feat(ext/node): rewrite crypto keys (#24463)

This completely rewrites how we handle key material in ext/node. Changes in this PR: - **Signing** - RSA - RSA-PSS 🆕 - DSA 🆕 - EC - ED25519 🆕 - **Verifying** - RSA - RSA-PSS 🆕 - DSA 🆕 - EC 🆕 - ED25519 🆕 - **Private key import** - Passphrase encrypted private keys 🆕 - RSA - PEM - DER (PKCS#1) 🆕 - DER (PKCS#8) 🆕 - RSA-PSS - PEM - DER (PKCS#1) 🆕 - DER (PKCS#8) 🆕 - DSA 🆕 - EC - PEM - DER (SEC1) 🆕 - DER (PKCS#8) 🆕 - X25519 🆕 - ED25519 🆕 - DH - **Public key import** - RSA - PEM - DER (PKCS#1) 🆕 - DER (PKCS#8) 🆕 - RSA-PSS 🆕 - DSA 🆕 - EC 🆕 - X25519 🆕 - ED25519 🆕 - DH 🆕 - **Private key export** - RSA 🆕 - DSA 🆕 - EC 🆕 - X25519 🆕 - ED25519 🆕 - DH 🆕 - **Public key export** - RSA - DSA 🆕 - EC 🆕 - X25519 🆕 - ED25519 🆕 - DH 🆕 - **Key pair generation** - Overhauled, but supported APIs unchanged This PR adds a lot of new individual functionality. But most importantly because of the new key material representation, it is now trivial to add new algorithms (as shown by this PR). Now, when adding a new algorithm, it is also widely supported - for example previously we supported ED25519 key pair generation, but we could not import, export, sign or verify with ED25519. We can now do all of those things.
author: Luca Casonato <hello@lcas.dev> 2024-08-07 08:43:58 +0200
committer: GitHub <noreply@github.com> 2024-08-07 08:43:58 +0200
commit: 4fa8869f2487749a9f190cb3047f4f3e6d571f27 (patch)
tree: 640c13e45e0bf1c63340c15f64b08b614ddcf120 /ext/node/polyfills/internal/crypto/keygen.ts
parent: 9a83efa04b6e733ca0fdbf9e780c4b77f0d9f4be (diff)
1 files changed, 67 insertions, 50 deletions
diff --git a/ext/node/polyfills/internal/crypto/keygen.ts b/ext/node/polyfills/internal/crypto/keygen.ts
index dd5d5ad7e..4e2543cd9 100644
--- a/ext/node/polyfills/internal/crypto/keygen.ts
+++ b/ext/node/polyfills/internal/crypto/keygen.ts
@@ -10,7 +10,6 @@ import {
   PrivateKeyObject,
   PublicKeyObject,
   SecretKeyObject,
-  setOwnedKey,
 } from "ext:deno_node/internal/crypto/keys.ts";
 import { notImplemented } from "ext:deno_node/_utils.ts";
 import {
@@ -32,22 +31,26 @@ import { Buffer } from "node:buffer";
 import { KeyFormat, KeyType } from "ext:deno_node/internal/crypto/types.ts";
 
 import {
-  op_node_dh_generate,
-  op_node_dh_generate_async,
-  op_node_dh_generate_group,
-  op_node_dh_generate_group_async,
-  op_node_dsa_generate,
-  op_node_dsa_generate_async,
-  op_node_ec_generate,
-  op_node_ec_generate_async,
-  op_node_ed25519_generate,
-  op_node_ed25519_generate_async,
-  op_node_generate_rsa,
-  op_node_generate_rsa_async,
-  op_node_generate_secret,
-  op_node_generate_secret_async,
-  op_node_x25519_generate,
-  op_node_x25519_generate_async,
+  op_node_generate_dh_group_key,
+  op_node_generate_dh_group_key_async,
+  op_node_generate_dh_key,
+  op_node_generate_dh_key_async,
+  op_node_generate_dsa_key,
+  op_node_generate_dsa_key_async,
+  op_node_generate_ec_key,
+  op_node_generate_ec_key_async,
+  op_node_generate_ed25519_key,
+  op_node_generate_ed25519_key_async,
+  op_node_generate_rsa_key,
+  op_node_generate_rsa_key_async,
+  op_node_generate_rsa_pss_key,
+  op_node_generate_rsa_pss_key_async,
+  op_node_generate_secret_key,
+  op_node_generate_secret_key_async,
+  op_node_generate_x25519_key,
+  op_node_generate_x25519_key_async,
+  op_node_get_private_key_from_pair,
+  op_node_get_public_key_from_pair,
 } from "ext:core/ops";
 
 function validateGenerateKey(
@@ -82,10 +85,11 @@ export function generateKeySync(
   validateGenerateKey(type, options);
   const { length } = options;
 
-  const key = new Uint8Array(Math.floor(length / 8));
-  op_node_generate_secret(key);
+  const len = Math.floor(length / 8);
 
-  return new SecretKeyObject(setOwnedKey(key));
+  const handle = op_node_generate_secret_key(len);
+
+  return new SecretKeyObject(handle);
 }
 
 export function generateKey(
@@ -99,11 +103,11 @@ export function generateKey(
   validateFunction(callback, "callback");
   const { length } = options;
 
-  op_node_generate_secret_async(Math.floor(length / 8)).then(
-    (key) => {
-      callback(null, new SecretKeyObject(setOwnedKey(key)));
-    },
-  );
+  const len = Math.floor(length / 8);
+
+  op_node_generate_secret_key_async(len).then((handle) => {
+    callback(null, new SecretKeyObject(handle));
+  });
 }
 
 export interface BasePrivateKeyEncodingOptions<T extends KeyFormat> {
@@ -565,9 +569,12 @@ export function generateKeyPair(
     privateKey: any,
   ) => void,
 ) {
-  createJob(kAsync, type, options).then(([privateKey, publicKey]) => {
-    privateKey = new PrivateKeyObject(setOwnedKey(privateKey), { type });
-    publicKey = new PublicKeyObject(setOwnedKey(publicKey), { type });
+  createJob(kAsync, type, options).then((pair) => {
+    const privateKeyHandle = op_node_get_private_key_from_pair(pair);
+    const publicKeyHandle = op_node_get_public_key_from_pair(pair);
+
+    const privateKey = new PrivateKeyObject(privateKeyHandle);
+    const publicKey = new PublicKeyObject(publicKeyHandle);
 
     if (typeof options === "object" && options !== null) {
       const { publicKeyEncoding, privateKeyEncoding } = options as any;
@@ -766,10 +773,13 @@ export function generateKeyPairSync(
 ):
   | KeyPairKeyObjectResult
   | KeyPairSyncResult<string | Buffer, string | Buffer> {
-  let [privateKey, publicKey] = createJob(kSync, type, options);
+  const pair = createJob(kSync, type, options);
+
+  const privateKeyHandle = op_node_get_private_key_from_pair(pair);
+  const publicKeyHandle = op_node_get_public_key_from_pair(pair);
 
-  privateKey = new PrivateKeyObject(setOwnedKey(privateKey), { type });
-  publicKey = new PublicKeyObject(setOwnedKey(publicKey), { type });
+  let privateKey = new PrivateKeyObject(privateKeyHandle);
+  let publicKey = new PublicKeyObject(publicKeyHandle);
 
   if (typeof options === "object" && options !== null) {
     const { publicKeyEncoding, privateKeyEncoding } = options as any;
@@ -812,12 +822,12 @@ function createJob(mode, type, options) {
 
       if (type === "rsa") {
         if (mode === kSync) {
-          return op_node_generate_rsa(
+          return op_node_generate_rsa_key(
             modulusLength,
             publicExponent,
           );
         } else {
-          return op_node_generate_rsa_async(
+          return op_node_generate_rsa_key_async(
             modulusLength,
             publicExponent,
           );
@@ -867,14 +877,20 @@ function createJob(mode, type, options) {
       }
 
       if (mode === kSync) {
-        return op_node_generate_rsa(
+        return op_node_generate_rsa_pss_key(
           modulusLength,
           publicExponent,
+          hashAlgorithm,
+          mgf1HashAlgorithm ?? mgf1Hash,
+          saltLength,
         );
       } else {
-        return op_node_generate_rsa_async(
+        return op_node_generate_rsa_pss_key_async(
           modulusLength,
           publicExponent,
+          hashAlgorithm,
+          mgf1HashAlgorithm ?? mgf1Hash,
+          saltLength,
         );
       }
     }
@@ -891,12 +907,13 @@ function createJob(mode, type, options) {
       }
 
       if (mode === kSync) {
-        return op_node_dsa_generate(modulusLength, divisorLength);
+        return op_node_generate_dsa_key(modulusLength, divisorLength);
+      } else {
+        return op_node_generate_dsa_key_async(
+          modulusLength,
+          divisorLength,
+        );
       }
-      return op_node_dsa_generate_async(
-        modulusLength,
-        divisorLength,
-      );
     }
     case "ec": {
       validateObject(options, "options");
@@ -913,22 +930,22 @@ function createJob(mode, type, options) {
       }
 
       if (mode === kSync) {
-        return op_node_ec_generate(namedCurve);
+        return op_node_generate_ec_key(namedCurve);
       } else {
-        return op_node_ec_generate_async(namedCurve);
+        return op_node_generate_ec_key_async(namedCurve);
       }
     }
     case "ed25519": {
       if (mode === kSync) {
-        return op_node_ed25519_generate();
+        return op_node_generate_ed25519_key();
       }
-      return op_node_ed25519_generate_async();
+      return op_node_generate_ed25519_key_async();
     }
     case "x25519": {
       if (mode === kSync) {
-        return op_node_x25519_generate();
+        return op_node_generate_x25519_key();
       }
-      return op_node_x25519_generate_async();
+      return op_node_generate_x25519_key_async();
     }
     case "ed448":
     case "x448": {
@@ -952,9 +969,9 @@ function createJob(mode, type, options) {
         validateString(group, "options.group");
 
         if (mode === kSync) {
-          return op_node_dh_generate_group(group);
+          return op_node_generate_dh_group_key(group);
         } else {
-          return op_node_dh_generate_group_async(group);
+          return op_node_generate_dh_group_key_async(group);
         }
       }
 
@@ -979,9 +996,9 @@ function createJob(mode, type, options) {
       const g = generator == null ? 2 : generator;
 
       if (mode === kSync) {
-        return op_node_dh_generate(prime, primeLength ?? 0, g);
+        return op_node_generate_dh_key(prime, primeLength ?? 0, g);
       } else {
-        return op_node_dh_generate_async(
+        return op_node_generate_dh_key_async(
           prime,
           primeLength ?? 0,
           g,
author	Luca Casonato <hello@lcas.dev>	2024-08-07 08:43:58 +0200
committer	GitHub <noreply@github.com>	2024-08-07 08:43:58 +0200
commit	4fa8869f2487749a9f190cb3047f4f3e6d571f27 (patch)
tree	640c13e45e0bf1c63340c15f64b08b614ddcf120 /ext/node/polyfills/internal/crypto/keygen.ts
parent	9a83efa04b6e733ca0fdbf9e780c4b77f0d9f4be (diff)