crypto: Binding only accepts buffers

doc/api/crypto.markdown

@@ -376,6 +376,10 @@ Asynchronous PBKDF2 applies pseudorandom function HMAC-SHA1 to derive
 a key of given length from the given password, salt and iterations.
 The callback gets two arguments `(err, derivedKey)`.
 
+## crypto.pbkdf2Sync(password, salt, iterations, keylen)
+
+Synchronous PBKDF2 function.  Returns derivedKey or throws error.
+
 ## crypto.randomBytes(size, [callback])
 
 Generates cryptographically strong pseudo-random data. Usage:

lib/crypto.js

@@ -23,7 +23,6 @@
 try {
   var binding = process.binding('crypto');
   var SecureContext = binding.SecureContext;
-  var PBKDF2 = binding.PBKDF2;
   var randomBytes = binding.randomBytes;
   var pseudoRandomBytes = binding.pseudoRandomBytes;
   var getCiphers = binding.getCiphers;
@@ -112,10 +111,17 @@ exports.createCredentials = function(options, context) {
   }
 
   if (options.pfx) {
-    if (options.passphrase) {
-      c.context.loadPKCS12(options.pfx, options.passphrase);
+    var pfx = options.pfx;
+    var passphrase = options.passphrase;
+    // legacy
+    if (typeof pfx === 'string')
+      pfx = new Buffer(pfx, 'binary');
+    if (passphrase && typeof passphrase === 'string')
+      passphrase = new Buffer(passphrase, 'binary');
+    if (passphrase) {
+      c.context.loadPKCS12(pfx, passphrase);
     } else {
-      c.context.loadPKCS12(options.pfx);
+      c.context.loadPKCS12(pfx);
     }
   }
 
@@ -153,8 +159,11 @@ function Hmac(hmac, key) {
   if (!(this instanceof Hmac))
     return new Hmac(hmac, key);
   this._binding = new binding.Hmac();
+  // legacy
+  if (typeof key === 'string')
+    key = new Buffer(key, 'binary');
   this._binding.init(hmac, key);
-};
+}
 
 Hmac.prototype.update = Hash.prototype.update;
 Hmac.prototype.digest = Hash.prototype.digest;
@@ -172,9 +181,14 @@ function Cipher(cipher, password) {
   if (!(this instanceof Cipher))
     return new Cipher(cipher, password);
   this._binding = new binding.Cipher;
+
+  // legacy.
+  if (typeof password === 'string')
+    password = new Buffer(password, 'binary');
+
   this._binding.init(cipher, password);
   this._decoder = null;
-};
+}
 
 Cipher.prototype.update = function(data, inputEncoding, outputEncoding) {
   if (inputEncoding && inputEncoding !== 'buffer')
@@ -212,6 +226,11 @@ exports.createCipheriv = exports.Cipheriv = Cipheriv;
 function Cipheriv(cipher, key, iv) {
   if (!(this instanceof Cipheriv))
     return new Cipheriv(cipher, key, iv);
+  // legacy
+  if (typeof key === 'string')
+    key = new Buffer(key, 'binary');
+  if (typeof iv === 'string')
+    iv = new Buffer(iv, 'binary');
   this._binding = new binding.Cipher();
   this._binding.initiv(cipher, key, iv);
   this._decoder = null;
@@ -226,10 +245,15 @@ exports.createDecipher = exports.Decipher = Decipher;
 function Decipher(cipher, password) {
   if (!(this instanceof Decipher))
     return new Decipher(cipher, password);
-  this._binding = new binding.Decipher
+
+  // legacy.
+  if (typeof password === 'string')
+    password = new Buffer(password, 'binary');
+
+  this._binding = new binding.Decipher;
   this._binding.init(cipher, password);
   this._decoder = null;
-};
+}
 
 Decipher.prototype.update = Cipher.prototype.update;
 Decipher.prototype.final = Cipher.prototype.final;
@@ -241,10 +265,15 @@ exports.createDecipheriv = exports.Decipheriv = Decipheriv;
 function Decipheriv(cipher, key, iv) {
   if (!(this instanceof Decipheriv))
     return new Decipheriv(cipher, key, iv);
+  // legacy
+  if (typeof key === 'string')
+    key = new Buffer(key, 'binary');
+  if (typeof iv === 'string')
+    iv = new Buffer(iv, 'binary');
   this._binding = new binding.Decipher;
   this._binding.initiv(cipher, key, iv);
   this._decoder = null;
-};
+}
 
 Decipheriv.prototype.update = Cipher.prototype.update;
 Decipheriv.prototype.final = Cipher.prototype.final;
@@ -258,11 +287,15 @@ function Sign(algorithm) {
     return new Sign(algorithm);
   this._binding = new binding.Sign();
   this._binding.init(algorithm);
-};
+}
 
 Sign.prototype.update = Hash.prototype.update;
 
 Sign.prototype.sign = function(key, encoding) {
+  // legacy.
+  if (typeof key === 'string')
+    key = new Buffer(key, 'binary');
+
   var ret = this._binding.sign(key, 'buffer');
   if (encoding && encoding !== 'buffer')
     ret = ret.toString(encoding);
@@ -282,10 +315,15 @@ function Verify(algorithm) {
 Verify.prototype.update = Hash.prototype.update;
 
 Verify.prototype.verify = function(object, signature, sigEncoding) {
+  // legacy.
+  if (typeof object === 'string')
+    object = new Buffer(object, 'binary');
+
   if (sigEncoding === 'buffer')
     sigEncoding = null;
   if (sigEncoding || typeof signature === 'string')
     signature = new Buffer(signature, sigEncoding);
+
   return this._binding.verify(object, signature, 'buffer');
 };
 
@@ -375,34 +413,45 @@ DiffieHellman.prototype.setPrivateKey = function(key, encoding) {
 
 
 exports.DiffieHellmanGroup =
-  exports.createDiffieHellmanGroup =
-  exports.getDiffieHellman = DiffieHellmanGroup;
+    exports.createDiffieHellmanGroup =
+    exports.getDiffieHellman = DiffieHellmanGroup;
 
 function DiffieHellmanGroup(name) {
   if (!(this instanceof DiffieHellmanGroup))
     return new DiffieHellmanGroup(name);
   this._binding = new binding.DiffieHellmanGroup(name);
-};
+}
 
 DiffieHellmanGroup.prototype.generateKeys =
-  DiffieHellman.prototype.generateKeys;
+    DiffieHellman.prototype.generateKeys;
 
 DiffieHellmanGroup.prototype.computeSecret =
-  DiffieHellman.prototype.computeSecret;
+    DiffieHellman.prototype.computeSecret;
 
 DiffieHellmanGroup.prototype.getPrime =
-  DiffieHellman.prototype.getPrime;
+    DiffieHellman.prototype.getPrime;
 
 DiffieHellmanGroup.prototype.getGenerator =
-  DiffieHellman.prototype.getGenerator;
+    DiffieHellman.prototype.getGenerator;
 
 DiffieHellmanGroup.prototype.getPublicKey =
-  DiffieHellman.prototype.getPublicKey;
+    DiffieHellman.prototype.getPublicKey;
 
 DiffieHellmanGroup.prototype.getPrivateKey =
-  DiffieHellman.prototype.getPrivateKey;
+    DiffieHellman.prototype.getPrivateKey;
+
+exports.pbkdf2 = function(password, salt, iterations, keylen, callback) {
+  if (typeof password === 'string')
+    password = new Buffer(password, 'binary');
+  if (typeof salt === 'string')
+    salt = new Buffer(salt, 'binary');
+  return binding.PBKDF2(password, salt, iterations, keylen, callback);
+};
+
+exports.pbkdf2Sync = function(password, salt, iterations, keylen) {
+  return exports.pbkdf2(password, salt, iterations, keylen);
+};
 
-exports.pbkdf2 = PBKDF2;
 
 exports.randomBytes = randomBytes;
 exports.pseudoRandomBytes = pseudoRandomBytes;

test/simple/test-crypto.js

@@ -536,7 +536,7 @@ testCipher4(new Buffer('0123456789abcd0123456789'), new Buffer('12345678'));
 // update() should only take buffers / strings
 assert.throws(function() {
   crypto.createHash('sha1').update({foo: 'bar'});
-}, /string or buffer/);
+}, /buffer/);
 
 
 // Test Diffie-Hellman with two parties sharing a secret,
@@ -670,11 +670,11 @@ assert.strictEqual(rsaVerify.verify(rsaPubPem, rsaSignature, 'hex'), true);
 // Test PBKDF2 with RFC 6070 test vectors (except #4)
 //
 function testPBKDF2(password, salt, iterations, keylen, expected) {
-  var actual = crypto.pbkdf2(password, salt, iterations, keylen);
-  assert.equal(actual, expected);
+  var actual = crypto.pbkdf2Sync(password, salt, iterations, keylen);
+  assert.equal(actual.toString('binary'), expected);
 
   crypto.pbkdf2(password, salt, iterations, keylen, function(err, actual) {
-    assert.equal(actual, expected);
+    assert.equal(actual.toString('binary'), expected);
   });
 }