crypto: add crypto.createMac()

bnoordhuis · bnoordhuis · commit fcda409512e8 · 2020-03-24T23:57:28.000+01:00
diff --git a/lib/crypto.js b/lib/crypto.js
@@ -91,7 +91,8 @@ const {
 } = require('internal/crypto/sig');
 const {
   Hash,
-  Hmac
+  Hmac,
+  Mac
 } = require('internal/crypto/hash');
 const {
   getCiphers,
@@ -142,6 +143,10 @@ function createHmac(hmac, key, options) {
   return new Hmac(hmac, key, options);
 }
 
+function createMac(mac, key, options) {
+  return new Mac(mac, key, options);
+}
+
 function createSign(algorithm, options) {
   return new Sign(algorithm, options);
 }
@@ -159,6 +164,7 @@ module.exports = {
   createECDH,
   createHash,
   createHmac,
+  createMac,
   createPrivateKey,
   createPublicKey,
   createSecretKey,
@@ -203,6 +209,7 @@ module.exports = {
   Hash,
   Hmac,
   KeyObject,
+  Mac,
   Sign,
   Verify
 };
diff --git a/lib/internal/crypto/hash.js b/lib/internal/crypto/hash.js
@@ -6,8 +6,12 @@ const {
 } = primordials;
 
 const {
+  EVP_PKEY_HMAC,
+  EVP_PKEY_POLY1305,
+  EVP_PKEY_SIPHASH,
   Hash: _Hash,
-  Hmac: _Hmac
+  Hmac: _Hmac,
+  Mac: _Mac
 } = internalBinding('crypto');
 
 const {
@@ -140,7 +144,49 @@ Hmac.prototype.digest = function digest(outputEncoding) {
 Hmac.prototype._flush = Hash.prototype._flush;
 Hmac.prototype._transform = Hash.prototype._transform;
 
+function Mac(mac, key, options) {
+  if (!(this instanceof Mac))
+    return new Mac(mac, key, options);
+
+  validateString(mac, 'mac');
+  key = prepareSecretKey(key);
+
+  let nid = EVP_PKEY_HMAC;
+  if (mac === 'poly1305') nid = EVP_PKEY_POLY1305;
+  else if (mac === 'siphash') nid = EVP_PKEY_SIPHASH;
+
+  this[kHandle] = new _Mac(nid, toBuf(key), mac);
+  this[kState] = {
+    [kFinalized]: false
+  };
+  LazyTransform.call(this, options);
+}
+
+ObjectSetPrototypeOf(Mac.prototype, LazyTransform.prototype);
+ObjectSetPrototypeOf(Mac, LazyTransform);
+
+Mac.prototype.update = Hash.prototype.update;
+
+Mac.prototype.digest = function digest(outputEncoding) {
+  const state = this[kState];
+  outputEncoding = outputEncoding || getDefaultEncoding();
+
+  if (state[kFinalized]) {
+    const buf = Buffer.from('');
+    return outputEncoding === 'buffer' ? buf : buf.toString(outputEncoding);
+  }
+
+  // Explicit conversion for backward compatibility.
+  const ret = this[kHandle].digest(`${outputEncoding}`);
+  state[kFinalized] = true;
+  return ret;
+};
+
+Hmac.prototype._flush = Hash.prototype._flush;
+Hmac.prototype._transform = Hash.prototype._transform;
+
 module.exports = {
   Hash,
-  Hmac
+  Hmac,
+  Mac
 };
diff --git a/src/node_crypto.cc b/src/node_crypto.cc
@@ -105,6 +105,8 @@ using v8::Value;
 # define IS_OCB_MODE(mode) ((mode) == EVP_CIPH_OCB_MODE)
 #endif
 
+void CheckThrow(Environment* env, SignBase::Error error);
+
 static const char* const root_certs[] = {
 #include "node_root_certs.h"  // NOLINT(build/include_order)
 };
@@ -4349,6 +4351,112 @@ void Hash::HashDigest(const FunctionCallbackInfo<Value>& args) {
 }
 
 
+void Mac::Initialize(Environment* env, Local<Object> target) {
+  Local<FunctionTemplate> t = env->NewFunctionTemplate(New);
+  t->InstanceTemplate()->SetInternalFieldCount(Mac::kInternalFieldCount);
+
+  env->SetProtoMethod(t, "update", Update);
+  env->SetProtoMethod(t, "digest", Digest);
+
+  target->Set(env->context(),
+              FIXED_ONE_BYTE_STRING(env->isolate(), "Mac"),
+              t->GetFunction(env->context()).ToLocalChecked()).Check();
+}
+
+
+Mac::Mac(Environment* env, Local<Object> wrap, int nid, EVPMDPointer&& mdctx)
+    : BaseObject(env, wrap)
+    , nid_(nid)
+    , mdctx_(std::move(mdctx)) {
+  MakeWeak();
+}
+
+
+void Mac::New(const FunctionCallbackInfo<Value>& args) {
+  MarkPopErrorOnReturn mark_pop_error_on_return;
+  Environment* env = Environment::GetCurrent(args);
+
+  CHECK(args[0]->IsInt32());
+  const int nid = args[0].As<Int32>()->Value();
+
+  CHECK(args[1]->IsArrayBufferView());
+  ByteSource key = ByteSource::FromBuffer(args[1]);
+
+  const EVP_MD* md = nullptr;
+  if (nid == EVP_PKEY_HMAC) {
+    CHECK(args[2]->IsString());
+    const node::Utf8Value name(env->isolate(), args[2]);
+    md = EVP_get_digestbyname(*name);
+    if (md == nullptr)
+      return CheckThrow(env, SignBase::Error::kSignUnknownDigest);
+  }
+
+  ManagedEVPPKey pkey(
+      EVPKeyPointer(
+          EVP_PKEY_new_raw_private_key(
+              nid, nullptr, reinterpret_cast<const unsigned char*>(key.get()),
+              key.size())));
+
+  EVPMDPointer mdctx(EVP_MD_CTX_new());
+
+
+  EVP_PKEY_CTX* pkctx = nullptr;
+  if (!EVP_DigestSignInit(mdctx.get(), &pkctx, md, nullptr, pkey.get()))
+    return ThrowCryptoError(env, ERR_get_error(), "EVP_DigestSignInit");
+
+  // TODO(bnoordhuis) Call EVP_PKEY_CTX_ctrl() or EVP_PKEY_CTX_ctrl_str().
+  USE(pkctx);
+
+  new Mac(env, args.This(), nid, std::move(mdctx));
+}
+
+
+void Mac::Update(const FunctionCallbackInfo<Value>& args) {
+  Decode<Mac>(args, [](Mac* mac, const FunctionCallbackInfo<Value>& args,
+                       const char* data, size_t size) {
+    const int rc = EVP_DigestSignUpdate(mac->mdctx_.get(), data, size);
+    args.GetReturnValue().Set(rc == 1);
+  });
+}
+
+
+void Mac::Digest(const FunctionCallbackInfo<Value>& args) {
+  Mac* mac;
+  ASSIGN_OR_RETURN_UNWRAP(&mac, args.Holder());
+
+  MarkPopErrorOnReturn mark_pop_error_on_return;
+  Environment* env = Environment::GetCurrent(args);
+
+  enum encoding encoding = BUFFER;
+  if (args.Length() > 0)
+    encoding = ParseEncoding(env->isolate(), args[0], BUFFER);
+
+  size_t size;
+  if (!EVP_DigestSignFinal(mac->mdctx_.get(), nullptr, &size))
+    return ThrowCryptoError(env, ERR_get_error(), "EVP_DigestSignFinal");
+
+  unsigned char* data = MallocOpenSSL<unsigned char>(size);
+  ByteSource source =
+      ByteSource::Allocated(reinterpret_cast<char*>(data), size);
+
+  if (!EVP_DigestSignFinal(mac->mdctx_.get(), data, &size))
+    return ThrowCryptoError(env, ERR_get_error(), "EVP_DigestSignFinal");
+
+  Local<Value> error;
+  MaybeLocal<Value> rc =
+      StringBytes::Encode(env->isolate(), source.get(), source.size(),
+                          encoding, &error);
+
+  if (rc.IsEmpty()) {
+    CHECK(!error.IsEmpty());
+    env->isolate()->ThrowException(error);
+    return;
+  }
+
+  args.GetReturnValue().Set(rc.ToLocalChecked());
+}
+
+
 SignBase::Error SignBase::Init(const char* sign_type) {
   CHECK_NULL(mdctx_);
   // Historically, "dss1" and "DSS1" were DSA aliases for SHA-1
@@ -6864,6 +6972,7 @@ void Initialize(Local<Object> target,
   ECDH::Initialize(env, target);
   Hmac::Initialize(env, target);
   Hash::Initialize(env, target);
+  Mac::Initialize(env, target);
   Sign::Initialize(env, target);
   Verify::Initialize(env, target);
 
@@ -6895,6 +7004,9 @@ void Initialize(Local<Object> target,
   env->SetMethod(target, "generateKeyPairDH", GenerateKeyPairDH);
   NODE_DEFINE_CONSTANT(target, EVP_PKEY_ED25519);
   NODE_DEFINE_CONSTANT(target, EVP_PKEY_ED448);
+  NODE_DEFINE_CONSTANT(target, EVP_PKEY_HMAC);
+  NODE_DEFINE_CONSTANT(target, EVP_PKEY_POLY1305);
+  NODE_DEFINE_CONSTANT(target, EVP_PKEY_SIPHASH);
   NODE_DEFINE_CONSTANT(target, EVP_PKEY_X25519);
   NODE_DEFINE_CONSTANT(target, EVP_PKEY_X448);
   NODE_DEFINE_CONSTANT(target, OPENSSL_EC_NAMED_CURVE);
diff --git a/src/node_crypto.h b/src/node_crypto.h
@@ -589,6 +589,28 @@ class Hash final : public BaseObject {
   unsigned char* md_value_;
 };
 
+class Mac : public BaseObject {
+ public:
+  static void Initialize(Environment* env, v8::Local<v8::Object> target);
+
+  // TODO(joyeecheung): track the memory used by OpenSSL types
+  SET_NO_MEMORY_INFO()
+  SET_MEMORY_INFO_NAME(Mac)
+  SET_SELF_SIZE(Mac)
+
+ protected:
+  static void New(const v8::FunctionCallbackInfo<v8::Value>& args);
+  static void Update(const v8::FunctionCallbackInfo<v8::Value>& args);
+  static void Digest(const v8::FunctionCallbackInfo<v8::Value>& args);
+
+  Mac(Environment* env, v8::Local<v8::Object> wrap,
+      int nid, EVPMDPointer&& mdctx);
+
+ private:
+  const int nid_;
+  EVPMDPointer mdctx_;
+};
+
 class SignBase : public BaseObject {
  public:
   typedef enum {
diff --git a/test/parallel/test-crypto-mac.js b/test/parallel/test-crypto-mac.js
@@ -0,0 +1,47 @@
+'use strict';
+
+const common = require('../common');
+if (!common.hasCrypto) common.skip('missing crypto');
+
+const assert = require('assert');
+const crypto = require('crypto');
+
+assert.throws(() => crypto.createMac('boom', 'secret'),
+              /Unknown message digest/);
+
+// hmac
+{
+  const expected =
+    Buffer.from('1b2c16b75bd2a870c114153ccda5bcfc' +
+                'a63314bc722fa160d690de133ccbb9db', 'hex');
+  const actual = crypto.createMac('sha256', 'secret').update('data').digest();
+  assert.deepStrictEqual(actual, expected);
+}
+
+// poly1305
+{
+  const key =
+    Buffer.from(
+      '1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0',
+      'hex');
+  const data =
+    Buffer.from(
+      '2754776173206272696c6c69672c20616e642074686520736c6974687920' +
+      '746f7665730a446964206779726520616e642067696d626c6520696e2074' +
+      '686520776162653a0a416c6c206d696d737920776572652074686520626f' +
+      '726f676f7665732c0a416e6420746865206d6f6d65207261746873206f75' +
+      '7467726162652e',
+      'hex');
+  const expected = Buffer.from('4541669a7eaaee61e708dc7cbcc5eb62', 'hex');
+  const actual = crypto.createMac('poly1305', key).update(data).digest();
+  assert.deepStrictEqual(actual, expected);
+}
+
+// siphash
+{
+  const key = Buffer.from('000102030405060708090A0B0C0D0E0F', 'hex');
+  const data = Buffer.from('000102030405', 'hex');
+  const expected = Buffer.from('14eeca338b208613485ea0308fd7a15e', 'hex');
+  const actual = crypto.createMac('siphash', key).update(data).digest();
+  assert.deepStrictEqual(actual, expected);
+}
