chore: add crypto callbacks to src

Author: nbbeeken

src/crypto_callbacks.ts

@@ -0,0 +1,106 @@
+import * as crypto from 'crypto';
+
+type AES256Callback = (key: Buffer, iv: Buffer, input: Buffer, output: Buffer) => number | Error;
+
+function makeAES256Hook(
+  method: 'createCipheriv' | 'createDecipheriv',
+  mode: 'aes-256-cbc' | 'aes-256-ctr'
+): AES256Callback {
+  return function (key: Buffer, iv: Buffer, input: Buffer, output: Buffer): number | Error {
+    let result;
+
+    try {
+      const cipher = crypto[method](mode, key, iv);
+      cipher.setAutoPadding(false);
+      result = cipher.update(input);
+      const final = cipher.final();
+      if (final.length > 0) {
+        result = Buffer.concat([result, final]);
+      }
+    } catch (e) {
+      return e;
+    }
+
+    result.copy(output);
+    return result.length;
+  };
+}
+
+function randomHook(buffer: Buffer, count: number): number | Error {
+  try {
+    crypto.randomFillSync(buffer, 0, count);
+  } catch (e) {
+    return e;
+  }
+  return count;
+}
+
+function sha256Hook(input: Buffer, output: Buffer): number | Error {
+  let result;
+  try {
+    result = crypto.createHash('sha256').update(input).digest();
+  } catch (e) {
+    return e;
+  }
+
+  result.copy(output);
+  return result.length;
+}
+
+type HMACHook = (key: Buffer, input: Buffer, output: Buffer) => number | Error;
+
+export function makeHmacHook(algorithm: 'sha512' | 'sha256'): HMACHook {
+  return (key: Buffer, input: Buffer, output: Buffer): number | Error => {
+    let result;
+    try {
+      result = crypto.createHmac(algorithm, key).update(input).digest();
+    } catch (e) {
+      return e;
+    }
+
+    result.copy(output);
+    return result.length;
+  };
+}
+
+function signRsaSha256Hook(key: Buffer, input: Buffer, output: Buffer): number | Error {
+  let result;
+  try {
+    const signer = crypto.createSign('sha256WithRSAEncryption');
+    const privateKey = Buffer.from(
+      `-----BEGIN PRIVATE KEY-----\n${key.toString('base64')}\n-----END PRIVATE KEY-----\n`
+    );
+
+    result = signer.update(input).end().sign(privateKey);
+  } catch (e) {
+    return e;
+  }
+
+  result.copy(output);
+  return result.length;
+}
+
+const aes256CbcEncryptHook = makeAES256Hook('createCipheriv', 'aes-256-cbc');
+const aes256CbcDecryptHook = makeAES256Hook('createDecipheriv', 'aes-256-cbc');
+const aes256CtrEncryptHook = makeAES256Hook('createCipheriv', 'aes-256-ctr');
+const aes256CtrDecryptHook = makeAES256Hook('createDecipheriv', 'aes-256-ctr');
+const hmacSha512Hook = makeHmacHook('sha512');
+const hmacSha256Hook = makeHmacHook('sha256');
+
+/**
+ * @public
+ *
+ * A JS implementation of crypto callbacks used for encryption.
+ * These are only necessary on versions of Node.js that do not bundle OpenSSL 3.x
+ */
+export const cryptoCallbacks = {
+  randomHook,
+  sha256Hook,
+  signRsaSha256Hook,
+  aes256CbcEncryptHook,
+  aes256CbcDecryptHook,
+  aes256CtrEncryptHook,
+  aes256CtrDecryptHook,
+  hmacSha512Hook,
+  hmacSha256Hook
+};

src/index.ts

@@ -2,6 +2,8 @@ import bindings = require('bindings');
 
 const mc = bindings('mongocrypt');
 
+export { cryptoCallbacks } from './crypto_callbacks';
+
 export interface MongoCryptKMSRequest {
   addResponse(response: Uint8Array): void;
   readonly status: MongoCryptStatus;
@@ -62,7 +64,7 @@ export interface MongoCrypt {
        * When true, creates a `mongocrypt_ctx_explicit_encrypt_expression` context.
        * When false, creates a `mongocrypt_ctx_explicit_encrypt`
        */
-      expressionMode: boolean;
+      expressionMode?: boolean;
     }
   ): MongoCryptContext;
   makeDecryptionContext(buffer: Uint8Array): MongoCryptContext;

test/crypto.test.ts

@@ -1,99 +1,12 @@
 import * as semver from 'semver';
 import * as process from 'node:process';
-import * as crypto from 'node:crypto';
 import * as path from 'node:path';
 import * as fs from 'node:fs';
 import * as sinon from 'sinon';
 import { EJSON, BSON, Binary } from 'bson';
-import { MongoCrypt, MongoCryptConstructor } from '../src';
+import { MongoCrypt, MongoCryptConstructor, cryptoCallbacks } from '../src';
 import { expect } from 'chai';
 
-function makeAES256Hook(method, mode) {
-  return function (key, iv, input, output) {
-    let result;
-    try {
-      const cipher = crypto[method](mode, key, iv);
-      cipher.setAutoPadding(false);
-      result = cipher.update(input);
-      const final = cipher.final();
-      if (final.length > 0) {
-        result = Buffer.concat([result, final]);
-      }
-    } catch (e) {
-      return e;
-    }
-    result.copy(output);
-    return result.length;
-  };
-}
-
-function randomHook(buffer, count) {
-  try {
-    crypto.randomFillSync(buffer, 0, count);
-  } catch (e) {
-    return e;
-  }
-  return count;
-}
-
-function sha256Hook(input, output) {
-  let result;
-  try {
-    result = crypto.createHash('sha256').update(input).digest();
-  } catch (e) {
-    return e;
-  }
-  result.copy(output);
-  return result.length;
-}
-
-function makeHmacHook(algorithm) {
-  return (key, input, output) => {
-    let result;
-    try {
-      result = crypto.createHmac(algorithm, key).update(input).digest();
-    } catch (e) {
-      return e;
-    }
-    result.copy(output);
-    return result.length;
-  };
-}
-
-function signRsaSha256Hook(key, input, output) {
-  let result;
-  try {
-    const signer = crypto.createSign('sha256WithRSAEncryption');
-    const privateKey = Buffer.from(
-      `-----BEGIN PRIVATE KEY-----\n${key.toString('base64')}\n-----END PRIVATE KEY-----\n`
-    );
-    result = signer.update(input).end().sign(privateKey);
-  } catch (e) {
-    return e;
-  }
-  result.copy(output);
-  return result.length;
-}
-
-const aes256CbcEncryptHook = makeAES256Hook('createCipheriv', 'aes-256-cbc');
-const aes256CbcDecryptHook = makeAES256Hook('createDecipheriv', 'aes-256-cbc');
-const aes256CtrEncryptHook = makeAES256Hook('createCipheriv', 'aes-256-ctr');
-const aes256CtrDecryptHook = makeAES256Hook('createDecipheriv', 'aes-256-ctr');
-const hmacSha512Hook = makeHmacHook('sha512');
-const hmacSha256Hook = makeHmacHook('sha256');
-
-export const cryptoCallbacks = {
-  randomHook,
-  sha256Hook,
-  signRsaSha256Hook,
-  aes256CbcEncryptHook,
-  aes256CbcDecryptHook,
-  aes256CtrEncryptHook,
-  aes256CtrDecryptHook,
-  hmacSha512Hook,
-  hmacSha256Hook
-};
-
 const NEED_MONGO_KEYS = 3;
 const READY = 5;
 const ERROR = 0;
@@ -154,6 +67,17 @@ describe('Crypto hooks', () => {
       }
     });
 
+    it('reports crypto hook provider as `native_openssl`', () => {
+      const mongoCryptOptions: ConstructorParameters<MongoCryptConstructor>[0] = {
+        kmsProviders: BSON.serialize(kmsProviders),
+        cryptoCallbacks
+      };
+
+      const mongoCrypt = new MongoCrypt(mongoCryptOptions);
+
+      expect(mongoCrypt).to.have.property('cryptoHooksProvider', 'native_openssl');
+    });
+
     it('should use native crypto hooks', async () => {
       const spiedCallbacks = Object.fromEntries(
         Object.entries(cryptoCallbacks).map(([name, hook]) => [name, sinon.spy(hook)])
@@ -184,6 +108,17 @@ describe('Crypto hooks', () => {
       }
     });
 
+    it('reports crypto hook provider as `js`', () => {
+      const mongoCryptOptions: ConstructorParameters<MongoCryptConstructor>[0] = {
+        kmsProviders: BSON.serialize(kmsProviders),
+        cryptoCallbacks
+      };
+
+      const mongoCrypt = new MongoCrypt(mongoCryptOptions);
+
+      expect(mongoCrypt).to.have.property('cryptoHooksProvider', 'js');
+    });
+
     it('should use js crypto hooks', async () => {
       const spiedCallbacks = Object.fromEntries(
         Object.entries(cryptoCallbacks).map(([name, hook]) => [name, sinon.spy(hook)])