crypto: remove Node.js-specific webcrypto extensions

PR-URL: #43310
Reviewed-By: James M Snell <[email protected]>

Author: panva

doc/api/webcrypto.md

@@ -50,17 +50,10 @@ const {
 
 const { PromiseReject } = primordials;
 
-const {
-  codes: {
-    ERR_INVALID_ARG_TYPE,
-  }
-} = require('internal/errors');
-
 const {
   InternalCryptoKey,
   SecretKeyObject,
   createSecretKey,
-  isKeyObject,
 } = require('internal/crypto/keys');
 
 const {
@@ -283,19 +276,6 @@ async function aesImportKey(
   let keyObject;
   let length;
   switch (format) {
-    case 'node.keyObject': {
-      if (!isKeyObject(keyData))
-        throw new ERR_INVALID_ARG_TYPE('keyData', 'KeyObject', keyData);
-
-      if (keyData.type !== 'secret') {
-        throw lazyDOMException(
-          `Unable to import AES key with format ${format}`,
-          'NotSupportedError');
-      }
-
-      keyObject = keyData;
-      break;
-    }
     case 'raw': {
       validateKeyLength(keyData.byteLength * 8);
       keyObject = createSecretKey(keyData);

lib/internal/crypto/aes.js

@@ -18,12 +18,6 @@ const {
   kSignJobModeVerify,
 } = internalBinding('crypto');
 
-const {
-  codes: {
-    ERR_INVALID_ARG_TYPE,
-  },
-} = require('internal/errors');
-
 const {
   getArrayBufferOrView,
   getUsagesUnion,
@@ -49,7 +43,6 @@ const {
   PublicKeyObject,
   createPrivateKey,
   createPublicKey,
-  isKeyObject,
 } = require('internal/crypto/keys');
 
 function verifyAcceptableCfrgKeyUse(name, type, usages) {
@@ -226,15 +219,6 @@ async function cfrgImportKey(
   let keyObject;
   const usagesSet = new SafeSet(keyUsages);
   switch (format) {
-    case 'node.keyObject': {
-      if (!isKeyObject(keyData))
-        throw new ERR_INVALID_ARG_TYPE('keyData', 'KeyObject', keyData);
-      if (keyData.type === 'secret')
-        throw lazyDOMException('Invalid key type', 'InvalidAccessException');
-      verifyAcceptableCfrgKeyUse(name, keyData.type, usagesSet);
-      keyObject = keyData;
-      break;
-    }
     case 'spki': {
       verifyAcceptableCfrgKeyUse(name, 'public', usagesSet);
       keyObject = createPublicKey({

lib/internal/crypto/cfrg.js

@@ -12,8 +12,6 @@ const {
 const { Buffer } = require('buffer');
 
 const {
-  DHBitsJob,
-  DHKeyExportJob,
   DiffieHellman: _DiffieHellman,
   DiffieHellmanGroup: _DiffieHellmanGroup,
   ECDH: _ECDH,
@@ -53,23 +51,12 @@ const {
 
 const {
   KeyObject,
-  InternalCryptoKey,
-  createPrivateKey,
-  createPublicKey,
   isCryptoKey,
-  isKeyObject,
 } = require('internal/crypto/keys');
 
-const {
-  generateKeyPair,
-} = require('internal/crypto/keygen');
-
 const {
   getArrayBufferOrView,
   getDefaultEncoding,
-  getUsagesUnion,
-  hasAnyNotIn,
-  jobPromise,
   toBuf,
   kHandle,
   kKeyObject,
@@ -343,89 +330,6 @@ function deriveBitsECDH(name, publicKey, privateKey, callback) {
   job.run();
 }
 
-// The deriveBitsDH function is part of the Web Crypto API and serves both
-// deriveKeys and deriveBits functions.
-function deriveBitsDH(publicKey, privateKey, callback) {
-  validateObject(publicKey, 'publicKey');
-  validateObject(privateKey, 'privateKey');
-  validateCallback(callback);
-  const job = new DHBitsJob(kCryptoJobAsync, publicKey, privateKey);
-  job.ondone = (error, bits) => {
-    if (error) return FunctionPrototypeCall(callback, job, error);
-    FunctionPrototypeCall(callback, job, null, bits);
-  };
-  job.run();
-}
-
-function verifyAcceptableDhKeyUse(name, type, usages) {
-  let checkSet;
-  switch (type) {
-    case 'private':
-      checkSet = ['deriveBits', 'deriveKey'];
-      break;
-    case 'public':
-      checkSet = [];
-      break;
-  }
-  if (hasAnyNotIn(usages, checkSet)) {
-    throw lazyDOMException(
-      `Unsupported key usage for an ${name} key`,
-      'SyntaxError');
-  }
-}
-
-async function dhGenerateKey(
-  algorithm,
-  extractable,
-  keyUsages) {
-  const usageSet = new SafeSet(keyUsages);
-
-  if (hasAnyNotIn(usageSet, ['deriveKey', 'deriveBits'])) {
-    throw lazyDOMException(
-      'Unsupported key usage for a DH key',
-      'SyntaxError');
-  }
-
-  const {
-    name,
-    primeLength,
-    generator,
-    group
-  } = algorithm;
-  let { prime } = algorithm;
-
-  if (prime !== undefined)
-    prime = getArrayBufferOrView(prime);
-
-  return new Promise((resolve, reject) => {
-    generateKeyPair('dh', {
-      prime,
-      primeLength,
-      generator,
-      group,
-    }, (err, pubKey, privKey) => {
-      if (err) {
-        return reject(lazyDOMException(
-          'The operation failed for an operation-specific reason',
-          'OperationError'));
-      }
-
-      const algorithm = { name, prime, primeLength, generator, group };
-
-      const publicKey = new InternalCryptoKey(pubKey, algorithm, [], true);
-
-      const privateKey =
-        new InternalCryptoKey(
-          privKey,
-          algorithm,
-          getUsagesUnion(usageSet, 'deriveBits', 'deriveKey'),
-          extractable);
-
-      resolve({ publicKey, privateKey });
-    });
-  });
-}
-
 async function asyncDeriveBitsECDH(algorithm, baseKey, length) {
   const { 'public': key } = algorithm;
 
@@ -496,136 +400,11 @@ async function asyncDeriveBitsECDH(algorithm, baseKey, length) {
     ArrayBufferPrototypeSlice(bits, 0, length);
 }
 
-async function asyncDeriveBitsDH(algorithm, baseKey, length) {
-  const { 'public': key } = algorithm;
-  // Null has a specific meaning for DH
-  if (length !== null)
-    validateUint32(length, 'length');
-  if (!isCryptoKey(key))
-    throw new ERR_INVALID_ARG_TYPE('algorithm.public', 'CryptoKey', key);
-
-  if (key.type !== 'public') {
-    throw lazyDOMException(
-      'algorithm.public must be a public key', 'InvalidAccessError');
-  }
-  if (baseKey.type !== 'private') {
-    throw lazyDOMException(
-      'baseKey must be a private key', 'InvalidAccessError');
-  }
-
-  if (key.algorithm.name !== 'NODE-DH')
-    throw lazyDOMException('Keys must be DH keys', 'InvalidAccessError');
-
-  if (key.algorithm.name !== baseKey.algorithm.name) {
-    throw lazyDOMException(
-      'The public and private keys must be of the same type',
-      'InvalidAccessError');
-  }
-
-  const bits = await new Promise((resolve, reject) => {
-    deriveBitsDH(
-      key[kKeyObject][kHandle],
-      baseKey[kKeyObject][kHandle], (err, bits) => {
-        if (err) return reject(err);
-        resolve(bits);
-      });
-  });
-
-  // If a length is not specified, return the full derived secret
-  if (length === null)
-    return bits;
-
-  // If the length is not a multiple of 8, it will be truncated
-  // down to the nearest multiple of 8.
-  length = MathFloor(length / 8);
-  const { byteLength } = bits;
-
-  // If the length is larger than the derived secret, throw.
-  // Otherwise, we either return the secret or a truncated
-  // slice.
-  if (byteLength < length)
-    throw lazyDOMException('derived bit length is too small', 'OperationError');
-
-  return length === byteLength ?
-    bits :
-    ArrayBufferPrototypeSlice(bits, 0, length);
-}
-
-function dhExportKey(key, format) {
-  return jobPromise(new DHKeyExportJob(
-    kCryptoJobAsync,
-    format,
-    key[kKeyObject][kHandle]));
-}
-
-async function dhImportKey(
-  format,
-  keyData,
-  algorithm,
-  extractable,
-  keyUsages) {
-  const usagesSet = new SafeSet(keyUsages);
-  let keyObject;
-  switch (format) {
-    case 'node.keyObject': {
-      if (!isKeyObject(keyData))
-        throw new ERR_INVALID_ARG_TYPE('keyData', 'KeyObject', keyData);
-      if (keyData.type === 'secret')
-        throw lazyDOMException('Invalid key type', 'InvalidAccessException');
-      verifyAcceptableDhKeyUse(algorithm.name, keyData.type, usagesSet);
-      keyObject = keyData;
-      break;
-    }
-    case 'spki': {
-      verifyAcceptableDhKeyUse(algorithm.name, 'public', usagesSet);
-      keyObject = createPublicKey({
-        key: keyData,
-        format: 'der',
-        type: 'spki'
-      });
-      break;
-    }
-    case 'pkcs8': {
-      verifyAcceptableDhKeyUse(algorithm.name, 'private', usagesSet);
-      keyObject = createPrivateKey({
-        key: keyData,
-        format: 'der',
-        type: 'pkcs8'
-      });
-      break;
-    }
-    default:
-      throw lazyDOMException(
-        `Unable to import DH key with format ${format}`,
-        'NotSupportedError');
-  }
-
-  const {
-    prime,
-    primeLength,
-    generator,
-    group,
-  } = keyObject[kHandle].keyDetail({});
-
-  return new InternalCryptoKey(keyObject, {
-    name: algorithm.name,
-    prime,
-    primeLength,
-    generator,
-    group,
-  }, keyUsages, extractable);
-}
-
 module.exports = {
   DiffieHellman,
   DiffieHellmanGroup,
   ECDH,
   diffieHellman,
   deriveBitsECDH,
-  deriveBitsDH,
-  dhGenerateKey,
   asyncDeriveBitsECDH,
-  asyncDeriveBitsDH,
-  dhExportKey,
-  dhImportKey,
 };