foster/denoland-deno
1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2025-01-03 04:48:52 -05:00
Code Issues Packages 1 Wiki Activity

refactor: rewrite ext/crypto to op2 (#20477)

Browse source
This commit is contained in:
Bartek Iwańczuk 2023-09-13 17:54:19 +02:00 committed by GitHub
parent 8f0270c0cf
commit 109a42ab07
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 113 additions and 78 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
ext/crypto/decrypt.rs
View file

@ -19,7 +19,7 @@ use ctr::Ctr64BE;
use deno_core::error::custom_error; use deno_core::error::custom_error;
use deno_core::error::type_error; use deno_core::error::type_error;
use deno_core::error::AnyError; use deno_core::error::AnyError;
use deno_core::op; use deno_core::op2;
use deno_core::unsync::spawn_blocking; use deno_core::unsync::spawn_blocking;
use deno_core::JsBuffer; use deno_core::JsBuffer;
use deno_core::ToJsBuffer; use deno_core::ToJsBuffer;
@ -75,10 +75,11 @@ pub enum DecryptAlgorithm {
}, },
} }
#[op] #[op2(async)]
#[serde]
pub async fn op_crypto_decrypt( pub async fn op_crypto_decrypt(
opts: DecryptOptions, #[serde] opts: DecryptOptions,
data: JsBuffer, #[buffer] data: JsBuffer,
) -> Result<ToJsBuffer, AnyError> { ) -> Result<ToJsBuffer, AnyError> {
let key = opts.key; let key = opts.key;
let fun = move || match opts.algorithm { let fun = move || match opts.algorithm {

55
ext/crypto/ed25519.rs
View file

@ -1,7 +1,7 @@
// Copyright 2018-2023 the Deno authors. All rights reserved. MIT license. // Copyright 2018-2023 the Deno authors. All rights reserved. MIT license.
use deno_core::error::AnyError; use deno_core::error::AnyError;
use deno_core::op; use deno_core::op2;
use deno_core::ToJsBuffer; use deno_core::ToJsBuffer;
use elliptic_curve::pkcs8::PrivateKeyInfo; use elliptic_curve::pkcs8::PrivateKeyInfo;
use rand::rngs::OsRng; use rand::rngs::OsRng;
@ -11,10 +11,10 @@ use ring::signature::KeyPair;
use spki::der::Decode; use spki::der::Decode;
use spki::der::Encode; use spki::der::Encode;
#[op(fast)] #[op2(fast)]
pub fn op_crypto_generate_ed25519_keypair( pub fn op_crypto_generate_ed25519_keypair(
pkey: &mut [u8], #[buffer] pkey: &mut [u8],
pubkey: &mut [u8], #[buffer] pubkey: &mut [u8],
) -> bool { ) -> bool {
let mut rng = OsRng; let mut rng = OsRng;
rng.fill_bytes(pkey); rng.fill_bytes(pkey);
@ -27,11 +27,11 @@ pub fn op_crypto_generate_ed25519_keypair(
true true
} }
#[op(fast)] #[op2(fast)]
pub fn op_crypto_sign_ed25519( pub fn op_crypto_sign_ed25519(
key: &[u8], #[buffer] key: &[u8],
data: &[u8], #[buffer] data: &[u8],
signature: &mut [u8], #[buffer] signature: &mut [u8],
) -> bool { ) -> bool {
let pair = match Ed25519KeyPair::from_seed_unchecked(key) { let pair = match Ed25519KeyPair::from_seed_unchecked(key) {
Ok(p) => p, Ok(p) => p,
@ -41,11 +41,11 @@ pub fn op_crypto_sign_ed25519(
true true
} }
#[op(fast)] #[op2(fast)]
pub fn op_crypto_verify_ed25519( pub fn op_crypto_verify_ed25519(
pubkey: &[u8], #[buffer] pubkey: &[u8],
data: &[u8], #[buffer] data: &[u8],
signature: &[u8], #[buffer] signature: &[u8],
) -> bool { ) -> bool {
ring::signature::UnparsedPublicKey::new(&ring::signature::ED25519, pubkey) ring::signature::UnparsedPublicKey::new(&ring::signature::ED25519, pubkey)
.verify(data, signature) .verify(data, signature)
@ -56,8 +56,11 @@ pub fn op_crypto_verify_ed25519(
pub const ED25519_OID: const_oid::ObjectIdentifier = pub const ED25519_OID: const_oid::ObjectIdentifier =
const_oid::ObjectIdentifier::new_unwrap("1.3.101.112"); const_oid::ObjectIdentifier::new_unwrap("1.3.101.112");
#[op(fast)] #[op2(fast)]
pub fn op_crypto_import_spki_ed25519(key_data: &[u8], out: &mut [u8]) -> bool { pub fn op_crypto_import_spki_ed25519(
#[buffer] key_data: &[u8],
#[buffer] out: &mut [u8],
) -> bool {
// 2-3. // 2-3.
let pk_info = match spki::SubjectPublicKeyInfo::from_der(key_data) { let pk_info = match spki::SubjectPublicKeyInfo::from_der(key_data) {
Ok(pk_info) => pk_info, Ok(pk_info) => pk_info,
@ -76,8 +79,11 @@ pub fn op_crypto_import_spki_ed25519(key_data: &[u8], out: &mut [u8]) -> bool {
true true
} }
#[op(fast)] #[op2(fast)]
pub fn op_crypto_import_pkcs8_ed25519(key_data: &[u8], out: &mut [u8]) -> bool { pub fn op_crypto_import_pkcs8_ed25519(
#[buffer] key_data: &[u8],
#[buffer] out: &mut [u8],
) -> bool {
// 2-3. // 2-3.
// This should probably use OneAsymmetricKey instead // This should probably use OneAsymmetricKey instead
let pk_info = match PrivateKeyInfo::from_der(key_data) { let pk_info = match PrivateKeyInfo::from_der(key_data) {
@ -102,9 +108,10 @@ pub fn op_crypto_import_pkcs8_ed25519(key_data: &[u8], out: &mut [u8]) -> bool {
true true
} }
#[op] #[op2]
#[serde]
pub fn op_crypto_export_spki_ed25519( pub fn op_crypto_export_spki_ed25519(
pubkey: &[u8], #[buffer] pubkey: &[u8],
) -> Result<ToJsBuffer, AnyError> { ) -> Result<ToJsBuffer, AnyError> {
let key_info = spki::SubjectPublicKeyInfo { let key_info = spki::SubjectPublicKeyInfo {
algorithm: spki::AlgorithmIdentifier { algorithm: spki::AlgorithmIdentifier {
@ -117,9 +124,10 @@ pub fn op_crypto_export_spki_ed25519(
Ok(key_info.to_vec()?.into()) Ok(key_info.to_vec()?.into())
} }
#[op] #[op2]
#[serde]
pub fn op_crypto_export_pkcs8_ed25519( pub fn op_crypto_export_pkcs8_ed25519(
pkey: &[u8], #[buffer] pkey: &[u8],
) -> Result<ToJsBuffer, AnyError> { ) -> Result<ToJsBuffer, AnyError> {
// This should probably use OneAsymmetricKey instead // This should probably use OneAsymmetricKey instead
let pk_info = rsa::pkcs8::PrivateKeyInfo { let pk_info = rsa::pkcs8::PrivateKeyInfo {
@ -137,8 +145,11 @@ pub fn op_crypto_export_pkcs8_ed25519(
// 'x' from Section 2 of RFC 8037 // 'x' from Section 2 of RFC 8037
// https://www.rfc-editor.org/rfc/rfc8037#section-2 // https://www.rfc-editor.org/rfc/rfc8037#section-2
#[op] #[op2]
pub fn op_crypto_jwk_x_ed25519(pkey: &[u8]) -> Result<String, AnyError> { #[string]
pub fn op_crypto_jwk_x_ed25519(
#[buffer] pkey: &[u8],
) -> Result<String, AnyError> {
let pair = Ed25519KeyPair::from_seed_unchecked(pkey)?; let pair = Ed25519KeyPair::from_seed_unchecked(pkey)?;
Ok(base64::encode_config( Ok(base64::encode_config(
pair.public_key().as_ref(), pair.public_key().as_ref(),

9
ext/crypto/encrypt.rs
View file

@ -18,7 +18,7 @@ use ctr::Ctr32BE;
use ctr::Ctr64BE; use ctr::Ctr64BE;
use deno_core::error::type_error; use deno_core::error::type_error;
use deno_core::error::AnyError; use deno_core::error::AnyError;
use deno_core::op; use deno_core::op2;
use deno_core::unsync::spawn_blocking; use deno_core::unsync::spawn_blocking;
use deno_core::JsBuffer; use deno_core::JsBuffer;
use deno_core::ToJsBuffer; use deno_core::ToJsBuffer;
@ -76,10 +76,11 @@ pub enum EncryptAlgorithm {
}, },
} }
#[op] #[op2(async)]
#[serde]
pub async fn op_crypto_encrypt( pub async fn op_crypto_encrypt(
opts: EncryptOptions, #[serde] opts: EncryptOptions,
data: JsBuffer, #[buffer] data: JsBuffer,
) -> Result<ToJsBuffer, AnyError> { ) -> Result<ToJsBuffer, AnyError> {
let key = opts.key; let key = opts.key;
let fun = move || match opts.algorithm { let fun = move || match opts.algorithm {

9
ext/crypto/export_key.rs
View file

@ -4,7 +4,7 @@ use const_oid::AssociatedOid;
use const_oid::ObjectIdentifier; use const_oid::ObjectIdentifier;
use deno_core::error::custom_error; use deno_core::error::custom_error;
use deno_core::error::AnyError; use deno_core::error::AnyError;
use deno_core::op; use deno_core::op2;
use deno_core::ToJsBuffer; use deno_core::ToJsBuffer;
use elliptic_curve::sec1::ToEncodedPoint; use elliptic_curve::sec1::ToEncodedPoint;
use p256::pkcs8::DecodePrivateKey; use p256::pkcs8::DecodePrivateKey;
@ -90,10 +90,11 @@ pub enum ExportKeyResult {
}, },
} }
#[op] #[op2]
#[serde]
pub fn op_crypto_export_key( pub fn op_crypto_export_key(
opts: ExportKeyOptions, #[serde] opts: ExportKeyOptions,
key_data: V8RawKeyData, #[serde] key_data: V8RawKeyData,
) -> Result<ExportKeyResult, AnyError> { ) -> Result<ExportKeyResult, AnyError> {
match opts.algorithm { match opts.algorithm {
ExportKeyAlgorithm::RsassaPkcs1v15 {} ExportKeyAlgorithm::RsassaPkcs1v15 {}

7
ext/crypto/generate_key.rs
View file

@ -1,7 +1,7 @@
// Copyright 2018-2023 the Deno authors. All rights reserved. MIT license. // Copyright 2018-2023 the Deno authors. All rights reserved. MIT license.
use deno_core::error::AnyError; use deno_core::error::AnyError;
use deno_core::op; use deno_core::op2;
use deno_core::unsync::spawn_blocking; use deno_core::unsync::spawn_blocking;
use deno_core::ToJsBuffer; use deno_core::ToJsBuffer;
use elliptic_curve::rand_core::OsRng; use elliptic_curve::rand_core::OsRng;
@ -42,9 +42,10 @@ pub enum GenerateKeyOptions {
}, },
} }
#[op] #[op2(async)]
#[serde]
pub async fn op_crypto_generate_key( pub async fn op_crypto_generate_key(
opts: GenerateKeyOptions, #[serde] opts: GenerateKeyOptions,
) -> Result<ToJsBuffer, AnyError> { ) -> Result<ToJsBuffer, AnyError> {
let fun = || match opts { let fun = || match opts {
GenerateKeyOptions::Rsa { GenerateKeyOptions::Rsa {

9
ext/crypto/import_key.rs
View file

@ -1,7 +1,7 @@
// Copyright 2018-2023 the Deno authors. All rights reserved. MIT license. // Copyright 2018-2023 the Deno authors. All rights reserved. MIT license.
use deno_core::error::AnyError; use deno_core::error::AnyError;
use deno_core::op; use deno_core::op2;
use deno_core::JsBuffer; use deno_core::JsBuffer;
use deno_core::ToJsBuffer; use deno_core::ToJsBuffer;
use elliptic_curve::pkcs8::PrivateKeyInfo; use elliptic_curve::pkcs8::PrivateKeyInfo;
@ -87,10 +87,11 @@ pub enum ImportKeyResult {
Hmac { raw_data: RustRawKeyData }, Hmac { raw_data: RustRawKeyData },
} }
#[op] #[op2]
#[serde]
pub fn op_crypto_import_key( pub fn op_crypto_import_key(
opts: ImportKeyOptions, #[serde] opts: ImportKeyOptions,
key_data: KeyData, #[serde] key_data: KeyData,
) -> Result<ImportKeyResult, AnyError> { ) -> Result<ImportKeyResult, AnyError> {
match opts { match opts {
ImportKeyOptions::RsassaPkcs1v15 {} => import_key_rsassa(key_data), ImportKeyOptions::RsassaPkcs1v15 {} => import_key_rsassa(key_data),

52
ext/crypto/lib.rs
View file

@ -9,6 +9,7 @@ use deno_core::error::not_supported;
use deno_core::error::type_error; use deno_core::error::type_error;
use deno_core::error::AnyError; use deno_core::error::AnyError;
use deno_core::op; use deno_core::op;
use deno_core::op2;
use deno_core::ToJsBuffer; use deno_core::ToJsBuffer;
use deno_core::unsync::spawn_blocking; use deno_core::unsync::spawn_blocking;
@ -116,24 +117,26 @@ deno_core::extension!(deno_crypto,
}, },
); );
#[op] #[op2]
#[serde]
pub fn op_crypto_base64url_decode( pub fn op_crypto_base64url_decode(
data: String, #[string] data: String,
) -> Result<ToJsBuffer, AnyError> { ) -> Result<ToJsBuffer, AnyError> {
let data: Vec<u8> = base64::decode_config(data, base64::URL_SAFE_NO_PAD)?; let data: Vec<u8> = base64::decode_config(data, base64::URL_SAFE_NO_PAD)?;
Ok(data.into()) Ok(data.into())
} }
#[op] #[op2]
pub fn op_crypto_base64url_encode(data: JsBuffer) -> String { #[string]
pub fn op_crypto_base64url_encode(#[buffer] data: JsBuffer) -> String {
let data: String = base64::encode_config(data, base64::URL_SAFE_NO_PAD); let data: String = base64::encode_config(data, base64::URL_SAFE_NO_PAD);
data data
} }
#[op(fast)] #[op2(fast)]
pub fn op_crypto_get_random_values( pub fn op_crypto_get_random_values(
state: &mut OpState, state: &mut OpState,
out: &mut [u8], #[buffer] out: &mut [u8],
) -> Result<(), AnyError> { ) -> Result<(), AnyError> {
if out.len() > 65536 { if out.len() > 65536 {
return Err( return Err(
@ -186,10 +189,11 @@ pub struct SignArg {
named_curve: Option<CryptoNamedCurve>, named_curve: Option<CryptoNamedCurve>,
} }
#[op] #[op2(async)]
#[serde]
pub async fn op_crypto_sign_key( pub async fn op_crypto_sign_key(
args: SignArg, #[serde] args: SignArg,
zero_copy: JsBuffer, #[buffer] zero_copy: JsBuffer,
) -> Result<ToJsBuffer, AnyError> { ) -> Result<ToJsBuffer, AnyError> {
let data = &*zero_copy; let data = &*zero_copy;
let algorithm = args.algorithm; let algorithm = args.algorithm;
@ -302,10 +306,10 @@ pub struct VerifyArg {
named_curve: Option<CryptoNamedCurve>, named_curve: Option<CryptoNamedCurve>,
} }
#[op] #[op2(async)]
pub async fn op_crypto_verify_key( pub async fn op_crypto_verify_key(
args: VerifyArg, #[serde] args: VerifyArg,
zero_copy: JsBuffer, #[buffer] zero_copy: JsBuffer,
) -> Result<bool, AnyError> { ) -> Result<bool, AnyError> {
let data = &*zero_copy; let data = &*zero_copy;
let algorithm = args.algorithm; let algorithm = args.algorithm;
@ -583,7 +587,8 @@ fn read_rsa_public_key(key_data: KeyData) -> Result<RsaPublicKey, AnyError> {
Ok(public_key) Ok(public_key)
} }
#[op] #[op2]
#[string]
pub fn op_crypto_random_uuid(state: &mut OpState) -> Result<String, AnyError> { pub fn op_crypto_random_uuid(state: &mut OpState) -> Result<String, AnyError> {
let maybe_seeded_rng = state.try_borrow_mut::<StdRng>(); let maybe_seeded_rng = state.try_borrow_mut::<StdRng>();
let uuid = if let Some(seeded_rng) = maybe_seeded_rng { let uuid = if let Some(seeded_rng) = maybe_seeded_rng {
@ -599,10 +604,11 @@ pub fn op_crypto_random_uuid(state: &mut OpState) -> Result<String, AnyError> {
Ok(uuid.to_string()) Ok(uuid.to_string())
} }
#[op] #[op2(async)]
#[serde]
pub async fn op_crypto_subtle_digest( pub async fn op_crypto_subtle_digest(
algorithm: CryptoHash, #[serde] algorithm: CryptoHash,
data: JsBuffer, #[buffer] data: JsBuffer,
) -> Result<ToJsBuffer, AnyError> { ) -> Result<ToJsBuffer, AnyError> {
let output = spawn_blocking(move || { let output = spawn_blocking(move || {
digest::digest(algorithm.into(), &data) digest::digest(algorithm.into(), &data)
@ -622,10 +628,11 @@ pub struct WrapUnwrapKeyArg {
algorithm: Algorithm, algorithm: Algorithm,
} }
#[op] #[op2]
#[serde]
pub fn op_crypto_wrap_key( pub fn op_crypto_wrap_key(
args: WrapUnwrapKeyArg, #[serde] args: WrapUnwrapKeyArg,
data: JsBuffer, #[buffer] data: JsBuffer,
) -> Result<ToJsBuffer, AnyError> { ) -> Result<ToJsBuffer, AnyError> {
let algorithm = args.algorithm; let algorithm = args.algorithm;
@ -651,10 +658,11 @@ pub fn op_crypto_wrap_key(
} }
} }
#[op] #[op2]
#[serde]
pub fn op_crypto_unwrap_key( pub fn op_crypto_unwrap_key(
args: WrapUnwrapKeyArg, #[serde] args: WrapUnwrapKeyArg,
data: JsBuffer, #[buffer] data: JsBuffer,
) -> Result<ToJsBuffer, AnyError> { ) -> Result<ToJsBuffer, AnyError> {
let algorithm = args.algorithm; let algorithm = args.algorithm;
match algorithm { match algorithm {

41
ext/crypto/x25519.rs
View file

@ -2,7 +2,7 @@
use curve25519_dalek::montgomery::MontgomeryPoint; use curve25519_dalek::montgomery::MontgomeryPoint;
use deno_core::error::AnyError; use deno_core::error::AnyError;
use deno_core::op; use deno_core::op2;
use deno_core::ToJsBuffer; use deno_core::ToJsBuffer;
use elliptic_curve::pkcs8::PrivateKeyInfo; use elliptic_curve::pkcs8::PrivateKeyInfo;
use elliptic_curve::subtle::ConstantTimeEq; use elliptic_curve::subtle::ConstantTimeEq;
@ -11,8 +11,11 @@ use rand::RngCore;
use spki::der::Decode; use spki::der::Decode;
use spki::der::Encode; use spki::der::Encode;
#[op(fast)] #[op2(fast)]
pub fn op_crypto_generate_x25519_keypair(pkey: &mut [u8], pubkey: &mut [u8]) { pub fn op_crypto_generate_x25519_keypair(
#[buffer] pkey: &mut [u8],
#[buffer] pubkey: &mut [u8],
) {
// u-coordinate of the base point. // u-coordinate of the base point.
const X25519_BASEPOINT_BYTES: [u8; 32] = [ const X25519_BASEPOINT_BYTES: [u8; 32] = [
9, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 9, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
@ -31,11 +34,11 @@ pub fn op_crypto_generate_x25519_keypair(pkey: &mut [u8], pubkey: &mut [u8]) {
const MONTGOMERY_IDENTITY: MontgomeryPoint = MontgomeryPoint([0; 32]); const MONTGOMERY_IDENTITY: MontgomeryPoint = MontgomeryPoint([0; 32]);
#[op(fast)] #[op2(fast)]
pub fn op_crypto_derive_bits_x25519( pub fn op_crypto_derive_bits_x25519(
k: &[u8], #[buffer] k: &[u8],
u: &[u8], #[buffer] u: &[u8],
secret: &mut [u8], #[buffer] secret: &mut [u8],
) -> bool { ) -> bool {
let k: [u8; 32] = k.try_into().expect("Expected byteLength 32"); let k: [u8; 32] = k.try_into().expect("Expected byteLength 32");
let u: [u8; 32] = u.try_into().expect("Expected byteLength 32"); let u: [u8; 32] = u.try_into().expect("Expected byteLength 32");
@ -52,8 +55,11 @@ pub fn op_crypto_derive_bits_x25519(
pub const X25519_OID: const_oid::ObjectIdentifier = pub const X25519_OID: const_oid::ObjectIdentifier =
const_oid::ObjectIdentifier::new_unwrap("1.3.101.110"); const_oid::ObjectIdentifier::new_unwrap("1.3.101.110");
#[op(fast)] #[op2(fast)]
pub fn op_crypto_import_spki_x25519(key_data: &[u8], out: &mut [u8]) -> bool { pub fn op_crypto_import_spki_x25519(
#[buffer] key_data: &[u8],
#[buffer] out: &mut [u8],
) -> bool {
// 2-3. // 2-3.
let pk_info = match spki::SubjectPublicKeyInfo::from_der(key_data) { let pk_info = match spki::SubjectPublicKeyInfo::from_der(key_data) {
Ok(pk_info) => pk_info, Ok(pk_info) => pk_info,
@ -72,8 +78,11 @@ pub fn op_crypto_import_spki_x25519(key_data: &[u8], out: &mut [u8]) -> bool {
true true
} }
#[op(fast)] #[op2(fast)]
pub fn op_crypto_import_pkcs8_x25519(key_data: &[u8], out: &mut [u8]) -> bool { pub fn op_crypto_import_pkcs8_x25519(
#[buffer] key_data: &[u8],
#[buffer] out: &mut [u8],
) -> bool {
// 2-3. // 2-3.
// This should probably use OneAsymmetricKey instead // This should probably use OneAsymmetricKey instead
let pk_info = match PrivateKeyInfo::from_der(key_data) { let pk_info = match PrivateKeyInfo::from_der(key_data) {
@ -98,9 +107,10 @@ pub fn op_crypto_import_pkcs8_x25519(key_data: &[u8], out: &mut [u8]) -> bool {
true true
} }
#[op] #[op2]
#[serde]
pub fn op_crypto_export_spki_x25519( pub fn op_crypto_export_spki_x25519(
pubkey: &[u8], #[buffer] pubkey: &[u8],
) -> Result<ToJsBuffer, AnyError> { ) -> Result<ToJsBuffer, AnyError> {
let key_info = spki::SubjectPublicKeyInfo { let key_info = spki::SubjectPublicKeyInfo {
algorithm: spki::AlgorithmIdentifier { algorithm: spki::AlgorithmIdentifier {
@ -113,9 +123,10 @@ pub fn op_crypto_export_spki_x25519(
Ok(key_info.to_vec()?.into()) Ok(key_info.to_vec()?.into())
} }
#[op] #[op2]
#[serde]
pub fn op_crypto_export_pkcs8_x25519( pub fn op_crypto_export_pkcs8_x25519(
pkey: &[u8], #[buffer] pkey: &[u8],
) -> Result<ToJsBuffer, AnyError> { ) -> Result<ToJsBuffer, AnyError> {
// This should probably use OneAsymmetricKey instead // This should probably use OneAsymmetricKey instead
let pk_info = rsa::pkcs8::PrivateKeyInfo { let pk_info = rsa::pkcs8::PrivateKeyInfo {