Index: node-v17.3.0/doc/api/crypto.md =================================================================== --- node-v17.3.0.orig/doc/api/crypto.md +++ node-v17.3.0/doc/api/crypto.md @@ -1959,20 +1959,11 @@ const { * {Object} * `modulusLength`: {number} Key size in bits (RSA, DSA). * `publicExponent`: {bigint} Public exponent (RSA). - * `hashAlgorithm`: {string} Name of the message digest (RSA-PSS). - * `mgf1HashAlgorithm`: {string} Name of the message digest used by - MGF1 (RSA-PSS). - * `saltLength`: {number} Minimal salt length in bytes (RSA-PSS). * `divisorLength`: {number} Size of `q` in bits (DSA). * `namedCurve`: {string} Name of the curve (EC). @@ -1981,11 +1972,8 @@ this object contains information about t through this property can be used to uniquely identify a key or to compromise the security of the key. -For RSA-PSS keys, if the key material contains a `RSASSA-PSS-params` sequence, -the `hashAlgorithm`, `mgf1HashAlgorithm`, and `saltLength` properties will be -set. - -Other key details might be exposed via this API using additional attributes. +RSA-PSS parameters, DH, or any future key type details might be exposed via this +API using additional attributes. ### `keyObject.asymmetricKeyType` Index: node-v17.3.0/src/crypto/crypto_rsa.cc =================================================================== --- node-v17.3.0.orig/src/crypto/crypto_rsa.cc +++ node-v17.3.0/src/crypto/crypto_rsa.cc @@ -561,84 +561,10 @@ Maybe GetRsaKeyDetail( reinterpret_cast(public_exponent.data()); CHECK_EQ(BN_bn2binpad(e, data, len), len); - if (target - ->Set( - env->context(), - env->public_exponent_string(), - public_exponent.ToArrayBuffer()) - .IsNothing()) { - return Nothing(); - } - - if (type == EVP_PKEY_RSA_PSS) { - // Due to the way ASN.1 encoding works, default values are omitted when - // encoding the data structure. However, there are also RSA-PSS keys for - // which no parameters are set. In that case, the ASN.1 RSASSA-PSS-params - // sequence will be missing entirely and RSA_get0_pss_params will return - // nullptr. If parameters are present but all parameters are set to their - // default values, an empty sequence will be stored in the ASN.1 structure. - // In that case, RSA_get0_pss_params does not return nullptr but all fields - // of the returned RSA_PSS_PARAMS will be set to nullptr. - - const RSA_PSS_PARAMS* params = RSA_get0_pss_params(rsa); - if (params != nullptr) { - int hash_nid = NID_sha1; - int mgf_nid = NID_mgf1; - int mgf1_hash_nid = NID_sha1; - int64_t salt_length = 20; - - if (params->hashAlgorithm != nullptr) { - hash_nid = OBJ_obj2nid(params->hashAlgorithm->algorithm); - } - - if (target - ->Set( - env->context(), - env->hash_algorithm_string(), - OneByteString(env->isolate(), OBJ_nid2ln(hash_nid))) - .IsNothing()) { - return Nothing(); - } - - if (params->maskGenAlgorithm != nullptr) { - mgf_nid = OBJ_obj2nid(params->maskGenAlgorithm->algorithm); - if (mgf_nid == NID_mgf1) { - mgf1_hash_nid = OBJ_obj2nid(params->maskHash->algorithm); - } - } - - // If, for some reason, the MGF is not MGF1, then the MGF1 hash function - // is intentionally not added to the object. - if (mgf_nid == NID_mgf1) { - if (target - ->Set( - env->context(), - env->mgf1_hash_algorithm_string(), - OneByteString(env->isolate(), OBJ_nid2ln(mgf1_hash_nid))) - .IsNothing()) { - return Nothing(); - } - } - - if (params->saltLength != nullptr) { - if (ASN1_INTEGER_get_int64(&salt_length, params->saltLength) != 1) { - ThrowCryptoError(env, ERR_get_error(), "ASN1_INTEGER_get_in64 error"); - return Nothing(); - } - } - - if (target - ->Set( - env->context(), - env->salt_length_string(), - Number::New(env->isolate(), static_cast(salt_length))) - .IsNothing()) { - return Nothing(); - } - } - } - - return Just(true); + return target->Set( + env->context(), + env->public_exponent_string(), + public_exponent.ToArrayBuffer()); } namespace RSAAlg { Index: node-v17.3.0/src/env.h =================================================================== --- node-v17.3.0.orig/src/env.h +++ node-v17.3.0/src/env.h @@ -271,7 +271,6 @@ constexpr size_t kFsStatsBufferLength = V(gid_string, "gid") \ V(h2_string, "h2") \ V(handle_string, "handle") \ - V(hash_algorithm_string, "hashAlgorithm") \ V(help_text_string, "helpText") \ V(homedir_string, "homedir") \ V(host_string, "host") \ @@ -320,7 +319,6 @@ constexpr size_t kFsStatsBufferLength = V(message_port_string, "messagePort") \ V(message_string, "message") \ V(messageerror_string, "messageerror") \ - V(mgf1_hash_algorithm_string, "mgf1HashAlgorithm") \ V(minttl_string, "minttl") \ V(module_string, "module") \ V(modulus_string, "modulus") \ @@ -390,7 +388,6 @@ constexpr size_t kFsStatsBufferLength = V(replacement_string, "replacement") \ V(require_string, "require") \ V(retry_string, "retry") \ - V(salt_length_string, "saltLength") \ V(scheme_string, "scheme") \ V(scopeid_string, "scopeid") \ V(serial_number_string, "serialNumber") \ Index: node-v17.3.0/test/fixtures/keys/Makefile =================================================================== --- node-v17.3.0.orig/test/fixtures/keys/Makefile +++ node-v17.3.0/test/fixtures/keys/Makefile @@ -64,11 +64,9 @@ all: \ rsa_pss_private_2048.pem \ rsa_pss_private_2048_sha256_sha256_16.pem \ rsa_pss_private_2048_sha512_sha256_20.pem \ - rsa_pss_private_2048_sha1_sha1_20.pem \ rsa_pss_public_2048.pem \ rsa_pss_public_2048_sha256_sha256_16.pem \ rsa_pss_public_2048_sha512_sha256_20.pem \ - rsa_pss_public_2048_sha1_sha1_20.pem \ ed25519_private.pem \ ed25519_public.pem \ x25519_private.pem \ @@ -710,9 +708,6 @@ rsa_pss_private_2048_sha256_sha256_16.pe rsa_pss_private_2048_sha512_sha256_20.pem: openssl genpkey -algorithm RSA-PSS -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537 -pkeyopt rsa_pss_keygen_md:sha512 -pkeyopt rsa_pss_keygen_mgf1_md:sha256 -pkeyopt rsa_pss_keygen_saltlen:20 -out rsa_pss_private_2048_sha512_sha256_20.pem -rsa_pss_private_2048_sha1_sha1_20.pem: - openssl genpkey -algorithm RSA-PSS -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537 -pkeyopt rsa_pss_keygen_md:sha1 -pkeyopt rsa_pss_keygen_mgf1_md:sha1 -pkeyopt rsa_pss_keygen_saltlen:20 -out rsa_pss_private_2048_sha1_sha1_20.pem - rsa_pss_public_2048.pem: rsa_pss_private_2048.pem openssl pkey -in rsa_pss_private_2048.pem -pubout -out rsa_pss_public_2048.pem @@ -722,9 +717,6 @@ rsa_pss_public_2048_sha256_sha256_16.pem rsa_pss_public_2048_sha512_sha256_20.pem: rsa_pss_private_2048_sha512_sha256_20.pem openssl pkey -in rsa_pss_private_2048_sha512_sha256_20.pem -pubout -out rsa_pss_public_2048_sha512_sha256_20.pem -rsa_pss_public_2048_sha1_sha1_20.pem: rsa_pss_private_2048_sha1_sha1_20.pem - openssl pkey -in rsa_pss_private_2048_sha1_sha1_20.pem -pubout -out rsa_pss_public_2048_sha1_sha1_20.pem - ed25519_private.pem: openssl genpkey -algorithm ED25519 -out ed25519_private.pem Index: node-v17.3.0/test/fixtures/keys/rsa_pss_private_2048_sha1_sha1_20.pem =================================================================== --- node-v17.3.0.orig/test/fixtures/keys/rsa_pss_private_2048_sha1_sha1_20.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQowAASCBKcwggSjAgEAAoIBAQCpdutzsPFQ1100 -ouR5aAwYry8aAtG0c+zX9UqNXGCpRDWzPPpXHUZSB1BmTTL4EhK2tkAfblYNqzRu -CAYlKHbFpFLs2zLEorfp0WsFNPaBHE9JHpLIM4oXxPCUypZ7JAn56ZYonYCZ8Il5 -8SzD9aoF41RTEmpcx3XkL2RQa022RiSccYZKx/yzskUUAdTvTvYyujH1MkvsfVP+ -Ns5bRL6IVqowFd3xv6ctvfQMxz0rltgTC+wOm3CFtn+G63y6P/Z0U2DRdacsNkN6 -PFGXAIB0kSvKzs8gVocEBiSwMkcT/KD3R68PY18b2auqaGcm8gA+gaVJ36KAW4dO -AjbY+YitAgMBAAECggEAfPvfFXln0Ra1gE+vMDdjzITPuWBg57Uj9fbMIEwEYnKT -JHmRrNRDe9Y3HuxK7hjuQmFSE5xdzUD6rzgtyBP63TOfkV7tJ4dXGxS/2JxCPeDy -PNxWp18Ttwoh4as0pudikDYN8DCRm3eC/TO5r2EtH6CVHZuUZI8bTMsDMiihrQ8F -B8+KucBG5DDy/OlDeieAZxZA4Y0/c+W0DNZ/LIPGwaqMzYCSZJXyV0t33HytUwM2 -QZ+RbWqcUcrCI3lFAO8IyEULCi+RnSByZeJ0xwUkdQTI5jT6+G8BrO70Oiab8g+Q -Rx2s7PxWpIMVS7/JD1PsL4hLrVh3uqh8PZl3/FG9IQKBgQDZWkOR2LA+ixmD6XJb -Q+7zW2guHnK6wDrQFKmBGLaDdAER64WL1Unt6Umu7FPxth2niYMEgRexBgnj5hQN -LfPYTiIeXs5ErrU96fVQABsV0Hra1M2Rhve5nynjFFpbHjDXtizzLpE30MsC7YkN -EqD4YYzjWHrbk/UlQ7tx3eAvtQKBgQDHmNM4TRuyH2yaYxDqnho6fgJv7Z4KgbM0 -1wcUxi5kPDQsFtaVOzFhNserzsWvotQjLkC2+CK5qlCdm59ZlpUqszF6+YyUs5Gq -WmHdqryduT1VxSV/pd6wGEQo27fxFV7LsT1JhVMh9Iri8MK0b1BD6+kVUf5NcKDB -Od2o8A1gGQKBgA5Y3Pj1mrymJesFL91CYLWDpR7WN7CIG9m8Y2v4G6QVtjRenZQb -YiPoMErxoqDj6pUyiIl1lADFa0W13ED6dYwjrDDhBTCXb7NEjELZnvATsOhc/6zJ -gfSowvUQVN6K4aJ7jgAHZOKQT7ZDw7YvMpzyo4AmSQXRgG8TR34+rRu5AoGACApP -9+SjSPmbFl0HQWw9Aj4xOvEHfMTcwzQmRN/23nLOZzhETJ6lzpS2VmVt8TVN9lzW -nohAXdpOhQrP0HwQZjfxtlJ3J0ZUh9g8OQG3t2LO5bWbXRkBb3aKyFqRflSuDOaG -4X9NagC/14R7U2loglPuf71d0SDIWQBLvZJt94ECgYEAnY7aKHnWdLszcB8uyEkJ -EJkUEaa+K/nTqOzqffZ01cTWJmUG7a2KuvQ+UQM2BHk2+wBmUo45Iz/dyePOJY0B -Fu2agiV4+R4z2XVQnIvXgY5HaPxvLz0THksY/pD58gBmFaLMx4ADEwQ+s4Y2g12H -ABsKNRHfSnKTwOm/dYvcVqs= ------END PRIVATE KEY----- Index: node-v17.3.0/test/fixtures/keys/rsa_pss_public_2048_sha1_sha1_20.pem =================================================================== --- node-v17.3.0.orig/test/fixtures/keys/rsa_pss_public_2048_sha1_sha1_20.pem +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN PUBLIC KEY----- -MIIBIjANBgkqhkiG9w0BAQowAAOCAQ8AMIIBCgKCAQEAqXbrc7DxUNddNKLkeWgM -GK8vGgLRtHPs1/VKjVxgqUQ1szz6Vx1GUgdQZk0y+BIStrZAH25WDas0bggGJSh2 -xaRS7NsyxKK36dFrBTT2gRxPSR6SyDOKF8TwlMqWeyQJ+emWKJ2AmfCJefEsw/Wq -BeNUUxJqXMd15C9kUGtNtkYknHGGSsf8s7JFFAHU7072Mrox9TJL7H1T/jbOW0S+ -iFaqMBXd8b+nLb30DMc9K5bYEwvsDptwhbZ/hut8uj/2dFNg0XWnLDZDejxRlwCA -dJErys7PIFaHBAYksDJHE/yg90evD2NfG9mrqmhnJvIAPoGlSd+igFuHTgI22PmI -rQIDAQAB ------END PUBLIC KEY----- Index: node-v17.3.0/test/parallel/test-crypto-key-objects.js =================================================================== --- node-v17.3.0.orig/test/parallel/test-crypto-key-objects.js +++ node-v17.3.0/test/parallel/test-crypto-key-objects.js @@ -582,21 +582,11 @@ const privateDsa = fixtures.readKey('dsa const publicKey = createPublicKey(publicPem); const privateKey = createPrivateKey(privatePem); - // Because no RSASSA-PSS-params appears in the PEM, no defaults should be - // added for the PSS parameters. This is different from an empty - // RSASSA-PSS-params sequence (see test below). - const expectedKeyDetails = { - modulusLength: 2048, - publicExponent: 65537n - }; - assert.strictEqual(publicKey.type, 'public'); assert.strictEqual(publicKey.asymmetricKeyType, 'rsa-pss'); - assert.deepStrictEqual(publicKey.asymmetricKeyDetails, expectedKeyDetails); assert.strictEqual(privateKey.type, 'private'); assert.strictEqual(privateKey.asymmetricKeyType, 'rsa-pss'); - assert.deepStrictEqual(privateKey.asymmetricKeyDetails, expectedKeyDetails); assert.throws( () => publicKey.export({ format: 'jwk' }), @@ -635,38 +625,6 @@ const privateDsa = fixtures.readKey('dsa } { - // This key pair enforces sha1 as the message digest and the MGF1 - // message digest and a salt length of 20 bytes. - - const publicPem = fixtures.readKey('rsa_pss_public_2048_sha1_sha1_20.pem'); - const privatePem = - fixtures.readKey('rsa_pss_private_2048_sha1_sha1_20.pem'); - - const publicKey = createPublicKey(publicPem); - const privateKey = createPrivateKey(privatePem); - - // Unlike the previous key pair, this key pair contains an RSASSA-PSS-params - // sequence. However, because all values in the RSASSA-PSS-params are set to - // their defaults (see RFC 3447), the ASN.1 structure contains an empty - // sequence. Node.js should add the default values to the key details. - const expectedKeyDetails = { - modulusLength: 2048, - publicExponent: 65537n, - hashAlgorithm: 'sha1', - mgf1HashAlgorithm: 'sha1', - saltLength: 20 - }; - - assert.strictEqual(publicKey.type, 'public'); - assert.strictEqual(publicKey.asymmetricKeyType, 'rsa-pss'); - assert.deepStrictEqual(publicKey.asymmetricKeyDetails, expectedKeyDetails); - - assert.strictEqual(privateKey.type, 'private'); - assert.strictEqual(privateKey.asymmetricKeyType, 'rsa-pss'); - assert.deepStrictEqual(privateKey.asymmetricKeyDetails, expectedKeyDetails); - } - - { // This key pair enforces sha256 as the message digest and the MGF1 // message digest and a salt length of at least 16 bytes. const publicPem = @@ -724,21 +682,11 @@ const privateDsa = fixtures.readKey('dsa const publicKey = createPublicKey(publicPem); const privateKey = createPrivateKey(privatePem); - const expectedKeyDetails = { - modulusLength: 2048, - publicExponent: 65537n, - hashAlgorithm: 'sha512', - mgf1HashAlgorithm: 'sha256', - saltLength: 20 - }; - assert.strictEqual(publicKey.type, 'public'); assert.strictEqual(publicKey.asymmetricKeyType, 'rsa-pss'); - assert.deepStrictEqual(publicKey.asymmetricKeyDetails, expectedKeyDetails); assert.strictEqual(privateKey.type, 'private'); assert.strictEqual(privateKey.asymmetricKeyType, 'rsa-pss'); - assert.deepStrictEqual(privateKey.asymmetricKeyDetails, expectedKeyDetails); // Node.js usually uses the same hash function for the message and for MGF1. // However, when a different MGF1 message digest algorithm has been Index: node-v17.3.0/test/parallel/test-crypto-keygen.js =================================================================== --- node-v17.3.0.orig/test/parallel/test-crypto-keygen.js +++ node-v17.3.0/test/parallel/test-crypto-keygen.js @@ -309,20 +309,14 @@ const sec1EncExp = (cipher) => getRegExp assert.strictEqual(publicKey.asymmetricKeyType, 'rsa-pss'); assert.deepStrictEqual(publicKey.asymmetricKeyDetails, { modulusLength: 512, - publicExponent: 65537n, - hashAlgorithm: 'sha256', - mgf1HashAlgorithm: 'sha256', - saltLength: 16 + publicExponent: 65537n }); assert.strictEqual(privateKey.type, 'private'); assert.strictEqual(privateKey.asymmetricKeyType, 'rsa-pss'); assert.deepStrictEqual(privateKey.asymmetricKeyDetails, { modulusLength: 512, - publicExponent: 65537n, - hashAlgorithm: 'sha256', - mgf1HashAlgorithm: 'sha256', - saltLength: 16 + publicExponent: 65537n }); // Unlike RSA, RSA-PSS does not allow encryption. @@ -381,10 +375,7 @@ const sec1EncExp = (cipher) => getRegExp }, common.mustSucceed((publicKey, privateKey) => { const expectedKeyDetails = { modulusLength: 512, - publicExponent: 65537n, - hashAlgorithm: 'sha256', - mgf1HashAlgorithm: 'sha256', - saltLength: 16 + publicExponent: 65537n }; assert.deepStrictEqual(publicKey.asymmetricKeyDetails, expectedKeyDetails); assert.deepStrictEqual(privateKey.asymmetricKeyDetails, expectedKeyDetails); @@ -401,10 +392,7 @@ const sec1EncExp = (cipher) => getRegExp }, common.mustSucceed((publicKey, privateKey) => { const expectedKeyDetails = { modulusLength: 512, - publicExponent: 65537n, - hashAlgorithm: 'sha512', - mgf1HashAlgorithm: 'sha512', - saltLength: 64 + publicExponent: 65537n }; assert.deepStrictEqual(publicKey.asymmetricKeyDetails, expectedKeyDetails); assert.deepStrictEqual(privateKey.asymmetricKeyDetails, expectedKeyDetails); @@ -418,10 +406,7 @@ const sec1EncExp = (cipher) => getRegExp }, common.mustSucceed((publicKey, privateKey) => { const expectedKeyDetails = { modulusLength: 512, - publicExponent: 65537n, - hashAlgorithm: 'sha512', - mgf1HashAlgorithm: 'sha512', - saltLength: 0 + publicExponent: 65537n }; assert.deepStrictEqual(publicKey.asymmetricKeyDetails, expectedKeyDetails); assert.deepStrictEqual(privateKey.asymmetricKeyDetails, expectedKeyDetails); @@ -1646,20 +1631,14 @@ if (!common.hasOpenSSL3) { assert.strictEqual(publicKey.asymmetricKeyType, 'rsa-pss'); assert.deepStrictEqual(publicKey.asymmetricKeyDetails, { modulusLength: 512, - publicExponent: 65537n, - hashAlgorithm: 'sha256', - mgf1HashAlgorithm: 'sha256', - saltLength: 16 + publicExponent: 65537n }); assert.strictEqual(privateKey.type, 'private'); assert.strictEqual(privateKey.asymmetricKeyType, 'rsa-pss'); assert.deepStrictEqual(privateKey.asymmetricKeyDetails, { modulusLength: 512, - publicExponent: 65537n, - hashAlgorithm: 'sha256', - mgf1HashAlgorithm: 'sha256', - saltLength: 16 + publicExponent: 65537n }); })); } Index: node-v17.3.0/test/parallel/test-crypto-keygen-deprecation.js =================================================================== --- node-v17.3.0.orig/test/parallel/test-crypto-keygen-deprecation.js +++ node-v17.3.0/test/parallel/test-crypto-keygen-deprecation.js @@ -32,20 +32,14 @@ const { generateKeyPair } = require('cry assert.strictEqual(publicKey.asymmetricKeyType, 'rsa-pss'); assert.deepStrictEqual(publicKey.asymmetricKeyDetails, { modulusLength: 512, - publicExponent: 65537n, - hashAlgorithm: 'sha256', - mgf1HashAlgorithm: 'sha256', - saltLength: 16 + publicExponent: 65537n }); assert.strictEqual(privateKey.type, 'private'); assert.strictEqual(privateKey.asymmetricKeyType, 'rsa-pss'); assert.deepStrictEqual(privateKey.asymmetricKeyDetails, { modulusLength: 512, - publicExponent: 65537n, - hashAlgorithm: 'sha256', - mgf1HashAlgorithm: 'sha256', - saltLength: 16 + publicExponent: 65537n }); })); }