1// Copyright Joyent, Inc. and other Node contributors. 2// 3// Permission is hereby granted, free of charge, to any person obtaining a 4// copy of this software and associated documentation files (the 5// "Software"), to deal in the Software without restriction, including 6// without limitation the rights to use, copy, modify, merge, publish, 7// distribute, sublicense, and/or sell copies of the Software, and to permit 8// persons to whom the Software is furnished to do so, subject to the 9// following conditions: 10// 11// The above copyright notice and this permission notice shall be included 12// in all copies or substantial portions of the Software. 13// 14// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 16// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN 17// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, 18// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR 19// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE 20// USE OR OTHER DEALINGS IN THE SOFTWARE. 21 22// Note: In 0.8 and before, crypto functions all defaulted to using 23// binary-encoded strings rather than buffers. 24 25'use strict'; 26 27const { 28 ObjectDefineProperty, 29 ObjectDefineProperties, 30} = primordials; 31 32const { 33 assertCrypto, 34 deprecate 35} = require('internal/util'); 36assertCrypto(); 37 38const { 39 ERR_CRYPTO_FIPS_FORCED, 40} = require('internal/errors').codes; 41const constants = internalBinding('constants').crypto; 42const { getOptionValue } = require('internal/options'); 43const pendingDeprecation = getOptionValue('--pending-deprecation'); 44const fipsForced = getOptionValue('--force-fips'); 45const { 46 getFipsCrypto, 47 setFipsCrypto, 48 timingSafeEqual, 49} = internalBinding('crypto'); 50const { 51 randomBytes, 52 randomFill, 53 randomFillSync, 54 randomInt, 55 randomUUID, 56} = require('internal/crypto/random'); 57const { 58 pbkdf2, 59 pbkdf2Sync 60} = require('internal/crypto/pbkdf2'); 61const { 62 scrypt, 63 scryptSync 64} = require('internal/crypto/scrypt'); 65const { 66 generateKeyPair, 67 generateKeyPairSync 68} = require('internal/crypto/keygen'); 69const { 70 createSecretKey, 71 createPublicKey, 72 createPrivateKey, 73 KeyObject, 74} = require('internal/crypto/keys'); 75const { 76 DiffieHellman, 77 DiffieHellmanGroup, 78 ECDH, 79 diffieHellman 80} = require('internal/crypto/diffiehellman'); 81const { 82 Cipher, 83 Cipheriv, 84 Decipher, 85 Decipheriv, 86 privateDecrypt, 87 privateEncrypt, 88 publicDecrypt, 89 publicEncrypt 90} = require('internal/crypto/cipher'); 91const { 92 Sign, 93 signOneShot, 94 Verify, 95 verifyOneShot 96} = require('internal/crypto/sig'); 97const { 98 Hash, 99 Hmac 100} = require('internal/crypto/hash'); 101const { 102 getCiphers, 103 getCurves, 104 getDefaultEncoding, 105 getHashes, 106 setDefaultEncoding, 107 setEngine, 108} = require('internal/crypto/util'); 109const Certificate = require('internal/crypto/certificate'); 110 111// These helper functions are needed because the constructors can 112// use new, in which case V8 cannot inline the recursive constructor call 113function createHash(algorithm, options) { 114 return new Hash(algorithm, options); 115} 116 117function createCipher(cipher, password, options) { 118 return new Cipher(cipher, password, options); 119} 120 121function createCipheriv(cipher, key, iv, options) { 122 return new Cipheriv(cipher, key, iv, options); 123} 124 125function createDecipher(cipher, password, options) { 126 return new Decipher(cipher, password, options); 127} 128 129function createDecipheriv(cipher, key, iv, options) { 130 return new Decipheriv(cipher, key, iv, options); 131} 132 133function createDiffieHellman(sizeOrKey, keyEncoding, generator, genEncoding) { 134 return new DiffieHellman(sizeOrKey, keyEncoding, generator, genEncoding); 135} 136 137function createDiffieHellmanGroup(name) { 138 return new DiffieHellmanGroup(name); 139} 140 141function createECDH(curve) { 142 return new ECDH(curve); 143} 144 145function createHmac(hmac, key, options) { 146 return new Hmac(hmac, key, options); 147} 148 149function createSign(algorithm, options) { 150 return new Sign(algorithm, options); 151} 152 153function createVerify(algorithm, options) { 154 return new Verify(algorithm, options); 155} 156 157module.exports = { 158 // Methods 159 createCipheriv, 160 createDecipheriv, 161 createDiffieHellman, 162 createDiffieHellmanGroup, 163 createECDH, 164 createHash, 165 createHmac, 166 createPrivateKey, 167 createPublicKey, 168 createSecretKey, 169 createSign, 170 createVerify, 171 diffieHellman, 172 getCiphers, 173 getCurves, 174 getDiffieHellman: createDiffieHellmanGroup, 175 getHashes, 176 pbkdf2, 177 pbkdf2Sync, 178 generateKeyPair, 179 generateKeyPairSync, 180 privateDecrypt, 181 privateEncrypt, 182 publicDecrypt, 183 publicEncrypt, 184 randomBytes, 185 randomFill, 186 randomFillSync, 187 randomInt, 188 randomUUID, 189 scrypt, 190 scryptSync, 191 sign: signOneShot, 192 setEngine, 193 timingSafeEqual, 194 getFips: fipsForced ? getFipsForced : getFipsCrypto, 195 setFips: fipsForced ? setFipsForced : setFipsCrypto, 196 verify: verifyOneShot, 197 198 // Classes 199 Certificate, 200 Cipher, 201 Cipheriv, 202 Decipher, 203 Decipheriv, 204 DiffieHellman, 205 DiffieHellmanGroup, 206 ECDH, 207 Hash, 208 Hmac, 209 KeyObject, 210 Sign, 211 Verify 212}; 213 214function setFipsForced(val) { 215 if (val) return; 216 throw new ERR_CRYPTO_FIPS_FORCED(); 217} 218 219function getFipsForced() { 220 return 1; 221} 222 223ObjectDefineProperty(constants, 'defaultCipherList', { 224 value: getOptionValue('--tls-cipher-list') 225}); 226 227ObjectDefineProperties(module.exports, { 228 createCipher: { 229 enumerable: false, 230 value: deprecate(createCipher, 231 'crypto.createCipher is deprecated.', 'DEP0106') 232 }, 233 createDecipher: { 234 enumerable: false, 235 value: deprecate(createDecipher, 236 'crypto.createDecipher is deprecated.', 'DEP0106') 237 }, 238 // crypto.fips is deprecated. DEP0093. Use crypto.getFips()/crypto.setFips() 239 fips: { 240 get: fipsForced ? getFipsForced : getFipsCrypto, 241 set: fipsForced ? setFipsForced : setFipsCrypto 242 }, 243 DEFAULT_ENCODING: { 244 enumerable: false, 245 configurable: true, 246 get: deprecate(getDefaultEncoding, 247 'crypto.DEFAULT_ENCODING is deprecated.', 'DEP0091'), 248 set: deprecate(setDefaultEncoding, 249 'crypto.DEFAULT_ENCODING is deprecated.', 'DEP0091') 250 }, 251 constants: { 252 configurable: false, 253 enumerable: true, 254 value: constants 255 }, 256 257 // Aliases for randomBytes are deprecated. 258 // The ecosystem needs those to exist for backwards compatibility. 259 prng: { 260 enumerable: false, 261 configurable: true, 262 writable: true, 263 value: pendingDeprecation ? 264 deprecate(randomBytes, 'crypto.prng is deprecated.', 'DEP0115') : 265 randomBytes 266 }, 267 pseudoRandomBytes: { 268 enumerable: false, 269 configurable: true, 270 writable: true, 271 value: pendingDeprecation ? 272 deprecate(randomBytes, 273 'crypto.pseudoRandomBytes is deprecated.', 'DEP0115') : 274 randomBytes 275 }, 276 rng: { 277 enumerable: false, 278 configurable: true, 279 writable: true, 280 value: pendingDeprecation ? 281 deprecate(randomBytes, 'crypto.rng is deprecated.', 'DEP0115') : 282 randomBytes 283 } 284}); 285