add rsa sign/verify and public key export

add wc_RsaSSL_Sign and wc_RsaSSL_Verify bindings also add wc_RsaKeyToPublicDer so the public key can be exported, I thought the ToDer function did this

Author: John Bland

addon/wolfcrypt/h/rsa.h

@@ -22,14 +22,18 @@
 #include <wolfssl/options.h>
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/wolfcrypt/rsa.h>
+#include <wolfssl/wolfcrypt/asn_public.h>
 
 Napi::Number sizeof_RsaKey(const Napi::CallbackInfo& info);
 Napi::Number bind_wc_RsaEncryptSize(const Napi::CallbackInfo& info);
 Napi::Number bind_wc_InitRsaKey(const Napi::CallbackInfo& info);
 Napi::Number bind_wc_MakeRsaKey(const Napi::CallbackInfo& info);
 Napi::Number bind_wc_RsaKeyToDer(const Napi::CallbackInfo& info);
+Napi::Number bind_wc_RsaKeyToPublicDer(const Napi::CallbackInfo& info);
 Napi::Number bind_wc_RsaPrivateKeyDecode(const Napi::CallbackInfo& info);
 Napi::Number bind_wc_RsaPublicKeyDecode(const Napi::CallbackInfo& info);
 Napi::Number bind_wc_RsaPublicEncrypt(const Napi::CallbackInfo& info);
 Napi::Number bind_wc_RsaPrivateDecrypt(const Napi::CallbackInfo& info);
+Napi::Number bind_wc_RsaSSL_Sign(const Napi::CallbackInfo& info);
+Napi::Number bind_wc_RsaSSL_Verify(const Napi::CallbackInfo& info);
 Napi::Number bind_wc_FreeRsaKey(const Napi::CallbackInfo& info);

addon/wolfcrypt/main.cpp

@@ -50,10 +50,13 @@ Napi::Object Init(Napi::Env env, Napi::Object exports)
   exports.Set(Napi::String::New(env, "wc_InitRsaKey"), Napi::Function::New(env, bind_wc_InitRsaKey));
   exports.Set(Napi::String::New(env, "wc_MakeRsaKey"), Napi::Function::New(env, bind_wc_MakeRsaKey));
   exports.Set(Napi::String::New(env, "wc_RsaKeyToDer"), Napi::Function::New(env, bind_wc_RsaKeyToDer));
+  exports.Set(Napi::String::New(env, "wc_RsaKeyToPublicDer"), Napi::Function::New(env, bind_wc_RsaKeyToPublicDer));
   exports.Set(Napi::String::New(env, "wc_RsaPrivateKeyDecode"), Napi::Function::New(env, bind_wc_RsaPrivateKeyDecode));
   exports.Set(Napi::String::New(env, "wc_RsaPublicKeyDecode"), Napi::Function::New(env, bind_wc_RsaPublicKeyDecode));
   exports.Set(Napi::String::New(env, "wc_RsaPublicEncrypt"), Napi::Function::New(env, bind_wc_RsaPublicEncrypt));
   exports.Set(Napi::String::New(env, "wc_RsaPrivateDecrypt"), Napi::Function::New(env, bind_wc_RsaPrivateDecrypt));
+  exports.Set(Napi::String::New(env, "wc_RsaSSL_Sign"), Napi::Function::New(env, bind_wc_RsaSSL_Sign));
+  exports.Set(Napi::String::New(env, "wc_RsaSSL_Verify"), Napi::Function::New(env, bind_wc_RsaSSL_Verify));
   exports.Set(Napi::String::New(env, "wc_FreeRsaKey"), Napi::Function::New(env, bind_wc_FreeRsaKey));
 
   exports.Set(Napi::String::New(env, "Sha_digest_length"), Napi::Function::New(env, Sha_digest_length));

addon/wolfcrypt/rsa.cpp

@@ -77,6 +77,19 @@ Napi::Number bind_wc_RsaKeyToDer(const Napi::CallbackInfo& info)
   return Napi::Number::New( env, ret );
 }
 
+Napi::Number bind_wc_RsaKeyToPublicDer(const Napi::CallbackInfo& info)
+{
+  int ret;
+  Napi::Env env = info.Env();
+  RsaKey* rsa = (RsaKey*)( info[0].As<Napi::Uint8Array>().Data() );
+  uint8_t* out = info[1].As<Napi::Uint8Array>().Data();
+  int outSz = info[2].As<Napi::Number>().Int32Value();
+
+  ret = wc_RsaKeyToPublicDer( rsa, out, outSz );
+
+  return Napi::Number::New( env, ret );
+}
+
 Napi::Number bind_wc_RsaPrivateKeyDecode(const Napi::CallbackInfo& info)
 {
   int ret;
@@ -110,12 +123,12 @@ Napi::Number bind_wc_RsaPublicEncrypt(const Napi::CallbackInfo& info)
   int ret;
   Napi::Env env = info.Env();
   uint8_t* in = info[0].As<Napi::Uint8Array>().Data();
-  int inLen = info[1].As<Napi::Number>().Int32Value();
+  int in_len = info[1].As<Napi::Number>().Int32Value();
   uint8_t* out = info[2].As<Napi::Uint8Array>().Data();
-  int outLen = info[3].As<Napi::Number>().Int32Value();
+  int out_len = info[3].As<Napi::Number>().Int32Value();
   RsaKey* rsa = (RsaKey*)( info[4].As<Napi::Uint8Array>().Data() );
 
-  ret = wc_RsaPublicEncrypt( in, inLen, out, outLen, rsa, rsa->rng );
+  ret = wc_RsaPublicEncrypt( in, in_len, out, out_len, rsa, rsa->rng );
 
   return Napi::Number::New( env, ret );
 }
@@ -125,12 +138,42 @@ Napi::Number bind_wc_RsaPrivateDecrypt(const Napi::CallbackInfo& info)
   int ret;
   Napi::Env env = info.Env();
   uint8_t* in = info[0].As<Napi::Uint8Array>().Data();
-  int inLen = info[1].As<Napi::Number>().Int32Value();
+  int in_len = info[1].As<Napi::Number>().Int32Value();
+  uint8_t* out = info[2].As<Napi::Uint8Array>().Data();
+  int out_len = info[3].As<Napi::Number>().Int32Value();
+  RsaKey* rsa = (RsaKey*)( info[4].As<Napi::Uint8Array>().Data() );
+
+  ret = wc_RsaPrivateDecrypt( in, in_len, out, out_len, rsa );
+
+  return Napi::Number::New( env, ret );
+}
+
+Napi::Number bind_wc_RsaSSL_Sign(const Napi::CallbackInfo& info)
+{
+  int ret;
+  Napi::Env env = info.Env();
+  uint8_t* in = info[0].As<Napi::Uint8Array>().Data();
+  int in_len = info[1].As<Napi::Number>().Int32Value();
+  uint8_t* out = info[2].As<Napi::Uint8Array>().Data();
+  int out_len = info[3].As<Napi::Number>().Int32Value();
+  RsaKey* rsa = (RsaKey*)( info[4].As<Napi::Uint8Array>().Data() );
+
+  ret = wc_RsaSSL_Sign( in, in_len, out, out_len, rsa, rsa->rng );
+
+  return Napi::Number::New( env, ret );
+}
+
+Napi::Number bind_wc_RsaSSL_Verify(const Napi::CallbackInfo& info)
+{
+  int ret;
+  Napi::Env env = info.Env();
+  uint8_t* in = info[0].As<Napi::Uint8Array>().Data();
+  int in_len = info[1].As<Napi::Number>().Int32Value();
   uint8_t* out = info[2].As<Napi::Uint8Array>().Data();
-  int outLen = info[3].As<Napi::Number>().Int32Value();
+  int out_len = info[3].As<Napi::Number>().Int32Value();
   RsaKey* rsa = (RsaKey*)( info[4].As<Napi::Uint8Array>().Data() );
 
-  ret = wc_RsaPrivateDecrypt( in, inLen, out, outLen, rsa );
+  ret = wc_RsaSSL_Verify( in, in_len, out, out_len, rsa );
 
   return Napi::Number::New( env, ret );
 }

app.js

@@ -1,4 +1,4 @@
-/* hmac.h
+/* app.js
  *
  * Copyright (C) 2006-2022 wolfSSL Inc.
  *
@@ -35,12 +35,10 @@ const ecc_tests = require( './tests/ecc' );
     await hmac_tests[key]()
   }
 
-  /*
   for ( const key of Object.keys( rsa_tests ) )
   {
     await rsa_tests[key]()
   }
-  */
 
   for ( const key of Object.keys( sha_tests ) )
   {

interfaces/ecc.js

@@ -59,6 +59,7 @@ class WolfSSLEcc
       throw 'Ecc not allocated'
     }
 
+    // TODO is there a way to know this ahead of time to make sure our asnBuf is big enough
     let asnBuf = Buffer.alloc( 2048 )
 
     let ret = wolfcrypt.wc_ecc_export_x963( this.ecc, asnBuf, asnBuf.length )

interfaces/rsa.js

@@ -41,13 +41,14 @@ class WolfSSLRsa
     }
   }
 
-  RsaKeyToDer()
+  KeyToDer()
   {
     if ( this.size == -1 || this.rsa == null )
     {
       throw 'Invalid rsa key'
     }
 
+    // TODO is there a way to know this ahead of time or shrink afterwards?
     let derBuf = Buffer.alloc( this.size )
 
     let ret = wolfcrypt.wc_RsaKeyToDer( this.rsa, derBuf, this.size )
@@ -60,22 +61,49 @@ class WolfSSLRsa
     return derBuf
   }
 
-  RsaPrivateKeyDecode( derBuf )
+  KeyToPublicDer()
+  {
+    if ( this.size == -1 || this.rsa == null )
+    {
+      throw 'Invalid rsa key'
+    }
+
+    // TODO is there a way to know this ahead of time or shrink afterwards?
+    let derBuf = Buffer.alloc( this.size )
+
+    let ret = wolfcrypt.wc_RsaKeyToPublicDer( this.rsa, derBuf, derBuf.length )
+
+    if ( ret < 0 )
+    {
+      throw `Failed to wc_RsaKeyToPublicDer ${ ret }`
+    }
+
+    return derBuf
+  }
+
+  PrivateKeyDecode( derBuf, size )
   {
     if ( this.rsa == null )
     {
       throw 'Invalid rsa key'
     }
 
+    if ( !Buffer.isBuffer( derBuf ) )
+    {
+      throw 'Private key der must be Buffer'
+    }
+
     let ret = wolfcrypt.wc_RsaPrivateKeyDecode( derBuf, this.rsa, derBuf.length )
 
     if ( ret != 0 )
     {
       throw `Failed to wc_RsaPrivateKeyDecode ${ ret }`
     }
+
+    this.size = size
   }
 
-  RsaPublicKeyDecode( derBuf )
+  PublicKeyDecode( derBuf, size )
   {
     if ( this.rsa == null )
     {
@@ -88,9 +116,11 @@ class WolfSSLRsa
     {
       throw `Failed to wc_RsaPublicKeyDecode ${ ret }`
     }
+
+    this.size = size
   }
 
-  RsaPublicEncrypt( data )
+  PublicEncrypt( data )
   {
     if ( this.rsa == null )
     {
@@ -111,10 +141,12 @@ class WolfSSLRsa
       throw `Failed to wc_RsaPublicEncrypt ${ ret }`
     }
 
+    ciphertext = ciphertext.subarray( 0, ret )
+
     return ciphertext
   }
 
-  RsaPrivateDecrypt( ciphertext )
+  PrivateDecrypt( ciphertext )
   {
     if ( this.rsa == null )
     {
@@ -135,10 +167,68 @@ class WolfSSLRsa
       throw `Failed to wc_RsaPrivateDecrypt ${ ret }`
     }
 
-    return ciphertext
+    data = data.subarray( 0, ret )
+
+    return data
+  }
+
+  SSL_Sign( data )
+  {
+    if ( this.rsa == null )
+    {
+      throw 'Invalid rsa key'
+    }
+
+    if ( typeof data == 'string' )
+    {
+      data = Buffer.from( data )
+    }
+
+    let sig = Buffer.alloc( this.size / 8 )
+
+    let ret = wolfcrypt.wc_RsaSSL_Sign( data, data.length, sig, sig.length, this.rsa )
+
+    if ( ret <= 0 )
+    {
+      throw `Failed to wc_RsaSSL_Sign ${ ret }`
+    }
+
+    return sig
+  }
+
+  SSL_Verify( sig, data )
+  {
+    if ( this.rsa == null )
+    {
+      throw 'Invalid rsa key'
+    }
+
+    if ( !Buffer.isBuffer( sig ) )
+    {
+      throw `signature must be a Buffer`
+    }
+
+    if ( typeof data == 'string' )
+    {
+      data = Buffer.from( data )
+    }
+
+    let validLength = wolfcrypt.wc_RsaSSL_Verify( sig, sig.length, data, data.length, this.rsa )
+
+    if ( validLength < 0 )
+    {
+      throw `Failed to wc_RsaSSL_Verify ${ validLength }`
+    }
+
+    if ( validLength == data.length )
+    {
+      return true
+    }
+
+    return false
   }
 
-  FreeRsaKey()
+  free()
   {
     wolfcrypt.wc_FreeRsaKey( this.rsa )
     this.rsa = null