Skip to content

Commit

Permalink
chore: upgrade rsa to 0.9 (denoland#21016)
Browse files Browse the repository at this point in the history
  • Loading branch information
littledivy authored Oct 30, 2023
1 parent f3b580d commit 02cc37e
Show file tree
Hide file tree
Showing 13 changed files with 182 additions and 167 deletions.
26 changes: 12 additions & 14 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,7 @@ p256 = { version = "0.13.2", features = ["ecdh"] }
p384 = { version = "0.13.0", features = ["ecdh"] }

# crypto
rsa = { version = "0.7.0", default-features = false, features = ["std", "pem", "hazmat"] } # hazmat needed for PrehashSigner in ext/node
rsa = { version = "0.9.3", default-features = false, features = ["std", "pem", "hazmat"] } # hazmat needed for PrehashSigner in ext/node
hkdf = "0.12.3"

# macros
Expand Down
1 change: 1 addition & 0 deletions ext/crypto/00_crypto.js
Original file line number Diff line number Diff line change
Expand Up @@ -1313,6 +1313,7 @@ class SubtleCrypto {
algorithm: "RSA-PSS",
hash: hashAlgorithm,
signature,
saltLength: normalizedAlgorithm.saltLength,
}, data);
}
case "HMAC": {
Expand Down
26 changes: 12 additions & 14 deletions ext/crypto/decrypt.rs
Original file line number Diff line number Diff line change
Expand Up @@ -24,9 +24,7 @@ use deno_core::unsync::spawn_blocking;
use deno_core::JsBuffer;
use deno_core::ToJsBuffer;
use rsa::pkcs1::DecodeRsaPrivateKey;
use rsa::PaddingScheme;
use serde::Deserialize;
use sha1::Digest;
use sha1::Sha1;
use sha2::Sha256;
use sha2::Sha384;
Expand Down Expand Up @@ -117,24 +115,24 @@ fn decrypt_rsa_oaep(
let label = Some(String::from_utf8_lossy(&label).to_string());

let padding = match hash {
ShaHash::Sha1 => PaddingScheme::OAEP {
digest: Box::new(Sha1::new()),
mgf_digest: Box::new(Sha1::new()),
ShaHash::Sha1 => rsa::Oaep {
digest: Box::<Sha1>::default(),
mgf_digest: Box::<Sha1>::default(),
label,
},
ShaHash::Sha256 => PaddingScheme::OAEP {
digest: Box::new(Sha256::new()),
mgf_digest: Box::new(Sha256::new()),
ShaHash::Sha256 => rsa::Oaep {
digest: Box::<Sha256>::default(),
mgf_digest: Box::<Sha256>::default(),
label,
},
ShaHash::Sha384 => PaddingScheme::OAEP {
digest: Box::new(Sha384::new()),
mgf_digest: Box::new(Sha384::new()),
ShaHash::Sha384 => rsa::Oaep {
digest: Box::<Sha384>::default(),
mgf_digest: Box::<Sha384>::default(),
label,
},
ShaHash::Sha512 => PaddingScheme::OAEP {
digest: Box::new(Sha512::new()),
mgf_digest: Box::new(Sha512::new()),
ShaHash::Sha512 => rsa::Oaep {
digest: Box::<Sha512>::default(),
mgf_digest: Box::<Sha512>::default(),
label,
},
};
Expand Down
18 changes: 15 additions & 3 deletions ext/crypto/ed25519.rs
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

use base64::prelude::BASE64_URL_SAFE_NO_PAD;
use base64::Engine;
use deno_core::error::custom_error;
use deno_core::error::AnyError;
use deno_core::op2;
use deno_core::ToJsBuffer;
Expand Down Expand Up @@ -123,26 +124,37 @@ pub fn op_crypto_export_spki_ed25519(
},
subject_public_key: pubkey,
};
Ok(key_info.to_vec()?.into())
Ok(
key_info
.to_vec()
.map_err(|_| {
custom_error("DOMExceptionOperationError", "Failed to export key")
})?
.into(),
)
}

#[op2]
#[serde]
pub fn op_crypto_export_pkcs8_ed25519(
#[buffer] pkey: &[u8],
) -> Result<ToJsBuffer, AnyError> {
use rsa::pkcs1::der::Encode;

// This should probably use OneAsymmetricKey instead
let pk_info = rsa::pkcs8::PrivateKeyInfo {
public_key: None,
algorithm: rsa::pkcs8::AlgorithmIdentifier {
algorithm: rsa::pkcs8::AlgorithmIdentifierRef {
// id-Ed25519
oid: ED25519_OID,
parameters: None,
},
private_key: pkey, // OCTET STRING
};

Ok(pk_info.to_vec()?.into())
let mut buf = Vec::new();
pk_info.encode_to_vec(&mut buf)?;
Ok(buf.into())
}

// 'x' from Section 2 of RFC 8037
Expand Down
27 changes: 12 additions & 15 deletions ext/crypto/encrypt.rs
Original file line number Diff line number Diff line change
Expand Up @@ -24,10 +24,7 @@ use deno_core::JsBuffer;
use deno_core::ToJsBuffer;
use rand::rngs::OsRng;
use rsa::pkcs1::DecodeRsaPublicKey;
use rsa::PaddingScheme;
use rsa::PublicKey;
use serde::Deserialize;
use sha1::Digest;
use sha1::Sha1;
use sha2::Sha256;
use sha2::Sha384;
Expand Down Expand Up @@ -119,24 +116,24 @@ fn encrypt_rsa_oaep(
.map_err(|_| operation_error("failed to decode public key"))?;
let mut rng = OsRng;
let padding = match hash {
ShaHash::Sha1 => PaddingScheme::OAEP {
digest: Box::new(Sha1::new()),
mgf_digest: Box::new(Sha1::new()),
ShaHash::Sha1 => rsa::Oaep {
digest: Box::<Sha1>::default(),
mgf_digest: Box::<Sha1>::default(),
label: Some(label),
},
ShaHash::Sha256 => PaddingScheme::OAEP {
digest: Box::new(Sha256::new()),
mgf_digest: Box::new(Sha256::new()),
ShaHash::Sha256 => rsa::Oaep {
digest: Box::<Sha256>::default(),
mgf_digest: Box::<Sha256>::default(),
label: Some(label),
},
ShaHash::Sha384 => PaddingScheme::OAEP {
digest: Box::new(Sha384::new()),
mgf_digest: Box::new(Sha384::new()),
ShaHash::Sha384 => rsa::Oaep {
digest: Box::<Sha384>::default(),
mgf_digest: Box::<Sha384>::default(),
label: Some(label),
},
ShaHash::Sha512 => PaddingScheme::OAEP {
digest: Box::new(Sha512::new()),
mgf_digest: Box::new(Sha512::new()),
ShaHash::Sha512 => rsa::Oaep {
digest: Box::<Sha512>::default(),
mgf_digest: Box::<Sha512>::default(),
label: Some(label),
},
};
Expand Down
20 changes: 13 additions & 7 deletions ext/crypto/export_key.rs
Original file line number Diff line number Diff line change
Expand Up @@ -10,12 +10,12 @@ use deno_core::op2;
use deno_core::ToJsBuffer;
use elliptic_curve::sec1::ToEncodedPoint;
use p256::pkcs8::DecodePrivateKey;
use rsa::pkcs1::UIntRef;
use rsa::pkcs1::der::Decode;
use rsa::pkcs8::der::asn1::UintRef;
use rsa::pkcs8::der::Encode;
use serde::Deserialize;
use serde::Serialize;
use spki::der::asn1;
use spki::der::Decode;
use spki::der::Encode;
use spki::AlgorithmIdentifier;

use crate::shared::*;
Expand Down Expand Up @@ -112,7 +112,7 @@ pub fn op_crypto_export_key(
}
}

fn uint_to_b64(bytes: UIntRef) -> String {
fn uint_to_b64(bytes: UintRef) -> String {
BASE64_URL_SAFE_NO_PAD.encode(bytes.as_bytes())
}

Expand All @@ -126,6 +126,7 @@ fn export_key_rsa(
) -> Result<ExportKeyResult, deno_core::anyhow::Error> {
match format {
ExportKeyFormat::Spki => {
use spki::der::Encode;
let subject_public_key = &key_data.as_rsa_public_key()?;

// the SPKI structure
Expand Down Expand Up @@ -158,18 +159,21 @@ fn export_key_rsa(

let pk_info = rsa::pkcs8::PrivateKeyInfo {
public_key: None,
algorithm: rsa::pkcs8::AlgorithmIdentifier {
algorithm: rsa::pkcs8::AlgorithmIdentifierRef {
// rsaEncryption(1)
oid: rsa::pkcs8::ObjectIdentifier::new_unwrap("1.2.840.113549.1.1.1"),
// parameters field should not be omitted (None).
// It MUST have ASN.1 type NULL as per defined in RFC 3279 Section 2.3.1
parameters: Some(asn1::AnyRef::from(asn1::Null)),
parameters: Some(rsa::pkcs8::der::asn1::AnyRef::from(
rsa::pkcs8::der::asn1::Null,
)),
},
private_key,
};

// Infallible because we know the private key is valid.
let pkcs8_der = pk_info.to_vec().unwrap();
let mut pkcs8_der = Vec::new();
pk_info.encode_to_vec(&mut pkcs8_der)?;

Ok(ExportKeyResult::Pkcs8(pkcs8_der.into()))
}
Expand Down Expand Up @@ -255,6 +259,8 @@ fn export_key_ec(
Ok(ExportKeyResult::Raw(subject_public_key.into()))
}
ExportKeyFormat::Spki => {
use spki::der::Encode;

let subject_public_key = match named_curve {
EcNamedCurve::P256 => {
let point = key_data.as_ec_public_key_p256()?;
Expand Down
Loading

0 comments on commit 02cc37e

Please sign in to comment.