Skip to content

Commit

Permalink
fix(ext/node): initial crypto.createPublicKey() support (denoland#2…
Browse files Browse the repository at this point in the history
…2509)

Closes denoland#21807

Co-authored-by: Divy Srivastava <dj.srivastava23@gmail.com>
  • Loading branch information
2 people authored and magurotuna committed Mar 13, 2024
1 parent 577f392 commit f565857
Show file tree
Hide file tree
Showing 9 changed files with 164 additions and 6 deletions.
1 change: 1 addition & 0 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -163,6 +163,7 @@ signature = "2.1"
slab = "0.4"
smallvec = "1.8"
socket2 = { version = "0.5.3", features = ["all"] }
spki = "0.7.2"
tar = "=0.4.40"
tempfile = "3.4.0"
termcolor = "1.1.3"
Expand Down
2 changes: 1 addition & 1 deletion ext/crypto/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ serde_bytes.workspace = true
sha1 = { version = "0.10.6", features = ["oid"] }
sha2.workspace = true
signature.workspace = true
spki = "0.7.2"
spki.workspace = true
tokio.workspace = true
uuid.workspace = true
x25519-dalek = "2.0.0"
1 change: 1 addition & 0 deletions ext/node/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,7 @@ sha-1 = "0.10.0"
sha2.workspace = true
signature.workspace = true
simd-json = "0.13.4"
spki.workspace = true
tokio.workspace = true
typenum = "1.15.0"
url.workspace = true
Expand Down
1 change: 1 addition & 0 deletions ext/node/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -329,6 +329,7 @@ deno_core::extension!(deno_node,
ops::require::op_require_break_on_next_statement,
ops::util::op_node_guess_handle_type,
ops::crypto::op_node_create_private_key,
ops::crypto::op_node_create_public_key,
ops::ipc::op_node_child_ipc_pipe,
ops::ipc::op_node_ipc_write,
ops::ipc::op_node_ipc_read,
Expand Down
108 changes: 108 additions & 0 deletions ext/node/ops/crypto/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ use rand::distributions::Uniform;
use rand::thread_rng;
use rand::Rng;
use rsa::pkcs1::DecodeRsaPrivateKey;
use rsa::pkcs1::DecodeRsaPublicKey;
use rsa::pkcs8;
use rsa::pkcs8::der::asn1;
use rsa::pkcs8::der::Decode;
Expand Down Expand Up @@ -1459,3 +1460,110 @@ pub fn op_node_create_private_key(
_ => Err(type_error("Unsupported algorithm")),
}
}

fn parse_public_key(
key: &[u8],
format: &str,
type_: &str,
) -> Result<pkcs8::Document, AnyError> {
match format {
"pem" => {
let (label, doc) =
pkcs8::Document::from_pem(std::str::from_utf8(key).unwrap())?;
if label != "PUBLIC KEY" {
return Err(type_error("Invalid PEM label"));
}
Ok(doc)
}
"der" => {
match type_ {
"pkcs1" => pkcs8::Document::from_pkcs1_der(key)
.map_err(|_| type_error("Invalid PKCS1 public key")),
// TODO(@iuioiua): spki type
_ => Err(type_error(format!("Unsupported key type: {}", type_))),
}
}
_ => Err(type_error(format!("Unsupported key format: {}", format))),
}
}

#[op2]
#[serde]
pub fn op_node_create_public_key(
#[buffer] key: &[u8],
#[string] format: &str,
#[string] type_: &str,
) -> Result<AsymmetricKeyDetails, AnyError> {
let doc = parse_public_key(key, format, type_)?;
let pk_info = spki::SubjectPublicKeyInfoRef::try_from(doc.as_bytes())?;

let alg = pk_info.algorithm.oid;

match alg {
RSA_ENCRYPTION_OID => {
let public_key = rsa::pkcs1::RsaPublicKey::from_der(
pk_info.subject_public_key.raw_bytes(),
)?;
let modulus_length = public_key.modulus.as_bytes().len() * 8;

Ok(AsymmetricKeyDetails::Rsa {
modulus_length,
public_exponent: BigInt::from_bytes_be(
num_bigint::Sign::Plus,
public_key.public_exponent.as_bytes(),
)
.into(),
})
}
RSASSA_PSS_OID => {
let params = PssPrivateKeyParameters::try_from(
pk_info
.algorithm
.parameters
.ok_or_else(|| type_error("Malformed parameters".to_string()))?,
)
.map_err(|_| type_error("Malformed parameters".to_string()))?;

let hash_alg = params.hash_algorithm;
let hash_algorithm = match hash_alg.oid {
ID_SHA1_OID => "sha1",
ID_SHA256_OID => "sha256",
ID_SHA384_OID => "sha384",
ID_SHA512_OID => "sha512",
_ => return Err(type_error("Unsupported hash algorithm")),
};

let public_key = rsa::pkcs1::RsaPublicKey::from_der(
pk_info.subject_public_key.raw_bytes(),
)?;
let modulus_length = public_key.modulus.as_bytes().len() * 8;
Ok(AsymmetricKeyDetails::RsaPss {
modulus_length,
public_exponent: BigInt::from_bytes_be(
num_bigint::Sign::Plus,
public_key.public_exponent.as_bytes(),
)
.into(),
hash_algorithm: hash_algorithm.to_string(),
salt_length: params.salt_length,
})
}
EC_OID => {
let named_curve = pk_info
.algorithm
.parameters_oid()
.map_err(|_| type_error("malformed parameters"))?;
let named_curve = match named_curve {
ID_SECP256R1_OID => "p256",
ID_SECP384R1_OID => "p384",
ID_SECP521R1_OID => "p521",
_ => return Err(type_error("Unsupported named curve")),
};

Ok(AsymmetricKeyDetails::Ec {
named_curve: named_curve.to_string(),
})
}
_ => Err(type_error("Unsupported algorithm")),
}
}
24 changes: 20 additions & 4 deletions ext/node/polyfills/internal/crypto/keys.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,10 @@
// TODO(petamoriken): enable prefer-primordials for node polyfills
// deno-lint-ignore-file prefer-primordials

import { op_node_create_private_key } from "ext:core/ops";
import {
op_node_create_private_key,
op_node_create_public_key,
} from "ext:core/ops";

import {
kHandle,
Expand Down Expand Up @@ -239,9 +242,12 @@ export function createPrivateKey(
}

export function createPublicKey(
_key: PublicKeyInput | string | Buffer | KeyObject | JsonWebKeyInput,
): KeyObject {
notImplemented("crypto.createPublicKey");
key: PublicKeyInput | string | Buffer | JsonWebKeyInput,
): PublicKeyObject {
const { data, format, type } = prepareAsymmetricKey(key);
const details = op_node_create_public_key(data, format, type);
const handle = setOwnedKey(copyBuffer(data));
return new PublicKeyObject(handle, details);
}

function getKeyTypes(allowKeyObject: boolean, bufferOnly = false) {
Expand Down Expand Up @@ -358,6 +364,16 @@ class PrivateKeyObject extends AsymmetricKeyObject {
}
}

class PublicKeyObject extends AsymmetricKeyObject {
constructor(handle: unknown, details: unknown) {
super("public", handle, details);
}

export(_options: unknown) {
notImplemented("crypto.PublicKeyObject.prototype.export");
}
}

export function setOwnedKey(key: Uint8Array): unknown {
const handle = {};
KEY_STORE.set(handle, key);
Expand Down
28 changes: 27 additions & 1 deletion tests/unit_node/crypto/crypto_key_test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,9 @@

// Copyright 2018-2024 the Deno authors. All rights reserved. MIT license.
import {
createHmac,
createPrivateKey,
createPublicKey,
createSecretKey,
generateKeyPair,
generateKeyPairSync,
Expand All @@ -12,7 +14,6 @@ import {
import { promisify } from "node:util";
import { Buffer } from "node:buffer";
import { assertEquals, assertThrows } from "@std/assert/mod.ts";
import { createHmac } from "node:crypto";

const RUN_SLOW_TESTS = Deno.env.get("SLOW_TESTS") === "1";

Expand Down Expand Up @@ -240,3 +241,28 @@ Deno.test("createPrivateKey ec", function () {
assertEquals(key.asymmetricKeyType, "ec");
assertEquals(key.asymmetricKeyDetails?.namedCurve, "p256");
});

const rsaPublicKey = Deno.readTextFileSync(
new URL("../testdata/rsa_public.pem", import.meta.url),
);

Deno.test("createPublicKey() RSA", () => {
const key = createPublicKey(rsaPublicKey);
assertEquals(key.type, "public");
assertEquals(key.asymmetricKeyType, "rsa");
assertEquals(key.asymmetricKeyDetails?.modulusLength, 2048);
assertEquals(key.asymmetricKeyDetails?.publicExponent, 65537n);
});

// openssl ecparam -name prime256v1 -genkey -noout -out a.pem
// openssl ec -in a.pem -pubout -out b.pem
const ecPublicKey = Deno.readTextFileSync(
new URL("../testdata/ec_prime256v1_public.pem", import.meta.url),
);

Deno.test("createPublicKey() EC", function () {
const key = createPublicKey(ecPublicKey);
assertEquals(key.type, "public");
assertEquals(key.asymmetricKeyType, "ec");
assertEquals(key.asymmetricKeyDetails?.namedCurve, "p256");
});
4 changes: 4 additions & 0 deletions tests/unit_node/testdata/ec_prime256v1_public.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEvk2xDvFKR/q/jqE5pjFk0afU5Ybe
83GsRx0PBXXFVE4yO1vE7ftaOp9Jqt3edpVyXIEyyrilnonNKITGxkB2Uw==
-----END PUBLIC KEY-----

0 comments on commit f565857

Please sign in to comment.