Add more bindings to remaining classes

Author: JordanMartinez

spago.dhall

@@ -3,6 +3,7 @@
   [ "effect"
   , "either"
   , "exceptions"
+  , "foreign"
   , "maybe"
   , "node-buffer"
   , "node-streams"

src/Node/Crypto/KeyObject.js

@@ -0,0 +1,14 @@
+import * as crypto from "node:crypto";
+
+export const eqKeyObjectImpl = (a, b) => a.equals(b);
+
+export const newSecretKeyImpl = (buf) => crypto.newSecretKey(buf);
+export const newPublicKeyBufImpl = (buf) => crypto.newPublicKey(buf);
+export const newPublicKeyObjImpl = (obj) => crypto.newPublicKey(obj);
+export const newPrivateKeyBufImpl = (buf) => crypto.newPrivateKey(buf);
+export const newPrivateKeyObjImpl = (obj) => crypto.newPrivateKey(obj);
+
+export const assymetricKeyDetails = (ko) => ko.assymetricKeyDetails;
+export const assymetricKeyType = (ko) => ko.assymetricKeyType;
+export const symmetricKeySize = (ko) => ko.symmetricKeySize;
+export const typeImpl = (ko) => ko.type;

src/Node/Crypto/KeyObject.purs

@@ -0,0 +1,180 @@
+module Node.Crypto.KeyObject 
+  ( KeyObjectType
+  , Symmetric
+  , Asymmetric
+  , AsymmetricKeyType
+  , Private
+  , Public
+  , KeyObject
+  , KeyFormat
+  , pem
+  , der
+  , jwk
+  , DerKeyType
+  , pkcs1
+  , spki
+  , newSecretKey
+  , newPublicKeyBuf
+  , newPublicKeyObj
+  , NewPublicKeyOptions
+  , newPrivateKeyBuf
+  , newPrivateKeyObj
+  , NewPrivateKeyOptions
+  , assymetricKeyDetails
+  , assymetricKeyType
+  , symmetricKeySize
+  , type'
+  , keyType
+  ) where
+
+import Prelude
+
+import Data.Function.Uncurried (Fn2, runFn2)
+import Effect (Effect)
+import Effect.Uncurried (EffectFn1, runEffectFn1)
+import Foreign (Foreign)
+import Node.Buffer (Buffer)
+import Partial.Unsafe (unsafeCrashWith)
+import Prim.Row as Row
+import Unsafe.Coerce (unsafeCoerce)
+
+data KeyObjectType
+
+foreign import data Symmetric :: KeyObjectType
+foreign import data Asymmetric :: AsymmetricKeyType -> KeyObjectType
+
+data AsymmetricKeyType
+
+foreign import data Private :: AsymmetricKeyType
+foreign import data Public :: AsymmetricKeyType
+
+-- | Node.js uses a `KeyObject` class to represent a symmetric or asymmetric key, and each kind of key exposes different functions. 
+-- | 
+-- | Most applications should consider using the new `KeyObject` API instead of passing keys as strings or Buffers 
+-- | due to improved security features.
+-- | 
+-- | `KeyObject` instances can be passed to other threads via `postMessage()`. 
+-- | The receiver obtains a cloned `KeyObject`, and the `KeyObject` does not need to be listed in the `transferList` argument.
+foreign import data KeyObject :: KeyObjectType -> Type
+
+instance Eq (KeyObject a) where
+  eq a b = runFn2 eqKeyObjectImpl a b
+
+foreign import eqKeyObjectImpl :: forall a. Fn2 (KeyObject a) (KeyObject a) Boolean
+
+newtype KeyFormat = KeyFormat String
+
+derive newtype instance Eq KeyFormat
+derive newtype instance Ord KeyFormat
+derive newtype instance Show KeyFormat
+
+pem = KeyFormat "pem" :: KeyFormat
+der = KeyFormat "der" :: KeyFormat
+jwk = KeyFormat "jwk" :: KeyFormat
+
+newtype DerKeyType = DerKeyType String
+
+derive newtype instance Eq DerKeyType
+derive newtype instance Ord DerKeyType
+derive newtype instance Show DerKeyType
+
+pkcs1 = DerKeyType "pkcs1" :: DerKeyType
+spki = DerKeyType "spki" :: DerKeyType
+
+foreign import newSecretKeyImpl :: EffectFn1 (Buffer) ((KeyObject Symmetric))
+
+-- | Creates and returns a new key object containing a secret key for symmetric encryption or Hmac.
+newSecretKey :: Buffer -> Effect (KeyObject Symmetric)
+newSecretKey key = runEffectFn1 newSecretKeyImpl key
+
+foreign import newPublicKeyBufImpl :: EffectFn1 (Buffer) (KeyObject (Asymmetric Public))
+
+-- | Creates and returns a new key object containing a public key. Format is assumed to be 'pem';
+newPublicKeyBuf :: Buffer -> Effect (KeyObject (Asymmetric Public))
+newPublicKeyBuf buffer = runEffectFn1 newPublicKeyBufImpl buffer
+
+foreign import newPublicKeyObjImpl :: forall r. EffectFn1 ({ | r }) ((KeyObject (Asymmetric Public)))
+
+-- | Creates and returns a new key object containing a public key. 
+newPublicKeyObj :: forall r trash. Row.Union r trash NewPublicKeyOptions => { | r } -> Effect (KeyObject (Asymmetric Public))
+newPublicKeyObj r = runEffectFn1 newPublicKeyObjImpl r
+
+type NewPublicKeyOptions =
+  ( key :: Buffer
+  , format :: KeyFormat
+  , type :: DerKeyType
+  )
+
+foreign import newPrivateKeyBufImpl :: EffectFn1 (Buffer) ((KeyObject (Asymmetric Private)))
+
+-- | Creates and returns a new key object containing a private key. Format is assumed to be 'pem';
+newPrivateKeyBuf :: Buffer -> Effect (KeyObject (Asymmetric Private))
+newPrivateKeyBuf buffer = runEffectFn1 newPrivateKeyBufImpl buffer
+
+foreign import newPrivateKeyObjImpl :: forall r. EffectFn1 ({ | r }) ((KeyObject (Asymmetric Private)))
+
+-- | Creates and returns a new key object containing a private key. 
+-- | If the private key is encrypted, a passphrase must be specified. The length of the passphrase is limited to 1024 bytes.
+newPrivateKeyObj :: forall r trash. Row.Union r trash NewPrivateKeyOptions => { | r } -> Effect (KeyObject (Asymmetric Private))
+newPrivateKeyObj r = runEffectFn1 newPrivateKeyObjImpl r
+
+type NewPrivateKeyOptions =
+  ( key :: Buffer
+  , format :: KeyFormat
+  , type :: DerKeyType
+  , passphrase :: Buffer
+  )
+
+
+-- | Returns an object whose fields depend on the algorithm of the `KeyObject`
+-- | - `modulusLength`: `number` Key size in bits (RSA, DSA).
+-- | - `publicExponent`: `bigint` Public exponent (RSA).
+-- | - `hashAlgorithm`: `string` Name of the message digest (RSA-PSS).
+-- | - `mgf1HashAlgorithm`: `string` Name of the message digest used by MGF1 (RSA-PSS).
+-- | - `saltLength`: `number` Minimal salt length in bytes (RSA-PSS).
+-- | - `divisorLength`: `number` Size of q in bits (DSA).
+-- | - `namedCurve`: `string` Name of the curve (EC).
+-- | 
+-- | This property exists only on asymmetric keys. Depending on the type of the key, this object contains information about the key. None of the information obtained through this property can be used to uniquely identify a key or to compromise the security of the key.
+-- | 
+-- | For RSA-PSS keys, if the key material contains a RSASSA-PSS-params sequence, the hashAlgorithm, mgf1HashAlgorithm, and saltLength properties will be set.
+-- | 
+-- | Other key details might be exposed via this API using additional attributes.
+foreign import assymetricKeyDetails :: forall x. KeyObject (Asymmetric x) -> Foreign
+
+-- | For asymmetric keys, this property represents the type of the key. Supported key types are:
+-- | - 'rsa' (OID 1.2.840.113549.1.1.1)
+-- | - 'rsa-pss' (OID 1.2.840.113549.1.1.10)
+-- | - 'dsa' (OID 1.2.840.10040.4.1)
+-- | - 'ec' (OID 1.2.840.10045.2.1)
+-- | - 'x25519' (OID 1.3.101.110)
+-- | - 'x448' (OID 1.3.101.111)
+-- | - 'ed25519' (OID 1.3.101.112)
+-- | - 'ed448' (OID 1.3.101.113)
+-- | - 'dh' (OID 1.2.840.113549.1.3.1)
+-- | This property is undefined for unrecognized KeyObject types and symmetric keys.
+foreign import assymetricKeyType :: forall x. KeyObject (Asymmetric x) -> String
+
+-- | For secret keys, this property represents the size of the key in bytes. This property is undefined for asymmetric keys.
+foreign import symmetricKeySize :: KeyObject Symmetric -> Number
+
+foreign import typeImpl :: forall a. KeyObject a -> String
+
+-- | Depending on the type of this KeyObject, this property is either 'secret' for secret (symmetric) keys, 
+-- | 'public' for public (asymmetric) keys or 'private' for private (asymmetric) keys.
+type' :: forall a. KeyObject a -> String
+type' ko = typeImpl ko
+
+-- | Eliminator for a KeyObject when one doesn't know what the `type` is.
+keyType 
+  :: forall x a
+   . KeyObject x 
+  -> (KeyObject Symmetric -> a)
+  -> (KeyObject (Asymmetric Public) -> a)
+  -> (KeyObject (Asymmetric Private) -> a)
+  -> a
+keyType ko onSym onPub onPriv = case type' ko of
+  "secret" -> onSym $ (unsafeCoerce :: _ -> KeyObject Symmetric) ko
+  "public" -> onPub $ (unsafeCoerce :: _ -> KeyObject (Asymmetric Public)) ko
+  "private" -> onPriv $ (unsafeCoerce :: _ -> KeyObject (Asymmetric Private)) ko
+  ty -> unsafeCrashWith $ "Impossible key type: " <> ty

src/Node/Crypto/RsaOptions.js

@@ -0,0 +1,7 @@
+import * as crypto from "node:crypto";
+
+export const js_rsa_pkcs1_padding = crypto.constants.RSA_PKCS1_PADDING;
+export const js_rsa_pkcs1_pss_padding = crypto.constants.RSA_PKCS1_PSS_PADDING;
+
+export const js_rsa_pss_saltlen_digest = crypto.constants.RSA_PSS_SALTLEN_DIGEST;
+export const js_rsa_pss_saltlen_max_sign = crypto.constants.RSA_PSS_SALTLEN_MAX_SIGN;

src/Node/Crypto/RsaOptions.purs

@@ -0,0 +1,35 @@
+-- | These constants are used in `Sign.sign` and `Verify.verify`.
+module Node.Crypto.RsaOptions 
+  ( SignPadding
+  , rsa_pkcs1_padding
+  , rsa_pkcs1_pss_padding
+  , SaltLength
+  , rsa_pss_saltlen_digest
+  , rsa_pss_saltlen_max_sign
+  ) where
+
+import Prelude
+
+newtype SignPadding = SignPadding Int
+
+derive newtype instance Eq SignPadding
+derive newtype instance Ord SignPadding
+derive newtype instance Show SignPadding
+
+foreign import js_rsa_pkcs1_padding :: Int
+rsa_pkcs1_padding = SignPadding js_rsa_pkcs1_padding :: SignPadding
+
+foreign import js_rsa_pkcs1_pss_padding :: Int
+rsa_pkcs1_pss_padding = SignPadding js_rsa_pkcs1_pss_padding :: SignPadding
+
+newtype SaltLength = SaltLength Int
+
+derive newtype instance Eq SaltLength
+derive newtype instance Ord SaltLength
+derive newtype instance Show SaltLength
+
+foreign import js_rsa_pss_saltlen_digest :: Int
+rsa_pss_saltlen_digest = SaltLength js_rsa_pss_saltlen_digest :: SaltLength
+
+foreign import js_rsa_pss_saltlen_max_sign :: Int
+rsa_pss_saltlen_max_sign = SaltLength js_rsa_pss_saltlen_max_sign :: SaltLength

src/Node/Crypto/Sign.js

@@ -0,0 +1,7 @@
+import * as crypto from "node:crypto";
+
+export const newImpl = (algorithm) => crypto.createSign(algorithm);
+export const updateBufImpl = (sign, key) => sign.update(key);
+export const updateStrImpl = (sign, key, enc) => sign.update(key, enc);
+export const signKeyObjectImpl = (sign, keyObj) => sign.sign(keyObj);
+export const signObjImpl = (sign, obj) => sign.sign(obj);

src/Node/Crypto/Sign.purs

@@ -0,0 +1,88 @@
+module Node.Crypto.Sign 
+  ( Sign
+  , new
+  , updateBuf
+  , updateStr
+  , sign
+  , SignOptions
+  , signObj
+  ) where
+
+import Prelude
+
+import Effect (Effect)
+import Effect.Uncurried (EffectFn1, EffectFn2, EffectFn3, runEffectFn1, runEffectFn2, runEffectFn3)
+import Node.Buffer (Buffer)
+import Node.Crypto.KeyObject (Asymmetric, KeyObject, NewPrivateKeyOptions, Private)
+import Node.Crypto.RsaOptions (SaltLength, SignPadding)
+import Node.Encoding (Encoding, encodingToNode)
+import Prim.Row as Row
+
+-- | The `Sign` class is a utility for generating signatures. It can be used in one of two ways:
+-- | - As a writable stream, where data to be signed is written and the `sign.sign()` method is used to generate and return the signature, or
+-- | - Using the `sign.update()` and `sign.sign()` methods to produce the signature.
+-- | The `crypto.createSign()` method is used to create Sign instances. 
+-- |
+-- | Note: these PureScript bindings do not provide an option for the Writable stream options variant of `createSign`.
+foreign import data Sign :: Type
+
+foreign import newImpl :: EffectFn1 (String) (Sign)
+
+-- | Creates and returns a `Sign` object that uses the given algorithm. 
+-- | Use `crypto.getHashes()` to obtain the names of the available digest algorithms. 
+-- | 
+-- | In some cases, a `Sign` instance can be created using the name of a signature algorithm, 
+-- | such as 'RSA-SHA256', instead of a digest algorithm. 
+-- | This will use the corresponding digest algorithm. This does not work for all signature algorithms, 
+-- | such as 'ecdsa-with-SHA256', so it is best to always use digest algorithm names.
+new :: String -> Effect Sign
+new algorithm = runEffectFn1 newImpl algorithm
+
+foreign import updateBufImpl :: EffectFn2 (Sign) (Buffer) (Unit)
+
+-- | Updates the Sign content with the given data
+updateBuf :: Buffer -> Sign -> Effect Unit
+updateBuf buffer signVal =
+  runEffectFn2 updateBufImpl signVal buffer
+
+foreign import updateStrImpl :: EffectFn3 (Sign) (String) (String) (Unit)
+
+-- | Updates the Sign content with the given data
+updateStr :: String -> Encoding -> Sign -> Effect Unit
+updateStr dat enc signVal =
+  runEffectFn3 updateStrImpl signVal dat (encodingToNode enc)
+
+foreign import signKeyObjectImpl :: EffectFn2 (Sign) (KeyObject (Asymmetric Private)) (Buffer)
+
+-- | Calculates the signature on all the data passed through using either `sign.update()` or `sign.write()`.
+-- | 
+-- | The `Sign` object can not be again used after `sign.sign()` method has been called. Multiple calls to `sign.sign()` will result in an error being thrown.
+sign :: KeyObject (Asymmetric Private) -> Sign -> Effect Buffer
+sign keyObject signVal =
+  runEffectFn2 signKeyObjectImpl signVal keyObject
+
+foreign import signObjImpl :: forall r. EffectFn2 (Sign) ({ | r }) (Buffer)
+
+-- | Options for DSA and ECDSA:
+-- | `dsaEncoding`: For DSA and ECDSA, this option specifies the format of the generated signature. It can be one of the following:
+-- |   - 'der' (default): DER-encoded ASN.1 signature structure encoding (r, s).
+-- |   - 'ieee-p1363': Signature format r || s as proposed in IEEE-P1363.
+-- |
+-- | Options for RSA:
+-- | `padding`: `RSA_PKCS1_PSS_PADDING` will use `MGF1` with the same hash function used to sign the message 
+-- |    as specified in section 3.1 of [RFC 4055](https://www.rfc-editor.org/rfc/rfc4055.txt), 
+-- |    unless an MGF1 hash function has been specified as 
+-- |    part of the key in compliance with section 3.3 of [RFC 4055](https://www.rfc-editor.org/rfc/rfc4055.txt).
+-- | `saltLength`: Salt length for when padding is `RSA_PKCS1_PSS_PADDING`. 
+-- |    The special value `crypto.constants.RSA_PSS_SALTLEN_DIGEST` sets the salt length to the digest size, 
+-- |    `crypto.constants.RSA_PSS_SALTLEN_MAX_SIGN` (default) sets it to the maximum permissible value.
+type SignOptions =
+  ( dsaEncoding :: String
+  , padding :: SignPadding
+  , saltLength :: SaltLength
+  | NewPrivateKeyOptions
+  )
+
+signObj :: forall r trash. Row.Union r trash SignOptions => { | r } -> Sign -> Effect Buffer
+signObj r signVal =
+  runEffectFn2 signObjImpl signVal r

src/Node/Crypto/Verify.js

@@ -0,0 +1,7 @@
+import * as crypto from "node:crypto";
+
+export const newImpl = (algorithm) => crypto.createVerify(algorithm);
+export const updateBufImpl = (verify, buf) => verify.update(buf);
+export const updateStrImpl = (verify, str, enc) => verify.update(str, enc);
+export const verifyKeyObjectImpl = (verify, keyObject, sig) => verify.verify(keyObject, sig);
+export const verifyObjImpl = (verify, obj, sig) => verify.verify(obj, sig);