crypto: support Uint8Array prime in createDH

PR-URL: #11983
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>

Author: addaleax

doc/api/crypto.md

@@ -1237,12 +1237,15 @@ The `key` is the raw key used by the `algorithm` and `iv` is an
 <!-- YAML
 added: v0.11.12
 changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/11983
+    description: The `prime` argument can be a `Uint8Array` now.
   - version: v6.0.0
     pr-url: https://github.com/nodejs/node/pull/5522
     description: The default for the encoding parameters changed
                  from `binary` to `utf8`.
 -->
-- `prime` {string | Buffer}
+- `prime` {string | Buffer | Uint8Array}
 - `prime_encoding` {string}
 - `generator` {number | string | Buffer | Uint8Array} Defaults to `2`.
 - `generator_encoding` {string}
@@ -1257,7 +1260,7 @@ The `prime_encoding` and `generator_encoding` arguments can be `'latin1'`,
 `'hex'`, or `'base64'`.
 
 If `prime_encoding` is specified, `prime` is expected to be a string; otherwise
-a [`Buffer`][] is expected.
+a [`Buffer`][] or `Uint8Array` is expected.
 
 If `generator_encoding` is specified, `generator` is expected to be a string;
 otherwise either a number or [`Buffer`][] or `Uint8Array` is expected.

lib/crypto.js

@@ -42,6 +42,7 @@ const timingSafeEqual = binding.timingSafeEqual;
 const Buffer = require('buffer').Buffer;
 const stream = require('stream');
 const util = require('util');
+const { isUint8Array } = process.binding('util');
 const LazyTransform = require('internal/streams/lazy_transform');
 
 const DH_GENERATOR = 2;
@@ -368,10 +369,12 @@ function DiffieHellman(sizeOrKey, keyEncoding, generator, genEncoding) {
   if (!(this instanceof DiffieHellman))
     return new DiffieHellman(sizeOrKey, keyEncoding, generator, genEncoding);
 
-  if (!(sizeOrKey instanceof Buffer) &&
-      typeof sizeOrKey !== 'number' &&
-      typeof sizeOrKey !== 'string')
-    throw new TypeError('First argument should be number, string or Buffer');
+  if (typeof sizeOrKey !== 'number' &&
+      typeof sizeOrKey !== 'string' &&
+      !isUint8Array(sizeOrKey)) {
+    throw new TypeError('First argument should be number, string, ' +
+                        'Uint8Array or Buffer');
+  }
 
   if (keyEncoding) {
     if (typeof keyEncoding !== 'string' ||

test/parallel/test-crypto-dh.js

@@ -24,7 +24,7 @@ assert.strictEqual(dh1.verifyError, 0);
 assert.strictEqual(dh2.verifyError, 0);
 
 const argumentsError =
-  /^TypeError: First argument should be number, string or Buffer$/;
+  /^TypeError: First argument should be number, string, Uint8Array or Buffer$/;
 
 assert.throws(() => {
   crypto.createDiffieHellman([0x1, 0x2]);
@@ -112,45 +112,69 @@ const modp2buf = Buffer.from([
   0x1f, 0xe6, 0x49, 0x28, 0x66, 0x51, 0xec, 0xe6, 0x53, 0x81,
   0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
 ]);
-const exmodp2 = crypto.createDiffieHellman(modp2buf, Buffer.from([2]));
-modp2.generateKeys();
-exmodp2.generateKeys();
-let modp2Secret = modp2.computeSecret(exmodp2.getPublicKey()).toString('hex');
-const exmodp2Secret = exmodp2.computeSecret(modp2.getPublicKey())
-                             .toString('hex');
-assert.strictEqual(modp2Secret, exmodp2Secret);
-assert.strictEqual(modp2.verifyError, DH_NOT_SUITABLE_GENERATOR);
-assert.strictEqual(exmodp2.verifyError, DH_NOT_SUITABLE_GENERATOR);
-
-
-// Ensure specific generator (string with encoding) works as expected.
-const exmodp2_2 = crypto.createDiffieHellman(modp2buf, '02', 'hex');
-exmodp2_2.generateKeys();
-modp2Secret = modp2.computeSecret(exmodp2_2.getPublicKey()).toString('hex');
-const exmodp2_2Secret = exmodp2_2.computeSecret(modp2.getPublicKey())
-                                 .toString('hex');
-assert.strictEqual(modp2Secret, exmodp2_2Secret);
-assert.strictEqual(exmodp2_2.verifyError, DH_NOT_SUITABLE_GENERATOR);
-
-
-// Ensure specific generator (string without encoding) works as expected.
-const exmodp2_3 = crypto.createDiffieHellman(modp2buf, '\x02');
-exmodp2_3.generateKeys();
-modp2Secret = modp2.computeSecret(exmodp2_3.getPublicKey()).toString('hex');
-const exmodp2_3Secret = exmodp2_3.computeSecret(modp2.getPublicKey())
-                               .toString('hex');
-assert.strictEqual(modp2Secret, exmodp2_3Secret);
-assert.strictEqual(exmodp2_3.verifyError, DH_NOT_SUITABLE_GENERATOR);
-
-
-// Ensure specific generator (numeric) works as expected.
-const exmodp2_4 = crypto.createDiffieHellman(modp2buf, 2);
-exmodp2_4.generateKeys();
-modp2Secret = modp2.computeSecret(exmodp2_4.getPublicKey()).toString('hex');
-const exmodp2_4Secret = exmodp2_4.computeSecret(modp2.getPublicKey())
-                               .toString('hex');
-assert.strictEqual(modp2Secret, exmodp2_4Secret);
-assert.strictEqual(exmodp2_4.verifyError, DH_NOT_SUITABLE_GENERATOR);
+
+{
+  const exmodp2 = crypto.createDiffieHellman(modp2buf, Buffer.from([2]));
+  modp2.generateKeys();
+  exmodp2.generateKeys();
+  const modp2Secret = modp2.computeSecret(exmodp2.getPublicKey())
+      .toString('hex');
+  const exmodp2Secret = exmodp2.computeSecret(modp2.getPublicKey())
+      .toString('hex');
+  assert.strictEqual(modp2Secret, exmodp2Secret);
+  assert.strictEqual(modp2.verifyError, DH_NOT_SUITABLE_GENERATOR);
+  assert.strictEqual(exmodp2.verifyError, DH_NOT_SUITABLE_GENERATOR);
+}
+
+{
+  // Ensure specific generator (string with encoding) works as expected.
+  const exmodp2 = crypto.createDiffieHellman(modp2buf, '02', 'hex');
+  exmodp2.generateKeys();
+  const modp2Secret = modp2.computeSecret(exmodp2.getPublicKey())
+      .toString('hex');
+  const exmodp2Secret = exmodp2.computeSecret(modp2.getPublicKey())
+      .toString('hex');
+  assert.strictEqual(modp2Secret, exmodp2Secret);
+  assert.strictEqual(exmodp2.verifyError, DH_NOT_SUITABLE_GENERATOR);
+}
+
+{
+  // Ensure specific generator (string with encoding) works as expected,
+  // with a Uint8Array as the first argument to createDiffieHellman().
+  const exmodp2 = crypto.createDiffieHellman(new Uint8Array(modp2buf),
+                                             '02', 'hex');
+  exmodp2.generateKeys();
+  const modp2Secret = modp2.computeSecret(exmodp2.getPublicKey())
+      .toString('hex');
+  const exmodp2Secret = exmodp2.computeSecret(modp2.getPublicKey())
+      .toString('hex');
+  assert.strictEqual(modp2Secret, exmodp2Secret);
+  assert.strictEqual(exmodp2.verifyError, DH_NOT_SUITABLE_GENERATOR);
+}
+
+{
+  // Ensure specific generator (string without encoding) works as expected.
+  const exmodp2 = crypto.createDiffieHellman(modp2buf, '\x02');
+  exmodp2.generateKeys();
+  const modp2Secret = modp2.computeSecret(exmodp2.getPublicKey())
+      .toString('hex');
+  const exmodp2Secret = exmodp2.computeSecret(modp2.getPublicKey())
+      .toString('hex');
+  assert.strictEqual(modp2Secret, exmodp2Secret);
+  assert.strictEqual(exmodp2.verifyError, DH_NOT_SUITABLE_GENERATOR);
+}
+
+{
+  // Ensure specific generator (numeric) works as expected.
+  const exmodp2 = crypto.createDiffieHellman(modp2buf, 2);
+  exmodp2.generateKeys();
+  const modp2Secret = modp2.computeSecret(exmodp2.getPublicKey())
+      .toString('hex');
+  const exmodp2Secret = exmodp2.computeSecret(modp2.getPublicKey())
+      .toString('hex');
+  assert.strictEqual(modp2Secret, exmodp2Secret);
+  assert.strictEqual(exmodp2.verifyError, DH_NOT_SUITABLE_GENERATOR);
+}
 
 
 const p = 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74' +