GCC Code Coverage Report
Directory: ../src/ Exec Total Coverage
File: /home/node-core-coverage/node-core-coverage/workdir/node/out/../src/node_crypto.h Lines: 92 107 86.0 %
Date: 2016-12-18 Branches: 18 30 60.0 %

Line Branch Exec Source
1
#ifndef SRC_NODE_CRYPTO_H_
2
#define SRC_NODE_CRYPTO_H_
3
4
#if defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS
5
6
#include "node.h"
7
#include "node_crypto_clienthello.h"  // ClientHelloParser
8
#include "node_crypto_clienthello-inl.h"
9
10
#include "node_buffer.h"
11
12
#include "env.h"
13
#include "async-wrap.h"
14
#include "async-wrap-inl.h"
15
#include "base-object.h"
16
#include "base-object-inl.h"
17
18
#include "v8.h"
19
20
#include <openssl/ssl.h>
21
#include <openssl/ec.h>
22
#include <openssl/ecdh.h>
23
#ifndef OPENSSL_NO_ENGINE
24
# include <openssl/engine.h>
25
#endif  // !OPENSSL_NO_ENGINE
26
#include <openssl/err.h>
27
#include <openssl/evp.h>
28
#include <openssl/pem.h>
29
#include <openssl/x509.h>
30
#include <openssl/x509v3.h>
31
#include <openssl/hmac.h>
32
#include <openssl/rand.h>
33
#include <openssl/pkcs12.h>
34
35
#define EVP_F_EVP_DECRYPTFINAL 101
36
37
#if !defined(OPENSSL_NO_TLSEXT) && defined(SSL_CTX_set_tlsext_status_cb)
38
# define NODE__HAVE_TLSEXT_STATUS_CB
39
#endif  // !defined(OPENSSL_NO_TLSEXT) && defined(SSL_CTX_set_tlsext_status_cb)
40
41
namespace node {
42
namespace crypto {
43
44
// Forcibly clear OpenSSL's error stack on return. This stops stale errors
45
// from popping up later in the lifecycle of crypto operations where they
46
// would cause spurious failures. It's a rather blunt method, though.
47
// ERR_clear_error() isn't necessarily cheap either.
48
struct ClearErrorOnReturn {
49
1231
  ~ClearErrorOnReturn() { ERR_clear_error(); }
50
};
51
52
// Pop errors from OpenSSL's error stack that were added
53
// between when this was constructed and destructed.
54
struct MarkPopErrorOnReturn {
55
9185
  MarkPopErrorOnReturn() { ERR_set_mark(); }
56
6726
  ~MarkPopErrorOnReturn() { ERR_pop_to_mark(); }
57
};
58
59
enum CheckResult {
60
  CHECK_CERT_REVOKED = 0,
61
  CHECK_OK = 1
62
};
63
64
extern int VerifyCallback(int preverify_ok, X509_STORE_CTX* ctx);
65
66
extern X509_STORE* root_cert_store;
67
68
extern void UseExtraCaCerts(const std::string& file);
69
70
// Forward declaration
71
class Connection;
72
73
class SecureContext : public BaseObject {
74
 public:
75
124
  ~SecureContext() override {
76
31
    FreeCTXMem();
77
62
  }
78
79
  static void Initialize(Environment* env, v8::Local<v8::Object> target);
80
81
  SSL_CTX* ctx_;
82
  X509* cert_;
83
  X509* issuer_;
84
85
  static const int kMaxSessionSize = 10 * 1024;
86
87
  // See TicketKeyCallback
88
  static const int kTicketKeyReturnIndex = 0;
89
  static const int kTicketKeyHMACIndex = 1;
90
  static const int kTicketKeyAESIndex = 2;
91
  static const int kTicketKeyNameIndex = 3;
92
  static const int kTicketKeyIVIndex = 4;
93
94
 protected:
95
  static const int64_t kExternalSize = sizeof(SSL_CTX);
96
97
  static void New(const v8::FunctionCallbackInfo<v8::Value>& args);
98
  static void Init(const v8::FunctionCallbackInfo<v8::Value>& args);
99
  static void SetKey(const v8::FunctionCallbackInfo<v8::Value>& args);
100
  static void SetCert(const v8::FunctionCallbackInfo<v8::Value>& args);
101
  static void AddCACert(const v8::FunctionCallbackInfo<v8::Value>& args);
102
  static void AddCRL(const v8::FunctionCallbackInfo<v8::Value>& args);
103
  static void AddRootCerts(const v8::FunctionCallbackInfo<v8::Value>& args);
104
  static void SetCiphers(const v8::FunctionCallbackInfo<v8::Value>& args);
105
  static void SetECDHCurve(const v8::FunctionCallbackInfo<v8::Value>& args);
106
  static void SetDHParam(const v8::FunctionCallbackInfo<v8::Value>& args);
107
  static void SetOptions(const v8::FunctionCallbackInfo<v8::Value>& args);
108
  static void SetSessionIdContext(
109
      const v8::FunctionCallbackInfo<v8::Value>& args);
110
  static void SetSessionTimeout(
111
      const v8::FunctionCallbackInfo<v8::Value>& args);
112
  static void Close(const v8::FunctionCallbackInfo<v8::Value>& args);
113
  static void LoadPKCS12(const v8::FunctionCallbackInfo<v8::Value>& args);
114
  static void GetTicketKeys(const v8::FunctionCallbackInfo<v8::Value>& args);
115
  static void SetTicketKeys(const v8::FunctionCallbackInfo<v8::Value>& args);
116
  static void SetFreeListLength(
117
      const v8::FunctionCallbackInfo<v8::Value>& args);
118
  static void EnableTicketKeyCallback(
119
      const v8::FunctionCallbackInfo<v8::Value>& args);
120
  static void CtxGetter(v8::Local<v8::String> property,
121
                        const v8::PropertyCallbackInfo<v8::Value>& info);
122
123
  template <bool primary>
124
  static void GetCertificate(const v8::FunctionCallbackInfo<v8::Value>& args);
125
126
  static int TicketKeyCallback(SSL* ssl,
127
                               unsigned char* name,
128
                               unsigned char* iv,
129
                               EVP_CIPHER_CTX* ectx,
130
                               HMAC_CTX* hctx,
131
                               int enc);
132
133
533
  SecureContext(Environment* env, v8::Local<v8::Object> wrap)
134
      : BaseObject(env, wrap),
135
        ctx_(nullptr),
136
        cert_(nullptr),
137
533
        issuer_(nullptr) {
138
533
    MakeWeak<SecureContext>(this);
139
1066
    env->isolate()->AdjustAmountOfExternalAllocatedMemory(kExternalSize);
140
533
  }
141
142
316
  void FreeCTXMem() {
143
316
    if (!ctx_) {
144
      return;
145
    }
146
147
570
    env()->isolate()->AdjustAmountOfExternalAllocatedMemory(-kExternalSize);
148
285
    SSL_CTX_free(ctx_);
149
285
    if (cert_ != nullptr)
150
39
      X509_free(cert_);
151
285
    if (issuer_ != nullptr)
152
2
      X509_free(issuer_);
153
285
    ctx_ = nullptr;
154
285
    cert_ = nullptr;
155
285
    issuer_ = nullptr;
156
  }
157
};
158
159
// SSLWrap implicitly depends on the inheriting class' handle having an
160
// internal pointer to the Base class.
161
template <class Base>
162
class SSLWrap {
163
 public:
164
  enum Kind {
165
    kClient,
166
    kServer
167
  };
168
169
636
  SSLWrap(Environment* env, SecureContext* sc, Kind kind)
170
      : env_(env),
171
        kind_(kind),
172
        next_sess_(nullptr),
173
        session_callbacks_(false),
174
        new_session_wait_(false),
175
        cert_cb_(nullptr),
176
        cert_cb_arg_(nullptr),
177
2544
        cert_cb_running_(false) {
178
636
    ssl_ = SSL_new(sc->ctx_);
179
1272
    env_->isolate()->AdjustAmountOfExternalAllocatedMemory(kExternalSize);
180

636
    CHECK_NE(ssl_, nullptr);
181
636
  }
182
183
60
  virtual ~SSLWrap() {
184
60
    DestroySSL();
185

60
    if (next_sess_ != nullptr) {
186
      SSL_SESSION_free(next_sess_);
187
      next_sess_ = nullptr;
188
    }
189
190
#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
191
120
    sni_context_.Reset();
192
#endif
193
194
#ifdef NODE__HAVE_TLSEXT_STATUS_CB
195
120
    ocsp_response_.Reset();
196
#endif  // NODE__HAVE_TLSEXT_STATUS_CB
197
240
  }
198
199
  inline SSL* ssl() const { return ssl_; }
200
20
  inline void enable_session_callbacks() { session_callbacks_ = true; }
201
645
  inline bool is_server() const { return kind_ == kServer; }
202
727
  inline bool is_client() const { return kind_ == kClient; }
203
  inline bool is_waiting_new_session() const { return new_session_wait_; }
204
318
  inline bool is_waiting_cert_cb() const { return cert_cb_ != nullptr; }
205
206
 protected:
207
  typedef void (*CertCb)(void* arg);
208
209
  // Size allocated by OpenSSL: one for SSL structure, one for SSL3_STATE and
210
  // some for buffers.
211
  // NOTE: Actually it is much more than this
212
  static const int64_t kExternalSize =
213
      sizeof(SSL) + sizeof(SSL3_STATE) + 42 * 1024;
214
215
  static void InitNPN(SecureContext* sc);
216
  static void AddMethods(Environment* env, v8::Local<v8::FunctionTemplate> t);
217
218
  static SSL_SESSION* GetSessionCallback(SSL* s,
219
                                         unsigned char* key,
220
                                         int len,
221
                                         int* copy);
222
  static int NewSessionCallback(SSL* s, SSL_SESSION* sess);
223
  static void OnClientHello(void* arg,
224
                            const ClientHelloParser::ClientHello& hello);
225
226
  static void GetPeerCertificate(
227
      const v8::FunctionCallbackInfo<v8::Value>& args);
228
  static void GetSession(const v8::FunctionCallbackInfo<v8::Value>& args);
229
  static void SetSession(const v8::FunctionCallbackInfo<v8::Value>& args);
230
  static void LoadSession(const v8::FunctionCallbackInfo<v8::Value>& args);
231
  static void IsSessionReused(const v8::FunctionCallbackInfo<v8::Value>& args);
232
  static void IsInitFinished(const v8::FunctionCallbackInfo<v8::Value>& args);
233
  static void VerifyError(const v8::FunctionCallbackInfo<v8::Value>& args);
234
  static void GetCurrentCipher(const v8::FunctionCallbackInfo<v8::Value>& args);
235
  static void EndParser(const v8::FunctionCallbackInfo<v8::Value>& args);
236
  static void CertCbDone(const v8::FunctionCallbackInfo<v8::Value>& args);
237
  static void Renegotiate(const v8::FunctionCallbackInfo<v8::Value>& args);
238
  static void Shutdown(const v8::FunctionCallbackInfo<v8::Value>& args);
239
  static void GetTLSTicket(const v8::FunctionCallbackInfo<v8::Value>& args);
240
  static void NewSessionDone(const v8::FunctionCallbackInfo<v8::Value>& args);
241
  static void SetOCSPResponse(const v8::FunctionCallbackInfo<v8::Value>& args);
242
  static void RequestOCSP(const v8::FunctionCallbackInfo<v8::Value>& args);
243
  static void GetEphemeralKeyInfo(
244
      const v8::FunctionCallbackInfo<v8::Value>& args);
245
  static void GetProtocol(const v8::FunctionCallbackInfo<v8::Value>& args);
246
247
#ifdef SSL_set_max_send_fragment
248
  static void SetMaxSendFragment(
249
      const v8::FunctionCallbackInfo<v8::Value>& args);
250
#endif  // SSL_set_max_send_fragment
251
252
#ifdef OPENSSL_NPN_NEGOTIATED
253
  static void GetNegotiatedProto(
254
      const v8::FunctionCallbackInfo<v8::Value>& args);
255
  static void SetNPNProtocols(const v8::FunctionCallbackInfo<v8::Value>& args);
256
  static int AdvertiseNextProtoCallback(SSL* s,
257
                                        const unsigned char** data,
258
                                        unsigned int* len,
259
                                        void* arg);
260
  static int SelectNextProtoCallback(SSL* s,
261
                                     unsigned char** out,
262
                                     unsigned char* outlen,
263
                                     const unsigned char* in,
264
                                     unsigned int inlen,
265
                                     void* arg);
266
#endif  // OPENSSL_NPN_NEGOTIATED
267
268
  static void GetALPNNegotiatedProto(
269
      const v8::FunctionCallbackInfo<v8::Value>& args);
270
  static void SetALPNProtocols(const v8::FunctionCallbackInfo<v8::Value>& args);
271
  static int SelectALPNCallback(SSL* s,
272
                                const unsigned char** out,
273
                                unsigned char* outlen,
274
                                const unsigned char* in,
275
                                unsigned int inlen,
276
                                void* arg);
277
  static int TLSExtStatusCallback(SSL* s, void* arg);
278
  static int SSLCertCallback(SSL* s, void* arg);
279
  static void SSLGetter(v8::Local<v8::String> property,
280
                        const v8::PropertyCallbackInfo<v8::Value>& info);
281
282
  void DestroySSL();
283
  void WaitForCertCb(CertCb cb, void* arg);
284
  void SetSNIContext(SecureContext* sc);
285
  int SetCACerts(SecureContext* sc);
286
287
  inline Environment* ssl_env() const {
288
90
    return env_;
289
  }
290
291
  Environment* const env_;
292
  Kind kind_;
293
  SSL_SESSION* next_sess_;
294
  SSL* ssl_;
295
  bool session_callbacks_;
296
  bool new_session_wait_;
297
298
  // SSL_set_cert_cb
299
  CertCb cert_cb_;
300
  void* cert_cb_arg_;
301
  bool cert_cb_running_;
302
303
  ClientHelloParser hello_parser_;
304
305
#ifdef NODE__HAVE_TLSEXT_STATUS_CB
306
  v8::Persistent<v8::Object> ocsp_response_;
307
#endif  // NODE__HAVE_TLSEXT_STATUS_CB
308
309
#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
310
  v8::Persistent<v8::Value> sni_context_;
311
#endif
312
313
  friend class SecureContext;
314
};
315
316
// Connection inherits from AsyncWrap because SSLWrap makes calls to
317
// MakeCallback, but SSLWrap doesn't store the handle itself. Instead it
318
// assumes that any args.This() called will be the handle from Connection.
319
class Connection : public AsyncWrap, public SSLWrap<Connection> {
320
 public:
321
  ~Connection() override {
322
#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
323
    sniObject_.Reset();
324
    servername_.Reset();
325
#endif
326
  }
327
328
  static void Initialize(Environment* env, v8::Local<v8::Object> target);
329
  void NewSessionDoneCb();
330
331
#ifdef OPENSSL_NPN_NEGOTIATED
332
  v8::Persistent<v8::Object> npnProtos_;
333
  v8::Persistent<v8::Value> selectedNPNProto_;
334
#endif
335
336
#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
337
  v8::Persistent<v8::Object> sniObject_;
338
  v8::Persistent<v8::String> servername_;
339
#endif
340
341
  size_t self_size() const override { return sizeof(*this); }
342
343
 protected:
344
  static void New(const v8::FunctionCallbackInfo<v8::Value>& args);
345
  static void EncIn(const v8::FunctionCallbackInfo<v8::Value>& args);
346
  static void ClearOut(const v8::FunctionCallbackInfo<v8::Value>& args);
347
  static void ClearPending(const v8::FunctionCallbackInfo<v8::Value>& args);
348
  static void EncPending(const v8::FunctionCallbackInfo<v8::Value>& args);
349
  static void EncOut(const v8::FunctionCallbackInfo<v8::Value>& args);
350
  static void ClearIn(const v8::FunctionCallbackInfo<v8::Value>& args);
351
  static void Start(const v8::FunctionCallbackInfo<v8::Value>& args);
352
  static void Close(const v8::FunctionCallbackInfo<v8::Value>& args);
353
354
#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
355
  // SNI
356
  static void GetServername(const v8::FunctionCallbackInfo<v8::Value>& args);
357
  static void SetSNICallback(const v8::FunctionCallbackInfo<v8::Value>& args);
358
  static int SelectSNIContextCallback_(SSL* s, int* ad, void* arg);
359
#endif
360
361
  static void OnClientHelloParseEnd(void* arg);
362
363
  int HandleBIOError(BIO* bio, const char* func, int rv);
364
365
  enum ZeroStatus {
366
    kZeroIsNotAnError,
367
    kZeroIsAnError
368
  };
369
370
  enum SyscallStatus {
371
    kIgnoreSyscall,
372
    kSyscallError
373
  };
374
375
  int HandleSSLError(const char* func, int rv, ZeroStatus zs, SyscallStatus ss);
376
377
  void ClearError();
378
  void SetShutdownFlags();
379
380
6
  Connection(Environment* env,
381
             v8::Local<v8::Object> wrap,
382
             SecureContext* sc,
383
             SSLWrap<Connection>::Kind kind)
384
      : AsyncWrap(env, wrap, AsyncWrap::PROVIDER_CRYPTO),
385
        SSLWrap<Connection>(env, sc, kind),
386
        bio_read_(nullptr),
387
        bio_write_(nullptr),
388
30
        hello_offset_(0) {
389
6
    MakeWeak<Connection>(this);
390
6
    hello_parser_.Start(SSLWrap<Connection>::OnClientHello,
391
                        OnClientHelloParseEnd,
392
6
                        this);
393
6
    enable_session_callbacks();
394
6
  }
395
396
 private:
397
  static void SSLInfoCallback(const SSL *ssl, int where, int ret);
398
399
  BIO *bio_read_;
400
  BIO *bio_write_;
401
402
  uint8_t hello_data_[18432];
403
  size_t hello_offset_;
404
405
  friend class ClientHelloParser;
406
  friend class SecureContext;
407
};
408
409
class CipherBase : public BaseObject {
410
 public:
411
2069
  ~CipherBase() override {
412
665
    if (!initialised_)
413
      return;
414
74
    delete[] auth_tag_;
415
74
    EVP_CIPHER_CTX_cleanup(&ctx_);
416
1330
  }
417
418
  static void Initialize(Environment* env, v8::Local<v8::Object> target);
419
420
 protected:
421
  enum CipherKind {
422
    kCipher,
423
    kDecipher
424
  };
425
426
  void Init(const char* cipher_type, const char* key_buf, int key_buf_len);
427
  void InitIv(const char* cipher_type,
428
              const char* key,
429
              int key_len,
430
              const char* iv,
431
              int iv_len);
432
  bool Update(const char* data, int len, unsigned char** out, int* out_len);
433
  bool Final(unsigned char** out, int *out_len);
434
  bool SetAutoPadding(bool auto_padding);
435
436
  bool IsAuthenticatedMode() const;
437
  bool GetAuthTag(char** out, unsigned int* out_len) const;
438
  bool SetAuthTag(const char* data, unsigned int len);
439
  bool SetAAD(const char* data, unsigned int len);
440
441
  static void New(const v8::FunctionCallbackInfo<v8::Value>& args);
442
  static void Init(const v8::FunctionCallbackInfo<v8::Value>& args);
443
  static void InitIv(const v8::FunctionCallbackInfo<v8::Value>& args);
444
  static void Update(const v8::FunctionCallbackInfo<v8::Value>& args);
445
  static void Final(const v8::FunctionCallbackInfo<v8::Value>& args);
446
  static void SetAutoPadding(const v8::FunctionCallbackInfo<v8::Value>& args);
447
448
  static void GetAuthTag(const v8::FunctionCallbackInfo<v8::Value>& args);
449
  static void SetAuthTag(const v8::FunctionCallbackInfo<v8::Value>& args);
450
  static void SetAAD(const v8::FunctionCallbackInfo<v8::Value>& args);
451
452
1001
  CipherBase(Environment* env,
453
             v8::Local<v8::Object> wrap,
454
             CipherKind kind)
455
      : BaseObject(env, wrap),
456
        cipher_(nullptr),
457
        initialised_(false),
458
        kind_(kind),
459
        auth_tag_(nullptr),
460
1001
        auth_tag_len_(0) {
461
1001
    MakeWeak<CipherBase>(this);
462
1001
  }
463
464
 private:
465
  EVP_CIPHER_CTX ctx_; /* coverity[member_decl] */
466
  const EVP_CIPHER* cipher_; /* coverity[member_decl] */
467
  bool initialised_;
468
  CipherKind kind_;
469
  char* auth_tag_;
470
  unsigned int auth_tag_len_;
471
};
472
473
class Hmac : public BaseObject {
474
 public:
475
165
  ~Hmac() override {
476
55
    if (!initialised_)
477
      return;
478
    HMAC_CTX_cleanup(&ctx_);
479
110
  }
480
481
  static void Initialize(Environment* env, v8::Local<v8::Object> target);
482
483
 protected:
484
  void HmacInit(const char* hash_type, const char* key, int key_len);
485
  bool HmacUpdate(const char* data, int len);
486
  bool HmacDigest(unsigned char** md_value, unsigned int* md_len);
487
488
  static void New(const v8::FunctionCallbackInfo<v8::Value>& args);
489
  static void HmacInit(const v8::FunctionCallbackInfo<v8::Value>& args);
490
  static void HmacUpdate(const v8::FunctionCallbackInfo<v8::Value>& args);
491
  static void HmacDigest(const v8::FunctionCallbackInfo<v8::Value>& args);
492
493
  Hmac(Environment* env, v8::Local<v8::Object> wrap)
494
      : BaseObject(env, wrap),
495
126
        initialised_(false) {
496
126
    MakeWeak<Hmac>(this);
497
  }
498
499
 private:
500
  HMAC_CTX ctx_; /* coverity[member_decl] */
501
  bool initialised_;
502
};
503
504
class Hash : public BaseObject {
505
 public:
506
91
  ~Hash() override {
507
23
    if (!initialised_)
508
      return;
509
22
    EVP_MD_CTX_cleanup(&mdctx_);
510
46
  }
511
512
  static void Initialize(Environment* env, v8::Local<v8::Object> target);
513
514
  bool HashInit(const char* hash_type);
515
  bool HashUpdate(const char* data, int len);
516
517
 protected:
518
  static void New(const v8::FunctionCallbackInfo<v8::Value>& args);
519
  static void HashUpdate(const v8::FunctionCallbackInfo<v8::Value>& args);
520
  static void HashDigest(const v8::FunctionCallbackInfo<v8::Value>& args);
521
522
  Hash(Environment* env, v8::Local<v8::Object> wrap)
523
      : BaseObject(env, wrap),
524
233
        initialised_(false) {
525
233
    MakeWeak<Hash>(this);
526
  }
527
528
 private:
529
  EVP_MD_CTX mdctx_; /* coverity[member_decl] */
530
  bool initialised_;
531
  bool finalized_;
532
};
533
534
class SignBase : public BaseObject {
535
 public:
536
  typedef enum {
537
    kSignOk,
538
    kSignUnknownDigest,
539
    kSignInit,
540
    kSignNotInitialised,
541
    kSignUpdate,
542
    kSignPrivateKey,
543
    kSignPublicKey
544
  } Error;
545
546
  SignBase(Environment* env, v8::Local<v8::Object> wrap)
547
      : BaseObject(env, wrap),
548
40
        initialised_(false) {
549
  }
550
551
  ~SignBase() override {
552
    if (!initialised_)
553
      return;
554
    EVP_MD_CTX_cleanup(&mdctx_);
555
  }
556
557
 protected:
558
  void CheckThrow(Error error);
559
560
  EVP_MD_CTX mdctx_; /* coverity[member_decl] */
561
  bool initialised_;
562
};
563
564
class Sign : public SignBase {
565
 public:
566
  static void Initialize(Environment* env, v8::Local<v8::Object> target);
567
568
  Error SignInit(const char* sign_type);
569
  Error SignUpdate(const char* data, int len);
570
  Error SignFinal(const char* key_pem,
571
                  int key_pem_len,
572
                  const char* passphrase,
573
                  unsigned char** sig,
574
                  unsigned int *sig_len);
575
576
 protected:
577
  static void New(const v8::FunctionCallbackInfo<v8::Value>& args);
578
  static void SignInit(const v8::FunctionCallbackInfo<v8::Value>& args);
579
  static void SignUpdate(const v8::FunctionCallbackInfo<v8::Value>& args);
580
  static void SignFinal(const v8::FunctionCallbackInfo<v8::Value>& args);
581
582
42
  Sign(Environment* env, v8::Local<v8::Object> wrap) : SignBase(env, wrap) {
583
21
    MakeWeak<Sign>(this);
584
21
  }
585
};
586
587
class Verify : public SignBase {
588
 public:
589
  static void Initialize(Environment* env, v8::Local<v8::Object> target);
590
591
  Error VerifyInit(const char* verify_type);
592
  Error VerifyUpdate(const char* data, int len);
593
  Error VerifyFinal(const char* key_pem,
594
                    int key_pem_len,
595
                    const char* sig,
596
                    int siglen,
597
                    bool* verify_result);
598
599
 protected:
600
  static void New(const v8::FunctionCallbackInfo<v8::Value>& args);
601
  static void VerifyInit(const v8::FunctionCallbackInfo<v8::Value>& args);
602
  static void VerifyUpdate(const v8::FunctionCallbackInfo<v8::Value>& args);
603
  static void VerifyFinal(const v8::FunctionCallbackInfo<v8::Value>& args);
604
605
38
  Verify(Environment* env, v8::Local<v8::Object> wrap) : SignBase(env, wrap) {
606
19
    MakeWeak<Verify>(this);
607
19
  }
608
};
609
610
class PublicKeyCipher {
611
 public:
612
  typedef int (*EVP_PKEY_cipher_init_t)(EVP_PKEY_CTX *ctx);
613
  typedef int (*EVP_PKEY_cipher_t)(EVP_PKEY_CTX *ctx,
614
                                   unsigned char *out, size_t *outlen,
615
                                   const unsigned char *in, size_t inlen);
616
617
  enum Operation {
618
    kPublic,
619
    kPrivate
620
  };
621
622
  template <Operation operation,
623
            EVP_PKEY_cipher_init_t EVP_PKEY_cipher_init,
624
            EVP_PKEY_cipher_t EVP_PKEY_cipher>
625
  static bool Cipher(const char* key_pem,
626
                     int key_pem_len,
627
                     const char* passphrase,
628
                     int padding,
629
                     const unsigned char* data,
630
                     int len,
631
                     unsigned char** out,
632
                     size_t* out_len);
633
634
  template <Operation operation,
635
            EVP_PKEY_cipher_init_t EVP_PKEY_cipher_init,
636
            EVP_PKEY_cipher_t EVP_PKEY_cipher>
637
  static void Cipher(const v8::FunctionCallbackInfo<v8::Value>& args);
638
};
639
640
class DiffieHellman : public BaseObject {
641
 public:
642
52
  ~DiffieHellman() override {
643
13
    if (dh != nullptr) {
644
13
      DH_free(dh);
645
    }
646
26
  }
647
648
  static void Initialize(Environment* env, v8::Local<v8::Object> target);
649
650
  bool Init(int primeLength, int g);
651
  bool Init(const char* p, int p_len, int g);
652
  bool Init(const char* p, int p_len, const char* g, int g_len);
653
654
 protected:
655
  static void DiffieHellmanGroup(
656
      const v8::FunctionCallbackInfo<v8::Value>& args);
657
  static void New(const v8::FunctionCallbackInfo<v8::Value>& args);
658
  static void GenerateKeys(const v8::FunctionCallbackInfo<v8::Value>& args);
659
  static void GetPrime(const v8::FunctionCallbackInfo<v8::Value>& args);
660
  static void GetGenerator(const v8::FunctionCallbackInfo<v8::Value>& args);
661
  static void GetPublicKey(const v8::FunctionCallbackInfo<v8::Value>& args);
662
  static void GetPrivateKey(const v8::FunctionCallbackInfo<v8::Value>& args);
663
  static void ComputeSecret(const v8::FunctionCallbackInfo<v8::Value>& args);
664
  static void SetPublicKey(const v8::FunctionCallbackInfo<v8::Value>& args);
665
  static void SetPrivateKey(const v8::FunctionCallbackInfo<v8::Value>& args);
666
  static void VerifyErrorGetter(
667
      v8::Local<v8::String> property,
668
      const v8::PropertyCallbackInfo<v8::Value>& args);
669
670
18
  DiffieHellman(Environment* env, v8::Local<v8::Object> wrap)
671
      : BaseObject(env, wrap),
672
        initialised_(false),
673
        verifyError_(0),
674
18
        dh(nullptr) {
675
18
    MakeWeak<DiffieHellman>(this);
676
18
  }
677
678
 private:
679
  bool VerifyContext();
680
681
  bool initialised_;
682
  int verifyError_;
683
  DH* dh;
684
};
685
686
class ECDH : public BaseObject {
687
 public:
688
8
  ~ECDH() override {
689
2
    if (key_ != nullptr)
690
2
      EC_KEY_free(key_);
691
2
    key_ = nullptr;
692
2
    group_ = nullptr;
693
4
  }
694
695
  static void Initialize(Environment* env, v8::Local<v8::Object> target);
696
697
 protected:
698
6
  ECDH(Environment* env, v8::Local<v8::Object> wrap, EC_KEY* key)
699
      : BaseObject(env, wrap),
700
        key_(key),
701
6
        group_(EC_KEY_get0_group(key_)) {
702
6
    MakeWeak<ECDH>(this);
703
6
    ASSERT_NE(group_, nullptr);
704
6
  }
705
706
  static void New(const v8::FunctionCallbackInfo<v8::Value>& args);
707
  static void GenerateKeys(const v8::FunctionCallbackInfo<v8::Value>& args);
708
  static void ComputeSecret(const v8::FunctionCallbackInfo<v8::Value>& args);
709
  static void GetPrivateKey(const v8::FunctionCallbackInfo<v8::Value>& args);
710
  static void SetPrivateKey(const v8::FunctionCallbackInfo<v8::Value>& args);
711
  static void GetPublicKey(const v8::FunctionCallbackInfo<v8::Value>& args);
712
  static void SetPublicKey(const v8::FunctionCallbackInfo<v8::Value>& args);
713
714
  EC_POINT* BufferToPoint(char* data, size_t len);
715
716
  bool IsKeyPairValid();
717
  bool IsKeyValidForCurve(const BIGNUM* private_key);
718
719
  EC_KEY* key_;
720
  const EC_GROUP* group_;
721
};
722
723
bool EntropySource(unsigned char* buffer, size_t length);
724
#ifndef OPENSSL_NO_ENGINE
725
void SetEngine(const v8::FunctionCallbackInfo<v8::Value>& args);
726
#endif  // !OPENSSL_NO_ENGINE
727
void InitCrypto(v8::Local<v8::Object> target);
728
729
}  // namespace crypto
730
}  // namespace node
731
732
#endif  // defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS
733
734
#endif  // SRC_NODE_CRYPTO_H_