mirror of
https://github.com/nodejs/node.git
synced 2025-05-07 12:03:30 +00:00
03c056401f
Adds two new command line arguments: * `--secure-heap=n`, which causes node.js to initialize an openssl secure heap of `n` bytes on openssl initialization. * `--secure-heap-min=n`, which specifies the minimum allocation from the secure heap. * A new method `crypto.secureHeapUsed()` that returns details about the total and used secure heap allocation. The secure heap is an openssl feature that allows certain kinds of potentially sensitive information (such as private key BigNums) to be allocated from a dedicated memory area that is protected against pointer over- and underruns. The secure heap is a fixed size, so it's important that users pick a large enough size to cover the crypto operations they intend to utilize. The secure heap is disabled by default. Signed-off-by: James M Snell <jasnell@gmail.com> PR-URL: https://github.com/nodejs/node/pull/36779 Refs: https://github.com/nodejs/node/pull/36729 Reviewed-By: Tobias Nießen <tniessen@tnie.de>
422 lines
9.9 KiB
JavaScript
422 lines
9.9 KiB
JavaScript
'use strict';
|
|
|
|
const {
|
|
ArrayPrototypeIncludes,
|
|
ArrayPrototypePush,
|
|
FunctionPrototypeBind,
|
|
Number,
|
|
Promise,
|
|
StringPrototypeToLowerCase,
|
|
StringPrototypeToUpperCase,
|
|
Symbol,
|
|
} = primordials;
|
|
|
|
const {
|
|
getCiphers: _getCiphers,
|
|
getCurves: _getCurves,
|
|
getHashes: _getHashes,
|
|
setEngine: _setEngine,
|
|
secureHeapUsed: _secureHeapUsed,
|
|
} = internalBinding('crypto');
|
|
|
|
const { getOptionValue } = require('internal/options');
|
|
|
|
const {
|
|
crypto: {
|
|
ENGINE_METHOD_ALL
|
|
}
|
|
} = internalBinding('constants');
|
|
|
|
const normalizeHashName = require('internal/crypto/hashnames');
|
|
|
|
const {
|
|
hideStackFrames,
|
|
codes: {
|
|
ERR_CRYPTO_ENGINE_UNKNOWN,
|
|
ERR_INVALID_ARG_TYPE,
|
|
ERR_INVALID_ARG_VALUE,
|
|
ERR_OUT_OF_RANGE,
|
|
}
|
|
} = require('internal/errors');
|
|
|
|
const {
|
|
validateArray,
|
|
validateString
|
|
} = require('internal/validators');
|
|
|
|
const { Buffer } = require('buffer');
|
|
|
|
const {
|
|
cachedResult,
|
|
filterDuplicateStrings,
|
|
} = require('internal/util');
|
|
|
|
const {
|
|
isArrayBufferView,
|
|
isAnyArrayBuffer,
|
|
} = require('internal/util/types');
|
|
|
|
const kHandle = Symbol('kHandle');
|
|
const kKeyObject = Symbol('kKeyObject');
|
|
|
|
const lazyRequireCache = {};
|
|
|
|
function lazyRequire(name) {
|
|
let ret = lazyRequireCache[name];
|
|
if (ret === undefined)
|
|
ret = lazyRequireCache[name] = require(name);
|
|
return ret;
|
|
}
|
|
|
|
let DOMException;
|
|
const lazyDOMException = hideStackFrames((message, name) => {
|
|
if (DOMException === undefined)
|
|
DOMException = internalBinding('messaging').DOMException;
|
|
return new DOMException(message, name);
|
|
});
|
|
|
|
var defaultEncoding = 'buffer';
|
|
|
|
function setDefaultEncoding(val) {
|
|
defaultEncoding = val;
|
|
}
|
|
|
|
function getDefaultEncoding() {
|
|
return defaultEncoding;
|
|
}
|
|
|
|
// This is here because many functions accepted binary strings without
|
|
// any explicit encoding in older versions of node, and we don't want
|
|
// to break them unnecessarily.
|
|
function toBuf(val, encoding) {
|
|
if (typeof val === 'string') {
|
|
if (encoding === 'buffer')
|
|
encoding = 'utf8';
|
|
return Buffer.from(val, encoding);
|
|
}
|
|
return val;
|
|
}
|
|
|
|
const getCiphers = cachedResult(() => filterDuplicateStrings(_getCiphers()));
|
|
const getHashes = cachedResult(() => filterDuplicateStrings(_getHashes()));
|
|
const getCurves = cachedResult(() => filterDuplicateStrings(_getCurves()));
|
|
|
|
function setEngine(id, flags) {
|
|
validateString(id, 'id');
|
|
if (flags && typeof flags !== 'number')
|
|
throw new ERR_INVALID_ARG_TYPE('flags', 'number', flags);
|
|
flags = flags >>> 0;
|
|
|
|
// Use provided engine for everything by default
|
|
if (flags === 0)
|
|
flags = ENGINE_METHOD_ALL;
|
|
|
|
if (!_setEngine(id, flags))
|
|
throw new ERR_CRYPTO_ENGINE_UNKNOWN(id);
|
|
}
|
|
|
|
const getArrayBufferOrView = hideStackFrames((buffer, name, encoding) => {
|
|
if (isAnyArrayBuffer(buffer))
|
|
return buffer;
|
|
if (typeof buffer === 'string') {
|
|
if (encoding === 'buffer')
|
|
encoding = 'utf8';
|
|
return Buffer.from(buffer, encoding);
|
|
}
|
|
if (!isArrayBufferView(buffer)) {
|
|
throw new ERR_INVALID_ARG_TYPE(
|
|
name,
|
|
[
|
|
'string',
|
|
'ArrayBuffer',
|
|
'Buffer',
|
|
'TypedArray',
|
|
'DataView'
|
|
],
|
|
buffer
|
|
);
|
|
}
|
|
return buffer;
|
|
});
|
|
|
|
// The maximum buffer size that we'll support in the WebCrypto impl
|
|
const kMaxBufferLength = (2 ** 31) - 1;
|
|
|
|
// The EC named curves that we currently support via the Web Crypto API.
|
|
const kNamedCurveAliases = {
|
|
'P-256': 'prime256v1',
|
|
'P-384': 'secp384r1',
|
|
'P-521': 'secp521r1',
|
|
};
|
|
|
|
const kAesKeyLengths = [128, 192, 256];
|
|
|
|
// These are the only algorithms we currently support
|
|
// via the Web Crypto API
|
|
const kAlgorithms = [
|
|
'rsassa-pkcs1-v1_5',
|
|
'rsa-pss',
|
|
'rsa-oaep',
|
|
'ecdsa',
|
|
'ecdh',
|
|
'aes-ctr',
|
|
'aes-cbc',
|
|
'aes-gcm',
|
|
'aes-kw',
|
|
'hmac',
|
|
'sha-1',
|
|
'sha-256',
|
|
'sha-384',
|
|
'sha-512',
|
|
'hkdf',
|
|
'pbkdf2',
|
|
// Following here are Node.js specific extensions. All
|
|
// should be prefixed with 'node-'
|
|
'node-dsa',
|
|
'node-dh',
|
|
'node-scrypt'
|
|
];
|
|
|
|
// These are the only export and import formats we currently
|
|
// support via the Web Crypto API
|
|
const kExportFormats = [
|
|
'raw',
|
|
'pkcs8',
|
|
'spki',
|
|
'jwk',
|
|
'node.keyObject'];
|
|
|
|
// These are the only hash algorithms we currently support via
|
|
// the Web Crypto API.
|
|
const kHashTypes = [
|
|
'SHA-1',
|
|
'SHA-256',
|
|
'SHA-384',
|
|
'SHA-512'
|
|
];
|
|
|
|
function validateMaxBufferLength(data, name) {
|
|
if (data.byteLength > kMaxBufferLength) {
|
|
throw lazyDOMException(
|
|
`${name} must be less than ${kMaxBufferLength + 1} bits`,
|
|
'OperationError');
|
|
}
|
|
}
|
|
|
|
function normalizeAlgorithm(algorithm, label = 'algorithm') {
|
|
if (algorithm != null) {
|
|
if (typeof algorithm === 'string')
|
|
algorithm = { name: algorithm };
|
|
|
|
if (typeof algorithm === 'object') {
|
|
const { name } = algorithm;
|
|
let hash;
|
|
if (typeof name !== 'string' ||
|
|
!ArrayPrototypeIncludes(
|
|
kAlgorithms,
|
|
StringPrototypeToLowerCase(name))) {
|
|
throw lazyDOMException('Unrecognized name.', 'NotSupportedError');
|
|
}
|
|
if (algorithm.hash !== undefined) {
|
|
hash = normalizeAlgorithm(algorithm.hash, 'algorithm.hash');
|
|
if (!ArrayPrototypeIncludes(kHashTypes, hash.name))
|
|
throw lazyDOMException('Unrecognized name.', 'NotSupportedError');
|
|
}
|
|
return { ...algorithm, name: StringPrototypeToUpperCase(name), hash };
|
|
}
|
|
}
|
|
throw lazyDOMException('Unrecognized name.', 'NotSupportedError');
|
|
}
|
|
|
|
function hasAnyNotIn(set, ...check) {
|
|
for (const s of set)
|
|
if (!ArrayPrototypeIncludes(check, s))
|
|
return true;
|
|
return false;
|
|
}
|
|
|
|
function validateBitLength(length, name, required = false) {
|
|
if (length !== undefined || required) {
|
|
if (typeof length !== 'number')
|
|
throw new ERR_INVALID_ARG_TYPE(name, 'number', length);
|
|
if (length < 0)
|
|
throw new ERR_OUT_OF_RANGE(name, '> 0');
|
|
if (length % 8) {
|
|
throw new ERR_INVALID_ARG_VALUE(
|
|
name,
|
|
length,
|
|
'must be a multiple of 8');
|
|
}
|
|
}
|
|
}
|
|
|
|
function validateByteLength(buf, name, target) {
|
|
if (buf.byteLength !== target) {
|
|
throw lazyDOMException(
|
|
`${name} must contain exactly ${target} bytes`,
|
|
'OperationError');
|
|
}
|
|
}
|
|
|
|
const validateByteSource = hideStackFrames((val, name) => {
|
|
val = toBuf(val);
|
|
|
|
if (isAnyArrayBuffer(val) || isArrayBufferView(val))
|
|
return;
|
|
|
|
throw new ERR_INVALID_ARG_TYPE(
|
|
name,
|
|
[
|
|
'string',
|
|
'ArrayBuffer',
|
|
'TypedArray',
|
|
'DataView',
|
|
'Buffer'
|
|
],
|
|
val);
|
|
});
|
|
|
|
function onDone(resolve, reject, err, result) {
|
|
if (err) return reject(err);
|
|
resolve(result);
|
|
}
|
|
|
|
function jobPromise(job) {
|
|
return new Promise((resolve, reject) => {
|
|
job.ondone = FunctionPrototypeBind(onDone, job, resolve, reject);
|
|
job.run();
|
|
});
|
|
}
|
|
|
|
// In WebCrypto, the publicExponent option in RSA is represented as a
|
|
// WebIDL "BigInteger"... that is, a Uint8Array that allows an arbitrary
|
|
// number of leading zero bits. Our conventional APIs for reading
|
|
// an unsigned int from a Buffer are not adequate. The implementation
|
|
// here is adapted from the chromium implementation here:
|
|
// https://github.com/chromium/chromium/blob/master/third_party/blink/public/platform/web_crypto_algorithm_params.h, but ported to JavaScript
|
|
// Returns undefined if the conversion was unsuccessful.
|
|
function bigIntArrayToUnsignedInt(input) {
|
|
let result = 0;
|
|
|
|
for (let n = 0; n < input.length; ++n) {
|
|
const n_reversed = input.length - n - 1;
|
|
if (n_reversed >= 4 && input[n])
|
|
return; // Too large
|
|
result |= input[n] << 8 * n_reversed;
|
|
}
|
|
|
|
return result;
|
|
}
|
|
|
|
function getStringOption(options, key) {
|
|
let value;
|
|
if (options && (value = options[key]) != null)
|
|
validateString(value, `options.${key}`);
|
|
return value;
|
|
}
|
|
|
|
function getUsagesUnion(usageSet, ...usages) {
|
|
const newset = [];
|
|
for (let n = 0; n < usages.length; n++) {
|
|
if (usageSet.has(usages[n]))
|
|
ArrayPrototypePush(newset, usages[n]);
|
|
}
|
|
return newset;
|
|
}
|
|
|
|
function getHashLength(name) {
|
|
switch (name) {
|
|
case 'SHA-1': return 160;
|
|
case 'SHA-256': return 256;
|
|
case 'SHA-384': return 384;
|
|
case 'SHA-512': return 512;
|
|
}
|
|
}
|
|
|
|
const kKeyOps = {
|
|
sign: 1,
|
|
verify: 2,
|
|
encrypt: 3,
|
|
decrypt: 4,
|
|
wrapKey: 5,
|
|
unwrapKey: 6,
|
|
deriveKey: 7,
|
|
deriveBits: 8,
|
|
};
|
|
|
|
function validateKeyOps(keyOps, usagesSet) {
|
|
if (keyOps === undefined) return;
|
|
validateArray(keyOps, 'keyData.key_ops');
|
|
let flags = 0;
|
|
for (let n = 0; n < keyOps.length; n++) {
|
|
const op = keyOps[n];
|
|
const op_flag = kKeyOps[op];
|
|
// Skipping unknown key ops
|
|
if (op_flag === undefined)
|
|
continue;
|
|
// Have we seen it already? if so, error
|
|
if (flags & (1 << op_flag))
|
|
throw lazyDOMException('Duplicate key operation', 'DataError');
|
|
flags |= (1 << op_flag);
|
|
|
|
// TODO(@jasnell): RFC7517 section 4.3 strong recommends validating
|
|
// key usage combinations. Specifically, it says that unrelated key
|
|
// ops SHOULD NOT be used together. We're not yet validating that here.
|
|
}
|
|
|
|
if (usagesSet !== undefined) {
|
|
for (const use of usagesSet) {
|
|
if (!ArrayPrototypeIncludes(keyOps, use)) {
|
|
throw lazyDOMException(
|
|
'Key operations and usage mismatch',
|
|
'DataError');
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
function secureHeapUsed() {
|
|
const val = _secureHeapUsed();
|
|
if (val === undefined)
|
|
return { total: 0, used: 0, utilization: 0, min: 0 };
|
|
const used = Number(_secureHeapUsed());
|
|
const total = Number(getOptionValue('--secure-heap'));
|
|
const min = Number(getOptionValue('--secure-heap-min'));
|
|
const utilization = used / total;
|
|
return { total, used, utilization, min };
|
|
}
|
|
|
|
module.exports = {
|
|
getArrayBufferOrView,
|
|
getCiphers,
|
|
getCurves,
|
|
getDefaultEncoding,
|
|
getHashes,
|
|
kHandle,
|
|
kKeyObject,
|
|
setDefaultEncoding,
|
|
setEngine,
|
|
toBuf,
|
|
|
|
kHashTypes,
|
|
kNamedCurveAliases,
|
|
kAesKeyLengths,
|
|
kExportFormats,
|
|
normalizeAlgorithm,
|
|
normalizeHashName,
|
|
hasAnyNotIn,
|
|
lazyDOMException,
|
|
validateBitLength,
|
|
validateByteLength,
|
|
validateByteSource,
|
|
validateKeyOps,
|
|
jobPromise,
|
|
lazyRequire,
|
|
validateMaxBufferLength,
|
|
bigIntArrayToUnsignedInt,
|
|
getStringOption,
|
|
getUsagesUnion,
|
|
getHashLength,
|
|
secureHeapUsed,
|
|
};
|