:34:17 +05:30
let okm = prk . expand ( info , HkdfOutput ( length ) ) . map_err ( | _e | {
custom_error (
" DOMExceptionOperationError " ,
" The length provided for HKDF is too large " ,
)
} ) ? ;
2021-09-12 02:24:03 +05:30
let mut r = vec! [ 0 u8 ; length ] ;
okm . fill ( & mut r ) ? ;
Ok ( r . into ( ) )
}
2021-08-26 16:18:07 +05:30
_ = > Err ( type_error ( " Unsupported algorithm " . to_string ( ) ) ) ,
}
}
2021-12-09 20:32:55 +01:00
fn read_rsa_public_key ( key_data : KeyData ) -> Result < RsaPublicKey , AnyError > {
let public_key = match key_data . r#type {
KeyType ::Private = > {
RsaPrivateKey ::from_pkcs1_der ( & * key_data . data ) ? . to_public_key ( )
}
KeyType ::Public = > RsaPublicKey ::from_pkcs1_der ( & * key_data . data ) ? ,
KeyType ::Secret = > unreachable! ( " unexpected KeyType::Secret " ) ,
} ;
Ok ( public_key )
}
2021-09-14 18:51:20 +05:30
// The parameters field associated with OID id-RSASSA-PSS
// Defined in RFC 3447, section A.2.3
//
// RSASSA-PSS-params ::= SEQUENCE {
// hashAlgorithm [0] HashAlgorithm DEFAULT sha1,
// maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1,
// saltLength [2] INTEGER DEFAULT 20,
// trailerField [3] TrailerField DEFAULT trailerFieldBC
// }
pub struct PssPrivateKeyParameters < ' a > {
pub hash_algorithm : rsa ::pkcs8 ::AlgorithmIdentifier < ' a > ,
pub mask_gen_algorithm : rsa ::pkcs8 ::AlgorithmIdentifier < ' a > ,
pub salt_length : u32 ,
}
// Context-specific tag number for hashAlgorithm.
const HASH_ALGORITHM_TAG : rsa ::pkcs8 ::der ::TagNumber =
rsa ::pkcs8 ::der ::TagNumber ::new ( 0 ) ;
// Context-specific tag number for maskGenAlgorithm.
const MASK_GEN_ALGORITHM_TAG : rsa ::pkcs8 ::der ::TagNumber =
rsa ::pkcs8 ::der ::TagNumber ::new ( 1 ) ;
// Context-specific tag number for saltLength.
const SALT_LENGTH_TAG : rsa ::pkcs8 ::der ::TagNumber =
rsa ::pkcs8 ::der ::TagNumber ::new ( 2 ) ;
2021-10-02 18:50:53 +05:30
// Context-specific tag number for pSourceAlgorithm
const P_SOURCE_ALGORITHM_TAG : rsa ::pkcs8 ::der ::TagNumber =
rsa ::pkcs8 ::der ::TagNumber ::new ( 2 ) ;
2021-12-19 02:44:42 +05:30
// Default HashAlgorithm for RSASSA-PSS-params (sha1)
//
// sha1 HashAlgorithm ::= {
// algorithm id-sha1,
// parameters SHA1Parameters : NULL
// }
//
// SHA1Parameters ::= NULL
static SHA1_HASH_ALGORITHM : Lazy < rsa ::pkcs8 ::AlgorithmIdentifier < 'static > > =
Lazy ::new ( | | {
rsa ::pkcs8 ::AlgorithmIdentifier {
// id-sha1
oid : ID_SHA1_OID ,
// NULL
2022-06-20 16:53:57 +05:30
parameters : Some ( asn1 ::AnyRef ::from ( asn1 ::Null ) ) ,
2021-12-19 02:44:42 +05:30
}
} ) ;
2021-10-01 14:44:16 +05:30
2021-12-19 02:44:42 +05:30
// TODO(@littledivy): `pkcs8` should provide AlgorithmIdentifier to Any conversion.
static ENCODED_SHA1_HASH_ALGORITHM : Lazy < Vec < u8 > > =
Lazy ::new ( | | SHA1_HASH_ALGORITHM . to_vec ( ) . unwrap ( ) ) ;
// Default MaskGenAlgrithm for RSASSA-PSS-params (mgf1SHA1)
//
// mgf1SHA1 MaskGenAlgorithm ::= {
// algorithm id-mgf1,
// parameters HashAlgorithm : sha1
// }
static MGF1_SHA1_MASK_ALGORITHM : Lazy <
rsa ::pkcs8 ::AlgorithmIdentifier < 'static > ,
> = Lazy ::new ( | | {
rsa ::pkcs8 ::AlgorithmIdentifier {
2021-10-01 14:44:16 +05:30
// id-mgf1
oid : ID_MFG1 ,
// sha1
2021-12-19 02:44:42 +05:30
parameters : Some (
2022-06-20 16:53:57 +05:30
asn1 ::AnyRef ::from_der ( & ENCODED_SHA1_HASH_ALGORITHM ) . unwrap ( ) ,
2021-12-19 02:44:42 +05:30
) ,
}
} ) ;
2021-10-02 18:50:53 +05:30
2021-12-19 02:44:42 +05:30
// Default PSourceAlgorithm for RSAES-OAEP-params
// The default label is an empty string.
//
// pSpecifiedEmpty PSourceAlgorithm ::= {
// algorithm id-pSpecified,
// parameters EncodingParameters : emptyString
// }
//
// emptyString EncodingParameters ::= ''H
static P_SPECIFIED_EMPTY : Lazy < rsa ::pkcs8 ::AlgorithmIdentifier < 'static > > =
Lazy ::new ( | | {
rsa ::pkcs8 ::AlgorithmIdentifier {
// id-pSpecified
oid : ID_P_SPECIFIED ,
// EncodingParameters
2022-06-20 16:53:57 +05:30
parameters : Some ( asn1 ::AnyRef ::from (
asn1 ::OctetStringRef ::new ( b " " ) . unwrap ( ) ,
) ) ,
2021-12-19 02:44:42 +05:30
}
} ) ;
2021-10-01 14:44:16 +05:30
2022-06-20 16:53:57 +05:30
fn decode_content_tag < ' a , T > (
decoder : & mut rsa ::pkcs8 ::der ::SliceReader < ' a > ,
tag : rsa ::pkcs8 ::der ::TagNumber ,
) -> rsa ::pkcs8 ::der ::Result < Option < T > >
where
T : rsa ::pkcs8 ::der ::Decode < ' a > ,
{
Ok (
rsa ::pkcs8 ::der ::asn1 ::ContextSpecific ::< T > ::decode_explicit ( decoder , tag ) ?
. map ( | field | field . value ) ,
)
}
impl < ' a > TryFrom < rsa ::pkcs8 ::der ::asn1 ::AnyRef < ' a > >
2021-09-14 18:51:20 +05:30
for PssPrivateKeyParameters < ' a >
{
type Error = rsa ::pkcs8 ::der ::Error ;
fn try_from (
2022-06-20 16:53:57 +05:30
any : rsa ::pkcs8 ::der ::asn1 ::AnyRef < ' a > ,
) -> rsa ::pkcs8 ::der ::Result < PssPrivateKeyParameters < ' a > > {
2021-09-14 18:51:20 +05:30
any . sequence ( | decoder | {
2022-06-20 16:53:57 +05:30
let hash_algorithm =
decode_content_tag ::< rsa ::pkcs8 ::AlgorithmIdentifier > (
decoder ,
HASH_ALGORITHM_TAG ,
) ?
2021-09-14 18:51:20 +05:30
. map ( TryInto ::try_into )
. transpose ( ) ?
2021-10-01 14:44:16 +05:30
. unwrap_or ( * SHA1_HASH_ALGORITHM ) ;
2021-09-14 18:51:20 +05:30
2022-06-20 16:53:57 +05:30
let mask_gen_algorithm = decode_content_tag ::<
rsa ::pkcs8 ::AlgorithmIdentifier ,
> ( decoder , MASK_GEN_ALGORITHM_TAG ) ?
. map ( TryInto ::try_into )
. transpose ( ) ?
. unwrap_or ( * MGF1_SHA1_MASK_ALGORITHM ) ;
2021-09-14 18:51:20 +05:30
2022-06-20 16:53:57 +05:30
let salt_length = decode_content_tag ::< u32 > ( decoder , SALT_LENGTH_TAG ) ?
2021-09-14 18:51:20 +05:30
. map ( TryInto ::try_into )
. transpose ( ) ?
. unwrap_or ( 20 ) ;
Ok ( Self {
hash_algorithm ,
mask_gen_algorithm ,
salt_length ,
} )
} )
}
}
// The parameters field associated with OID id-RSAES-OAEP
// Defined in RFC 3447, section A.2.1
//
// RSAES-OAEP-params ::= SEQUENCE {
// hashAlgorithm [0] HashAlgorithm DEFAULT sha1,
// maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1,
// pSourceAlgorithm [2] PSourceAlgorithm DEFAULT pSpecifiedEmpty
// }
pub struct OaepPrivateKeyParameters < ' a > {
pub hash_algorithm : rsa ::pkcs8 ::AlgorithmIdentifier < ' a > ,
pub mask_gen_algorithm : rsa ::pkcs8 ::AlgorithmIdentifier < ' a > ,
pub p_source_algorithm : rsa ::pkcs8 ::AlgorithmIdentifier < ' a > ,
}
2022-06-20 16:53:57 +05:30
impl < ' a > TryFrom < rsa ::pkcs8 ::der ::asn1 ::AnyRef < ' a > >
2021-09-14 18:51:20 +05:30
for OaepPrivateKeyParameters < ' a >
{
type Error = rsa ::pkcs8 ::der ::Error ;
fn try_from (
2022-06-20 16:53:57 +05:30
any : rsa ::pkcs8 ::der ::asn1 ::AnyRef < ' a > ,
) -> rsa ::pkcs8 ::der ::Result < OaepPrivateKeyParameters < ' a > > {
2021-09-14 18:51:20 +05:30
any . sequence ( | decoder | {
2022-06-20 16:53:57 +05:30
let hash_algorithm =
decode_content_tag ::< rsa ::pkcs8 ::AlgorithmIdentifier > (
decoder ,
HASH_ALGORITHM_TAG ,
) ?
2021-10-02 18:50:53 +05:30
. map ( TryInto ::try_into )
. transpose ( ) ?
. unwrap_or ( * SHA1_HASH_ALGORITHM ) ;
2022-06-20 16:53:57 +05:30
let mask_gen_algorithm = decode_content_tag ::<
rsa ::pkcs8 ::AlgorithmIdentifier ,
> ( decoder , MASK_GEN_ALGORITHM_TAG ) ?
. map ( TryInto ::try_into )
. transpose ( ) ?
. unwrap_or ( * MGF1_SHA1_MASK_ALGORITHM ) ;
let p_source_algorithm = decode_content_tag ::<
rsa ::pkcs8 ::AlgorithmIdentifier ,
> ( decoder , P_SOURCE_ALGORITHM_TAG ) ?
. map ( TryInto ::try_into )
. transpose ( ) ?
. unwrap_or ( * P_SPECIFIED_EMPTY ) ;
2021-10-02 18:50:53 +05:30
2021-09-14 18:51:20 +05:30
Ok ( Self {
hash_algorithm ,
mask_gen_algorithm ,
p_source_algorithm ,
} )
} )
}
}
2022-03-14 23:14:15 +05:30
#[ op ]
2022-03-14 23:38:53 +01:00
pub fn op_crypto_random_uuid ( state : & mut OpState ) -> Result < String , AnyError > {
2021-06-05 14:46:24 +02:00
let maybe_seeded_rng = state . try_borrow_mut ::< StdRng > ( ) ;
let uuid = if let Some ( seeded_rng ) = maybe_seeded_rng {
let mut bytes = [ 0 u8 ; 16 ] ;
seeded_rng . fill ( & mut bytes ) ;
uuid ::Builder ::from_bytes ( bytes )
2022-05-05 12:41:59 +02:00
. with_version ( uuid ::Version ::Random )
. into_uuid ( )
2021-06-05 14:46:24 +02:00
} else {
uuid ::Uuid ::new_v4 ( )
} ;
Ok ( uuid . to_string ( ) )
}
2022-03-14 23:14:15 +05:30
#[ op ]
2021-06-06 18:57:10 +08:00
pub async fn op_crypto_subtle_digest (
2021-07-08 00:04:02 +05:30
algorithm : CryptoHash ,
2021-10-05 22:38:27 +02:00
data : ZeroCopyBuf ,
2021-06-06 18:57:10 +08:00
) -> Result < ZeroCopyBuf , AnyError > {
let output = tokio ::task ::spawn_blocking ( move | | {
2021-10-05 22:38:27 +02:00
digest ::digest ( algorithm . into ( ) , & data )
2021-07-08 00:04:02 +05:30
. as_ref ( )
. to_vec ( )
. into ( )
2021-06-06 18:57:10 +08:00
} )
. await ? ;
Ok ( output )
}
2022-01-11 01:44:47 -03:00
#[ derive(Deserialize) ]
#[ serde(rename_all = " camelCase " ) ]
pub struct WrapUnwrapKeyArg {
key : RawKeyData ,
algorithm : Algorithm ,
}
2022-03-14 23:14:15 +05:30
#[ op ]
2022-01-11 01:44:47 -03:00
pub fn op_crypto_wrap_key (
args : WrapUnwrapKeyArg ,
data : ZeroCopyBuf ,
) -> Result < ZeroCopyBuf , AnyError > {
let algorithm = args . algorithm ;
match algorithm {
Algorithm ::AesKw = > {
let key = args . key . as_secret_key ( ) ? ;
if data . len ( ) % 8 ! = 0 {
return Err ( type_error ( " Data must be multiple of 8 bytes " ) ) ;
}
let wrapped_key = match key . len ( ) {
16 = > KekAes128 ::new ( key . into ( ) ) . wrap_vec ( & data ) ,
24 = > KekAes192 ::new ( key . into ( ) ) . wrap_vec ( & data ) ,
32 = > KekAes256 ::new ( key . into ( ) ) . wrap_vec ( & data ) ,
_ = > return Err ( type_error ( " Invalid key length " ) ) ,
}
. map_err ( | _ | operation_error ( " encryption error " ) ) ? ;
Ok ( wrapped_key . into ( ) )
}
_ = > Err ( type_error ( " Unsupported algorithm " ) ) ,
}
}
2022-03-14 23:14:15 +05:30
#[ op ]
2022-01-11 01:44:47 -03:00
pub fn op_crypto_unwrap_key (
args : WrapUnwrapKeyArg ,
data : ZeroCopyBuf ,
) -> Result < ZeroCopyBuf , AnyError > {
let algorithm = args . algorithm ;
match algorithm {
Algorithm ::AesKw = > {
let key = args . key . as_secret_key ( ) ? ;
if data . len ( ) % 8 ! = 0 {
return Err ( type_error ( " Data must be multiple of 8 bytes " ) ) ;
}
let unwrapped_key = match key . len ( ) {
16 = > KekAes128 ::new ( key . into ( ) ) . unwrap_vec ( & data ) ,
24 = > KekAes192 ::new ( key . into ( ) ) . unwrap_vec ( & data ) ,
32 = > KekAes256 ::new ( key . into ( ) ) . unwrap_vec ( & data ) ,
_ = > return Err ( type_error ( " Invalid key length " ) ) ,
}
. map_err ( | _ | {
operation_error ( " decryption error - integrity check failed " )
} ) ? ;
Ok ( unwrapped_key . into ( ) )
}
_ = > Err ( type_error ( " Unsupported algorithm " ) ) ,
}
}
2022-03-16 20:25:44 -04:00
pub fn get_declaration ( ) -> PathBuf {
PathBuf ::from ( env! ( " CARGO_MANIFEST_DIR " ) ) . join ( " lib.deno_crypto.d.ts " )
}