1// Copyright Joyent, Inc. and other Node contributors. 2// 3// Permission is hereby granted, free of charge, to any person obtaining a 4// copy of this software and associated documentation files (the 5// "Software"), to deal in the Software without restriction, including 6// without limitation the rights to use, copy, modify, merge, publish, 7// distribute, sublicense, and/or sell copies of the Software, and to permit 8// persons to whom the Software is furnished to do so, subject to the 9// following conditions: 10// 11// The above copyright notice and this permission notice shall be included 12// in all copies or substantial portions of the Software. 13// 14// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 16// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN 17// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, 18// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR 19// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE 20// USE OR OTHER DEALINGS IN THE SOFTWARE. 21 22// Note: In 0.8 and before, crypto functions all defaulted to using 23// binary-encoded strings rather than buffers. 24 25'use strict'; 26 27const { 28 ObjectDefineProperty, 29 ObjectDefineProperties, 30} = primordials; 31 32const { 33 assertCrypto, 34 deprecate 35} = require('internal/util'); 36assertCrypto(); 37 38const { 39 ERR_CRYPTO_FIPS_FORCED, 40 ERR_CRYPTO_FIPS_UNAVAILABLE 41} = require('internal/errors').codes; 42const constants = internalBinding('constants').crypto; 43const { getOptionValue } = require('internal/options'); 44const pendingDeprecation = getOptionValue('--pending-deprecation'); 45const { fipsMode } = internalBinding('config'); 46const fipsForced = getOptionValue('--force-fips'); 47const { 48 getFipsCrypto, 49 setFipsCrypto, 50 timingSafeEqual, 51} = internalBinding('crypto'); 52const { 53 randomBytes, 54 randomFill, 55 randomFillSync, 56 randomInt 57} = require('internal/crypto/random'); 58const { 59 pbkdf2, 60 pbkdf2Sync 61} = require('internal/crypto/pbkdf2'); 62const { 63 scrypt, 64 scryptSync 65} = require('internal/crypto/scrypt'); 66const { 67 generateKeyPair, 68 generateKeyPairSync 69} = require('internal/crypto/keygen'); 70const { 71 createSecretKey, 72 createPublicKey, 73 createPrivateKey, 74 KeyObject, 75} = require('internal/crypto/keys'); 76const { 77 DiffieHellman, 78 DiffieHellmanGroup, 79 ECDH, 80 diffieHellman 81} = require('internal/crypto/diffiehellman'); 82const { 83 Cipher, 84 Cipheriv, 85 Decipher, 86 Decipheriv, 87 privateDecrypt, 88 privateEncrypt, 89 publicDecrypt, 90 publicEncrypt 91} = require('internal/crypto/cipher'); 92const { 93 Sign, 94 signOneShot, 95 Verify, 96 verifyOneShot 97} = require('internal/crypto/sig'); 98const { 99 Hash, 100 Hmac 101} = require('internal/crypto/hash'); 102const { 103 getCiphers, 104 getCurves, 105 getDefaultEncoding, 106 getHashes, 107 setDefaultEncoding, 108 setEngine, 109} = require('internal/crypto/util'); 110const Certificate = require('internal/crypto/certificate'); 111 112// These helper functions are needed because the constructors can 113// use new, in which case V8 cannot inline the recursive constructor call 114function createHash(algorithm, options) { 115 return new Hash(algorithm, options); 116} 117 118function createCipher(cipher, password, options) { 119 return new Cipher(cipher, password, options); 120} 121 122function createCipheriv(cipher, key, iv, options) { 123 return new Cipheriv(cipher, key, iv, options); 124} 125 126function createDecipher(cipher, password, options) { 127 return new Decipher(cipher, password, options); 128} 129 130function createDecipheriv(cipher, key, iv, options) { 131 return new Decipheriv(cipher, key, iv, options); 132} 133 134function createDiffieHellman(sizeOrKey, keyEncoding, generator, genEncoding) { 135 return new DiffieHellman(sizeOrKey, keyEncoding, generator, genEncoding); 136} 137 138function createDiffieHellmanGroup(name) { 139 return new DiffieHellmanGroup(name); 140} 141 142function createECDH(curve) { 143 return new ECDH(curve); 144} 145 146function createHmac(hmac, key, options) { 147 return new Hmac(hmac, key, options); 148} 149 150function createSign(algorithm, options) { 151 return new Sign(algorithm, options); 152} 153 154function createVerify(algorithm, options) { 155 return new Verify(algorithm, options); 156} 157 158module.exports = { 159 // Methods 160 createCipheriv, 161 createDecipheriv, 162 createDiffieHellman, 163 createDiffieHellmanGroup, 164 createECDH, 165 createHash, 166 createHmac, 167 createPrivateKey, 168 createPublicKey, 169 createSecretKey, 170 createSign, 171 createVerify, 172 diffieHellman, 173 getCiphers, 174 getCurves, 175 getDiffieHellman: createDiffieHellmanGroup, 176 getHashes, 177 pbkdf2, 178 pbkdf2Sync, 179 generateKeyPair, 180 generateKeyPairSync, 181 privateDecrypt, 182 privateEncrypt, 183 publicDecrypt, 184 publicEncrypt, 185 randomBytes, 186 randomFill, 187 randomFillSync, 188 randomInt, 189 scrypt, 190 scryptSync, 191 sign: signOneShot, 192 setEngine, 193 timingSafeEqual, 194 getFips: !fipsMode ? getFipsDisabled : 195 fipsForced ? getFipsForced : getFipsCrypto, 196 setFips: !fipsMode ? setFipsDisabled : 197 fipsForced ? setFipsForced : setFipsCrypto, 198 verify: verifyOneShot, 199 200 // Classes 201 Certificate, 202 Cipher, 203 Cipheriv, 204 Decipher, 205 Decipheriv, 206 DiffieHellman, 207 DiffieHellmanGroup, 208 ECDH, 209 Hash, 210 Hmac, 211 KeyObject, 212 Sign, 213 Verify 214}; 215 216function setFipsDisabled() { 217 throw new ERR_CRYPTO_FIPS_UNAVAILABLE(); 218} 219 220function setFipsForced(val) { 221 if (val) return; 222 throw new ERR_CRYPTO_FIPS_FORCED(); 223} 224 225function getFipsDisabled() { 226 return 0; 227} 228 229function getFipsForced() { 230 return 1; 231} 232 233ObjectDefineProperty(constants, 'defaultCipherList', { 234 value: getOptionValue('--tls-cipher-list') 235}); 236 237ObjectDefineProperties(module.exports, { 238 createCipher: { 239 enumerable: false, 240 value: deprecate(createCipher, 241 'crypto.createCipher is deprecated.', 'DEP0106') 242 }, 243 createDecipher: { 244 enumerable: false, 245 value: deprecate(createDecipher, 246 'crypto.createDecipher is deprecated.', 'DEP0106') 247 }, 248 // crypto.fips is deprecated. DEP0093. Use crypto.getFips()/crypto.setFips() 249 fips: { 250 get: !fipsMode ? getFipsDisabled : 251 fipsForced ? getFipsForced : getFipsCrypto, 252 set: !fipsMode ? setFipsDisabled : 253 fipsForced ? setFipsForced : setFipsCrypto 254 }, 255 DEFAULT_ENCODING: { 256 enumerable: false, 257 configurable: true, 258 get: deprecate(getDefaultEncoding, 259 'crypto.DEFAULT_ENCODING is deprecated.', 'DEP0091'), 260 set: deprecate(setDefaultEncoding, 261 'crypto.DEFAULT_ENCODING is deprecated.', 'DEP0091') 262 }, 263 constants: { 264 configurable: false, 265 enumerable: true, 266 value: constants 267 }, 268 269 // Aliases for randomBytes are deprecated. 270 // The ecosystem needs those to exist for backwards compatibility. 271 prng: { 272 enumerable: false, 273 configurable: true, 274 writable: true, 275 value: pendingDeprecation ? 276 deprecate(randomBytes, 'crypto.prng is deprecated.', 'DEP0115') : 277 randomBytes 278 }, 279 pseudoRandomBytes: { 280 enumerable: false, 281 configurable: true, 282 writable: true, 283 value: pendingDeprecation ? 284 deprecate(randomBytes, 285 'crypto.pseudoRandomBytes is deprecated.', 'DEP0115') : 286 randomBytes 287 }, 288 rng: { 289 enumerable: false, 290 configurable: true, 291 writable: true, 292 value: pendingDeprecation ? 293 deprecate(randomBytes, 'crypto.rng is deprecated.', 'DEP0115') : 294 randomBytes 295 } 296}); 297