fixup! crypto: add signDigest/verifyDigest and Ed25519ctx support

Author: panva

lib/internal/crypto/sig.js

@@ -46,6 +46,7 @@ const { Writable } = require('stream');
 const { Buffer } = require('buffer');
 
 const {
+  isAnyArrayBuffer,
   isArrayBufferView,
 } = require('internal/util/types');
 
@@ -152,14 +153,38 @@ Sign.prototype.sign = function sign(options, encoding) {
   return ret;
 };
 
+function validateDigestOrData(data, prehashed) {
+  if (prehashed) {
+    if (!isArrayBufferView(data) && !isAnyArrayBuffer(data)) {
+      throw new ERR_INVALID_ARG_TYPE(
+        'digest',
+        ['ArrayBuffer', 'Buffer', 'TypedArray', 'DataView'],
+        data,
+      );
+    }
+    return data;
+  }
+
+  data = getArrayBufferOrView(data, 'data');
+
+  if (!isArrayBufferView(data)) {
+    throw new ERR_INVALID_ARG_TYPE(
+      'data',
+      ['Buffer', 'TypedArray', 'DataView'],
+      data,
+    );
+  }
+  return data;
+}
+
 function signOneShotImpl(algorithm, data, key, callback, prehashed) {
   if (algorithm != null)
     validateString(algorithm, 'algorithm');
 
   if (callback !== undefined)
     validateFunction(callback, 'callback');
 
-  data = getArrayBufferOrView(data, prehashed ? 'digest' : 'data');
+  data = validateDigestOrData(data, prehashed);
 
   if (!key)
     throw new ERR_CRYPTO_SIGN_KEY_REQUIRED();
@@ -260,16 +285,7 @@ function verifyOneShotImpl(algorithm, data, key, signature, callback, prehashed)
   if (callback !== undefined)
     validateFunction(callback, 'callback');
 
-  const dataName = prehashed ? 'digest' : 'data';
-  data = getArrayBufferOrView(data, dataName);
-
-  if (!isArrayBufferView(data)) {
-    throw new ERR_INVALID_ARG_TYPE(
-      dataName,
-      ['Buffer', 'TypedArray', 'DataView'],
-      data,
-    );
-  }
+  data = validateDigestOrData(data, prehashed);
 
   // Options specific to RSA
   const rsaPadding = getPadding(key);

test/parallel/test-crypto-sign-verify-digest.js

@@ -290,6 +290,36 @@ if (hasOpenSSL(3, 2)) {
   }));
 }
 
+// --- Async (callback) error handling ---
+{
+  // Non-signing key type error is delivered via callback
+  const x25519Priv = fixtures.readKey('x25519_private.pem', 'ascii');
+  crypto.signDigest('sha256', Buffer.alloc(32), x25519Priv, common.mustCall((err) => {
+    assert(err);
+    assert.match(err.message, /operation not supported for this keytype/);
+  }));
+}
+
+if (hasOpenSSL(3, 2)) {
+  // Wrong digest length error is delivered via callback
+  const edPrivKey = fixtures.readKey('ed25519_private.pem', 'ascii');
+  crypto.signDigest(null, Buffer.alloc(32), edPrivKey, common.mustCall((err) => {
+    assert(err);
+    assert.match(err.message, /invalid digest length/);
+  }));
+}
+
+if (hasOpenSSL(3, 5)) {
+  // PrehashUnsupported error is delivered via callback
+  const mldsaPrivKey = fixtures.readKey('ml_dsa_44_private.pem', 'ascii');
+  crypto.signDigest(null, Buffer.alloc(32), mldsaPrivKey, common.mustCall((err) => {
+    assert(err);
+    // TODO(@panva): revisit how to make CryptoJob async failures retain
+    // and decorate OpenSSL errors.
+    assert.match(err.message, /Deriving bits failed/);
+  }));
+}
+
 // --- Error: unsupported key type for prehashed signing ---
 {
   // ML-DSA keys are one-shot-only and don't support prehashed signing.
@@ -350,6 +380,60 @@ if (hasOpenSSL(3, 2)) {
   }, { code: 'ERR_CRYPTO_INVALID_DIGEST' });
 }
 
+// --- Error: string inputs are rejected (digest must be binary) ---
+{
+  const privKey = fixtures.readKey('rsa_private_2048.pem', 'ascii');
+  const pubKey = fixtures.readKey('rsa_public_2048.pem', 'ascii');
+
+  // 64-byte string (same length as a SHA-512 digest)
+  const strDigest64 = 'a'.repeat(64);
+  assert.throws(() => {
+    crypto.signDigest('sha256', strDigest64, privKey);
+  }, { code: 'ERR_INVALID_ARG_TYPE' });
+
+  assert.throws(() => {
+    crypto.verifyDigest('sha256', strDigest64, pubKey, Buffer.alloc(256));
+  }, { code: 'ERR_INVALID_ARG_TYPE' });
+
+  // 128-byte string
+  const strDigest128 = 'b'.repeat(128);
+  assert.throws(() => {
+    crypto.signDigest('sha256', strDigest128, privKey);
+  }, { code: 'ERR_INVALID_ARG_TYPE' });
+
+  assert.throws(() => {
+    crypto.verifyDigest('sha256', strDigest128, pubKey, Buffer.alloc(256));
+  }, { code: 'ERR_INVALID_ARG_TYPE' });
+}
+
+// --- ECDSA: hash larger than curve order (cross-verify) ---
+// Using SHA-512 (64 bytes) with P-256 (32-byte order) and P-384 (48-byte order).
+// The digest is larger than the curve's order; ECDSA truncates it internally.
+{
+  const curves = [
+    { priv: 'ec_p256_private.pem', pub: 'ec_p256_public.pem' },
+    { priv: 'ec_p384_private.pem', pub: 'ec_p384_public.pem' },
+  ];
+
+  for (const { priv, pub } of curves) {
+    const privKey = fixtures.readKey(priv, 'ascii');
+    const pubKey = fixtures.readKey(pub, 'ascii');
+
+    const digest = crypto.createHash('sha512').update(data).digest();
+
+    // signDigest + verifyDigest
+    const sig = crypto.signDigest('sha512', digest, privKey);
+    assert.strictEqual(crypto.verifyDigest('sha512', digest, pubKey, sig), true);
+
+    // Cross-verify: sign with crypto.signDigest, verify with crypto.verify
+    assert.strictEqual(crypto.verify('sha512', data, pubKey, sig), true);
+
+    // Cross-verify: sign with crypto.sign, verify with crypto.verifyDigest
+    const sig2 = crypto.sign('sha512', data, privKey);
+    assert.strictEqual(crypto.verifyDigest('sha512', digest, pubKey, sig2), true);
+  }
+}
+
 // --- Error: wrong digest length for Ed25519ph/Ed448ph ---
 if (hasOpenSSL(3, 2)) {
   // Ed25519ph requires exactly 64-byte SHA-512 digest
@@ -367,4 +451,15 @@ if (hasOpenSSL(3, 2)) {
       crypto.signDigest(null, Buffer.alloc(32), privKey);
     }, { code: 'ERR_OSSL_INVALID_DIGEST_LENGTH' });
   }
+
+  // Ed448ph rejects a valid 128-byte SHAKE256 digest (must be exactly 64 bytes)
+  {
+    const privKey = fixtures.readKey('ed448_private.pem', 'ascii');
+    const shake256_128 = crypto.createHash('shake256', { outputLength: 128 }).update(data).digest();
+    assert.strictEqual(shake256_128.length, 128);
+
+    assert.throws(() => {
+      crypto.signDigest(null, shake256_128, privKey);
+    }, { code: 'ERR_OSSL_INVALID_DIGEST_LENGTH' });
+  }
 }