summaryrefslogtreecommitdiff
path: root/ext/node/ops/crypto/keys.rs
diff options
context:
space:
mode:
Diffstat (limited to 'ext/node/ops/crypto/keys.rs')
-rw-r--r--ext/node/ops/crypto/keys.rs679
1 files changed, 466 insertions, 213 deletions
diff --git a/ext/node/ops/crypto/keys.rs b/ext/node/ops/crypto/keys.rs
index ac62f5cca..f164972d4 100644
--- a/ext/node/ops/crypto/keys.rs
+++ b/ext/node/ops/crypto/keys.rs
@@ -4,9 +4,7 @@ use std::borrow::Cow;
use std::cell::RefCell;
use base64::Engine;
-use deno_core::error::generic_error;
use deno_core::error::type_error;
-use deno_core::error::AnyError;
use deno_core::op2;
use deno_core::serde_v8::BigInt as V8BigInt;
use deno_core::unsync::spawn_blocking;
@@ -46,6 +44,7 @@ use spki::der::Reader as _;
use spki::DecodePublicKey as _;
use spki::EncodePublicKey as _;
use spki::SubjectPublicKeyInfoRef;
+use x509_parser::error::X509Error;
use x509_parser::x509;
use super::dh;
@@ -236,9 +235,11 @@ impl RsaPssPrivateKey {
}
impl EcPublicKey {
- pub fn to_jwk(&self) -> Result<elliptic_curve::JwkEcKey, AnyError> {
+ pub fn to_jwk(&self) -> Result<JwkEcKey, AsymmetricPublicKeyJwkError> {
match self {
- EcPublicKey::P224(_) => Err(type_error("Unsupported JWK EC curve: P224")),
+ EcPublicKey::P224(_) => {
+ Err(AsymmetricPublicKeyJwkError::UnsupportedJwkEcCurveP224)
+ }
EcPublicKey::P256(key) => Ok(key.to_jwk()),
EcPublicKey::P384(key) => Ok(key.to_jwk()),
}
@@ -363,49 +364,201 @@ impl<'a> TryFrom<rsa::pkcs8::der::asn1::AnyRef<'a>> for RsaPssParameters<'a> {
}
}
+#[derive(Debug, thiserror::Error)]
+pub enum X509PublicKeyError {
+ #[error(transparent)]
+ X509(#[from] x509_parser::error::X509Error),
+ #[error(transparent)]
+ Rsa(#[from] rsa::Error),
+ #[error(transparent)]
+ Asn1(#[from] x509_parser::der_parser::asn1_rs::Error),
+ #[error(transparent)]
+ Ec(#[from] elliptic_curve::Error),
+ #[error("unsupported ec named curve")]
+ UnsupportedEcNamedCurve,
+ #[error("missing ec parameters")]
+ MissingEcParameters,
+ #[error("malformed DSS public key")]
+ MalformedDssPublicKey,
+ #[error("unsupported x509 public key type")]
+ UnsupportedX509KeyType,
+}
+
+#[derive(Debug, thiserror::Error)]
+pub enum RsaJwkError {
+ #[error(transparent)]
+ Base64(#[from] base64::DecodeError),
+ #[error(transparent)]
+ Rsa(#[from] rsa::Error),
+ #[error("missing RSA private component")]
+ MissingRsaPrivateComponent,
+}
+
+#[derive(Debug, thiserror::Error)]
+pub enum EcJwkError {
+ #[error(transparent)]
+ Ec(#[from] elliptic_curve::Error),
+ #[error("unsupported curve: {0}")]
+ UnsupportedCurve(String),
+}
+
+#[derive(Debug, thiserror::Error)]
+pub enum EdRawError {
+ #[error(transparent)]
+ Ed25519Signature(#[from] ed25519_dalek::SignatureError),
+ #[error("invalid Ed25519 key")]
+ InvalidEd25519Key,
+ #[error("unsupported curve")]
+ UnsupportedCurve,
+}
+
+#[derive(Debug, thiserror::Error)]
+pub enum AsymmetricPrivateKeyError {
+ #[error("invalid PEM private key: not valid utf8 starting at byte {0}")]
+ InvalidPemPrivateKeyInvalidUtf8(usize),
+ #[error("invalid encrypted PEM private key")]
+ InvalidEncryptedPemPrivateKey,
+ #[error("invalid PEM private key")]
+ InvalidPemPrivateKey,
+ #[error("encrypted private key requires a passphrase to decrypt")]
+ EncryptedPrivateKeyRequiresPassphraseToDecrypt,
+ #[error("invalid PKCS#1 private key")]
+ InvalidPkcs1PrivateKey,
+ #[error("invalid SEC1 private key")]
+ InvalidSec1PrivateKey,
+ #[error("unsupported PEM label: {0}")]
+ UnsupportedPemLabel(String),
+ #[error(transparent)]
+ RsaPssParamsParse(#[from] RsaPssParamsParseError),
+ #[error("invalid encrypted PKCS#8 private key")]
+ InvalidEncryptedPkcs8PrivateKey,
+ #[error("invalid PKCS#8 private key")]
+ InvalidPkcs8PrivateKey,
+ #[error("PKCS#1 private key does not support encryption with passphrase")]
+ Pkcs1PrivateKeyDoesNotSupportEncryptionWithPassphrase,
+ #[error("SEC1 private key does not support encryption with passphrase")]
+ Sec1PrivateKeyDoesNotSupportEncryptionWithPassphrase,
+ #[error("unsupported ec named curve")]
+ UnsupportedEcNamedCurve,
+ #[error("invalid private key")]
+ InvalidPrivateKey,
+ #[error("invalid DSA private key")]
+ InvalidDsaPrivateKey,
+ #[error("malformed or missing named curve in ec parameters")]
+ MalformedOrMissingNamedCurveInEcParameters,
+ #[error("unsupported key type: {0}")]
+ UnsupportedKeyType(String),
+ #[error("unsupported key format: {0}")]
+ UnsupportedKeyFormat(String),
+ #[error("invalid x25519 private key")]
+ InvalidX25519PrivateKey,
+ #[error("x25519 private key is the wrong length")]
+ X25519PrivateKeyIsWrongLength,
+ #[error("invalid Ed25519 private key")]
+ InvalidEd25519PrivateKey,
+ #[error("missing dh parameters")]
+ MissingDhParameters,
+ #[error("unsupported private key oid")]
+ UnsupportedPrivateKeyOid,
+}
+
+#[derive(Debug, thiserror::Error)]
+pub enum AsymmetricPublicKeyError {
+ #[error("invalid PEM private key: not valid utf8 starting at byte {0}")]
+ InvalidPemPrivateKeyInvalidUtf8(usize),
+ #[error("invalid PEM public key")]
+ InvalidPemPublicKey,
+ #[error("invalid PKCS#1 public key")]
+ InvalidPkcs1PublicKey,
+ #[error(transparent)]
+ AsymmetricPrivateKey(#[from] AsymmetricPrivateKeyError),
+ #[error("invalid x509 certificate")]
+ InvalidX509Certificate,
+ #[error(transparent)]
+ X509(#[from] x509_parser::nom::Err<X509Error>),
+ #[error(transparent)]
+ X509PublicKey(#[from] X509PublicKeyError),
+ #[error("unsupported PEM label: {0}")]
+ UnsupportedPemLabel(String),
+ #[error("invalid SPKI public key")]
+ InvalidSpkiPublicKey,
+ #[error("unsupported key type: {0}")]
+ UnsupportedKeyType(String),
+ #[error("unsupported key format: {0}")]
+ UnsupportedKeyFormat(String),
+ #[error(transparent)]
+ Spki(#[from] spki::Error),
+ #[error(transparent)]
+ Pkcs1(#[from] rsa::pkcs1::Error),
+ #[error(transparent)]
+ RsaPssParamsParse(#[from] RsaPssParamsParseError),
+ #[error("malformed DSS public key")]
+ MalformedDssPublicKey,
+ #[error("malformed or missing named curve in ec parameters")]
+ MalformedOrMissingNamedCurveInEcParameters,
+ #[error("malformed or missing public key in ec spki")]
+ MalformedOrMissingPublicKeyInEcSpki,
+ #[error(transparent)]
+ Ec(#[from] elliptic_curve::Error),
+ #[error("unsupported ec named curve")]
+ UnsupportedEcNamedCurve,
+ #[error("malformed or missing public key in x25519 spki")]
+ MalformedOrMissingPublicKeyInX25519Spki,
+ #[error("x25519 public key is too short")]
+ X25519PublicKeyIsTooShort,
+ #[error("invalid Ed25519 public key")]
+ InvalidEd25519PublicKey,
+ #[error("missing dh parameters")]
+ MissingDhParameters,
+ #[error("malformed dh parameters")]
+ MalformedDhParameters,
+ #[error("malformed or missing public key in dh spki")]
+ MalformedOrMissingPublicKeyInDhSpki,
+ #[error("unsupported private key oid")]
+ UnsupportedPrivateKeyOid,
+}
+
impl KeyObjectHandle {
pub fn new_asymmetric_private_key_from_js(
key: &[u8],
format: &str,
typ: &str,
passphrase: Option<&[u8]>,
- ) -> Result<KeyObjectHandle, AnyError> {
+ ) -> Result<KeyObjectHandle, AsymmetricPrivateKeyError> {
let document = match format {
"pem" => {
let pem = std::str::from_utf8(key).map_err(|err| {
- type_error(format!(
- "invalid PEM private key: not valid utf8 starting at byte {}",
- err.valid_up_to()
- ))
+ AsymmetricPrivateKeyError::InvalidPemPrivateKeyInvalidUtf8(
+ err.valid_up_to(),
+ )
})?;
if let Some(passphrase) = passphrase {
- SecretDocument::from_pkcs8_encrypted_pem(pem, passphrase)
- .map_err(|_| type_error("invalid encrypted PEM private key"))?
+ SecretDocument::from_pkcs8_encrypted_pem(pem, passphrase).map_err(
+ |_| AsymmetricPrivateKeyError::InvalidEncryptedPemPrivateKey,
+ )?
} else {
let (label, doc) = SecretDocument::from_pem(pem)
- .map_err(|_| type_error("invalid PEM private key"))?;
+ .map_err(|_| AsymmetricPrivateKeyError::InvalidPemPrivateKey)?;
match label {
EncryptedPrivateKeyInfo::PEM_LABEL => {
- return Err(type_error(
- "encrypted private key requires a passphrase to decrypt",
- ))
+ return Err(AsymmetricPrivateKeyError::EncryptedPrivateKeyRequiresPassphraseToDecrypt);
}
PrivateKeyInfo::PEM_LABEL => doc,
rsa::pkcs1::RsaPrivateKey::PEM_LABEL => {
- SecretDocument::from_pkcs1_der(doc.as_bytes())
- .map_err(|_| type_error("invalid PKCS#1 private key"))?
+ SecretDocument::from_pkcs1_der(doc.as_bytes()).map_err(|_| {
+ AsymmetricPrivateKeyError::InvalidPkcs1PrivateKey
+ })?
}
sec1::EcPrivateKey::PEM_LABEL => {
SecretDocument::from_sec1_der(doc.as_bytes())
- .map_err(|_| type_error("invalid SEC1 private key"))?
+ .map_err(|_| AsymmetricPrivateKeyError::InvalidSec1PrivateKey)?
}
_ => {
- return Err(type_error(format!(
- "unsupported PEM label: {}",
- label
- )))
+ return Err(AsymmetricPrivateKeyError::UnsupportedPemLabel(
+ label.to_string(),
+ ))
}
}
}
@@ -413,54 +566,57 @@ impl KeyObjectHandle {
"der" => match typ {
"pkcs8" => {
if let Some(passphrase) = passphrase {
- SecretDocument::from_pkcs8_encrypted_der(key, passphrase)
- .map_err(|_| type_error("invalid encrypted PKCS#8 private key"))?
+ SecretDocument::from_pkcs8_encrypted_der(key, passphrase).map_err(
+ |_| AsymmetricPrivateKeyError::InvalidEncryptedPkcs8PrivateKey,
+ )?
} else {
SecretDocument::from_pkcs8_der(key)
- .map_err(|_| type_error("invalid PKCS#8 private key"))?
+ .map_err(|_| AsymmetricPrivateKeyError::InvalidPkcs8PrivateKey)?
}
}
"pkcs1" => {
if passphrase.is_some() {
- return Err(type_error(
- "PKCS#1 private key does not support encryption with passphrase",
- ));
+ return Err(AsymmetricPrivateKeyError::Pkcs1PrivateKeyDoesNotSupportEncryptionWithPassphrase);
}
SecretDocument::from_pkcs1_der(key)
- .map_err(|_| type_error("invalid PKCS#1 private key"))?
+ .map_err(|_| AsymmetricPrivateKeyError::InvalidPkcs1PrivateKey)?
}
"sec1" => {
if passphrase.is_some() {
- return Err(type_error(
- "SEC1 private key does not support encryption with passphrase",
- ));
+ return Err(AsymmetricPrivateKeyError::Sec1PrivateKeyDoesNotSupportEncryptionWithPassphrase);
}
SecretDocument::from_sec1_der(key)
- .map_err(|_| type_error("invalid SEC1 private key"))?
+ .map_err(|_| AsymmetricPrivateKeyError::InvalidSec1PrivateKey)?
+ }
+ _ => {
+ return Err(AsymmetricPrivateKeyError::UnsupportedKeyType(
+ typ.to_string(),
+ ))
}
- _ => return Err(type_error(format!("unsupported key type: {}", typ))),
},
_ => {
- return Err(type_error(format!("unsupported key format: {}", format)))
+ return Err(AsymmetricPrivateKeyError::UnsupportedKeyFormat(
+ format.to_string(),
+ ))
}
};
let pk_info = PrivateKeyInfo::try_from(document.as_bytes())
- .map_err(|_| type_error("invalid private key"))?;
+ .map_err(|_| AsymmetricPrivateKeyError::InvalidPrivateKey)?;
let alg = pk_info.algorithm.oid;
let private_key = match alg {
RSA_ENCRYPTION_OID => {
let private_key =
rsa::RsaPrivateKey::from_pkcs1_der(pk_info.private_key)
- .map_err(|_| type_error("invalid PKCS#1 private key"))?;
+ .map_err(|_| AsymmetricPrivateKeyError::InvalidPkcs1PrivateKey)?;
AsymmetricPrivateKey::Rsa(private_key)
}
RSASSA_PSS_OID => {
let details = parse_rsa_pss_params(pk_info.algorithm.parameters)?;
let private_key =
rsa::RsaPrivateKey::from_pkcs1_der(pk_info.private_key)
- .map_err(|_| type_error("invalid PKCS#1 private key"))?;
+ .map_err(|_| AsymmetricPrivateKeyError::InvalidPkcs1PrivateKey)?;
AsymmetricPrivateKey::RsaPss(RsaPssPrivateKey {
key: private_key,
details,
@@ -468,40 +624,43 @@ impl KeyObjectHandle {
}
DSA_OID => {
let private_key = dsa::SigningKey::try_from(pk_info)
- .map_err(|_| type_error("invalid DSA private key"))?;
+ .map_err(|_| AsymmetricPrivateKeyError::InvalidDsaPrivateKey)?;
AsymmetricPrivateKey::Dsa(private_key)
}
EC_OID => {
let named_curve = pk_info.algorithm.parameters_oid().map_err(|_| {
- type_error("malformed or missing named curve in ec parameters")
+ AsymmetricPrivateKeyError::MalformedOrMissingNamedCurveInEcParameters
})?;
match named_curve {
ID_SECP224R1_OID => {
- let secret_key =
- p224::SecretKey::from_sec1_der(pk_info.private_key)
- .map_err(|_| type_error("invalid SEC1 private key"))?;
+ let secret_key = p224::SecretKey::from_sec1_der(
+ pk_info.private_key,
+ )
+ .map_err(|_| AsymmetricPrivateKeyError::InvalidSec1PrivateKey)?;
AsymmetricPrivateKey::Ec(EcPrivateKey::P224(secret_key))
}
ID_SECP256R1_OID => {
- let secret_key =
- p256::SecretKey::from_sec1_der(pk_info.private_key)
- .map_err(|_| type_error("invalid SEC1 private key"))?;
+ let secret_key = p256::SecretKey::from_sec1_der(
+ pk_info.private_key,
+ )
+ .map_err(|_| AsymmetricPrivateKeyError::InvalidSec1PrivateKey)?;
AsymmetricPrivateKey::Ec(EcPrivateKey::P256(secret_key))
}
ID_SECP384R1_OID => {
- let secret_key =
- p384::SecretKey::from_sec1_der(pk_info.private_key)
- .map_err(|_| type_error("invalid SEC1 private key"))?;
+ let secret_key = p384::SecretKey::from_sec1_der(
+ pk_info.private_key,
+ )
+ .map_err(|_| AsymmetricPrivateKeyError::InvalidSec1PrivateKey)?;
AsymmetricPrivateKey::Ec(EcPrivateKey::P384(secret_key))
}
- _ => return Err(type_error("unsupported ec named curve")),
+ _ => return Err(AsymmetricPrivateKeyError::UnsupportedEcNamedCurve),
}
}
X25519_OID => {
let string_ref = OctetStringRef::from_der(pk_info.private_key)
- .map_err(|_| type_error("invalid x25519 private key"))?;
+ .map_err(|_| AsymmetricPrivateKeyError::InvalidX25519PrivateKey)?;
if string_ref.as_bytes().len() != 32 {
- return Err(type_error("x25519 private key is the wrong length"));
+ return Err(AsymmetricPrivateKeyError::X25519PrivateKeyIsWrongLength);
}
let mut bytes = [0; 32];
bytes.copy_from_slice(string_ref.as_bytes());
@@ -509,22 +668,22 @@ impl KeyObjectHandle {
}
ED25519_OID => {
let signing_key = ed25519_dalek::SigningKey::try_from(pk_info)
- .map_err(|_| type_error("invalid Ed25519 private key"))?;
+ .map_err(|_| AsymmetricPrivateKeyError::InvalidEd25519PrivateKey)?;
AsymmetricPrivateKey::Ed25519(signing_key)
}
DH_KEY_AGREEMENT_OID => {
let params = pk_info
.algorithm
.parameters
- .ok_or_else(|| type_error("missing dh parameters"))?;
+ .ok_or(AsymmetricPrivateKeyError::MissingDhParameters)?;
let params = pkcs3::DhParameter::from_der(&params.to_der().unwrap())
- .map_err(|_| type_error("malformed dh parameters"))?;
+ .map_err(|_| AsymmetricPrivateKeyError::MissingDhParameters)?;
AsymmetricPrivateKey::Dh(DhPrivateKey {
key: dh::PrivateKey::from_bytes(pk_info.private_key),
params,
})
}
- _ => return Err(type_error("unsupported private key oid")),
+ _ => return Err(AsymmetricPrivateKeyError::UnsupportedPrivateKeyOid),
};
Ok(KeyObjectHandle::AsymmetricPrivate(private_key))
@@ -532,7 +691,7 @@ impl KeyObjectHandle {
pub fn new_x509_public_key(
spki: &x509::SubjectPublicKeyInfo,
- ) -> Result<KeyObjectHandle, AnyError> {
+ ) -> Result<KeyObjectHandle, X509PublicKeyError> {
use x509_parser::der_parser::asn1_rs::oid;
use x509_parser::public_key::PublicKey;
@@ -565,18 +724,18 @@ impl KeyObjectHandle {
let public_key = p384::PublicKey::from_sec1_bytes(data)?;
AsymmetricPublicKey::Ec(EcPublicKey::P384(public_key))
}
- _ => return Err(type_error("unsupported ec named curve")),
+ _ => return Err(X509PublicKeyError::UnsupportedEcNamedCurve),
}
} else {
- return Err(type_error("missing ec parameters"));
+ return Err(X509PublicKeyError::MissingEcParameters);
}
}
PublicKey::DSA(_) => {
let verifying_key = dsa::VerifyingKey::from_public_key_der(spki.raw)
- .map_err(|_| type_error("malformed DSS public key"))?;
+ .map_err(|_| X509PublicKeyError::MalformedDssPublicKey)?;
AsymmetricPublicKey::Dsa(verifying_key)
}
- _ => return Err(type_error("unsupported x509 public key type")),
+ _ => return Err(X509PublicKeyError::UnsupportedX509KeyType),
};
Ok(KeyObjectHandle::AsymmetricPublic(key))
@@ -585,7 +744,7 @@ impl KeyObjectHandle {
pub fn new_rsa_jwk(
jwk: RsaJwkKey,
is_public: bool,
- ) -> Result<KeyObjectHandle, AnyError> {
+ ) -> Result<KeyObjectHandle, RsaJwkError> {
use base64::prelude::BASE64_URL_SAFE_NO_PAD;
let n = BASE64_URL_SAFE_NO_PAD.decode(jwk.n.as_bytes())?;
@@ -604,19 +763,19 @@ impl KeyObjectHandle {
let d = BASE64_URL_SAFE_NO_PAD.decode(
jwk
.d
- .ok_or_else(|| type_error("missing RSA private component"))?
+ .ok_or(RsaJwkError::MissingRsaPrivateComponent)?
.as_bytes(),
)?;
let p = BASE64_URL_SAFE_NO_PAD.decode(
jwk
.p
- .ok_or_else(|| type_error("missing RSA private component"))?
+ .ok_or(RsaJwkError::MissingRsaPrivateComponent)?
.as_bytes(),
)?;
let q = BASE64_URL_SAFE_NO_PAD.decode(
jwk
.q
- .ok_or_else(|| type_error("missing RSA private component"))?
+ .ok_or(RsaJwkError::MissingRsaPrivateComponent)?
.as_bytes(),
)?;
@@ -640,7 +799,7 @@ impl KeyObjectHandle {
pub fn new_ec_jwk(
jwk: &JwkEcKey,
is_public: bool,
- ) -> Result<KeyObjectHandle, AnyError> {
+ ) -> Result<KeyObjectHandle, EcJwkError> {
// https://datatracker.ietf.org/doc/html/rfc7518#section-6.2.1.1
let handle = match jwk.crv() {
"P-256" if is_public => {
@@ -660,7 +819,7 @@ impl KeyObjectHandle {
EcPrivateKey::P384(p384::SecretKey::from_jwk(jwk)?),
)),
_ => {
- return Err(type_error(format!("unsupported curve: {}", jwk.crv())));
+ return Err(EcJwkError::UnsupportedCurve(jwk.crv().to_string()));
}
};
@@ -671,12 +830,11 @@ impl KeyObjectHandle {
curve: &str,
data: &[u8],
is_public: bool,
- ) -> Result<KeyObjectHandle, AnyError> {
+ ) -> Result<KeyObjectHandle, EdRawError> {
match curve {
"Ed25519" => {
- let data = data
- .try_into()
- .map_err(|_| type_error("invalid Ed25519 key"))?;
+ let data =
+ data.try_into().map_err(|_| EdRawError::InvalidEd25519Key)?;
if !is_public {
Ok(KeyObjectHandle::AsymmetricPrivate(
AsymmetricPrivateKey::Ed25519(
@@ -692,9 +850,8 @@ impl KeyObjectHandle {
}
}
"X25519" => {
- let data: [u8; 32] = data
- .try_into()
- .map_err(|_| type_error("invalid x25519 key"))?;
+ let data: [u8; 32] =
+ data.try_into().map_err(|_| EdRawError::InvalidEd25519Key)?;
if !is_public {
Ok(KeyObjectHandle::AsymmetricPrivate(
AsymmetricPrivateKey::X25519(x25519_dalek::StaticSecret::from(
@@ -707,7 +864,7 @@ impl KeyObjectHandle {
))
}
}
- _ => Err(type_error("unsupported curve")),
+ _ => Err(EdRawError::UnsupportedCurve),
}
}
@@ -716,24 +873,23 @@ impl KeyObjectHandle {
format: &str,
typ: &str,
passphrase: Option<&[u8]>,
- ) -> Result<KeyObjectHandle, AnyError> {
+ ) -> Result<KeyObjectHandle, AsymmetricPublicKeyError> {
let document = match format {
"pem" => {
let pem = std::str::from_utf8(key).map_err(|err| {
- type_error(format!(
- "invalid PEM public key: not valid utf8 starting at byte {}",
- err.valid_up_to()
- ))
+ AsymmetricPublicKeyError::InvalidPemPrivateKeyInvalidUtf8(
+ err.valid_up_to(),
+ )
})?;
let (label, document) = Document::from_pem(pem)
- .map_err(|_| type_error("invalid PEM public key"))?;
+ .map_err(|_| AsymmetricPublicKeyError::InvalidPemPublicKey)?;
match label {
SubjectPublicKeyInfoRef::PEM_LABEL => document,
rsa::pkcs1::RsaPublicKey::PEM_LABEL => {
Document::from_pkcs1_der(document.as_bytes())
- .map_err(|_| type_error("invalid PKCS#1 public key"))?
+ .map_err(|_| AsymmetricPublicKeyError::InvalidPkcs1PublicKey)?
}
EncryptedPrivateKeyInfo::PEM_LABEL
| PrivateKeyInfo::PEM_LABEL
@@ -754,27 +910,36 @@ impl KeyObjectHandle {
}
"CERTIFICATE" => {
let (_, pem) = x509_parser::pem::parse_x509_pem(pem.as_bytes())
- .map_err(|_| type_error("invalid x509 certificate"))?;
+ .map_err(|_| AsymmetricPublicKeyError::InvalidX509Certificate)?;
let cert = pem.parse_x509()?;
let public_key = cert.tbs_certificate.subject_pki;
- return KeyObjectHandle::new_x509_public_key(&public_key);
+ return KeyObjectHandle::new_x509_public_key(&public_key)
+ .map_err(Into::into);
}
_ => {
- return Err(type_error(format!("unsupported PEM label: {}", label)))
+ return Err(AsymmetricPublicKeyError::UnsupportedPemLabel(
+ label.to_string(),
+ ))
}
}
}
"der" => match typ {
"pkcs1" => Document::from_pkcs1_der(key)
- .map_err(|_| type_error("invalid PKCS#1 public key"))?,
+ .map_err(|_| AsymmetricPublicKeyError::InvalidPkcs1PublicKey)?,
"spki" => Document::from_public_key_der(key)
- .map_err(|_| type_error("invalid SPKI public key"))?,
- _ => return Err(type_error(format!("unsupported key type: {}", typ))),
+ .map_err(|_| AsymmetricPublicKeyError::InvalidSpkiPublicKey)?,
+ _ => {
+ return Err(AsymmetricPublicKeyError::UnsupportedKeyType(
+ typ.to_string(),
+ ))
+ }
},
_ => {
- return Err(type_error(format!("unsupported key format: {}", format)))
+ return Err(AsymmetricPublicKeyError::UnsupportedKeyType(
+ format.to_string(),
+ ))
}
};
@@ -799,16 +964,16 @@ impl KeyObjectHandle {
}
DSA_OID => {
let verifying_key = dsa::VerifyingKey::try_from(spki)
- .map_err(|_| type_error("malformed DSS public key"))?;
+ .map_err(|_| AsymmetricPublicKeyError::MalformedDssPublicKey)?;
AsymmetricPublicKey::Dsa(verifying_key)
}
EC_OID => {
let named_curve = spki.algorithm.parameters_oid().map_err(|_| {
- type_error("malformed or missing named curve in ec parameters")
- })?;
- let data = spki.subject_public_key.as_bytes().ok_or_else(|| {
- type_error("malformed or missing public key in ec spki")
+ AsymmetricPublicKeyError::MalformedOrMissingNamedCurveInEcParameters
})?;
+ let data = spki.subject_public_key.as_bytes().ok_or(
+ AsymmetricPublicKeyError::MalformedOrMissingPublicKeyInEcSpki,
+ )?;
match named_curve {
ID_SECP224R1_OID => {
@@ -823,54 +988,68 @@ impl KeyObjectHandle {
let public_key = p384::PublicKey::from_sec1_bytes(data)?;
AsymmetricPublicKey::Ec(EcPublicKey::P384(public_key))
}
- _ => return Err(type_error("unsupported ec named curve")),
+ _ => return Err(AsymmetricPublicKeyError::UnsupportedEcNamedCurve),
}
}
X25519_OID => {
let mut bytes = [0; 32];
- let data = spki.subject_public_key.as_bytes().ok_or_else(|| {
- type_error("malformed or missing public key in x25519 spki")
- })?;
+ let data = spki.subject_public_key.as_bytes().ok_or(
+ AsymmetricPublicKeyError::MalformedOrMissingPublicKeyInX25519Spki,
+ )?;
if data.len() < 32 {
- return Err(type_error("x25519 public key is too short"));
+ return Err(AsymmetricPublicKeyError::X25519PublicKeyIsTooShort);
}
bytes.copy_from_slice(&data[0..32]);
AsymmetricPublicKey::X25519(x25519_dalek::PublicKey::from(bytes))
}
ED25519_OID => {
let verifying_key = ed25519_dalek::VerifyingKey::try_from(spki)
- .map_err(|_| type_error("invalid Ed25519 private key"))?;
+ .map_err(|_| AsymmetricPublicKeyError::InvalidEd25519PublicKey)?;
AsymmetricPublicKey::Ed25519(verifying_key)
}
DH_KEY_AGREEMENT_OID => {
let params = spki
.algorithm
.parameters
- .ok_or_else(|| type_error("missing dh parameters"))?;
+ .ok_or(AsymmetricPublicKeyError::MissingDhParameters)?;
let params = pkcs3::DhParameter::from_der(&params.to_der().unwrap())
- .map_err(|_| type_error("malformed dh parameters"))?;
+ .map_err(|_| AsymmetricPublicKeyError::MalformedDhParameters)?;
let Some(subject_public_key) = spki.subject_public_key.as_bytes()
else {
- return Err(type_error("malformed or missing public key in dh spki"));
+ return Err(
+ AsymmetricPublicKeyError::MalformedOrMissingPublicKeyInDhSpki,
+ );
};
AsymmetricPublicKey::Dh(DhPublicKey {
key: dh::PublicKey::from_bytes(subject_public_key),
params,
})
}
- _ => return Err(type_error("unsupported public key oid")),
+ _ => return Err(AsymmetricPublicKeyError::UnsupportedPrivateKeyOid),
};
Ok(KeyObjectHandle::AsymmetricPublic(public_key))
}
}
+#[derive(Debug, thiserror::Error)]
+pub enum RsaPssParamsParseError {
+ #[error("malformed pss private key parameters")]
+ MalformedPssPrivateKeyParameters,
+ #[error("unsupported pss hash algorithm")]
+ UnsupportedPssHashAlgorithm,
+ #[error("unsupported pss mask gen algorithm")]
+ UnsupportedPssMaskGenAlgorithm,
+ #[error("malformed or missing pss mask gen algorithm parameters")]
+ MalformedOrMissingPssMaskGenAlgorithm,
+}
+
fn parse_rsa_pss_params(
parameters: Option<AnyRef<'_>>,
-) -> Result<Option<RsaPssDetails>, deno_core::anyhow::Error> {
+) -> Result<Option<RsaPssDetails>, RsaPssParamsParseError> {
let details = if let Some(parameters) = parameters {
let params = RsaPssParameters::try_from(parameters)
- .map_err(|_| type_error("malformed pss private key parameters"))?;
+ .map_err(|_| RsaPssParamsParseError::MalformedPssPrivateKeyParameters)?;
let hash_algorithm = match params.hash_algorithm.map(|k| k.oid) {
Some(ID_SHA1_OID) => RsaPssHashAlgorithm::Sha1,
@@ -881,16 +1060,16 @@ fn parse_rsa_pss_params(
Some(ID_SHA512_224_OID) => RsaPssHashAlgorithm::Sha512_224,
Some(ID_SHA512_256_OID) => RsaPssHashAlgorithm::Sha512_256,
None => RsaPssHashAlgorithm::Sha1,
- _ => return Err(type_error("unsupported pss hash algorithm")),
+ _ => return Err(RsaPssParamsParseError::UnsupportedPssHashAlgorithm),
};
let mf1_hash_algorithm = match params.mask_gen_algorithm {
Some(alg) => {
if alg.oid != ID_MFG1 {
- return Err(type_error("unsupported pss mask gen algorithm"));
+ return Err(RsaPssParamsParseError::UnsupportedPssMaskGenAlgorithm);
}
let params = alg.parameters_oid().map_err(|_| {
- type_error("malformed or missing pss mask gen algorithm parameters")
+ RsaPssParamsParseError::MalformedOrMissingPssMaskGenAlgorithm
})?;
match params {
ID_SHA1_OID => RsaPssHashAlgorithm::Sha1,
@@ -900,7 +1079,9 @@ fn parse_rsa_pss_params(
ID_SHA512_OID => RsaPssHashAlgorithm::Sha512,
ID_SHA512_224_OID => RsaPssHashAlgorithm::Sha512_224,
ID_SHA512_256_OID => RsaPssHashAlgorithm::Sha512_256,
- _ => return Err(type_error("unsupported pss mask gen algorithm")),
+ _ => {
+ return Err(RsaPssParamsParseError::UnsupportedPssMaskGenAlgorithm)
+ }
}
}
None => hash_algorithm,
@@ -921,14 +1102,49 @@ fn parse_rsa_pss_params(
Ok(details)
}
-use base64::prelude::BASE64_URL_SAFE_NO_PAD;
-
fn bytes_to_b64(bytes: &[u8]) -> String {
+ use base64::prelude::BASE64_URL_SAFE_NO_PAD;
BASE64_URL_SAFE_NO_PAD.encode(bytes)
}
+#[derive(Debug, thiserror::Error)]
+pub enum AsymmetricPublicKeyJwkError {
+ #[error("key is not an asymmetric public key")]
+ KeyIsNotAsymmetricPublicKey,
+ #[error("Unsupported JWK EC curve: P224")]
+ UnsupportedJwkEcCurveP224,
+ #[error("jwk export not implemented for this key type")]
+ JwkExportNotImplementedForKeyType,
+}
+
+#[derive(Debug, thiserror::Error)]
+pub enum AsymmetricPublicKeyDerError {
+ #[error("key is not an asymmetric public key")]
+ KeyIsNotAsymmetricPublicKey,
+ #[error("invalid RSA public key")]
+ InvalidRsaPublicKey,
+ #[error("exporting non-RSA public key as PKCS#1 is not supported")]
+ ExportingNonRsaPublicKeyAsPkcs1Unsupported,
+ #[error("invalid EC public key")]
+ InvalidEcPublicKey,
+ #[error("exporting RSA-PSS public key as SPKI is not supported yet")]
+ ExportingNonRsaPssPublicKeyAsSpkiUnsupported,
+ #[error("invalid DSA public key")]
+ InvalidDsaPublicKey,
+ #[error("invalid X25519 public key")]
+ InvalidX25519PublicKey,
+ #[error("invalid Ed25519 public key")]
+ InvalidEd25519PublicKey,
+ #[error("invalid DH public key")]
+ InvalidDhPublicKey,
+ #[error("unsupported key type: {0}")]
+ UnsupportedKeyType(String),
+}
+
impl AsymmetricPublicKey {
- fn export_jwk(&self) -> Result<deno_core::serde_json::Value, AnyError> {
+ fn export_jwk(
+ &self,
+ ) -> Result<deno_core::serde_json::Value, AsymmetricPublicKeyJwkError> {
match self {
AsymmetricPublicKey::Ec(key) => {
let jwk = key.to_jwk()?;
@@ -974,40 +1190,39 @@ impl AsymmetricPublicKey {
});
Ok(jwk)
}
- _ => Err(type_error("jwk export not implemented for this key type")),
+ _ => Err(AsymmetricPublicKeyJwkError::JwkExportNotImplementedForKeyType),
}
}
- fn export_der(&self, typ: &str) -> Result<Box<[u8]>, AnyError> {
+ fn export_der(
+ &self,
+ typ: &str,
+ ) -> Result<Box<[u8]>, AsymmetricPublicKeyDerError> {
match typ {
"pkcs1" => match self {
AsymmetricPublicKey::Rsa(key) => {
let der = key
.to_pkcs1_der()
- .map_err(|_| type_error("invalid RSA public key"))?
+ .map_err(|_| AsymmetricPublicKeyDerError::InvalidRsaPublicKey)?
.into_vec()
.into_boxed_slice();
Ok(der)
}
- _ => Err(type_error(
- "exporting non-RSA public key as PKCS#1 is not supported",
- )),
+ _ => Err(AsymmetricPublicKeyDerError::ExportingNonRsaPublicKeyAsPkcs1Unsupported),
},
"spki" => {
let der = match self {
AsymmetricPublicKey::Rsa(key) => key
.to_public_key_der()
- .map_err(|_| type_error("invalid RSA public key"))?
+ .map_err(|_| AsymmetricPublicKeyDerError::InvalidRsaPublicKey)?
.into_vec()
.into_boxed_slice(),
AsymmetricPublicKey::RsaPss(_key) => {
- return Err(generic_error(
- "exporting RSA-PSS public key as SPKI is not supported yet",
- ))
+ return Err(AsymmetricPublicKeyDerError::ExportingNonRsaPssPublicKeyAsSpkiUnsupported)
}
AsymmetricPublicKey::Dsa(key) => key
.to_public_key_der()
- .map_err(|_| type_error("invalid DSA public key"))?
+ .map_err(|_| AsymmetricPublicKeyDerError::InvalidDsaPublicKey)?
.into_vec()
.into_boxed_slice(),
AsymmetricPublicKey::Ec(key) => {
@@ -1023,12 +1238,12 @@ impl AsymmetricPublicKey {
parameters: Some(asn1::AnyRef::from(&oid)),
},
subject_public_key: BitStringRef::from_bytes(&sec1)
- .map_err(|_| type_error("invalid EC public key"))?,
+ .map_err(|_| AsymmetricPublicKeyDerError::InvalidEcPublicKey)?,
};
spki
.to_der()
- .map_err(|_| type_error("invalid EC public key"))?
+ .map_err(|_| AsymmetricPublicKeyDerError::InvalidEcPublicKey)?
.into_boxed_slice()
}
AsymmetricPublicKey::X25519(key) => {
@@ -1038,12 +1253,12 @@ impl AsymmetricPublicKey {
parameters: None,
},
subject_public_key: BitStringRef::from_bytes(key.as_bytes())
- .map_err(|_| type_error("invalid X25519 public key"))?,
+ .map_err(|_| AsymmetricPublicKeyDerError::InvalidX25519PublicKey)?,
};
spki
.to_der()
- .map_err(|_| type_error("invalid X25519 public key"))?
+ .map_err(|_| AsymmetricPublicKeyDerError::InvalidX25519PublicKey)?
.into_boxed_slice()
}
AsymmetricPublicKey::Ed25519(key) => {
@@ -1053,12 +1268,12 @@ impl AsymmetricPublicKey {
parameters: None,
},
subject_public_key: BitStringRef::from_bytes(key.as_bytes())
- .map_err(|_| type_error("invalid Ed25519 public key"))?,
+ .map_err(|_| AsymmetricPublicKeyDerError::InvalidEd25519PublicKey)?,
};
spki
.to_der()
- .map_err(|_| type_error("invalid Ed25519 public key"))?
+ .map_err(|_| AsymmetricPublicKeyDerError::InvalidEd25519PublicKey)?
.into_boxed_slice()
}
AsymmetricPublicKey::Dh(key) => {
@@ -1071,43 +1286,67 @@ impl AsymmetricPublicKey {
},
subject_public_key: BitStringRef::from_bytes(&public_key_bytes)
.map_err(|_| {
- type_error("invalid DH public key")
+ AsymmetricPublicKeyDerError::InvalidDhPublicKey
})?,
};
spki
.to_der()
- .map_err(|_| type_error("invalid DH public key"))?
+ .map_err(|_| AsymmetricPublicKeyDerError::InvalidDhPublicKey)?
.into_boxed_slice()
}
};
Ok(der)
}
- _ => Err(type_error(format!("unsupported key type: {}", typ))),
+ _ => Err(AsymmetricPublicKeyDerError::UnsupportedKeyType(typ.to_string())),
}
}
}
+#[derive(Debug, thiserror::Error)]
+pub enum AsymmetricPrivateKeyDerError {
+ #[error("key is not an asymmetric private key")]
+ KeyIsNotAsymmetricPrivateKey,
+ #[error("invalid RSA private key")]
+ InvalidRsaPrivateKey,
+ #[error("exporting non-RSA private key as PKCS#1 is not supported")]
+ ExportingNonRsaPrivateKeyAsPkcs1Unsupported,
+ #[error("invalid EC private key")]
+ InvalidEcPrivateKey,
+ #[error("exporting non-EC private key as SEC1 is not supported")]
+ ExportingNonEcPrivateKeyAsSec1Unsupported,
+ #[error("exporting RSA-PSS private key as PKCS#8 is not supported yet")]
+ ExportingNonRsaPssPrivateKeyAsPkcs8Unsupported,
+ #[error("invalid DSA private key")]
+ InvalidDsaPrivateKey,
+ #[error("invalid X25519 private key")]
+ InvalidX25519PrivateKey,
+ #[error("invalid Ed25519 private key")]
+ InvalidEd25519PrivateKey,
+ #[error("invalid DH private key")]
+ InvalidDhPrivateKey,
+ #[error("unsupported key type: {0}")]
+ UnsupportedKeyType(String),
+}
+
impl AsymmetricPrivateKey {
fn export_der(
&self,
typ: &str,
// cipher: Option<&str>,
// passphrase: Option<&str>,
- ) -> Result<Box<[u8]>, AnyError> {
+ ) -> Result<Box<[u8]>, AsymmetricPrivateKeyDerError> {
match typ {
"pkcs1" => match self {
AsymmetricPrivateKey::Rsa(key) => {
let der = key
.to_pkcs1_der()
- .map_err(|_| type_error("invalid RSA private key"))?
+ .map_err(|_| AsymmetricPrivateKeyDerError::InvalidRsaPrivateKey)?
.to_bytes()
.to_vec()
.into_boxed_slice();
Ok(der)
}
- _ => Err(type_error(
- "exporting non-RSA private key as PKCS#1 is not supported",
- )),
+ _ => Err(AsymmetricPrivateKeyDerError::ExportingNonRsaPrivateKeyAsPkcs1Unsupported),
},
"sec1" => match self {
AsymmetricPrivateKey::Ec(key) => {
@@ -1116,30 +1355,26 @@ impl AsymmetricPrivateKey {
EcPrivateKey::P256(key) => key.to_sec1_der(),
EcPrivateKey::P384(key) => key.to_sec1_der(),
}
- .map_err(|_| type_error("invalid EC private key"))?;
+ .map_err(|_| AsymmetricPrivateKeyDerError::InvalidEcPrivateKey)?;
Ok(sec1.to_vec().into_boxed_slice())
}
- _ => Err(type_error(
- "exporting non-EC private key as SEC1 is not supported",
- )),
+ _ => Err(AsymmetricPrivateKeyDerError::ExportingNonEcPrivateKeyAsSec1Unsupported),
},
"pkcs8" => {
let der = match self {
AsymmetricPrivateKey::Rsa(key) => {
let document = key
.to_pkcs8_der()
- .map_err(|_| type_error("invalid RSA private key"))?;
+ .map_err(|_| AsymmetricPrivateKeyDerError::InvalidRsaPrivateKey)?;
document.to_bytes().to_vec().into_boxed_slice()
}
AsymmetricPrivateKey::RsaPss(_key) => {
- return Err(generic_error(
- "exporting RSA-PSS private key as PKCS#8 is not supported yet",
- ))
+ return Err(AsymmetricPrivateKeyDerError::ExportingNonRsaPssPrivateKeyAsPkcs8Unsupported)
}
AsymmetricPrivateKey::Dsa(key) => {
let document = key
.to_pkcs8_der()
- .map_err(|_| type_error("invalid DSA private key"))?;
+ .map_err(|_| AsymmetricPrivateKeyDerError::InvalidDsaPrivateKey)?;
document.to_bytes().to_vec().into_boxed_slice()
}
AsymmetricPrivateKey::Ec(key) => {
@@ -1148,14 +1383,14 @@ impl AsymmetricPrivateKey {
EcPrivateKey::P256(key) => key.to_pkcs8_der(),
EcPrivateKey::P384(key) => key.to_pkcs8_der(),
}
- .map_err(|_| type_error("invalid EC private key"))?;
+ .map_err(|_| AsymmetricPrivateKeyDerError::InvalidEcPrivateKey)?;
document.to_bytes().to_vec().into_boxed_slice()
}
AsymmetricPrivateKey::X25519(key) => {
let private_key = OctetStringRef::new(key.as_bytes())
- .map_err(|_| type_error("invalid X25519 private key"))?
+ .map_err(|_| AsymmetricPrivateKeyDerError::InvalidX25519PrivateKey)?
.to_der()
- .map_err(|_| type_error("invalid X25519 private key"))?;
+ .map_err(|_| AsymmetricPrivateKeyDerError::InvalidX25519PrivateKey)?;
let private_key = PrivateKeyInfo {
algorithm: rsa::pkcs8::AlgorithmIdentifierRef {
@@ -1168,15 +1403,15 @@ impl AsymmetricPrivateKey {
let der = private_key
.to_der()
- .map_err(|_| type_error("invalid X25519 private key"))?
+ .map_err(|_| AsymmetricPrivateKeyDerError::InvalidX25519PrivateKey)?
.into_boxed_slice();
return Ok(der);
}
AsymmetricPrivateKey::Ed25519(key) => {
let private_key = OctetStringRef::new(key.as_bytes())
- .map_err(|_| type_error("invalid Ed25519 private key"))?
+ .map_err(|_| AsymmetricPrivateKeyDerError::InvalidEd25519PrivateKey)?
.to_der()
- .map_err(|_| type_error("invalid Ed25519 private key"))?;
+ .map_err(|_| AsymmetricPrivateKeyDerError::InvalidEd25519PrivateKey)?;
let private_key = PrivateKeyInfo {
algorithm: rsa::pkcs8::AlgorithmIdentifierRef {
@@ -1189,7 +1424,7 @@ impl AsymmetricPrivateKey {
private_key
.to_der()
- .map_err(|_| type_error("invalid ED25519 private key"))?
+ .map_err(|_| AsymmetricPrivateKeyDerError::InvalidEd25519PrivateKey)?
.into_boxed_slice()
}
AsymmetricPrivateKey::Dh(key) => {
@@ -1206,14 +1441,14 @@ impl AsymmetricPrivateKey {
private_key
.to_der()
- .map_err(|_| type_error("invalid DH private key"))?
+ .map_err(|_| AsymmetricPrivateKeyDerError::InvalidDhPrivateKey)?
.into_boxed_slice()
}
};
Ok(der)
}
- _ => Err(type_error(format!("unsupported key type: {}", typ))),
+ _ => Err(AsymmetricPrivateKeyDerError::UnsupportedKeyType(typ.to_string())),
}
}
}
@@ -1225,7 +1460,7 @@ pub fn op_node_create_private_key(
#[string] format: &str,
#[string] typ: &str,
#[buffer] passphrase: Option<&[u8]>,
-) -> Result<KeyObjectHandle, AnyError> {
+) -> Result<KeyObjectHandle, AsymmetricPrivateKeyError> {
KeyObjectHandle::new_asymmetric_private_key_from_js(
key, format, typ, passphrase,
)
@@ -1237,7 +1472,7 @@ pub fn op_node_create_ed_raw(
#[string] curve: &str,
#[buffer] key: &[u8],
is_public: bool,
-) -> Result<KeyObjectHandle, AnyError> {
+) -> Result<KeyObjectHandle, EdRawError> {
KeyObjectHandle::new_ed_raw(curve, key, is_public)
}
@@ -1255,16 +1490,16 @@ pub struct RsaJwkKey {
pub fn op_node_create_rsa_jwk(
#[serde] jwk: RsaJwkKey,
is_public: bool,
-) -> Result<KeyObjectHandle, AnyError> {
+) -> Result<KeyObjectHandle, RsaJwkError> {
KeyObjectHandle::new_rsa_jwk(jwk, is_public)
}
#[op2]
#[cppgc]
pub fn op_node_create_ec_jwk(
- #[serde] jwk: elliptic_curve::JwkEcKey,
+ #[serde] jwk: JwkEcKey,
is_public: bool,
-) -> Result<KeyObjectHandle, AnyError> {
+) -> Result<KeyObjectHandle, EcJwkError> {
KeyObjectHandle::new_ec_jwk(&jwk, is_public)
}
@@ -1275,7 +1510,7 @@ pub fn op_node_create_public_key(
#[string] format: &str,
#[string] typ: &str,
#[buffer] passphrase: Option<&[u8]>,
-) -> Result<KeyObjectHandle, AnyError> {
+) -> Result<KeyObjectHandle, AsymmetricPublicKeyError> {
KeyObjectHandle::new_asymmetric_public_key_from_js(
key, format, typ, passphrase,
)
@@ -1293,7 +1528,7 @@ pub fn op_node_create_secret_key(
#[string]
pub fn op_node_get_asymmetric_key_type(
#[cppgc] handle: &KeyObjectHandle,
-) -> Result<&'static str, AnyError> {
+) -> Result<&'static str, deno_core::error::AnyError> {
match handle {
KeyObjectHandle::AsymmetricPrivate(AsymmetricPrivateKey::Rsa(_))
| KeyObjectHandle::AsymmetricPublic(AsymmetricPublicKey::Rsa(_)) => {
@@ -1364,7 +1599,7 @@ pub enum AsymmetricKeyDetails {
#[serde]
pub fn op_node_get_asymmetric_key_details(
#[cppgc] handle: &KeyObjectHandle,
-) -> Result<AsymmetricKeyDetails, AnyError> {
+) -> Result<AsymmetricKeyDetails, deno_core::error::AnyError> {
match handle {
KeyObjectHandle::AsymmetricPrivate(private_key) => match private_key {
AsymmetricPrivateKey::Rsa(key) => {
@@ -1482,12 +1717,10 @@ pub fn op_node_get_asymmetric_key_details(
#[smi]
pub fn op_node_get_symmetric_key_size(
#[cppgc] handle: &KeyObjectHandle,
-) -> Result<usize, AnyError> {
+) -> Result<usize, deno_core::error::AnyError> {
match handle {
- KeyObjectHandle::AsymmetricPrivate(_) => {
- Err(type_error("asymmetric key is not a symmetric key"))
- }
- KeyObjectHandle::AsymmetricPublic(_) => {
+ KeyObjectHandle::AsymmetricPrivate(_)
+ | KeyObjectHandle::AsymmetricPublic(_) => {
Err(type_error("asymmetric key is not a symmetric key"))
}
KeyObjectHandle::Secret(key) => Ok(key.len() * 8),
@@ -1592,13 +1825,17 @@ pub async fn op_node_generate_rsa_key_async(
.unwrap()
}
+#[derive(Debug, thiserror::Error)]
+#[error("digest not allowed for RSA-PSS keys{}", .0.as_ref().map(|digest| format!(": {digest}")).unwrap_or_default())]
+pub struct GenerateRsaPssError(Option<String>);
+
fn generate_rsa_pss(
modulus_length: usize,
public_exponent: usize,
hash_algorithm: Option<&str>,
mf1_hash_algorithm: Option<&str>,
salt_length: Option<u32>,
-) -> Result<KeyObjectHandlePair, AnyError> {
+) -> Result<KeyObjectHandlePair, GenerateRsaPssError> {
let key = RsaPrivateKey::new_with_exp(
&mut thread_rng(),
modulus_length,
@@ -1617,25 +1854,19 @@ fn generate_rsa_pss(
let hash_algorithm = match_fixed_digest_with_oid!(
hash_algorithm,
fn (algorithm: Option<RsaPssHashAlgorithm>) {
- algorithm.ok_or_else(|| type_error("digest not allowed for RSA-PSS keys: {}"))?
+ algorithm.ok_or(GenerateRsaPssError(None))?
},
_ => {
- return Err(type_error(format!(
- "digest not allowed for RSA-PSS keys: {}",
- hash_algorithm
- )))
+ return Err(GenerateRsaPssError(Some(hash_algorithm.to_string())))
}
);
let mf1_hash_algorithm = match_fixed_digest_with_oid!(
mf1_hash_algorithm,
fn (algorithm: Option<RsaPssHashAlgorithm>) {
- algorithm.ok_or_else(|| type_error("digest not allowed for RSA-PSS keys: {}"))?
+ algorithm.ok_or(GenerateRsaPssError(None))?
},
_ => {
- return Err(type_error(format!(
- "digest not allowed for RSA-PSS keys: {}",
- mf1_hash_algorithm
- )))
+ return Err(GenerateRsaPssError(Some(mf1_hash_algorithm.to_string())))
}
);
let salt_length =
@@ -1663,7 +1894,7 @@ pub fn op_node_generate_rsa_pss_key(
#[string] hash_algorithm: Option<String>, // todo: Option<&str> not supproted in ops yet
#[string] mf1_hash_algorithm: Option<String>, // todo: Option<&str> not supproted in ops yet
#[smi] salt_length: Option<u32>,
-) -> Result<KeyObjectHandlePair, AnyError> {
+) -> Result<KeyObjectHandlePair, GenerateRsaPssError> {
generate_rsa_pss(
modulus_length,
public_exponent,
@@ -1681,7 +1912,7 @@ pub async fn op_node_generate_rsa_pss_key_async(
#[string] hash_algorithm: Option<String>, // todo: Option<&str> not supproted in ops yet
#[string] mf1_hash_algorithm: Option<String>, // todo: Option<&str> not supproted in ops yet
#[smi] salt_length: Option<u32>,
-) -> Result<KeyObjectHandlePair, AnyError> {
+) -> Result<KeyObjectHandlePair, GenerateRsaPssError> {
spawn_blocking(move || {
generate_rsa_pss(
modulus_length,
@@ -1698,7 +1929,7 @@ pub async fn op_node_generate_rsa_pss_key_async(
fn dsa_generate(
modulus_length: usize,
divisor_length: usize,
-) -> Result<KeyObjectHandlePair, AnyError> {
+) -> Result<KeyObjectHandlePair, deno_core::error::AnyError> {
let mut rng = rand::thread_rng();
use dsa::Components;
use dsa::KeySize;
@@ -1729,7 +1960,7 @@ fn dsa_generate(
pub fn op_node_generate_dsa_key(
#[smi] modulus_length: usize,
#[smi] divisor_length: usize,
-) -> Result<KeyObjectHandlePair, AnyError> {
+) -> Result<KeyObjectHandlePair, deno_core::error::AnyError> {
dsa_generate(modulus_length, divisor_length)
}
@@ -1738,13 +1969,15 @@ pub fn op_node_generate_dsa_key(
pub async fn op_node_generate_dsa_key_async(
#[smi] modulus_length: usize,
#[smi] divisor_length: usize,
-) -> Result<KeyObjectHandlePair, AnyError> {
+) -> Result<KeyObjectHandlePair, deno_core::error::AnyError> {
spawn_blocking(move || dsa_generate(modulus_length, divisor_length))
.await
.unwrap()
}
-fn ec_generate(named_curve: &str) -> Result<KeyObjectHandlePair, AnyError> {
+fn ec_generate(
+ named_curve: &str,
+) -> Result<KeyObjectHandlePair, deno_core::error::AnyError> {
let mut rng = rand::thread_rng();
// TODO(@littledivy): Support public key point encoding.
// Default is uncompressed.
@@ -1776,7 +2009,7 @@ fn ec_generate(named_curve: &str) -> Result<KeyObjectHandlePair, AnyError> {
#[cppgc]
pub fn op_node_generate_ec_key(
#[string] named_curve: &str,
-) -> Result<KeyObjectHandlePair, AnyError> {
+) -> Result<KeyObjectHandlePair, deno_core::error::AnyError> {
ec_generate(named_curve)
}
@@ -1784,7 +2017,7 @@ pub fn op_node_generate_ec_key(
#[cppgc]
pub async fn op_node_generate_ec_key_async(
#[string] named_curve: String,
-) -> Result<KeyObjectHandlePair, AnyError> {
+) -> Result<KeyObjectHandlePair, deno_core::error::AnyError> {
spawn_blocking(move || ec_generate(&named_curve))
.await
.unwrap()
@@ -1840,7 +2073,7 @@ fn u32_slice_to_u8_slice(slice: &[u32]) -> &[u8] {
fn dh_group_generate(
group_name: &str,
-) -> Result<KeyObjectHandlePair, AnyError> {
+) -> Result<KeyObjectHandlePair, deno_core::error::AnyError> {
let (dh, prime, generator) = match group_name {
"modp5" => (
dh::DiffieHellman::group::<dh::Modp1536>(),
@@ -1895,7 +2128,7 @@ fn dh_group_generate(
#[cppgc]
pub fn op_node_generate_dh_group_key(
#[string] group_name: &str,
-) -> Result<KeyObjectHandlePair, AnyError> {
+) -> Result<KeyObjectHandlePair, deno_core::error::AnyError> {
dh_group_generate(group_name)
}
@@ -1903,7 +2136,7 @@ pub fn op_node_generate_dh_group_key(
#[cppgc]
pub async fn op_node_generate_dh_group_key_async(
#[string] group_name: String,
-) -> Result<KeyObjectHandlePair, AnyError> {
+) -> Result<KeyObjectHandlePair, deno_core::error::AnyError> {
spawn_blocking(move || dh_group_generate(&group_name))
.await
.unwrap()
@@ -1913,7 +2146,7 @@ fn dh_generate(
prime: Option<&[u8]>,
prime_len: usize,
generator: usize,
-) -> Result<KeyObjectHandlePair, AnyError> {
+) -> KeyObjectHandlePair {
let prime = prime
.map(|p| p.into())
.unwrap_or_else(|| Prime::generate(prime_len));
@@ -1923,7 +2156,7 @@ fn dh_generate(
base: asn1::Int::new(generator.to_be_bytes().as_slice()).unwrap(),
private_value_length: None,
};
- Ok(KeyObjectHandlePair::new(
+ KeyObjectHandlePair::new(
AsymmetricPrivateKey::Dh(DhPrivateKey {
key: dh.private_key,
params: params.clone(),
@@ -1932,7 +2165,7 @@ fn dh_generate(
key: dh.public_key,
params,
}),
- ))
+ )
}
#[op2]
@@ -1941,7 +2174,7 @@ pub fn op_node_generate_dh_key(
#[buffer] prime: Option<&[u8]>,
#[smi] prime_len: usize,
#[smi] generator: usize,
-) -> Result<KeyObjectHandlePair, AnyError> {
+) -> KeyObjectHandlePair {
dh_generate(prime, prime_len, generator)
}
@@ -1951,7 +2184,7 @@ pub async fn op_node_generate_dh_key_async(
#[buffer(copy)] prime: Option<Box<[u8]>>,
#[smi] prime_len: usize,
#[smi] generator: usize,
-) -> Result<KeyObjectHandlePair, AnyError> {
+) -> KeyObjectHandlePair {
spawn_blocking(move || dh_generate(prime.as_deref(), prime_len, generator))
.await
.unwrap()
@@ -1963,21 +2196,21 @@ pub fn op_node_dh_keys_generate_and_export(
#[buffer] prime: Option<&[u8]>,
#[smi] prime_len: usize,
#[smi] generator: usize,
-) -> Result<(ToJsBuffer, ToJsBuffer), AnyError> {
+) -> (ToJsBuffer, ToJsBuffer) {
let prime = prime
.map(|p| p.into())
.unwrap_or_else(|| Prime::generate(prime_len));
let dh = dh::DiffieHellman::new(prime, generator);
let private_key = dh.private_key.into_vec().into_boxed_slice();
let public_key = dh.public_key.into_vec().into_boxed_slice();
- Ok((private_key.into(), public_key.into()))
+ (private_key.into(), public_key.into())
}
#[op2]
#[buffer]
pub fn op_node_export_secret_key(
#[cppgc] handle: &KeyObjectHandle,
-) -> Result<Box<[u8]>, AnyError> {
+) -> Result<Box<[u8]>, deno_core::error::AnyError> {
let key = handle
.as_secret_key()
.ok_or_else(|| type_error("key is not a secret key"))?;
@@ -1988,7 +2221,7 @@ pub fn op_node_export_secret_key(
#[string]
pub fn op_node_export_secret_key_b64url(
#[cppgc] handle: &KeyObjectHandle,
-) -> Result<String, AnyError> {
+) -> Result<String, deno_core::error::AnyError> {
let key = handle
.as_secret_key()
.ok_or_else(|| type_error("key is not a secret key"))?;
@@ -1999,23 +2232,33 @@ pub fn op_node_export_secret_key_b64url(
#[serde]
pub fn op_node_export_public_key_jwk(
#[cppgc] handle: &KeyObjectHandle,
-) -> Result<deno_core::serde_json::Value, AnyError> {
+) -> Result<deno_core::serde_json::Value, AsymmetricPublicKeyJwkError> {
let public_key = handle
.as_public_key()
- .ok_or_else(|| type_error("key is not an asymmetric public key"))?;
+ .ok_or(AsymmetricPublicKeyJwkError::KeyIsNotAsymmetricPublicKey)?;
public_key.export_jwk()
}
+#[derive(Debug, thiserror::Error)]
+pub enum ExportPublicKeyPemError {
+ #[error(transparent)]
+ AsymmetricPublicKeyDer(#[from] AsymmetricPublicKeyDerError),
+ #[error("very large data")]
+ VeryLargeData,
+ #[error(transparent)]
+ Der(#[from] der::Error),
+}
+
#[op2]
#[string]
pub fn op_node_export_public_key_pem(
#[cppgc] handle: &KeyObjectHandle,
#[string] typ: &str,
-) -> Result<String, AnyError> {
+) -> Result<String, ExportPublicKeyPemError> {
let public_key = handle
.as_public_key()
- .ok_or_else(|| type_error("key is not an asymmetric public key"))?;
+ .ok_or(AsymmetricPublicKeyDerError::KeyIsNotAsymmetricPublicKey)?;
let data = public_key.export_der(typ)?;
let label = match typ {
@@ -2025,7 +2268,7 @@ pub fn op_node_export_public_key_pem(
};
let pem_len = der::pem::encapsulated_len(label, LineEnding::LF, data.len())
- .map_err(|_| type_error("very large data"))?;
+ .map_err(|_| ExportPublicKeyPemError::VeryLargeData)?;
let mut out = vec![0; pem_len];
let mut writer = PemWriter::new(label, LineEnding::LF, &mut out)?;
writer.write(&data)?;
@@ -2040,22 +2283,32 @@ pub fn op_node_export_public_key_pem(
pub fn op_node_export_public_key_der(
#[cppgc] handle: &KeyObjectHandle,
#[string] typ: &str,
-) -> Result<Box<[u8]>, AnyError> {
+) -> Result<Box<[u8]>, AsymmetricPublicKeyDerError> {
let public_key = handle
.as_public_key()
- .ok_or_else(|| type_error("key is not an asymmetric public key"))?;
+ .ok_or(AsymmetricPublicKeyDerError::KeyIsNotAsymmetricPublicKey)?;
public_key.export_der(typ)
}
+#[derive(Debug, thiserror::Error)]
+pub enum ExportPrivateKeyPemError {
+ #[error(transparent)]
+ AsymmetricPublicKeyDer(#[from] AsymmetricPrivateKeyDerError),
+ #[error("very large data")]
+ VeryLargeData,
+ #[error(transparent)]
+ Der(#[from] der::Error),
+}
+
#[op2]
#[string]
pub fn op_node_export_private_key_pem(
#[cppgc] handle: &KeyObjectHandle,
#[string] typ: &str,
-) -> Result<String, AnyError> {
+) -> Result<String, ExportPrivateKeyPemError> {
let private_key = handle
.as_private_key()
- .ok_or_else(|| type_error("key is not an asymmetric private key"))?;
+ .ok_or(AsymmetricPrivateKeyDerError::KeyIsNotAsymmetricPrivateKey)?;
let data = private_key.export_der(typ)?;
let label = match typ {
@@ -2066,7 +2319,7 @@ pub fn op_node_export_private_key_pem(
};
let pem_len = der::pem::encapsulated_len(label, LineEnding::LF, data.len())
- .map_err(|_| type_error("very large data"))?;
+ .map_err(|_| ExportPrivateKeyPemError::VeryLargeData)?;
let mut out = vec![0; pem_len];
let mut writer = PemWriter::new(label, LineEnding::LF, &mut out)?;
writer.write(&data)?;
@@ -2081,10 +2334,10 @@ pub fn op_node_export_private_key_pem(
pub fn op_node_export_private_key_der(
#[cppgc] handle: &KeyObjectHandle,
#[string] typ: &str,
-) -> Result<Box<[u8]>, AnyError> {
+) -> Result<Box<[u8]>, AsymmetricPrivateKeyDerError> {
let private_key = handle
.as_private_key()
- .ok_or_else(|| type_error("key is not an asymmetric private key"))?;
+ .ok_or(AsymmetricPrivateKeyDerError::KeyIsNotAsymmetricPrivateKey)?;
private_key.export_der(typ)
}
@@ -2102,7 +2355,7 @@ pub fn op_node_key_type(#[cppgc] handle: &KeyObjectHandle) -> &'static str {
#[cppgc]
pub fn op_node_derive_public_key_from_private_key(
#[cppgc] handle: &KeyObjectHandle,
-) -> Result<KeyObjectHandle, AnyError> {
+) -> Result<KeyObjectHandle, deno_core::error::AnyError> {
let Some(private_key) = handle.as_private_key() else {
return Err(type_error("expected private key"));
};
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-26 23:17:02 +0000