crypto: support Uint8Array prime in createDH

PR-URL: https://github.com/nodejs/node/pull/11983 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2017-03-22 07:34:55 +01:00 · 2017-03-22 07:34:55 +01:00 · 0db49fef41
commit 0db49fef41
parent c3efe72669
3 changed files with 71 additions and 41 deletions
--- a/doc/api/crypto.md
+++ b/doc/api/crypto.md
@ -1237,12 +1237,15 @@ The `key` is the raw key used by the `algorithm` and `iv` is an
 <!-- YAML
 added: v0.11.12
 changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/11983
+    description: The `prime` argument can be a `Uint8Array` now.
  - version: v6.0.0
    pr-url: https://github.com/nodejs/node/pull/5522
    description: The default for the encoding parameters changed
                 from `binary` to `utf8`.
 -->
- `prime` {string | Buffer}
+- `prime` {string | Buffer | Uint8Array}
 - `prime_encoding` {string}
 - `generator` {number | string | Buffer | Uint8Array} Defaults to `2`.
 - `generator_encoding` {string}
@ -1257,7 +1260,7 @@ The `prime_encoding` and `generator_encoding` arguments can be `'latin1'`,
 `'hex'`, or `'base64'`.

 If `prime_encoding` is specified, `prime` is expected to be a string; otherwise
-a [`Buffer`][] is expected.
+a [`Buffer`][] or `Uint8Array` is expected.

 If `generator_encoding` is specified, `generator` is expected to be a string;
 otherwise either a number or [`Buffer`][] or `Uint8Array` is expected.
--- a/lib/crypto.js
+++ b/lib/crypto.js
@ -42,6 +42,7 @@ const timingSafeEqual = binding.timingSafeEqual;
 const Buffer = require('buffer').Buffer;
 const stream = require('stream');
 const util = require('util');
+const { isUint8Array } = process.binding('util');
 const LazyTransform = require('internal/streams/lazy_transform');

 const DH_GENERATOR = 2;
@ -368,10 +369,12 @@ function DiffieHellman(sizeOrKey, keyEncoding, generator, genEncoding) {
  if (!(this instanceof DiffieHellman))
    return new DiffieHellman(sizeOrKey, keyEncoding, generator, genEncoding);

-  if (!(sizeOrKey instanceof Buffer) &&
-      typeof sizeOrKey !== 'number' &&
-      typeof sizeOrKey !== 'string')
-    throw new TypeError('First argument should be number, string or Buffer');
+  if (typeof sizeOrKey !== 'number' &&
+      typeof sizeOrKey !== 'string' &&
+      !isUint8Array(sizeOrKey)) {
+    throw new TypeError('First argument should be number, string, ' +
+                        'Uint8Array or Buffer');
+  }

  if (keyEncoding) {
    if (typeof keyEncoding !== 'string' ||
--- a/test/parallel/test-crypto-dh.js
+++ b/test/parallel/test-crypto-dh.js
@ -24,7 +24,7 @@ assert.strictEqual(dh1.verifyError, 0);
 assert.strictEqual(dh2.verifyError, 0);

 const argumentsError =
-  /^TypeError: First argument should be number, string or Buffer$/;
+  /^TypeError: First argument should be number, string, Uint8Array or Buffer$/;

 assert.throws(() => {
  crypto.createDiffieHellman([0x1, 0x2]);
@ -112,45 +112,69 @@ const modp2buf = Buffer.from([
  0x1f, 0xe6, 0x49, 0x28, 0x66, 0x51, 0xec, 0xe6, 0x53, 0x81,
  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
 ]);
-const exmodp2 = crypto.createDiffieHellman(modp2buf, Buffer.from([2]));
-modp2.generateKeys();
-exmodp2.generateKeys();
-let modp2Secret = modp2.computeSecret(exmodp2.getPublicKey()).toString('hex');
-const exmodp2Secret = exmodp2.computeSecret(modp2.getPublicKey())
-                             .toString('hex');
-assert.strictEqual(modp2Secret, exmodp2Secret);
-assert.strictEqual(modp2.verifyError, DH_NOT_SUITABLE_GENERATOR);
-assert.strictEqual(exmodp2.verifyError, DH_NOT_SUITABLE_GENERATOR);

+{
+  const exmodp2 = crypto.createDiffieHellman(modp2buf, Buffer.from([2]));
+  modp2.generateKeys();
+  exmodp2.generateKeys();
+  const modp2Secret = modp2.computeSecret(exmodp2.getPublicKey())
+      .toString('hex');
+  const exmodp2Secret = exmodp2.computeSecret(modp2.getPublicKey())
+      .toString('hex');
+  assert.strictEqual(modp2Secret, exmodp2Secret);
+  assert.strictEqual(modp2.verifyError, DH_NOT_SUITABLE_GENERATOR);
+  assert.strictEqual(exmodp2.verifyError, DH_NOT_SUITABLE_GENERATOR);
+}

-// Ensure specific generator (string with encoding) works as expected.
-const exmodp2_2 = crypto.createDiffieHellman(modp2buf, '02', 'hex');
-exmodp2_2.generateKeys();
-modp2Secret = modp2.computeSecret(exmodp2_2.getPublicKey()).toString('hex');
-const exmodp2_2Secret = exmodp2_2.computeSecret(modp2.getPublicKey())
-                                 .toString('hex');
-assert.strictEqual(modp2Secret, exmodp2_2Secret);
-assert.strictEqual(exmodp2_2.verifyError, DH_NOT_SUITABLE_GENERATOR);
+{
+  // Ensure specific generator (string with encoding) works as expected.
+  const exmodp2 = crypto.createDiffieHellman(modp2buf, '02', 'hex');
+  exmodp2.generateKeys();
+  const modp2Secret = modp2.computeSecret(exmodp2.getPublicKey())
+      .toString('hex');
+  const exmodp2Secret = exmodp2.computeSecret(modp2.getPublicKey())
+      .toString('hex');
+  assert.strictEqual(modp2Secret, exmodp2Secret);
+  assert.strictEqual(exmodp2.verifyError, DH_NOT_SUITABLE_GENERATOR);
+}

+{
+  // Ensure specific generator (string with encoding) works as expected,
+  // with a Uint8Array as the first argument to createDiffieHellman().
+  const exmodp2 = crypto.createDiffieHellman(new Uint8Array(modp2buf),
+                                             '02', 'hex');
+  exmodp2.generateKeys();
+  const modp2Secret = modp2.computeSecret(exmodp2.getPublicKey())
+      .toString('hex');
+  const exmodp2Secret = exmodp2.computeSecret(modp2.getPublicKey())
+      .toString('hex');
+  assert.strictEqual(modp2Secret, exmodp2Secret);
+  assert.strictEqual(exmodp2.verifyError, DH_NOT_SUITABLE_GENERATOR);
+}

-// Ensure specific generator (string without encoding) works as expected.
-const exmodp2_3 = crypto.createDiffieHellman(modp2buf, '\x02');
-exmodp2_3.generateKeys();
-modp2Secret = modp2.computeSecret(exmodp2_3.getPublicKey()).toString('hex');
-const exmodp2_3Secret = exmodp2_3.computeSecret(modp2.getPublicKey())
-                               .toString('hex');
-assert.strictEqual(modp2Secret, exmodp2_3Secret);
-assert.strictEqual(exmodp2_3.verifyError, DH_NOT_SUITABLE_GENERATOR);
+{
+  // Ensure specific generator (string without encoding) works as expected.
+  const exmodp2 = crypto.createDiffieHellman(modp2buf, '\x02');
+  exmodp2.generateKeys();
+  const modp2Secret = modp2.computeSecret(exmodp2.getPublicKey())
+      .toString('hex');
+  const exmodp2Secret = exmodp2.computeSecret(modp2.getPublicKey())
+      .toString('hex');
+  assert.strictEqual(modp2Secret, exmodp2Secret);
+  assert.strictEqual(exmodp2.verifyError, DH_NOT_SUITABLE_GENERATOR);
+}

-
-// Ensure specific generator (numeric) works as expected.
-const exmodp2_4 = crypto.createDiffieHellman(modp2buf, 2);
-exmodp2_4.generateKeys();
-modp2Secret = modp2.computeSecret(exmodp2_4.getPublicKey()).toString('hex');
-const exmodp2_4Secret = exmodp2_4.computeSecret(modp2.getPublicKey())
-                               .toString('hex');
-assert.strictEqual(modp2Secret, exmodp2_4Secret);
-assert.strictEqual(exmodp2_4.verifyError, DH_NOT_SUITABLE_GENERATOR);
+{
+  // Ensure specific generator (numeric) works as expected.
+  const exmodp2 = crypto.createDiffieHellman(modp2buf, 2);
+  exmodp2.generateKeys();
+  const modp2Secret = modp2.computeSecret(exmodp2.getPublicKey())
+      .toString('hex');
+  const exmodp2Secret = exmodp2.computeSecret(modp2.getPublicKey())
+      .toString('hex');
+  assert.strictEqual(modp2Secret, exmodp2Secret);
+  assert.strictEqual(exmodp2.verifyError, DH_NOT_SUITABLE_GENERATOR);
+}


 const p = 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74' +