crypto: support ML-DSA spki/pkcs8 key formats in Web Cryptography

PR-URL: #59365
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ethan Arrowood <ethan@arrowood.dev>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>

Author: panva

doc/api/webcrypto.md

@@ -939,9 +939,9 @@ specification.
 | `'Ed25519'`                          | ✔        | ✔         | ✔       | ✔       |                | ✔              |              |
 | `'Ed448'`[^secure-curves]            | ✔        | ✔         | ✔       | ✔       |                | ✔              |              |
 | `'HMAC'`                             |          |           | ✔       | ✔       | ✔              |                |              |
-| `'ML-DSA-44'`[^modern-algos]         |          |           | ✔       |         |                | ✔              | ✔            |
-| `'ML-DSA-65'`[^modern-algos]         |          |           | ✔       |         |                | ✔              | ✔            |
-| `'ML-DSA-87'`[^modern-algos]         |          |           | ✔       |         |                | ✔              | ✔            |
+| `'ML-DSA-44'`[^modern-algos]         | ✔        | ✔         | ✔       |         |                | ✔              | ✔            |
+| `'ML-DSA-65'`[^modern-algos]         | ✔        | ✔         | ✔       |         |                | ✔              | ✔            |
+| `'ML-DSA-87'`[^modern-algos]         | ✔        | ✔         | ✔       |         |                | ✔              | ✔            |
 | `'RSA-OAEP'`                         | ✔        | ✔         | ✔       |         |                |                |              |
 | `'RSA-PSS'`                          | ✔        | ✔         | ✔       |         |                |                |              |
 | `'RSASSA-PKCS1-v1_5'`                | ✔        | ✔         | ✔       |         |                |                |              |
@@ -1070,9 +1070,9 @@ The algorithms currently supported include:
 | `'Ed448'`[^secure-curves]            | ✔        | ✔         | ✔       | ✔       |                | ✔              |              |
 | `'HDKF'`                             |          |           |         | ✔       | ✔              |                |              |
 | `'HMAC'`                             |          |           | ✔       | ✔       | ✔              |                |              |
-| `'ML-DSA-44'`[^modern-algos]         |          |           | ✔       |         |                | ✔              | ✔            |
-| `'ML-DSA-65'`[^modern-algos]         |          |           | ✔       |         |                | ✔              | ✔            |
-| `'ML-DSA-87'`[^modern-algos]         |          |           | ✔       |         |                | ✔              | ✔            |
+| `'ML-DSA-44'`[^modern-algos]         | ✔        | ✔         | ✔       |         |                | ✔              | ✔            |
+| `'ML-DSA-65'`[^modern-algos]         | ✔        | ✔         | ✔       |         |                | ✔              | ✔            |
+| `'ML-DSA-87'`[^modern-algos]         | ✔        | ✔         | ✔       |         |                | ✔              | ✔            |
 | `'PBKDF2'`                           |          |           |         | ✔       | ✔              |                |              |
 | `'RSA-OAEP'`                         | ✔        | ✔         | ✔       |         |                |                |              |
 | `'RSA-PSS'`                          | ✔        | ✔         | ✔       |         |                |                |              |

lib/internal/crypto/ml_dsa.js

@@ -2,6 +2,7 @@
 
 const {
   SafeSet,
+  Uint8Array,
 } = primordials;
 
 const { Buffer } = require('buffer');
@@ -14,6 +15,10 @@ const {
   kKeyTypePublic,
   kSignJobModeSign,
   kSignJobModeVerify,
+  kKeyFormatDER,
+  kWebCryptoKeyFormatRaw,
+  kWebCryptoKeyFormatPKCS8,
+  kWebCryptoKeyFormatSPKI,
 } = internalBinding('crypto');
 
 const {
@@ -44,6 +49,7 @@ const {
   InternalCryptoKey,
   PrivateKeyObject,
   PublicKeyObject,
+  createPrivateKey,
   createPublicKey,
 } = require('internal/crypto/keys');
 
@@ -106,15 +112,47 @@ async function mlDsaGenerateKey(algorithm, extractable, keyUsages) {
   return { __proto__: null, privateKey, publicKey };
 }
 
-function mlDsaExportKey(key) {
+function mlDsaExportKey(key, format) {
   try {
-    if (key.type === 'private') {
-      const { priv } = key[kKeyObject][kHandle].exportJwk({}, false);
-      return Buffer.alloc(32, priv, 'base64url').buffer;
-    }
+    switch (format) {
+      case kWebCryptoKeyFormatRaw: {
+        if (key.type === 'private') {
+          const { priv } = key[kKeyObject][kHandle].exportJwk({}, false);
+          return Buffer.alloc(32, priv, 'base64url').buffer;
+        }
 
-    const { pub } = key[kKeyObject][kHandle].exportJwk({}, false);
-    return Buffer.alloc(Buffer.byteLength(pub, 'base64url'), pub, 'base64url').buffer;
+        const { pub } = key[kKeyObject][kHandle].exportJwk({}, false);
+        return Buffer.alloc(Buffer.byteLength(pub, 'base64url'), pub, 'base64url').buffer;
+      }
+      case kWebCryptoKeyFormatSPKI: {
+        return key[kKeyObject][kHandle].export(kKeyFormatDER, kWebCryptoKeyFormatSPKI).buffer;
+      }
+      case kWebCryptoKeyFormatPKCS8: {
+        const { priv } = key[kKeyObject][kHandle].exportJwk({}, false);
+        const seed = Buffer.alloc(32, priv, 'base64url');
+        const buffer = new Uint8Array(54);
+        buffer.set([
+          0x30, 0x34, 0x02, 0x01, 0x00, 0x30, 0x0B, 0x06,
+          0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04,
+          0x03, 0x00, 0x04, 0x22, 0x80, 0x20,
+        ], 0);
+        switch (key.algorithm.name) {
+          case 'ML-DSA-44':
+            buffer.set([0x11], 17);
+            break;
+          case 'ML-DSA-65':
+            buffer.set([0x12], 17);
+            break;
+          case 'ML-DSA-87':
+            buffer.set([0x13], 17);
+            break;
+        }
+        buffer.set(seed, 22);
+        return buffer.buffer;
+      }
+      default:
+        return undefined;
+    }
   } catch (err) {
     throw lazyDOMException(
       'The operation failed for an operation-specific reason',
@@ -138,6 +176,34 @@ function mlDsaImportKey(
       keyObject = keyData;
       break;
     }
+    case 'spki': {
+      verifyAcceptableMlDsaKeyUse(name, true, usagesSet);
+      try {
+        keyObject = createPublicKey({
+          key: keyData,
+          format: 'der',
+          type: 'spki',
+        });
+      } catch (err) {
+        throw lazyDOMException(
+          'Invalid keyData', { name: 'DataError', cause: err });
+      }
+      break;
+    }
+    case 'pkcs8': {
+      verifyAcceptableMlDsaKeyUse(name, false, usagesSet);
+      try {
+        keyObject = createPrivateKey({
+          key: keyData,
+          format: 'der',
+          type: 'pkcs8',
+        });
+      } catch (err) {
+        throw lazyDOMException(
+          'Invalid keyData', { name: 'DataError', cause: err });
+      }
+      break;
+    }
     case 'jwk': {
       if (!keyData.kty)
         throw lazyDOMException('Invalid keyData', 'DataError');

lib/internal/crypto/webcrypto.js

@@ -357,6 +357,14 @@ async function exportKeySpki(key) {
     case 'X448':
       return require('internal/crypto/cfrg')
         .cfrgExportKey(key, kWebCryptoKeyFormatSPKI);
+    case 'ML-DSA-44':
+      // Fall through
+    case 'ML-DSA-65':
+      // Fall through
+    case 'ML-DSA-87': {
+      return require('internal/crypto/ml_dsa')
+        .mlDsaExportKey(key, kWebCryptoKeyFormatSPKI);
+    }
     default:
       return undefined;
   }
@@ -385,6 +393,14 @@ async function exportKeyPkcs8(key) {
     case 'X448':
       return require('internal/crypto/cfrg')
         .cfrgExportKey(key, kWebCryptoKeyFormatPKCS8);
+    case 'ML-DSA-44':
+      // Fall through
+    case 'ML-DSA-65':
+      // Fall through
+    case 'ML-DSA-87': {
+      return require('internal/crypto/ml_dsa')
+        .mlDsaExportKey(key, kWebCryptoKeyFormatPKCS8);
+    }
     default:
       return undefined;
   }