refactor(ext/crypto): clean up exportKey rust code

ext/crypto/00_crypto.js

@@ -852,6 +852,7 @@
      * @param {CryptoKey} key
      * @returns {Promise<any>}
      */
+    // deno-lint-ignore require-await
     async exportKey(format, key) {
       webidl.assertBranded(this, SubtleCrypto);
       const prefix = "Failed to execute 'exportKey' on 'SubtleCrypto'";
@@ -878,7 +879,7 @@
         case "RSASSA-PKCS1-v1_5":
         case "RSA-PSS":
         case "RSA-OAEP": {
-          return await exportKeyRSA(format, key, innerKey);
+          return exportKeyRSA(format, key, innerKey);
         }
         case "AES-CTR":
         case "AES-CBC":
@@ -2532,7 +2533,7 @@
     }
   }
 
-  async function exportKeyRSA(format, key, innerKey) {
+  function exportKeyRSA(format, key, innerKey) {
     switch (format) {
       case "pkcs8": {
         // 1.
@@ -2544,12 +2545,10 @@
         }
 
         // 2.
-        const data = await core.opAsync("op_crypto_export_key", {
-          key: innerKey,
-          format: "pkcs8",
+        const data = core.opSync("op_crypto_export_key", {
           algorithm: key[_algorithm].name,
-          hash: key[_algorithm].hash.name,
-        });
+          format: "pkcs8",
+        }, innerKey);
 
         // 3.
         return data.buffer;
@@ -2564,12 +2563,10 @@
         }
 
         // 2.
-        const data = await core.opAsync("op_crypto_export_key", {
-          key: innerKey,
-          format: "spki",
+        const data = core.opSync("op_crypto_export_key", {
           algorithm: key[_algorithm].name,
-          hash: key[_algorithm].hash.name,
-        });
+          format: "spki",
+        }, innerKey);
 
         // 3.
         return data.buffer;

ext/crypto/export_key.rs

@@ -0,0 +1,113 @@
+use deno_core::error::AnyError;
+use deno_core::OpState;
+use deno_core::ZeroCopyBuf;
+use serde::Deserialize;
+use serde::Serialize;
+use spki::der::asn1;
+use spki::der::Encodable;
+
+use crate::shared::*;
+
+#[derive(Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub struct ExportKeyOptions {
+  format: ExportKeyFormat,
+  #[serde(flatten)]
+  algorithm: ExportKeyAlgorithm,
+}
+
+#[derive(Deserialize)]
+#[serde(rename_all = "lowercase")]
+pub enum ExportKeyFormat {
+  Pkcs8,
+  Spki,
+  Jwk,
+}
+
+#[derive(Deserialize)]
+#[serde(rename_all = "camelCase", tag = "algorithm")]
+pub enum ExportKeyAlgorithm {
+  #[serde(rename = "RSASSA-PKCS1-v1_5")]
+  RsassaPkcs1v15 {},
+  #[serde(rename = "RSA-PSS")]
+  RsaPss {},
+  #[serde(rename = "RSA-OAEP")]
+  RsaOaep {},
+}
+
+#[derive(Serialize)]
+#[serde(untagged)]
+pub enum ExportKeyResult {
+  Pkcs8(ZeroCopyBuf),
+  Spki(ZeroCopyBuf),
+}
+
+pub fn op_crypto_export_key(
+  _state: &mut OpState,
+  opts: ExportKeyOptions,
+  key_data: RawKeyData,
+) -> Result<ExportKeyResult, AnyError> {
+  match opts.algorithm {
+    ExportKeyAlgorithm::RsassaPkcs1v15 {}
+    | ExportKeyAlgorithm::RsaPss {}
+    | ExportKeyAlgorithm::RsaOaep {} => export_key_rsa(opts.format, key_data),
+  }
+}
+
+fn export_key_rsa(
+  format: ExportKeyFormat,
+  key_data: RawKeyData,
+) -> Result<ExportKeyResult, deno_core::anyhow::Error> {
+  match format {
+    ExportKeyFormat::Spki => {
+      let subject_public_key = &key_data.as_rsa_public_key()?;
+
+      // the SPKI structure
+      let key_info = spki::SubjectPublicKeyInfo {
+        algorithm: spki::AlgorithmIdentifier {
+          // rsaEncryption(1)
+          oid: spki::ObjectIdentifier::new("1.2.840.113549.1.1.1"),
+          // parameters field should not be ommited (None).
+          // It MUST have ASN.1 type NULL.
+          parameters: Some(asn1::Any::from(asn1::Null)),
+        },
+        subject_public_key,
+      };
+
+      // Infallible because we know the public key is valid.
+      let spki_der = key_info.to_vec().unwrap();
+      Ok(ExportKeyResult::Spki(spki_der.into()))
+    }
+    ExportKeyFormat::Pkcs8 => {
+      let private_key = key_data.as_rsa_private_key()?;
+
+      // the PKCS#8 v1 structure
+      // PrivateKeyInfo ::= SEQUENCE {
+      //   version                   Version,
+      //   privateKeyAlgorithm       PrivateKeyAlgorithmIdentifier,
+      //   privateKey                PrivateKey,
+      //   attributes           [0]  IMPLICIT Attributes OPTIONAL }
+
+      // version is 0 when publickey is None
+
+      let pk_info = rsa::pkcs8::PrivateKeyInfo {
+        attributes: None,
+        public_key: None,
+        algorithm: rsa::pkcs8::AlgorithmIdentifier {
+          // rsaEncryption(1)
+          oid: rsa::pkcs8::ObjectIdentifier::new("1.2.840.113549.1.1.1"),
+          // parameters field should not be ommited (None).
+          // It MUST have ASN.1 type NULL as per defined in RFC 3279 Section 2.3.1
+          parameters: Some(asn1::Any::from(asn1::Null)),
+        },
+        private_key,
+      };
+
+      // Infallible because we know the private key is valid.
+      let pkcs8_der = pk_info.to_vec().unwrap();
+
+      Ok(ExportKeyResult::Pkcs8(pkcs8_der.into()))
+    }
+    _ => Err(unsupported_format()),
+  }
+}