feat(ext/node): rewrite crypto keys (#24463)

This completely rewrites how we handle key material in ext/node. Changes
in this
PR:

- **Signing**
  - RSA
  - RSA-PSS 🆕
  - DSA 🆕
  - EC
  - ED25519 🆕
- **Verifying**
  - RSA
  - RSA-PSS 🆕
  - DSA 🆕
  - EC 🆕
  - ED25519 🆕
- **Private key import**
  - Passphrase encrypted private keys 🆕
  - RSA
    - PEM
    - DER (PKCS#1) 🆕
    - DER (PKCS#8) 🆕
  - RSA-PSS
    - PEM
    - DER (PKCS#1) 🆕
    - DER (PKCS#8) 🆕
  - DSA 🆕
  - EC
    - PEM
    - DER (SEC1) 🆕
    - DER (PKCS#8) 🆕
  - X25519 🆕
  - ED25519 🆕
  - DH
- **Public key import**
  - RSA
    - PEM
    - DER (PKCS#1) 🆕
    - DER (PKCS#8) 🆕
  - RSA-PSS 🆕
  - DSA 🆕
  - EC 🆕
  - X25519 🆕
  - ED25519 🆕
  - DH 🆕
- **Private key export**
  - RSA 🆕
  - DSA 🆕
  - EC 🆕
  - X25519 🆕
  - ED25519 🆕
  - DH 🆕
- **Public key export**
  - RSA
  - DSA 🆕
  - EC 🆕
  - X25519 🆕
  - ED25519 🆕
  - DH 🆕
- **Key pair generation**
  - Overhauled, but supported APIs unchanged

This PR adds a lot of new individual functionality. But most importantly
because
of the new key material representation, it is now trivial to add new
algorithms
(as shown by this PR).

Now, when adding a new algorithm, it is also widely supported - for
example
previously we supported ED25519 key pair generation, but we could not
import,
export, sign or verify with ED25519. We can now do all of those things.

1 files changed, 17 insertions, 8 deletions

diff --git a/ext/node/polyfills/internal/crypto/hash.ts b/ext/node/polyfills/internal/crypto/hash.ts
index 2e040be25..c42ca3989 100644
--- a/ext/node/polyfills/internal/crypto/hash.ts
+++ b/ext/node/polyfills/internal/crypto/hash.ts
@@ -6,6 +6,7 @@
 
 import {
   op_node_create_hash,
+  op_node_export_secret_key,
   op_node_get_hashes,
   op_node_hash_clone,
   op_node_hash_digest,
@@ -32,7 +33,6 @@ import type {
   Encoding,
 } from "ext:deno_node/internal/crypto/types.ts";
 import {
-  getKeyMaterial,
   KeyObject,
   prepareSecretKey,
 } from "ext:deno_node/internal/crypto/keys.ts";
@@ -46,7 +46,10 @@ import {
   getDefaultEncoding,
   toBuf,
 } from "ext:deno_node/internal/crypto/util.ts";
-import { isArrayBufferView } from "ext:deno_node/internal/util/types.ts";
+import {
+  isAnyArrayBuffer,
+  isArrayBufferView,
+} from "ext:deno_node/internal/util/types.ts";
 
 const { ReflectApply, ObjectSetPrototypeOf } = primordials;
 
@@ -217,22 +220,28 @@ class HmacImpl extends Transform {
 
     validateString(hmac, "hmac");
 
-    const u8Key = key instanceof KeyObject
-      ? getKeyMaterial(key)
-      : prepareSecretKey(key, options?.encoding) as Buffer;
+    key = prepareSecretKey(key, options?.encoding);
+    let keyData;
+    if (isArrayBufferView(key)) {
+      keyData = key;
+    } else if (isAnyArrayBuffer(key)) {
+      keyData = new Uint8Array(key);
+    } else {
+      keyData = op_node_export_secret_key(key);
+    }
 
     const alg = hmac.toLowerCase();
     this.#algorithm = alg;
     const blockSize = (alg === "sha512" || alg === "sha384") ? 128 : 64;
-    const keySize = u8Key.length;
+    const keySize = keyData.length;
 
     let bufKey: Buffer;
 
     if (keySize > blockSize) {
       const hash = new Hash(alg, options);
-      bufKey = hash.update(u8Key).digest() as Buffer;
+      bufKey = hash.update(keyData).digest() as Buffer;
     } else {
-      bufKey = Buffer.concat([u8Key, this.#ZEROES], blockSize);
+      bufKey = Buffer.concat([keyData, this.#ZEROES], blockSize);
     }
 
     this.#ipad = Buffer.allocUnsafe(blockSize);