Skip to content

Commit 207ffbe

Browse files
panvatargos
authored andcommitted
crypto: use CryptoKey internal slots in Web Cryptography
PR-URL: #59538 Fixes: #59535 Fixes: #59534 Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
1 parent 4276516 commit 207ffbe

File tree

10 files changed

+98
-77
lines changed

10 files changed

+98
-77
lines changed

lib/internal/crypto/aes.js

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -47,6 +47,7 @@ const {
4747
InternalCryptoKey,
4848
SecretKeyObject,
4949
createSecretKey,
50+
kAlgorithm,
5051
} = require('internal/crypto/keys');
5152

5253
const {
@@ -108,7 +109,7 @@ function asyncAesCtrCipher(mode, key, data, algorithm) {
108109
mode,
109110
key[kKeyObject][kHandle],
110111
data,
111-
getVariant('AES-CTR', key.algorithm.length),
112+
getVariant('AES-CTR', key[kAlgorithm].length),
112113
algorithm.counter,
113114
algorithm.length));
114115
}
@@ -119,7 +120,7 @@ function asyncAesCbcCipher(mode, key, data, algorithm) {
119120
mode,
120121
key[kKeyObject][kHandle],
121122
data,
122-
getVariant('AES-CBC', key.algorithm.length),
123+
getVariant('AES-CBC', key[kAlgorithm].length),
123124
algorithm.iv));
124125
}
125126

@@ -129,7 +130,7 @@ function asyncAesKwCipher(mode, key, data) {
129130
mode,
130131
key[kKeyObject][kHandle],
131132
data,
132-
getVariant('AES-KW', key.algorithm.length)));
133+
getVariant('AES-KW', key[kAlgorithm].length)));
133134
}
134135

135136
function asyncAesGcmCipher(mode, key, data, algorithm) {
@@ -166,7 +167,7 @@ function asyncAesGcmCipher(mode, key, data, algorithm) {
166167
mode,
167168
key[kKeyObject][kHandle],
168169
data,
169-
getVariant('AES-GCM', key.algorithm.length),
170+
getVariant('AES-GCM', key[kAlgorithm].length),
170171
algorithm.iv,
171172
tag,
172173
algorithm.additionalData));

lib/internal/crypto/cfrg.js

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -47,6 +47,7 @@ const {
4747
PublicKeyObject,
4848
createPrivateKey,
4949
createPublicKey,
50+
kKeyType,
5051
} = require('internal/crypto/keys');
5152

5253
const generateKeyPair = promisify(_generateKeyPair);
@@ -343,7 +344,7 @@ function eddsaSignVerify(key, data, algorithm, signature) {
343344
const mode = signature === undefined ? kSignJobModeSign : kSignJobModeVerify;
344345
const type = mode === kSignJobModeSign ? 'private' : 'public';
345346

346-
if (key.type !== type)
347+
if (key[kKeyType] !== type)
347348
throw lazyDOMException(`Key must be a ${type} key`, 'InvalidAccessError');
348349

349350
return jobPromise(() => new SignJob(

lib/internal/crypto/diffiehellman.js

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -51,6 +51,8 @@ const {
5151

5252
const {
5353
KeyObject,
54+
kAlgorithm,
55+
kKeyType,
5456
} = require('internal/crypto/keys');
5557

5658
const {
@@ -325,20 +327,20 @@ let masks;
325327
async function ecdhDeriveBits(algorithm, baseKey, length) {
326328
const { 'public': key } = algorithm;
327329

328-
if (baseKey.type !== 'private') {
330+
if (baseKey[kKeyType] !== 'private') {
329331
throw lazyDOMException(
330332
'baseKey must be a private key', 'InvalidAccessError');
331333
}
332334

333-
if (key.algorithm.name !== baseKey.algorithm.name) {
335+
if (key[kAlgorithm].name !== baseKey[kAlgorithm].name) {
334336
throw lazyDOMException(
335337
'The public and private keys must be of the same type',
336338
'InvalidAccessError');
337339
}
338340

339341
if (
340-
key.algorithm.name === 'ECDH' &&
341-
key.algorithm.namedCurve !== baseKey.algorithm.namedCurve
342+
key[kAlgorithm].name === 'ECDH' &&
343+
key[kAlgorithm].namedCurve !== baseKey[kAlgorithm].namedCurve
342344
) {
343345
throw lazyDOMException('Named curve mismatch', 'InvalidAccessError');
344346
}

lib/internal/crypto/ec.js

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,7 @@ const {
4141
PublicKeyObject,
4242
createPrivateKey,
4343
createPublicKey,
44+
kKeyType,
4445
} = require('internal/crypto/keys');
4546

4647
const generateKeyPair = promisify(_generateKeyPair);
@@ -284,7 +285,7 @@ function ecdsaSignVerify(key, data, { name, hash }, signature) {
284285
const mode = signature === undefined ? kSignJobModeSign : kSignJobModeVerify;
285286
const type = mode === kSignJobModeSign ? 'private' : 'public';
286287

287-
if (key.type !== type)
288+
if (key[kKeyType] !== type)
288289
throw lazyDOMException(`Key must be a ${type} key`, 'InvalidAccessError');
289290

290291
const hashname = normalizeHashName(hash.name);

lib/internal/crypto/keys.js

Lines changed: 18 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -217,7 +217,7 @@ const {
217217
throw lazyDOMException('Unrecognized algorithm name', 'NotSupportedError');
218218
}
219219

220-
if (result.usages.length === 0) {
220+
if (result[kKeyUsages].length === 0) {
221221
throw lazyDOMException(
222222
`Usages cannot be empty when importing a ${result.type} key.`,
223223
'SyntaxError');
@@ -309,7 +309,7 @@ const {
309309
throw lazyDOMException('Unrecognized algorithm name', 'NotSupportedError');
310310
}
311311

312-
if (result.type === 'private' && result.usages.length === 0) {
312+
if (result.type === 'private' && result[kKeyUsages].length === 0) {
313313
throw lazyDOMException(
314314
`Usages cannot be empty when importing a ${result.type} key.`,
315315
'SyntaxError');
@@ -735,8 +735,8 @@ function prepareSecretKey(key, encoding, bufferOnly = false) {
735735
throw new ERR_CRYPTO_INVALID_KEY_OBJECT_TYPE(key.type, 'secret');
736736
return key[kHandle];
737737
} else if (isCryptoKey(key)) {
738-
if (key.type !== 'secret')
739-
throw new ERR_CRYPTO_INVALID_KEY_OBJECT_TYPE(key.type, 'secret');
738+
if (key[kKeyType] !== 'secret')
739+
throw new ERR_CRYPTO_INVALID_KEY_OBJECT_TYPE(key[kKeyType], 'secret');
740740
return key[kKeyObject][kHandle];
741741
}
742742
}
@@ -785,7 +785,7 @@ function createPrivateKey(key) {
785785
}
786786

787787
function isKeyObject(obj) {
788-
return obj != null && obj[kKeyType] !== undefined;
788+
return obj != null && obj[kKeyType] !== undefined && obj[kKeyObject] === undefined;
789789
}
790790

791791
// Our implementation of CryptoKey is a simple wrapper around a KeyObject
@@ -809,17 +809,21 @@ class CryptoKey {
809809
};
810810

811811
return `CryptoKey ${inspect({
812-
type: this.type,
813-
extractable: this.extractable,
814-
algorithm: this.algorithm,
815-
usages: this.usages,
812+
type: this[kKeyType],
813+
extractable: this[kExtractable],
814+
algorithm: this[kAlgorithm],
815+
usages: this[kKeyUsages],
816816
}, opts)}`;
817817
}
818818

819+
get [kKeyType]() {
820+
return this[kKeyObject].type;
821+
}
822+
819823
get type() {
820824
if (!(this instanceof CryptoKey))
821825
throw new ERR_INVALID_THIS('CryptoKey');
822-
return this[kKeyObject].type;
826+
return this[kKeyType];
823827
}
824828

825829
get extractable() {
@@ -1008,4 +1012,8 @@ module.exports = {
10081012
isKeyObject,
10091013
isCryptoKey,
10101014
importGenericSecretKey,
1015+
kAlgorithm,
1016+
kExtractable,
1017+
kKeyType,
1018+
kKeyUsages,
10111019
};

lib/internal/crypto/mac.js

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,7 @@ const {
3636
InternalCryptoKey,
3737
SecretKeyObject,
3838
createSecretKey,
39+
kAlgorithm,
3940
} = require('internal/crypto/keys');
4041

4142
const generateKey = promisify(_generateKey);
@@ -161,7 +162,7 @@ function hmacSignVerify(key, data, algorithm, signature) {
161162
return jobPromise(() => new HmacJob(
162163
kCryptoJobAsync,
163164
mode,
164-
normalizeHashName(key.algorithm.hash.name),
165+
normalizeHashName(key[kAlgorithm].hash.name),
165166
key[kKeyObject][kHandle],
166167
data,
167168
signature));

lib/internal/crypto/ml_dsa.js

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -51,6 +51,8 @@ const {
5151
PublicKeyObject,
5252
createPrivateKey,
5353
createPublicKey,
54+
kAlgorithm,
55+
kKeyType,
5456
} = require('internal/crypto/keys');
5557

5658
const generateKeyPair = promisify(_generateKeyPair);
@@ -116,7 +118,7 @@ function mlDsaExportKey(key, format) {
116118
try {
117119
switch (format) {
118120
case kWebCryptoKeyFormatRaw: {
119-
if (key.type === 'private') {
121+
if (key[kKeyType] === 'private') {
120122
const { priv } = key[kKeyObject][kHandle].exportJwk({}, false);
121123
return Buffer.alloc(32, priv, 'base64url').buffer;
122124
}
@@ -136,7 +138,7 @@ function mlDsaExportKey(key, format) {
136138
0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04,
137139
0x03, 0x00, 0x04, 0x22, 0x80, 0x20,
138140
], 0);
139-
switch (key.algorithm.name) {
141+
switch (key[kAlgorithm].name) {
140142
case 'ML-DSA-44':
141143
buffer.set([0x11], 17);
142144
break;
@@ -292,7 +294,7 @@ function mlDsaSignVerify(key, data, algorithm, signature) {
292294
const mode = signature === undefined ? kSignJobModeSign : kSignJobModeVerify;
293295
const type = mode === kSignJobModeSign ? 'private' : 'public';
294296

295-
if (key.type !== type)
297+
if (key[kKeyType] !== type)
296298
throw lazyDOMException(`Key must be a ${type} key`, 'InvalidAccessError');
297299

298300
return jobPromise(() => new SignJob(

lib/internal/crypto/rsa.js

Lines changed: 10 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -50,6 +50,8 @@ const {
5050
PublicKeyObject,
5151
createPublicKey,
5252
createPrivateKey,
53+
kAlgorithm,
54+
kKeyType,
5355
} = require('internal/crypto/keys');
5456

5557
const {
@@ -95,7 +97,7 @@ function rsaOaepCipher(mode, key, data, algorithm) {
9597
validateRsaOaepAlgorithm(algorithm);
9698

9799
const type = mode === kWebCryptoCipherEncrypt ? 'public' : 'private';
98-
if (key.type !== type) {
100+
if (key[kKeyType] !== type) {
99101
throw lazyDOMException(
100102
'The requested operation is not valid for the provided key',
101103
'InvalidAccessError');
@@ -107,7 +109,7 @@ function rsaOaepCipher(mode, key, data, algorithm) {
107109
key[kKeyObject][kHandle],
108110
data,
109111
kKeyVariantRSA_OAEP,
110-
normalizeHashName(key.algorithm.hash.name),
112+
normalizeHashName(key[kAlgorithm].hash.name),
111113
algorithm.label));
112114
}
113115

@@ -201,7 +203,7 @@ function rsaExportKey(key, format) {
201203
kCryptoJobAsync,
202204
format,
203205
key[kKeyObject][kHandle],
204-
kRsaVariants[key.algorithm.name]));
206+
kRsaVariants[key[kAlgorithm].name]));
205207
}
206208

207209
function rsaImportKey(
@@ -329,16 +331,16 @@ function rsaSignVerify(key, data, { saltLength }, signature) {
329331
const mode = signature === undefined ? kSignJobModeSign : kSignJobModeVerify;
330332
const type = mode === kSignJobModeSign ? 'private' : 'public';
331333

332-
if (key.type !== type)
334+
if (key[kKeyType] !== type)
333335
throw lazyDOMException(`Key must be a ${type} key`, 'InvalidAccessError');
334336

335337
return jobPromise(() => {
336-
if (key.algorithm.name === 'RSA-PSS') {
338+
if (key[kAlgorithm].name === 'RSA-PSS') {
337339
validateInt32(
338340
saltLength,
339341
'algorithm.saltLength',
340342
0,
341-
MathCeil((key.algorithm.modulusLength - 1) / 8) - getDigestSizeInBytes(key.algorithm.hash.name) - 2);
343+
MathCeil((key[kAlgorithm].modulusLength - 1) / 8) - getDigestSizeInBytes(key[kAlgorithm].hash.name) - 2);
342344
}
343345

344346
return new SignJob(
@@ -349,9 +351,9 @@ function rsaSignVerify(key, data, { saltLength }, signature) {
349351
undefined,
350352
undefined,
351353
data,
352-
normalizeHashName(key.algorithm.hash.name),
354+
normalizeHashName(key[kAlgorithm].hash.name),
353355
saltLength,
354-
key.algorithm.name === 'RSA-PSS' ? RSA_PKCS1_PSS_PADDING : undefined,
356+
key[kAlgorithm].name === 'RSA-PSS' ? RSA_PKCS1_PSS_PADDING : undefined,
355357
undefined,
356358
signature);
357359
});

0 commit comments

Comments
 (0)