feat: use native node crypto for RSA-PSS

cisco · Aug 27, 2018 · 8a05f35 · 8a05f35
1 parent 2a9e48a
commit 8a05f35
Showing 1 changed file with 44 additions and 2 deletions.
diff --git a/lib/algorithms/rsassa.js b/lib/algorithms/rsassa.js
@@ -211,7 +211,27 @@ function rsassaPssSignFn(name) {
     return promise;
   };
 
-  return helpers.setupFallback(null, webcrypto, fallback);
+  var nodejs;
+  var nodeHash = "RSA-" + hash.replace("-", "");
+  if (helpers.nodeCrypto && helpers.nodeCrypto.getHashes().indexOf(nodeHash) > -1) {
+    nodejs = function(key, pdata) {
+      var sign = helpers.nodeCrypto.createSign(nodeHash);
+      sign.update(pdata);
+
+      var sig = sign.sign({
+        key: rsaUtil.convertToPem(key, false),
+        padding: helpers.nodeCrypto.constants.RSA_PKCS1_PSS_PADDING,
+        saltLength: helpers.nodeCrypto.constants.RSA_PSS_SALTLEN_DIGEST,
+      });
+
+      return {
+        data: pdata,
+        mac: sig
+      };
+    };
+  }
+
+  return helpers.setupFallback(nodejs, webcrypto, fallback);
 }
 
 function rsassaPssVerifyFn(name) {
@@ -278,7 +298,29 @@ function rsassaPssVerifyFn(name) {
     return promise;
   };
 
-  return helpers.setupFallback(null, webcrypto, fallback);
+  var nodejs;
+  if (helpers.nodeCrypto && helpers.nodeCrypto.getHashes().indexOf(md) > -1) {
+    nodejs = function(key, pdata, mac) {
+      var verify = helpers.nodeCrypto.createVerify(md);
+      verify.update(pdata);
+      verify.end();
+      var result = verify.verify({
+        key: rsaUtil.convertToPem(key, true),
+        padding: helpers.nodeCrypto.constants.RSA_PKCS1_PSS_PADDING,
+      }, mac);
+      if (!result) {
+        return Promise.reject(new Error("verification failed"));
+      }
+
+      return {
+        data: pdata,
+        mac: mac,
+        valid: true,
+      };
+    };
+  }
+
+  return helpers.setupFallback(nodejs, webcrypto, fallback);
 }
 
 // ### Public API