fixup! crypto: add raw key formats support to the KeyObject APIs

Author: panva

doc/api/crypto.md

@@ -238,8 +238,8 @@ repeatedly.
 Example: Reusing a [`KeyObject`][] across sign and verify operations:
 
 ```mjs
+import { promisify } from 'node:util';
 const { generateKeyPair, sign, verify } = await import('node:crypto');
-const { promisify } = await import('node:util');
 
 const { publicKey, privateKey } = await promisify(generateKeyPair)('ed25519');
 
@@ -253,10 +253,10 @@ verify(null, data, publicKey, signature);
 Example: Importing a PEM-encoded key into a [`KeyObject`][]:
 
 ```mjs
+import { promisify } from 'node:util';
 const {
   createPrivateKey, createPublicKey, generateKeyPair, sign, verify,
 } = await import('node:crypto');
-const { promisify } = await import('node:util');
 
 // PEM-encoded keys, e.g. read from a file or environment variable.
 const generated = await promisify(generateKeyPair)('ed25519');
@@ -274,10 +274,10 @@ verify(null, data, publicKey, signature);
 Example: Importing a JWK into a [`KeyObject`][]:
 
 ```mjs
+import { promisify } from 'node:util';
 const {
   createPrivateKey, createPublicKey, generateKeyPair, sign, verify,
 } = await import('node:crypto');
-const { promisify } = await import('node:util');
 
 // JWK objects, e.g. from a JSON configuration or API response.
 const generated = await promisify(generateKeyPair)('ed25519');
@@ -295,10 +295,10 @@ verify(null, data, publicKey, signature);
 Example: Importing a DER-encoded key into a [`KeyObject`][]:
 
 ```mjs
+import { promisify } from 'node:util';
 const {
   createPrivateKey, createPublicKey, generateKeyPair, sign, verify,
 } = await import('node:crypto');
-const { promisify } = await import('node:util');
 
 // DER-encoded keys, e.g. read from binary files or hex/base64url-decoded
 // from environment variables.
@@ -326,8 +326,8 @@ Example: Passing PEM strings directly to [`crypto.sign()`][] and
 [`crypto.verify()`][]:
 
 ```mjs
+import { promisify } from 'node:util';
 const { generateKeyPair, sign, verify } = await import('node:crypto');
-const { promisify } = await import('node:util');
 
 const generated = await promisify(generateKeyPair)('ed25519');
 const privatePem = generated.privateKey.export({ format: 'pem', type: 'pkcs8' });
@@ -343,8 +343,8 @@ Example: Passing JWK objects directly to [`crypto.sign()`][] and
 [`crypto.verify()`][]:
 
 ```mjs
+import { promisify } from 'node:util';
 const { generateKeyPair, sign, verify } = await import('node:crypto');
-const { promisify } = await import('node:util');
 
 const generated = await promisify(generateKeyPair)('ed25519');
 const privateJwk = generated.privateKey.export({ format: 'jwk' });
@@ -360,8 +360,8 @@ Example: Passing raw key bytes directly to [`crypto.sign()`][] and
 [`crypto.verify()`][]:
 
 ```mjs
+import { promisify } from 'node:util';
 const { generateKeyPair, sign, verify } = await import('node:crypto');
-const { promisify } = await import('node:util');
 
 const generated = await promisify(generateKeyPair)('ed25519');
 const rawPrivateKey = generated.privateKey.export({ format: 'raw-private' });
@@ -384,10 +384,10 @@ verify(null, data, {
 Example: Exporting raw keys and importing them:
 
 ```mjs
+import { promisify } from 'node:util';
 const {
   createPrivateKey, createPublicKey, generateKeyPair, sign, verify,
 } = await import('node:crypto');
-const { promisify } = await import('node:util');
 
 const generated = await promisify(generateKeyPair)('ed25519');
 
@@ -420,10 +420,10 @@ Example: For EC keys, the `namedCurve` option is required when importing
 `'raw-public'` keys:
 
 ```mjs
+import { promisify } from 'node:util';
 const {
   createPrivateKey, createPublicKey, generateKeyPair, sign, verify,
 } = await import('node:crypto');
-const { promisify } = await import('node:util');
 
 const generated = await promisify(generateKeyPair)('ec', {
   namedCurve: 'P-256',
@@ -470,10 +470,10 @@ verify('sha256', data, publicKey, signature);
 Example: Exporting raw seeds and importing them:
 
 ```mjs
+import { promisify } from 'node:util';
 const {
   createPrivateKey, decapsulate, encapsulate, generateKeyPair,
 } = await import('node:crypto');
-const { promisify } = await import('node:util');
 
 const generated = await promisify(generateKeyPair)('ml-kem-768');
 

lib/internal/crypto/cfrg.js

@@ -203,10 +203,9 @@ function cfrgExportKey(key, format) {
   try {
     switch (format) {
       case kWebCryptoKeyFormatRaw: {
-        if (key[kKeyType] === 'private') {
-          return TypedArrayPrototypeGetBuffer(key[kKeyObject][kHandle].rawPrivateKey());
-        }
-        return TypedArrayPrototypeGetBuffer(key[kKeyObject][kHandle].rawPublicKey());
+        const handle = key[kKeyObject][kHandle];
+        return TypedArrayPrototypeGetBuffer(
+          key[kKeyType] === 'private' ? handle.rawPrivateKey() : handle.rawPublicKey());
       }
       case kWebCryptoKeyFormatSPKI: {
         return TypedArrayPrototypeGetBuffer(

lib/internal/crypto/ec.js

@@ -163,6 +163,11 @@ function ecExportKey(key, format) {
         // WebCrypto requires uncompressed point format for SPKI exports.
         // This is a very rare edge case dependent on the imported key
         // using compressed point format.
+        // Expected SPKI DER byte lengths with uncompressed points:
+        // P-256: 91 = 26 bytes of SPKI ASN.1 + 65-byte uncompressed point.
+        // P-384: 120 = 23 bytes of SPKI ASN.1 + 97-byte uncompressed point.
+        // P-521: 158 = 25 bytes of SPKI ASN.1 + 133-byte uncompressed point.
+        // Difference in initial SPKI ASN.1 is caused by OIDs and length encoding.
         if (TypedArrayPrototypeGetByteLength(spki) !== {
           '__proto__': null, 'P-256': 91, 'P-384': 120, 'P-521': 158,
         }[key[kAlgorithm].namedCurve]) {

lib/internal/crypto/ml_dsa.js

@@ -122,11 +122,9 @@ function mlDsaExportKey(key, format) {
   try {
     switch (format) {
       case kWebCryptoKeyFormatRaw: {
-        if (key[kKeyType] === 'private') {
-          return TypedArrayPrototypeGetBuffer(key[kKeyObject][kHandle].rawSeed());
-        }
-
-        return TypedArrayPrototypeGetBuffer(key[kKeyObject][kHandle].rawPublicKey());
+        const handle = key[kKeyObject][kHandle];
+        return TypedArrayPrototypeGetBuffer(
+          key[kKeyType] === 'private' ? handle.rawSeed() : handle.rawPublicKey());
       }
       case kWebCryptoKeyFormatSPKI: {
         return TypedArrayPrototypeGetBuffer(key[kKeyObject][kHandle].export(kKeyFormatDER, kWebCryptoKeyFormatSPKI));
@@ -135,6 +133,7 @@ function mlDsaExportKey(key, format) {
         const pkcs8 = key[kKeyObject][kHandle].export(kKeyFormatDER, kWebCryptoKeyFormatPKCS8, null, null);
         // Edge case only possible when user creates a seedless KeyObject
         // first and converts it with KeyObject.prototype.toCryptoKey.
+        // 54 = 22 bytes of PKCS#8 ASN.1 + 32-byte seed.
         if (TypedArrayPrototypeGetByteLength(pkcs8) !== 54) {
           throw lazyDOMException(
             'The operation failed for an operation-specific reason',

lib/internal/crypto/ml_kem.js

@@ -93,11 +93,9 @@ function mlKemExportKey(key, format) {
   try {
     switch (format) {
       case kWebCryptoKeyFormatRaw: {
-        if (key[kKeyType] === 'private') {
-          return TypedArrayPrototypeGetBuffer(key[kKeyObject][kHandle].rawSeed());
-        }
-
-        return TypedArrayPrototypeGetBuffer(key[kKeyObject][kHandle].rawPublicKey());
+        const handle = key[kKeyObject][kHandle];
+        return TypedArrayPrototypeGetBuffer(
+          key[kKeyType] === 'private' ? handle.rawSeed() : handle.rawPublicKey());
       }
       case kWebCryptoKeyFormatSPKI: {
         return TypedArrayPrototypeGetBuffer(key[kKeyObject][kHandle].export(kKeyFormatDER, kWebCryptoKeyFormatSPKI));
@@ -106,6 +104,7 @@ function mlKemExportKey(key, format) {
         const pkcs8 = key[kKeyObject][kHandle].export(kKeyFormatDER, kWebCryptoKeyFormatPKCS8, null, null);
         // Edge case only possible when user creates a seedless KeyObject
         // first and converts it with KeyObject.prototype.toCryptoKey.
+        // 86 = 22 bytes of PKCS#8 ASN.1 + 64-byte seed.
         if (TypedArrayPrototypeGetByteLength(pkcs8) !== 86) {
           throw lazyDOMException(
             'The operation failed for an operation-specific reason',