foster/denoland-deno
0
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2025-02-07 23:06:50 -05:00
Code Issues Packages 1 Wiki Activity

chore(ext/crypto): upgrade ec crates

Browse source
This commit is contained in:
Divy Srivastava 2023-11-04 09:59:25 +05:30
parent 46faf37ec0
commit 5202f5460d
8 changed files with 101 additions and 237 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

210
Cargo.lock generated
View file

@ -745,18 +745,6 @@ dependencies = [
"cfg-if", "cfg-if",
] ]
[[package]]
name = "crypto-bigint"
version = "0.4.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ef2b4b23cddf68b89b8f8069890e8c270d54e2d5fe1b143820234805e4cb17ef"
dependencies = [
"generic-array",
"rand_core",
"subtle",
"zeroize",
]
[[package]] [[package]]
name = "crypto-bigint" name = "crypto-bigint"
version = "0.5.3" version = "0.5.3"
@ -1177,11 +1165,11 @@ dependencies = [
"curve25519-dalek", "curve25519-dalek",
"deno_core", "deno_core",
"deno_web", "deno_web",
"elliptic-curve 0.12.3", "elliptic-curve",
"num-traits", "num-traits",
"once_cell", "once_cell",
"p256 0.11.1", "p256",
"p384 0.11.2", "p384",
"rand", "rand",
"ring", "ring",
"rsa", "rsa",
@ -1191,7 +1179,7 @@ dependencies = [
"sha1", "sha1",
"sha2", "sha2",
"signature 1.6.4", "signature 1.6.4",
"spki 0.6.0", "spki",
"tokio", "tokio",
"uuid", "uuid",
"x25519-dalek", "x25519-dalek",
@ -1489,7 +1477,7 @@ dependencies = [
"digest", "digest",
"dsa", "dsa",
"ecb", "ecb",
"elliptic-curve 0.13.5", "elliptic-curve",
"errno 0.2.8", "errno 0.2.8",
"h2", "h2",
"hex", "hex",
@ -1508,8 +1496,8 @@ dependencies = [
"num-traits", "num-traits",
"once_cell", "once_cell",
"p224", "p224",
"p256 0.13.2", "p256",
"p384 0.13.0", "p384",
"path-clean", "path-clean",
"pbkdf2", "pbkdf2",
"rand", "rand",
@ -1829,8 +1817,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f1a467a65c5e759bce6e65eaf91cc29f466cdc57cb65777bd646872a8a1fd4de" checksum = "f1a467a65c5e759bce6e65eaf91cc29f466cdc57cb65777bd646872a8a1fd4de"
dependencies = [ dependencies = [
"const-oid", "const-oid",
"pem-rfc7468 0.6.0",
"zeroize",
] ]
[[package]] [[package]]
@ -1840,7 +1826,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fffa369a668c8af7dbf8b5e56c9f744fbd399949ed171606040001947de40b1c" checksum = "fffa369a668c8af7dbf8b5e56c9f744fbd399949ed171606040001947de40b1c"
dependencies = [ dependencies = [
"const-oid", "const-oid",
"pem-rfc7468 0.7.0", "pem-rfc7468",
"zeroize", "zeroize",
] ]
@ -2066,8 +2052,8 @@ dependencies = [
"digest", "digest",
"num-bigint-dig", "num-bigint-dig",
"num-traits", "num-traits",
"pkcs8 0.10.2", "pkcs8",
"rfc6979 0.4.0", "rfc6979",
"sha2", "sha2",
"signature 2.1.0", "signature 2.1.0",
"zeroize", "zeroize",
@ -2114,18 +2100,6 @@ dependencies = [
"cipher", "cipher",
] ]
[[package]]
name = "ecdsa"
version = "0.14.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "413301934810f597c1d19ca71c8710e99a3f1ba28a0d2ebc01551a2daeea3c5c"
dependencies = [
"der 0.6.1",
"elliptic-curve 0.12.3",
"rfc6979 0.3.1",
"signature 1.6.4",
]
[[package]] [[package]]
name = "ecdsa" name = "ecdsa"
version = "0.16.8" version = "0.16.8"
@ -2134,10 +2108,10 @@ checksum = "a4b1e0c257a9e9f25f90ff76d7a68360ed497ee519c8e428d1825ef0000799d4"
dependencies = [ dependencies = [
"der 0.7.8", "der 0.7.8",
"digest", "digest",
"elliptic-curve 0.13.5", "elliptic-curve",
"rfc6979 0.4.0", "rfc6979",
"signature 2.1.0", "signature 2.1.0",
"spki 0.7.2", "spki",
] ]
[[package]] [[package]]
@ -2146,28 +2120,6 @@ version = "1.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a26ae43d7bcc3b814de94796a5e736d4029efb0ee900c12e2d54c993ad1a1e07" checksum = "a26ae43d7bcc3b814de94796a5e736d4029efb0ee900c12e2d54c993ad1a1e07"
[[package]]
name = "elliptic-curve"
version = "0.12.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e7bb888ab5300a19b8e5bceef25ac745ad065f3c9f7efc6de1b91958110891d3"
dependencies = [
"base16ct 0.1.1",
"crypto-bigint 0.4.9",
"der 0.6.1",
"digest",
"ff 0.12.1",
"generic-array",
"group 0.12.1",
"hkdf",
"pem-rfc7468 0.6.0",
"pkcs8 0.9.0",
"rand_core",
"sec1 0.3.0",
"subtle",
"zeroize",
]
[[package]] [[package]]
name = "elliptic-curve" name = "elliptic-curve"
version = "0.13.5" version = "0.13.5"
@ -2175,14 +2127,14 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "968405c8fdc9b3bf4df0a6638858cc0b52462836ab6b1c87377785dd09cf1c0b" checksum = "968405c8fdc9b3bf4df0a6638858cc0b52462836ab6b1c87377785dd09cf1c0b"
dependencies = [ dependencies = [
"base16ct 0.2.0", "base16ct 0.2.0",
"crypto-bigint 0.5.3", "crypto-bigint",
"digest", "digest",
"ff 0.13.0", "ff",
"generic-array", "generic-array",
"group 0.13.0", "group",
"hkdf", "hkdf",
"pem-rfc7468 0.7.0", "pem-rfc7468",
"pkcs8 0.10.2", "pkcs8",
"rand_core", "rand_core",
"sec1 0.7.3", "sec1 0.7.3",
"subtle", "subtle",
@ -2379,16 +2331,6 @@ dependencies = [
"windows-sys", "windows-sys",
] ]
[[package]]
name = "ff"
version = "0.12.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d013fc25338cc558c5c2cfbad646908fb23591e2404481826742b651c9af7160"
dependencies = [
"rand_core",
"subtle",
]
[[package]] [[package]]
name = "ff" name = "ff"
version = "0.13.0" version = "0.13.0"
@ -2665,24 +2607,13 @@ version = "0.3.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b" checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b"
[[package]]
name = "group"
version = "0.12.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5dfbfb3a6cfbd390d5c9564ab283a0349b9b9fcd46a706c1eb10e0db70bfbac7"
dependencies = [
"ff 0.12.1",
"rand_core",
"subtle",
]
[[package]] [[package]]
name = "group" name = "group"
version = "0.13.0" version = "0.13.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63" checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63"
dependencies = [ dependencies = [
"ff 0.13.0", "ff",
"rand_core", "rand_core",
"subtle", "subtle",
] ]
@ -3718,54 +3649,32 @@ version = "0.13.2"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "30c06436d66652bc2f01ade021592c80a2aad401570a18aa18b82e440d2b9aa1" checksum = "30c06436d66652bc2f01ade021592c80a2aad401570a18aa18b82e440d2b9aa1"
dependencies = [ dependencies = [
"ecdsa 0.16.8", "ecdsa",
"elliptic-curve 0.13.5", "elliptic-curve",
"primeorder", "primeorder",
"sha2", "sha2",
] ]
[[package]]
name = "p256"
version = "0.11.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "51f44edd08f51e2ade572f141051021c5af22677e42b7dd28a88155151c33594"
dependencies = [
"ecdsa 0.14.8",
"elliptic-curve 0.12.3",
"sha2",
]
[[package]] [[package]]
name = "p256" name = "p256"
version = "0.13.2" version = "0.13.2"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c9863ad85fa8f4460f9c48cb909d38a0d689dba1f6f6988a5e3e0d31071bcd4b" checksum = "c9863ad85fa8f4460f9c48cb909d38a0d689dba1f6f6988a5e3e0d31071bcd4b"
dependencies = [ dependencies = [
"ecdsa 0.16.8", "ecdsa",
"elliptic-curve 0.13.5", "elliptic-curve",
"primeorder", "primeorder",
"sha2", "sha2",
] ]
[[package]]
name = "p384"
version = "0.11.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "dfc8c5bf642dde52bb9e87c0ecd8ca5a76faac2eeed98dedb7c717997e1080aa"
dependencies = [
"ecdsa 0.14.8",
"elliptic-curve 0.12.3",
"sha2",
]
[[package]] [[package]]
name = "p384" name = "p384"
version = "0.13.0" version = "0.13.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "70786f51bcc69f6a4c0360e063a4cac5419ef7c5cd5b3c99ad70f3be5ba79209" checksum = "70786f51bcc69f6a4c0360e063a4cac5419ef7c5cd5b3c99ad70f3be5ba79209"
dependencies = [ dependencies = [
"ecdsa 0.16.8", "ecdsa",
"elliptic-curve 0.13.5", "elliptic-curve",
"primeorder", "primeorder",
"sha2", "sha2",
] ]
@ -3860,15 +3769,6 @@ dependencies = [
"hmac", "hmac",
] ]
[[package]]
name = "pem-rfc7468"
version = "0.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "24d159833a9105500e0398934e205e0773f0b27529557134ecfc51c27646adac"
dependencies = [
"base64ct",
]
[[package]] [[package]]
name = "pem-rfc7468" name = "pem-rfc7468"
version = "0.7.0" version = "0.7.0"
@ -3977,18 +3877,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c8ffb9f10fa047879315e6625af03c164b16962a5368d724ed16323b68ace47f" checksum = "c8ffb9f10fa047879315e6625af03c164b16962a5368d724ed16323b68ace47f"
dependencies = [ dependencies = [
"der 0.7.8", "der 0.7.8",
"pkcs8 0.10.2", "pkcs8",
"spki 0.7.2", "spki",
]
[[package]]
name = "pkcs8"
version = "0.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9eca2c590a5f85da82668fa685c09ce2888b9430e83299debf1f34b65fd4a4ba"
dependencies = [
"der 0.6.1",
"spki 0.6.0",
] ]
[[package]] [[package]]
@ -3998,7 +3888,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7" checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7"
dependencies = [ dependencies = [
"der 0.7.8", "der 0.7.8",
"spki 0.7.2", "spki",
] ]
[[package]] [[package]]
@ -4088,7 +3978,7 @@ version = "0.13.2"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3c2fcef82c0ec6eefcc179b978446c399b3cdf73c392c35604e399eee6df1ee3" checksum = "3c2fcef82c0ec6eefcc179b978446c399b3cdf73c392c35604e399eee6df1ee3"
dependencies = [ dependencies = [
"elliptic-curve 0.13.5", "elliptic-curve",
] ]
[[package]] [[package]]
@ -4414,17 +4304,6 @@ dependencies = [
"quick-error", "quick-error",
] ]
[[package]]
name = "rfc6979"
version = "0.3.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7743f17af12fa0b03b803ba12cd6a8d9483a587e89c69445e3909655c0b9fabb"
dependencies = [
"crypto-bigint 0.4.9",
"hmac",
"zeroize",
]
[[package]] [[package]]
name = "rfc6979" name = "rfc6979"
version = "0.4.0" version = "0.4.0"
@ -4470,10 +4349,10 @@ dependencies = [
"num-integer", "num-integer",
"num-traits", "num-traits",
"pkcs1", "pkcs1",
"pkcs8 0.10.2", "pkcs8",
"rand_core", "rand_core",
"signature 2.1.0", "signature 2.1.0",
"spki 0.7.2", "spki",
"subtle", "subtle",
"zeroize", "zeroize",
] ]
@ -4749,9 +4628,6 @@ dependencies = [
"base16ct 0.1.1", "base16ct 0.1.1",
"der 0.6.1", "der 0.6.1",
"generic-array", "generic-array",
"pkcs8 0.9.0",
"subtle",
"zeroize",
] ]
[[package]] [[package]]
@ -4763,16 +4639,16 @@ dependencies = [
"base16ct 0.2.0", "base16ct 0.2.0",
"der 0.7.8", "der 0.7.8",
"generic-array", "generic-array",
"pkcs8 0.10.2", "pkcs8",
"subtle", "subtle",
"zeroize", "zeroize",
] ]
[[package]] [[package]]
name = "secp256k1" name = "secp256k1"
version = "0.27.0" version = "0.28.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "25996b82292a7a57ed3508f052cfff8640d38d32018784acd714758b43da9c8f" checksum = "2acea373acb8c21ecb5a23741452acd2593ed44ee3d343e72baaa143bc89d0d5"
dependencies = [ dependencies = [
"rand", "rand",
"secp256k1-sys", "secp256k1-sys",
@ -4780,9 +4656,9 @@ dependencies = [
[[package]] [[package]]
name = "secp256k1-sys" name = "secp256k1-sys"
version = "0.8.1" version = "0.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "70a129b9e9efbfb223753b9163c4ab3b13cff7fd9c7f010fbac25ab4099fa07e" checksum = "09e67c467c38fd24bd5499dc9a18183b31575c12ee549197e3e20d57aa4fe3b7"
dependencies = [ dependencies = [
"cc", "cc",
] ]
@ -4980,10 +4856,6 @@ name = "signature"
version = "1.6.4" version = "1.6.4"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "74233d3b3b2f6d4b006dc19dee745e73e2a6bfb6f93607cd3b02bd5b00797d7c" checksum = "74233d3b3b2f6d4b006dc19dee745e73e2a6bfb6f93607cd3b02bd5b00797d7c"
dependencies = [
"digest",
"rand_core",
]
[[package]] [[package]]
name = "signature" name = "signature"
@ -5106,16 +4978,6 @@ version = "0.9.8"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67"
[[package]]
name = "spki"
version = "0.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "67cf02bbac7a337dc36e4f5a693db6c21e7863f45070f7064577eb4367a3212b"
dependencies = [
"base64ct",
"der 0.6.1",
]
[[package]] [[package]]
name = "spki" name = "spki"
version = "0.7.2" version = "0.7.2"

2
Cargo.toml
View file

@ -137,7 +137,7 @@ serde = { version = "1.0.149", features = ["derive"] }
serde_bytes = "0.11" serde_bytes = "0.11"
serde_json = "1.0.85" serde_json = "1.0.85"
serde_repr = "=0.1.16" serde_repr = "=0.1.16"
sha2 = { version = "0.10.6", features = ["oid"] } sha2 = { version = "0.10.8", features = ["oid"] }
signature = "=1.6.4" signature = "=1.6.4"
slab = "0.4" slab = "0.4"
smallvec = "1.8" smallvec = "1.8"

13
ext/crypto/Cargo.toml
View file

@ -25,22 +25,21 @@ ctr = "0.9.1"
curve25519-dalek = "4.1.1" curve25519-dalek = "4.1.1"
deno_core.workspace = true deno_core.workspace = true
deno_web.workspace = true deno_web.workspace = true
elliptic-curve = { version = "0.12.1", features = ["std", "pem"] } elliptic-curve = { version = "0.13.1", features = ["std", "pem"] }
num-traits = "0.2.14" num-traits = "0.2.14"
once_cell.workspace = true once_cell.workspace = true
p256 = { version = "0.11.1", features = ["ecdh"] } p256 = { version = "0.13.2", features = ["ecdh"] }
p384 = "0.11.1" p384 = "0.13.0"
rand.workspace = true rand.workspace = true
ring = { workspace = true, features = ["std"] } ring = { workspace = true, features = ["std"] }
rsa.workspace = true rsa.workspace = true
sec1 = "0.3.0" sec1 = "0.3.0"
serde.workspace = true serde.workspace = true
serde_bytes.workspace = true serde_bytes.workspace = true
sha1 = { version = "0.10.5", features = ["oid"] } sha1 = { version = "0.10.6", features = ["oid"] }
sha2.workspace = true sha2.workspace = true
signature.workspace = true signature.workspace = true
spki = "0.6.0" spki = "0.7.2"
tokio.workspace = true tokio.workspace = true
uuid.workspace = true uuid.workspace = true
# https://github.com/dalek-cryptography/x25519-dalek/pull/89 x25519-dalek = "2.0.0"
x25519-dalek = "2.0.0-pre.1"

11
ext/crypto/ed25519.rs
View file

@ -11,6 +11,7 @@ use rand::rngs::OsRng;
use rand::RngCore; use rand::RngCore;
use ring::signature::Ed25519KeyPair; use ring::signature::Ed25519KeyPair;
use ring::signature::KeyPair; use ring::signature::KeyPair;
use spki::der::asn1::BitString;
use spki::der::Decode; use spki::der::Decode;
use spki::der::Encode; use spki::der::Encode;
@ -65,7 +66,7 @@ pub fn op_crypto_import_spki_ed25519(
#[buffer] out: &mut [u8], #[buffer] out: &mut [u8],
) -> bool { ) -> bool {
// 2-3. // 2-3.
let pk_info = match spki::SubjectPublicKeyInfo::from_der(key_data) { let pk_info = match spki::SubjectPublicKeyInfoRef::try_from(key_data) {
Ok(pk_info) => pk_info, Ok(pk_info) => pk_info,
Err(_) => return false, Err(_) => return false,
}; };
@ -78,7 +79,7 @@ pub fn op_crypto_import_spki_ed25519(
if pk_info.algorithm.parameters.is_some() { if pk_info.algorithm.parameters.is_some() {
return false; return false;
} }
out.copy_from_slice(pk_info.subject_public_key); out.copy_from_slice(pk_info.subject_public_key.raw_bytes());
true true
} }
@ -117,16 +118,16 @@ pub fn op_crypto_export_spki_ed25519(
#[buffer] pubkey: &[u8], #[buffer] pubkey: &[u8],
) -> Result<ToJsBuffer, AnyError> { ) -> Result<ToJsBuffer, AnyError> {
let key_info = spki::SubjectPublicKeyInfo { let key_info = spki::SubjectPublicKeyInfo {
algorithm: spki::AlgorithmIdentifier { algorithm: spki::AlgorithmIdentifierOwned {
// id-Ed25519 // id-Ed25519
oid: ED25519_OID, oid: ED25519_OID,
parameters: None, parameters: None,
}, },
subject_public_key: pubkey, subject_public_key: BitString::from_bytes(pubkey)?,
}; };
Ok( Ok(
key_info key_info
.to_vec() .to_der()
.map_err(|_| { .map_err(|_| {
custom_error("DOMExceptionOperationError", "Failed to export key") custom_error("DOMExceptionOperationError", "Failed to export key")
})? })?

21
ext/crypto/export_key.rs
View file

@ -16,7 +16,9 @@ use rsa::pkcs8::der::Encode;
use serde::Deserialize; use serde::Deserialize;
use serde::Serialize; use serde::Serialize;
use spki::der::asn1; use spki::der::asn1;
use spki::der::asn1::BitString;
use spki::AlgorithmIdentifier; use spki::AlgorithmIdentifier;
use spki::AlgorithmIdentifierOwned;
use crate::shared::*; use crate::shared::*;
@ -126,7 +128,6 @@ fn export_key_rsa(
) -> Result<ExportKeyResult, deno_core::anyhow::Error> { ) -> Result<ExportKeyResult, deno_core::anyhow::Error> {
match format { match format {
ExportKeyFormat::Spki => { ExportKeyFormat::Spki => {
use spki::der::Encode;
let subject_public_key = &key_data.as_rsa_public_key()?; let subject_public_key = &key_data.as_rsa_public_key()?;
// the SPKI structure // the SPKI structure
@ -138,11 +139,11 @@ fn export_key_rsa(
// It MUST have ASN.1 type NULL. // It MUST have ASN.1 type NULL.
parameters: Some(asn1::AnyRef::from(asn1::Null)), parameters: Some(asn1::AnyRef::from(asn1::Null)),
}, },
subject_public_key, subject_public_key: BitString::from_bytes(&subject_public_key).unwrap(),
}; };
// Infallible because we know the public key is valid. // Infallible because we know the public key is valid.
let spki_der = key_info.to_vec().unwrap(); let spki_der = key_info.to_der().unwrap();
Ok(ExportKeyResult::Spki(spki_der.into())) Ok(ExportKeyResult::Spki(spki_der.into()))
} }
ExportKeyFormat::Pkcs8 => { ExportKeyFormat::Pkcs8 => {
@ -259,8 +260,6 @@ fn export_key_ec(
Ok(ExportKeyResult::Raw(subject_public_key.into())) Ok(ExportKeyResult::Raw(subject_public_key.into()))
} }
ExportKeyFormat::Spki => { ExportKeyFormat::Spki => {
use spki::der::Encode;
let subject_public_key = match named_curve { let subject_public_key = match named_curve {
EcNamedCurve::P256 => { EcNamedCurve::P256 => {
let point = key_data.as_ec_public_key_p256()?; let point = key_data.as_ec_public_key_p256()?;
@ -278,11 +277,11 @@ fn export_key_ec(
}; };
let alg_id = match named_curve { let alg_id = match named_curve {
EcNamedCurve::P256 => AlgorithmIdentifier { EcNamedCurve::P256 => AlgorithmIdentifierOwned {
oid: elliptic_curve::ALGORITHM_OID, oid: elliptic_curve::ALGORITHM_OID,
parameters: Some((&p256::NistP256::OID).into()), parameters: Some((&p256::NistP256::OID).into()),
}, },
EcNamedCurve::P384 => AlgorithmIdentifier { EcNamedCurve::P384 => AlgorithmIdentifierOwned {
oid: elliptic_curve::ALGORITHM_OID, oid: elliptic_curve::ALGORITHM_OID,
parameters: Some((&p384::NistP384::OID).into()), parameters: Some((&p384::NistP384::OID).into()),
}, },
@ -302,10 +301,10 @@ fn export_key_ec(
// the SPKI structure // the SPKI structure
let key_info = spki::SubjectPublicKeyInfo { let key_info = spki::SubjectPublicKeyInfo {
algorithm: alg_id, algorithm: alg_id,
subject_public_key: &subject_public_key, subject_public_key: BitString::from_bytes(&subject_public_key).unwrap(),
}; };
let spki_der = key_info.to_vec().unwrap(); let spki_der = key_info.to_der().unwrap();
Ok(ExportKeyResult::Spki(spki_der.into())) Ok(ExportKeyResult::Spki(spki_der.into()))
} }
@ -374,7 +373,7 @@ fn export_key_ec(
Ok(ExportKeyResult::JwkPrivateEc { Ok(ExportKeyResult::JwkPrivateEc {
x: bytes_to_b64(x), x: bytes_to_b64(x),
y: bytes_to_b64(y), y: bytes_to_b64(y),
d: bytes_to_b64(&ec_key.to_be_bytes()), d: bytes_to_b64(&ec_key.to_bytes()),
}) })
} else { } else {
Err(data_error("expected valid public EC key")) Err(data_error("expected valid public EC key"))
@ -397,7 +396,7 @@ fn export_key_ec(
Ok(ExportKeyResult::JwkPrivateEc { Ok(ExportKeyResult::JwkPrivateEc {
x: bytes_to_b64(x), x: bytes_to_b64(x),
y: bytes_to_b64(y), y: bytes_to_b64(y),
d: bytes_to_b64(&ec_key.to_be_bytes()), d: bytes_to_b64(&ec_key.to_bytes()),
}) })
} else { } else {
Err(data_error("expected valid public EC key")) Err(data_error("expected valid public EC key"))

65
ext/crypto/import_key.rs
View file

@ -206,12 +206,10 @@ fn import_key_rsa_jwk(
fn import_key_rsassa( fn import_key_rsassa(
key_data: KeyData, key_data: KeyData,
) -> Result<ImportKeyResult, deno_core::anyhow::Error> { ) -> Result<ImportKeyResult, deno_core::anyhow::Error> {
use rsa::pkcs1::der::Decode;
match key_data { match key_data {
KeyData::Spki(data) => { KeyData::Spki(data) => {
// 2-3. // 2-3.
let pk_info = spki::SubjectPublicKeyInfo::from_der(&data) let pk_info = spki::SubjectPublicKeyInfoRef::try_from(&*data)
.map_err(|e| data_error(e.to_string()))?; .map_err(|e| data_error(e.to_string()))?;
// 4-5. // 4-5.
@ -223,21 +221,24 @@ fn import_key_rsassa(
} }
// 8-9. // 8-9.
let public_key = let public_key = rsa::pkcs1::RsaPublicKey::from_der(
rsa::pkcs1::RsaPublicKey::from_der(pk_info.subject_public_key) pk_info.subject_public_key.raw_bytes(),
.map_err(|e| data_error(e.to_string()))?; )
.map_err(|e| data_error(e.to_string()))?;
let bytes_consumed = public_key let bytes_consumed = public_key
.encoded_len() .encoded_len()
.map_err(|e| data_error(e.to_string()))?; .map_err(|e| data_error(e.to_string()))?;
if bytes_consumed if bytes_consumed
!= rsa::pkcs1::der::Length::new(pk_info.subject_public_key.len() as u16) != rsa::pkcs1::der::Length::new(
pk_info.subject_public_key.raw_bytes().len() as u16,
)
{ {
return Err(data_error("public key is invalid (too long)")); return Err(data_error("public key is invalid (too long)"));
} }
let data = pk_info.subject_public_key.to_vec().into(); let data = pk_info.subject_public_key.to_der()?.into();
let public_exponent = let public_exponent =
public_key.public_exponent.as_bytes().to_vec().into(); public_key.public_exponent.as_bytes().to_vec().into();
let modulus_length = public_key.modulus.as_bytes().len() * 8; let modulus_length = public_key.modulus.as_bytes().len() * 8;
@ -297,12 +298,10 @@ fn import_key_rsassa(
fn import_key_rsapss( fn import_key_rsapss(
key_data: KeyData, key_data: KeyData,
) -> Result<ImportKeyResult, deno_core::anyhow::Error> { ) -> Result<ImportKeyResult, deno_core::anyhow::Error> {
use rsa::pkcs1::der::Decode;
match key_data { match key_data {
KeyData::Spki(data) => { KeyData::Spki(data) => {
// 2-3. // 2-3.
let pk_info = spki::SubjectPublicKeyInfo::from_der(&data) let pk_info = spki::SubjectPublicKeyInfoRef::try_from(&*data)
.map_err(|e| data_error(e.to_string()))?; .map_err(|e| data_error(e.to_string()))?;
// 4-5. // 4-5.
@ -314,21 +313,24 @@ fn import_key_rsapss(
} }
// 8-9. // 8-9.
let public_key = let public_key = rsa::pkcs1::RsaPublicKey::from_der(
rsa::pkcs1::RsaPublicKey::from_der(pk_info.subject_public_key) pk_info.subject_public_key.raw_bytes(),
.map_err(|e| data_error(e.to_string()))?; )
.map_err(|e| data_error(e.to_string()))?;
let bytes_consumed = public_key let bytes_consumed = public_key
.encoded_len() .encoded_len()
.map_err(|e| data_error(e.to_string()))?; .map_err(|e| data_error(e.to_string()))?;
if bytes_consumed if bytes_consumed
!= rsa::pkcs1::der::Length::new(pk_info.subject_public_key.len() as u16) != rsa::pkcs1::der::Length::new(
pk_info.subject_public_key.raw_bytes().len() as u16,
)
{ {
return Err(data_error("public key is invalid (too long)")); return Err(data_error("public key is invalid (too long)"));
} }
let data = pk_info.subject_public_key.to_vec().into(); let data = pk_info.subject_public_key.to_der()?.into();
let public_exponent = let public_exponent =
public_key.public_exponent.as_bytes().to_vec().into(); public_key.public_exponent.as_bytes().to_vec().into();
let modulus_length = public_key.modulus.as_bytes().len() * 8; let modulus_length = public_key.modulus.as_bytes().len() * 8;
@ -388,12 +390,10 @@ fn import_key_rsapss(
fn import_key_rsaoaep( fn import_key_rsaoaep(
key_data: KeyData, key_data: KeyData,
) -> Result<ImportKeyResult, deno_core::anyhow::Error> { ) -> Result<ImportKeyResult, deno_core::anyhow::Error> {
use rsa::pkcs1::der::Decode;
match key_data { match key_data {
KeyData::Spki(data) => { KeyData::Spki(data) => {
// 2-3. // 2-3.
let pk_info = spki::SubjectPublicKeyInfo::from_der(&data) let pk_info = spki::SubjectPublicKeyInfoRef::try_from(&*data)
.map_err(|e| data_error(e.to_string()))?; .map_err(|e| data_error(e.to_string()))?;
// 4-5. // 4-5.
@ -405,21 +405,24 @@ fn import_key_rsaoaep(
} }
// 8-9. // 8-9.
let public_key = let public_key = rsa::pkcs1::RsaPublicKey::from_der(
rsa::pkcs1::RsaPublicKey::from_der(pk_info.subject_public_key) pk_info.subject_public_key.raw_bytes(),
.map_err(|e| data_error(e.to_string()))?; )
.map_err(|e| data_error(e.to_string()))?;
let bytes_consumed = public_key let bytes_consumed = public_key
.encoded_len() .encoded_len()
.map_err(|e| data_error(e.to_string()))?; .map_err(|e| data_error(e.to_string()))?;
if bytes_consumed if bytes_consumed
!= rsa::pkcs1::der::Length::new(pk_info.subject_public_key.len() as u16) != rsa::pkcs1::der::Length::new(
pk_info.subject_public_key.raw_bytes().len() as u16,
)
{ {
return Err(data_error("public key is invalid (too long)")); return Err(data_error("public key is invalid (too long)"));
} }
let data = pk_info.subject_public_key.to_vec().into(); let data = pk_info.subject_public_key.to_der()?.into();
let public_exponent = let public_exponent =
public_key.public_exponent.as_bytes().to_vec().into(); public_key.public_exponent.as_bytes().to_vec().into();
let modulus_length = public_key.modulus.as_bytes().len() * 8; let modulus_length = public_key.modulus.as_bytes().len() * 8;
@ -541,14 +544,14 @@ fn import_key_ec_jwk(
let pkcs8_der = match named_curve { let pkcs8_der = match named_curve {
EcNamedCurve::P256 => { EcNamedCurve::P256 => {
let d = decode_b64url_to_field_bytes::<p256::NistP256>(&d)?; let d = decode_b64url_to_field_bytes::<p256::NistP256>(&d)?;
let pk = p256::SecretKey::from_be_bytes(&d)?; let pk = p256::SecretKey::from_bytes(&d)?;
pk.to_pkcs8_der() pk.to_pkcs8_der()
.map_err(|_| data_error("invalid JWK private key"))? .map_err(|_| data_error("invalid JWK private key"))?
} }
EcNamedCurve::P384 => { EcNamedCurve::P384 => {
let d = decode_b64url_to_field_bytes::<p384::NistP384>(&d)?; let d = decode_b64url_to_field_bytes::<p384::NistP384>(&d)?;
let pk = p384::SecretKey::from_be_bytes(&d)?; let pk = p384::SecretKey::from_bytes(&d)?;
pk.to_pkcs8_der() pk.to_pkcs8_der()
.map_err(|_| data_error("invalid JWK private key"))? .map_err(|_| data_error("invalid JWK private key"))?
@ -593,7 +596,7 @@ impl<'a> TryFrom<spki::der::asn1::AnyRef<'a>> for ECParametersSpki {
fn try_from( fn try_from(
any: spki::der::asn1::AnyRef<'a>, any: spki::der::asn1::AnyRef<'a>,
) -> spki::der::Result<ECParametersSpki> { ) -> spki::der::Result<ECParametersSpki> {
let x = any.oid()?; let x = any.try_into()?;
Ok(Self { named_curve_alg: x }) Ok(Self { named_curve_alg: x })
} }
@ -642,7 +645,7 @@ fn import_key_ec(
pk.algorithm pk.algorithm
.parameters .parameters
.ok_or_else(|| data_error("malformed parameters"))? .ok_or_else(|| data_error("malformed parameters"))?
.oid() .try_into()
.unwrap() .unwrap()
} }
EcNamedCurve::P521 => { EcNamedCurve::P521 => {
@ -689,7 +692,7 @@ fn import_key_ec(
} }
KeyData::Spki(data) => { KeyData::Spki(data) => {
// 2-3. // 2-3.
let pk_info = spki::SubjectPublicKeyInfo::from_der(&data) let pk_info = spki::SubjectPublicKeyInfoRef::try_from(&*data)
.map_err(|e| data_error(e.to_string()))?; .map_err(|e| data_error(e.to_string()))?;
// 4. // 4.
@ -726,7 +729,7 @@ fn import_key_ec(
if let Some(pk_named_curve) = pk_named_curve { if let Some(pk_named_curve) = pk_named_curve {
let pk = pk_info.subject_public_key; let pk = pk_info.subject_public_key;
encoded_key = pk.to_vec(); encoded_key = pk.to_der()?;
let bytes_consumed = match named_curve { let bytes_consumed = match named_curve {
EcNamedCurve::P256 => { EcNamedCurve::P256 => {
@ -755,7 +758,7 @@ fn import_key_ec(
_ => return Err(not_supported_error("Unsupported named curve")), _ => return Err(not_supported_error("Unsupported named curve")),
}; };
if bytes_consumed != pk_info.subject_public_key.len() { if bytes_consumed != pk_info.subject_public_key.raw_bytes().len() {
return Err(data_error("public key is invalid (too long)")); return Err(data_error("public key is invalid (too long)"));
} }

11
ext/crypto/x25519.rs
View file

@ -9,6 +9,7 @@ use elliptic_curve::pkcs8::PrivateKeyInfo;
use elliptic_curve::subtle::ConstantTimeEq; use elliptic_curve::subtle::ConstantTimeEq;
use rand::rngs::OsRng; use rand::rngs::OsRng;
use rand::RngCore; use rand::RngCore;
use spki::der::asn1::BitString;
use spki::der::Decode; use spki::der::Decode;
use spki::der::Encode; use spki::der::Encode;
@ -62,7 +63,7 @@ pub fn op_crypto_import_spki_x25519(
#[buffer] out: &mut [u8], #[buffer] out: &mut [u8],
) -> bool { ) -> bool {
// 2-3. // 2-3.
let pk_info = match spki::SubjectPublicKeyInfo::from_der(key_data) { let pk_info = match spki::SubjectPublicKeyInfoRef::try_from(key_data) {
Ok(pk_info) => pk_info, Ok(pk_info) => pk_info,
Err(_) => return false, Err(_) => return false,
}; };
@ -75,7 +76,7 @@ pub fn op_crypto_import_spki_x25519(
if pk_info.algorithm.parameters.is_some() { if pk_info.algorithm.parameters.is_some() {
return false; return false;
} }
out.copy_from_slice(pk_info.subject_public_key); out.copy_from_slice(pk_info.subject_public_key.raw_bytes());
true true
} }
@ -114,16 +115,16 @@ pub fn op_crypto_export_spki_x25519(
#[buffer] pubkey: &[u8], #[buffer] pubkey: &[u8],
) -> Result<ToJsBuffer, AnyError> { ) -> Result<ToJsBuffer, AnyError> {
let key_info = spki::SubjectPublicKeyInfo { let key_info = spki::SubjectPublicKeyInfo {
algorithm: spki::AlgorithmIdentifier { algorithm: spki::AlgorithmIdentifierRef {
// id-X25519 // id-X25519
oid: X25519_OID, oid: X25519_OID,
parameters: None, parameters: None,
}, },
subject_public_key: pubkey, subject_public_key: BitString::from_bytes(pubkey)?,
}; };
Ok( Ok(
key_info key_info
.to_vec() .to_der()
.map_err(|_| { .map_err(|_| {
custom_error("DOMExceptionOperationError", "Failed to export key") custom_error("DOMExceptionOperationError", "Failed to export key")
})? })?

5
ext/node/Cargo.toml
View file

@ -59,7 +59,7 @@ ring.workspace = true
ripemd = "0.1.3" ripemd = "0.1.3"
rsa.workspace = true rsa.workspace = true
scrypt = "0.11.0" scrypt = "0.11.0"
secp256k1 = { version = "0.27.0", features = ["rand-std"] } secp256k1 = { version = "0.28.0", features = ["rand-std"] }
serde = "1.0.149" serde = "1.0.149"
sha-1 = "0.10.0" sha-1 = "0.10.0"
sha2.workspace = true sha2.workspace = true
@ -68,6 +68,5 @@ tokio.workspace = true
typenum = "1.15.0" typenum = "1.15.0"
url.workspace = true url.workspace = true
winapi.workspace = true winapi.workspace = true
# https://github.com/dalek-cryptography/x25519-dalek/pull/89 x25519-dalek = "2.0.0"
x25519-dalek = "2.0.0-pre.1"
x509-parser = "0.15.0" x509-parser = "0.15.0"