summaryrefslogtreecommitdiff
path: root/ext
diff options
context:
space:
mode:
Diffstat (limited to 'ext')
-rw-r--r--ext/crypto/Cargo.toml13
-rw-r--r--ext/crypto/ed25519.rs11
-rw-r--r--ext/crypto/export_key.rs21
-rw-r--r--ext/crypto/import_key.rs65
-rw-r--r--ext/crypto/x25519.rs11
-rw-r--r--ext/node/Cargo.toml5
6 files changed, 64 insertions, 62 deletions
diff --git a/ext/crypto/Cargo.toml b/ext/crypto/Cargo.toml
index d02bf58a3..5921beee6 100644
--- a/ext/crypto/Cargo.toml
+++ b/ext/crypto/Cargo.toml
@@ -25,22 +25,21 @@ ctr = "0.9.1"
curve25519-dalek = "4.1.1"
deno_core.workspace = true
deno_web.workspace = true
-elliptic-curve = { version = "0.12.1", features = ["std", "pem"] }
+elliptic-curve = { version = "0.13.1", features = ["std", "pem"] }
num-traits = "0.2.14"
once_cell.workspace = true
-p256 = { version = "0.11.1", features = ["ecdh"] }
-p384 = "0.11.1"
+p256 = { version = "0.13.2", features = ["ecdh"] }
+p384 = "0.13.0"
rand.workspace = true
ring = { workspace = true, features = ["std"] }
rsa.workspace = true
sec1 = "0.3.0"
serde.workspace = true
serde_bytes.workspace = true
-sha1 = { version = "0.10.5", features = ["oid"] }
+sha1 = { version = "0.10.6", features = ["oid"] }
sha2.workspace = true
signature.workspace = true
-spki = "0.6.0"
+spki = "0.7.2"
tokio.workspace = true
uuid.workspace = true
-# https://github.com/dalek-cryptography/x25519-dalek/pull/89
-x25519-dalek = "2.0.0-pre.1"
+x25519-dalek = "2.0.0"
diff --git a/ext/crypto/ed25519.rs b/ext/crypto/ed25519.rs
index 874eb74b0..10477219a 100644
--- a/ext/crypto/ed25519.rs
+++ b/ext/crypto/ed25519.rs
@@ -11,6 +11,7 @@ use rand::rngs::OsRng;
use rand::RngCore;
use ring::signature::Ed25519KeyPair;
use ring::signature::KeyPair;
+use spki::der::asn1::BitString;
use spki::der::Decode;
use spki::der::Encode;
@@ -65,7 +66,7 @@ pub fn op_crypto_import_spki_ed25519(
#[buffer] out: &mut [u8],
) -> bool {
// 2-3.
- let pk_info = match spki::SubjectPublicKeyInfo::from_der(key_data) {
+ let pk_info = match spki::SubjectPublicKeyInfoRef::try_from(key_data) {
Ok(pk_info) => pk_info,
Err(_) => return false,
};
@@ -78,7 +79,7 @@ pub fn op_crypto_import_spki_ed25519(
if pk_info.algorithm.parameters.is_some() {
return false;
}
- out.copy_from_slice(pk_info.subject_public_key);
+ out.copy_from_slice(pk_info.subject_public_key.raw_bytes());
true
}
@@ -117,16 +118,16 @@ pub fn op_crypto_export_spki_ed25519(
#[buffer] pubkey: &[u8],
) -> Result<ToJsBuffer, AnyError> {
let key_info = spki::SubjectPublicKeyInfo {
- algorithm: spki::AlgorithmIdentifier {
+ algorithm: spki::AlgorithmIdentifierOwned {
// id-Ed25519
oid: ED25519_OID,
parameters: None,
},
- subject_public_key: pubkey,
+ subject_public_key: BitString::from_bytes(pubkey)?,
};
Ok(
key_info
- .to_vec()
+ .to_der()
.map_err(|_| {
custom_error("DOMExceptionOperationError", "Failed to export key")
})?
diff --git a/ext/crypto/export_key.rs b/ext/crypto/export_key.rs
index 4ba30fbaa..7f1c2d007 100644
--- a/ext/crypto/export_key.rs
+++ b/ext/crypto/export_key.rs
@@ -16,7 +16,9 @@ use rsa::pkcs8::der::Encode;
use serde::Deserialize;
use serde::Serialize;
use spki::der::asn1;
+use spki::der::asn1::BitString;
use spki::AlgorithmIdentifier;
+use spki::AlgorithmIdentifierOwned;
use crate::shared::*;
@@ -126,7 +128,6 @@ fn export_key_rsa(
) -> Result<ExportKeyResult, deno_core::anyhow::Error> {
match format {
ExportKeyFormat::Spki => {
- use spki::der::Encode;
let subject_public_key = &key_data.as_rsa_public_key()?;
// the SPKI structure
@@ -138,11 +139,11 @@ fn export_key_rsa(
// It MUST have ASN.1 type NULL.
parameters: Some(asn1::AnyRef::from(asn1::Null)),
},
- subject_public_key,
+ subject_public_key: BitString::from_bytes(&subject_public_key).unwrap(),
};
// Infallible because we know the public key is valid.
- let spki_der = key_info.to_vec().unwrap();
+ let spki_der = key_info.to_der().unwrap();
Ok(ExportKeyResult::Spki(spki_der.into()))
}
ExportKeyFormat::Pkcs8 => {
@@ -259,8 +260,6 @@ fn export_key_ec(
Ok(ExportKeyResult::Raw(subject_public_key.into()))
}
ExportKeyFormat::Spki => {
- use spki::der::Encode;
-
let subject_public_key = match named_curve {
EcNamedCurve::P256 => {
let point = key_data.as_ec_public_key_p256()?;
@@ -278,11 +277,11 @@ fn export_key_ec(
};
let alg_id = match named_curve {
- EcNamedCurve::P256 => AlgorithmIdentifier {
+ EcNamedCurve::P256 => AlgorithmIdentifierOwned {
oid: elliptic_curve::ALGORITHM_OID,
parameters: Some((&p256::NistP256::OID).into()),
},
- EcNamedCurve::P384 => AlgorithmIdentifier {
+ EcNamedCurve::P384 => AlgorithmIdentifierOwned {
oid: elliptic_curve::ALGORITHM_OID,
parameters: Some((&p384::NistP384::OID).into()),
},
@@ -302,10 +301,10 @@ fn export_key_ec(
// the SPKI structure
let key_info = spki::SubjectPublicKeyInfo {
algorithm: alg_id,
- subject_public_key: &subject_public_key,
+ subject_public_key: BitString::from_bytes(&subject_public_key).unwrap(),
};
- let spki_der = key_info.to_vec().unwrap();
+ let spki_der = key_info.to_der().unwrap();
Ok(ExportKeyResult::Spki(spki_der.into()))
}
@@ -374,7 +373,7 @@ fn export_key_ec(
Ok(ExportKeyResult::JwkPrivateEc {
x: bytes_to_b64(x),
y: bytes_to_b64(y),
- d: bytes_to_b64(&ec_key.to_be_bytes()),
+ d: bytes_to_b64(&ec_key.to_bytes()),
})
} else {
Err(data_error("expected valid public EC key"))
@@ -397,7 +396,7 @@ fn export_key_ec(
Ok(ExportKeyResult::JwkPrivateEc {
x: bytes_to_b64(x),
y: bytes_to_b64(y),
- d: bytes_to_b64(&ec_key.to_be_bytes()),
+ d: bytes_to_b64(&ec_key.to_bytes()),
})
} else {
Err(data_error("expected valid public EC key"))
diff --git a/ext/crypto/import_key.rs b/ext/crypto/import_key.rs
index 5f7c214ea..0ffc89888 100644
--- a/ext/crypto/import_key.rs
+++ b/ext/crypto/import_key.rs
@@ -206,12 +206,10 @@ fn import_key_rsa_jwk(
fn import_key_rsassa(
key_data: KeyData,
) -> Result<ImportKeyResult, deno_core::anyhow::Error> {
- use rsa::pkcs1::der::Decode;
-
match key_data {
KeyData::Spki(data) => {
// 2-3.
- let pk_info = spki::SubjectPublicKeyInfo::from_der(&data)
+ let pk_info = spki::SubjectPublicKeyInfoRef::try_from(&*data)
.map_err(|e| data_error(e.to_string()))?;
// 4-5.
@@ -223,21 +221,24 @@ fn import_key_rsassa(
}
// 8-9.
- let public_key =
- rsa::pkcs1::RsaPublicKey::from_der(pk_info.subject_public_key)
- .map_err(|e| data_error(e.to_string()))?;
+ let public_key = rsa::pkcs1::RsaPublicKey::from_der(
+ pk_info.subject_public_key.raw_bytes(),
+ )
+ .map_err(|e| data_error(e.to_string()))?;
let bytes_consumed = public_key
.encoded_len()
.map_err(|e| data_error(e.to_string()))?;
if bytes_consumed
- != rsa::pkcs1::der::Length::new(pk_info.subject_public_key.len() as u16)
+ != rsa::pkcs1::der::Length::new(
+ pk_info.subject_public_key.raw_bytes().len() as u16,
+ )
{
return Err(data_error("public key is invalid (too long)"));
}
- let data = pk_info.subject_public_key.to_vec().into();
+ let data = pk_info.subject_public_key.to_der()?.into();
let public_exponent =
public_key.public_exponent.as_bytes().to_vec().into();
let modulus_length = public_key.modulus.as_bytes().len() * 8;
@@ -297,12 +298,10 @@ fn import_key_rsassa(
fn import_key_rsapss(
key_data: KeyData,
) -> Result<ImportKeyResult, deno_core::anyhow::Error> {
- use rsa::pkcs1::der::Decode;
-
match key_data {
KeyData::Spki(data) => {
// 2-3.
- let pk_info = spki::SubjectPublicKeyInfo::from_der(&data)
+ let pk_info = spki::SubjectPublicKeyInfoRef::try_from(&*data)
.map_err(|e| data_error(e.to_string()))?;
// 4-5.
@@ -314,21 +313,24 @@ fn import_key_rsapss(
}
// 8-9.
- let public_key =
- rsa::pkcs1::RsaPublicKey::from_der(pk_info.subject_public_key)
- .map_err(|e| data_error(e.to_string()))?;
+ let public_key = rsa::pkcs1::RsaPublicKey::from_der(
+ pk_info.subject_public_key.raw_bytes(),
+ )
+ .map_err(|e| data_error(e.to_string()))?;
let bytes_consumed = public_key
.encoded_len()
.map_err(|e| data_error(e.to_string()))?;
if bytes_consumed
- != rsa::pkcs1::der::Length::new(pk_info.subject_public_key.len() as u16)
+ != rsa::pkcs1::der::Length::new(
+ pk_info.subject_public_key.raw_bytes().len() as u16,
+ )
{
return Err(data_error("public key is invalid (too long)"));
}
- let data = pk_info.subject_public_key.to_vec().into();
+ let data = pk_info.subject_public_key.to_der()?.into();
let public_exponent =
public_key.public_exponent.as_bytes().to_vec().into();
let modulus_length = public_key.modulus.as_bytes().len() * 8;
@@ -388,12 +390,10 @@ fn import_key_rsapss(
fn import_key_rsaoaep(
key_data: KeyData,
) -> Result<ImportKeyResult, deno_core::anyhow::Error> {
- use rsa::pkcs1::der::Decode;
-
match key_data {
KeyData::Spki(data) => {
// 2-3.
- let pk_info = spki::SubjectPublicKeyInfo::from_der(&data)
+ let pk_info = spki::SubjectPublicKeyInfoRef::try_from(&*data)
.map_err(|e| data_error(e.to_string()))?;
// 4-5.
@@ -405,21 +405,24 @@ fn import_key_rsaoaep(
}
// 8-9.
- let public_key =
- rsa::pkcs1::RsaPublicKey::from_der(pk_info.subject_public_key)
- .map_err(|e| data_error(e.to_string()))?;
+ let public_key = rsa::pkcs1::RsaPublicKey::from_der(
+ pk_info.subject_public_key.raw_bytes(),
+ )
+ .map_err(|e| data_error(e.to_string()))?;
let bytes_consumed = public_key
.encoded_len()
.map_err(|e| data_error(e.to_string()))?;
if bytes_consumed
- != rsa::pkcs1::der::Length::new(pk_info.subject_public_key.len() as u16)
+ != rsa::pkcs1::der::Length::new(
+ pk_info.subject_public_key.raw_bytes().len() as u16,
+ )
{
return Err(data_error("public key is invalid (too long)"));
}
- let data = pk_info.subject_public_key.to_vec().into();
+ let data = pk_info.subject_public_key.to_der()?.into();
let public_exponent =
public_key.public_exponent.as_bytes().to_vec().into();
let modulus_length = public_key.modulus.as_bytes().len() * 8;
@@ -541,14 +544,14 @@ fn import_key_ec_jwk(
let pkcs8_der = match named_curve {
EcNamedCurve::P256 => {
let d = decode_b64url_to_field_bytes::<p256::NistP256>(&d)?;
- let pk = p256::SecretKey::from_be_bytes(&d)?;
+ let pk = p256::SecretKey::from_bytes(&d)?;
pk.to_pkcs8_der()
.map_err(|_| data_error("invalid JWK private key"))?
}
EcNamedCurve::P384 => {
let d = decode_b64url_to_field_bytes::<p384::NistP384>(&d)?;
- let pk = p384::SecretKey::from_be_bytes(&d)?;
+ let pk = p384::SecretKey::from_bytes(&d)?;
pk.to_pkcs8_der()
.map_err(|_| data_error("invalid JWK private key"))?
@@ -593,7 +596,7 @@ impl<'a> TryFrom<spki::der::asn1::AnyRef<'a>> for ECParametersSpki {
fn try_from(
any: spki::der::asn1::AnyRef<'a>,
) -> spki::der::Result<ECParametersSpki> {
- let x = any.oid()?;
+ let x = any.try_into()?;
Ok(Self { named_curve_alg: x })
}
@@ -642,7 +645,7 @@ fn import_key_ec(
pk.algorithm
.parameters
.ok_or_else(|| data_error("malformed parameters"))?
- .oid()
+ .try_into()
.unwrap()
}
EcNamedCurve::P521 => {
@@ -689,7 +692,7 @@ fn import_key_ec(
}
KeyData::Spki(data) => {
// 2-3.
- let pk_info = spki::SubjectPublicKeyInfo::from_der(&data)
+ let pk_info = spki::SubjectPublicKeyInfoRef::try_from(&*data)
.map_err(|e| data_error(e.to_string()))?;
// 4.
@@ -726,7 +729,7 @@ fn import_key_ec(
if let Some(pk_named_curve) = pk_named_curve {
let pk = pk_info.subject_public_key;
- encoded_key = pk.to_vec();
+ encoded_key = pk.to_der()?;
let bytes_consumed = match named_curve {
EcNamedCurve::P256 => {
@@ -755,7 +758,7 @@ fn import_key_ec(
_ => return Err(not_supported_error("Unsupported named curve")),
};
- if bytes_consumed != pk_info.subject_public_key.len() {
+ if bytes_consumed != pk_info.subject_public_key.raw_bytes().len() {
return Err(data_error("public key is invalid (too long)"));
}
diff --git a/ext/crypto/x25519.rs b/ext/crypto/x25519.rs
index 8090f2880..9d62fd4a9 100644
--- a/ext/crypto/x25519.rs
+++ b/ext/crypto/x25519.rs
@@ -9,6 +9,7 @@ use elliptic_curve::pkcs8::PrivateKeyInfo;
use elliptic_curve::subtle::ConstantTimeEq;
use rand::rngs::OsRng;
use rand::RngCore;
+use spki::der::asn1::BitString;
use spki::der::Decode;
use spki::der::Encode;
@@ -62,7 +63,7 @@ pub fn op_crypto_import_spki_x25519(
#[buffer] out: &mut [u8],
) -> bool {
// 2-3.
- let pk_info = match spki::SubjectPublicKeyInfo::from_der(key_data) {
+ let pk_info = match spki::SubjectPublicKeyInfoRef::try_from(key_data) {
Ok(pk_info) => pk_info,
Err(_) => return false,
};
@@ -75,7 +76,7 @@ pub fn op_crypto_import_spki_x25519(
if pk_info.algorithm.parameters.is_some() {
return false;
}
- out.copy_from_slice(pk_info.subject_public_key);
+ out.copy_from_slice(pk_info.subject_public_key.raw_bytes());
true
}
@@ -114,16 +115,16 @@ pub fn op_crypto_export_spki_x25519(
#[buffer] pubkey: &[u8],
) -> Result<ToJsBuffer, AnyError> {
let key_info = spki::SubjectPublicKeyInfo {
- algorithm: spki::AlgorithmIdentifier {
+ algorithm: spki::AlgorithmIdentifierRef {
// id-X25519
oid: X25519_OID,
parameters: None,
},
- subject_public_key: pubkey,
+ subject_public_key: BitString::from_bytes(pubkey)?,
};
Ok(
key_info
- .to_vec()
+ .to_der()
.map_err(|_| {
custom_error("DOMExceptionOperationError", "Failed to export key")
})?
diff --git a/ext/node/Cargo.toml b/ext/node/Cargo.toml
index 2d78dd431..8877a9cb1 100644
--- a/ext/node/Cargo.toml
+++ b/ext/node/Cargo.toml
@@ -59,7 +59,7 @@ ring.workspace = true
ripemd = "0.1.3"
rsa.workspace = true
scrypt = "0.11.0"
-secp256k1 = { version = "0.27.0", features = ["rand-std"] }
+secp256k1 = { version = "0.28.0", features = ["rand-std"] }
serde = "1.0.149"
sha-1 = "0.10.0"
sha2.workspace = true
@@ -68,6 +68,5 @@ tokio.workspace = true
typenum = "1.15.0"
url.workspace = true
winapi.workspace = true
-# https://github.com/dalek-cryptography/x25519-dalek/pull/89
-x25519-dalek = "2.0.0-pre.1"
+x25519-dalek = "2.0.0"
x509-parser = "0.15.0"
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-06 00:53:24 +0000