Skip to content

Commit 6d00533

Browse files
panvadanielleadams
panva
authored and
danielleadams
committed
crypto: remove Node.js-specific webcrypto extensions
PR-URL: #43310 Reviewed-By: James M Snell <[email protected]>
1 parent cc3505b commit 6d00533

25 files changed

+40
-1901
lines changed

doc/api/webcrypto.md

Lines changed: 38 additions & 295 deletions
Large diffs are not rendered by default.

lib/internal/crypto/aes.js

Lines changed: 0 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -50,17 +50,10 @@ const {
5050

5151
const { PromiseReject } = primordials;
5252

53-
const {
54-
codes: {
55-
ERR_INVALID_ARG_TYPE,
56-
}
57-
} = require('internal/errors');
58-
5953
const {
6054
InternalCryptoKey,
6155
SecretKeyObject,
6256
createSecretKey,
63-
isKeyObject,
6457
} = require('internal/crypto/keys');
6558

6659
const {
@@ -283,19 +276,6 @@ async function aesImportKey(
283276
let keyObject;
284277
let length;
285278
switch (format) {
286-
case 'node.keyObject': {
287-
if (!isKeyObject(keyData))
288-
throw new ERR_INVALID_ARG_TYPE('keyData', 'KeyObject', keyData);
289-
290-
if (keyData.type !== 'secret') {
291-
throw lazyDOMException(
292-
`Unable to import AES key with format ${format}`,
293-
'NotSupportedError');
294-
}
295-
296-
keyObject = keyData;
297-
break;
298-
}
299279
case 'raw': {
300280
validateKeyLength(keyData.byteLength * 8);
301281
keyObject = createSecretKey(keyData);

lib/internal/crypto/cfrg.js

Lines changed: 0 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -18,12 +18,6 @@ const {
1818
kSignJobModeVerify,
1919
} = internalBinding('crypto');
2020

21-
const {
22-
codes: {
23-
ERR_INVALID_ARG_TYPE,
24-
},
25-
} = require('internal/errors');
26-
2721
const {
2822
getArrayBufferOrView,
2923
getUsagesUnion,
@@ -49,7 +43,6 @@ const {
4943
PublicKeyObject,
5044
createPrivateKey,
5145
createPublicKey,
52-
isKeyObject,
5346
} = require('internal/crypto/keys');
5447

5548
function verifyAcceptableCfrgKeyUse(name, type, usages) {
@@ -226,15 +219,6 @@ async function cfrgImportKey(
226219
let keyObject;
227220
const usagesSet = new SafeSet(keyUsages);
228221
switch (format) {
229-
case 'node.keyObject': {
230-
if (!isKeyObject(keyData))
231-
throw new ERR_INVALID_ARG_TYPE('keyData', 'KeyObject', keyData);
232-
if (keyData.type === 'secret')
233-
throw lazyDOMException('Invalid key type', 'InvalidAccessException');
234-
verifyAcceptableCfrgKeyUse(name, keyData.type, usagesSet);
235-
keyObject = keyData;
236-
break;
237-
}
238222
case 'spki': {
239223
verifyAcceptableCfrgKeyUse(name, 'public', usagesSet);
240224
keyObject = createPublicKey({

lib/internal/crypto/diffiehellman.js

Lines changed: 0 additions & 221 deletions
Original file line numberDiff line numberDiff line change
@@ -12,8 +12,6 @@ const {
1212
const { Buffer } = require('buffer');
1313

1414
const {
15-
DHBitsJob,
16-
DHKeyExportJob,
1715
DiffieHellman: _DiffieHellman,
1816
DiffieHellmanGroup: _DiffieHellmanGroup,
1917
ECDH: _ECDH,
@@ -53,23 +51,12 @@ const {
5351

5452
const {
5553
KeyObject,
56-
InternalCryptoKey,
57-
createPrivateKey,
58-
createPublicKey,
5954
isCryptoKey,
60-
isKeyObject,
6155
} = require('internal/crypto/keys');
6256

63-
const {
64-
generateKeyPair,
65-
} = require('internal/crypto/keygen');
66-
6757
const {
6858
getArrayBufferOrView,
6959
getDefaultEncoding,
70-
getUsagesUnion,
71-
hasAnyNotIn,
72-
jobPromise,
7360
toBuf,
7461
kHandle,
7562
kKeyObject,
@@ -345,89 +332,6 @@ function deriveBitsECDH(name, publicKey, privateKey, callback) {
345332
job.run();
346333
}
347334

348-
// The deriveBitsDH function is part of the Web Crypto API and serves both
349-
// deriveKeys and deriveBits functions.
350-
function deriveBitsDH(publicKey, privateKey, callback) {
351-
validateObject(publicKey, 'publicKey');
352-
validateObject(privateKey, 'privateKey');
353-
validateFunction(callback, 'callback');
354-
const job = new DHBitsJob(kCryptoJobAsync, publicKey, privateKey);
355-
job.ondone = (error, bits) => {
356-
if (error) return FunctionPrototypeCall(callback, job, error);
357-
FunctionPrototypeCall(callback, job, null, bits);
358-
};
359-
job.run();
360-
}
361-
362-
function verifyAcceptableDhKeyUse(name, type, usages) {
363-
let checkSet;
364-
switch (type) {
365-
case 'private':
366-
checkSet = ['deriveBits', 'deriveKey'];
367-
break;
368-
case 'public':
369-
checkSet = [];
370-
break;
371-
}
372-
if (hasAnyNotIn(usages, checkSet)) {
373-
throw lazyDOMException(
374-
`Unsupported key usage for an ${name} key`,
375-
'SyntaxError');
376-
}
377-
}
378-
379-
async function dhGenerateKey(
380-
algorithm,
381-
extractable,
382-
keyUsages) {
383-
const usageSet = new SafeSet(keyUsages);
384-
385-
if (hasAnyNotIn(usageSet, ['deriveKey', 'deriveBits'])) {
386-
throw lazyDOMException(
387-
'Unsupported key usage for a DH key',
388-
'SyntaxError');
389-
}
390-
391-
const {
392-
name,
393-
primeLength,
394-
generator,
395-
group
396-
} = algorithm;
397-
let { prime } = algorithm;
398-
399-
if (prime !== undefined)
400-
prime = getArrayBufferOrView(prime);
401-
402-
return new Promise((resolve, reject) => {
403-
generateKeyPair('dh', {
404-
prime,
405-
primeLength,
406-
generator,
407-
group,
408-
}, (err, pubKey, privKey) => {
409-
if (err) {
410-
return reject(lazyDOMException(
411-
'The operation failed for an operation-specific reason',
412-
'OperationError'));
413-
}
414-
415-
const algorithm = { name, prime, primeLength, generator, group };
416-
417-
const publicKey = new InternalCryptoKey(pubKey, algorithm, [], true);
418-
419-
const privateKey =
420-
new InternalCryptoKey(
421-
privKey,
422-
algorithm,
423-
getUsagesUnion(usageSet, 'deriveBits', 'deriveKey'),
424-
extractable);
425-
426-
resolve({ publicKey, privateKey });
427-
});
428-
});
429-
}
430-
431335
async function asyncDeriveBitsECDH(algorithm, baseKey, length) {
432336
const { 'public': key } = algorithm;
433337

@@ -498,136 +402,11 @@ async function asyncDeriveBitsECDH(algorithm, baseKey, length) {
498402
ArrayBufferPrototypeSlice(bits, 0, length);
499403
}
500404

501-
async function asyncDeriveBitsDH(algorithm, baseKey, length) {
502-
const { 'public': key } = algorithm;
503-
// Null has a specific meaning for DH
504-
if (length !== null)
505-
validateUint32(length, 'length');
506-
if (!isCryptoKey(key))
507-
throw new ERR_INVALID_ARG_TYPE('algorithm.public', 'CryptoKey', key);
508-
509-
if (key.type !== 'public') {
510-
throw lazyDOMException(
511-
'algorithm.public must be a public key', 'InvalidAccessError');
512-
}
513-
if (baseKey.type !== 'private') {
514-
throw lazyDOMException(
515-
'baseKey must be a private key', 'InvalidAccessError');
516-
}
517-
518-
if (key.algorithm.name !== 'NODE-DH')
519-
throw lazyDOMException('Keys must be DH keys', 'InvalidAccessError');
520-
521-
if (key.algorithm.name !== baseKey.algorithm.name) {
522-
throw lazyDOMException(
523-
'The public and private keys must be of the same type',
524-
'InvalidAccessError');
525-
}
526-
527-
const bits = await new Promise((resolve, reject) => {
528-
deriveBitsDH(
529-
key[kKeyObject][kHandle],
530-
baseKey[kKeyObject][kHandle], (err, bits) => {
531-
if (err) return reject(err);
532-
resolve(bits);
533-
});
534-
});
535-
536-
// If a length is not specified, return the full derived secret
537-
if (length === null)
538-
return bits;
539-
540-
// If the length is not a multiple of 8, it will be truncated
541-
// down to the nearest multiple of 8.
542-
length = MathFloor(length / 8);
543-
const { byteLength } = bits;
544-
545-
// If the length is larger than the derived secret, throw.
546-
// Otherwise, we either return the secret or a truncated
547-
// slice.
548-
if (byteLength < length)
549-
throw lazyDOMException('derived bit length is too small', 'OperationError');
550-
551-
return length === byteLength ?
552-
bits :
553-
ArrayBufferPrototypeSlice(bits, 0, length);
554-
}
555-
556-
function dhExportKey(key, format) {
557-
return jobPromise(new DHKeyExportJob(
558-
kCryptoJobAsync,
559-
format,
560-
key[kKeyObject][kHandle]));
561-
}
562-
563-
async function dhImportKey(
564-
format,
565-
keyData,
566-
algorithm,
567-
extractable,
568-
keyUsages) {
569-
const usagesSet = new SafeSet(keyUsages);
570-
let keyObject;
571-
switch (format) {
572-
case 'node.keyObject': {
573-
if (!isKeyObject(keyData))
574-
throw new ERR_INVALID_ARG_TYPE('keyData', 'KeyObject', keyData);
575-
if (keyData.type === 'secret')
576-
throw lazyDOMException('Invalid key type', 'InvalidAccessException');
577-
verifyAcceptableDhKeyUse(algorithm.name, keyData.type, usagesSet);
578-
keyObject = keyData;
579-
break;
580-
}
581-
case 'spki': {
582-
verifyAcceptableDhKeyUse(algorithm.name, 'public', usagesSet);
583-
keyObject = createPublicKey({
584-
key: keyData,
585-
format: 'der',
586-
type: 'spki'
587-
});
588-
break;
589-
}
590-
case 'pkcs8': {
591-
verifyAcceptableDhKeyUse(algorithm.name, 'private', usagesSet);
592-
keyObject = createPrivateKey({
593-
key: keyData,
594-
format: 'der',
595-
type: 'pkcs8'
596-
});
597-
break;
598-
}
599-
default:
600-
throw lazyDOMException(
601-
`Unable to import DH key with format ${format}`,
602-
'NotSupportedError');
603-
}
604-
605-
const {
606-
prime,
607-
primeLength,
608-
generator,
609-
group,
610-
} = keyObject[kHandle].keyDetail({});
611-
612-
return new InternalCryptoKey(keyObject, {
613-
name: algorithm.name,
614-
prime,
615-
primeLength,
616-
generator,
617-
group,
618-
}, keyUsages, extractable);
619-
}
620-
621405
module.exports = {
622406
DiffieHellman,
623407
DiffieHellmanGroup,
624408
ECDH,
625409
diffieHellman,
626410
deriveBitsECDH,
627-
deriveBitsDH,
628-
dhGenerateKey,
629411
asyncDeriveBitsECDH,
630-
asyncDeriveBitsDH,
631-
dhExportKey,
632-
dhImportKey,
633412
};

0 commit comments

Comments
 (0)