crypto: add raw key formats support to the KeyObject APIs

Add raw key format support (raw-public, raw-private, raw-seed) to
KeyObject.prototype.export(), crypto.createPrivateKey(),
and crypto.createPublicKey() for applicable asymmetric keys (EC,
CFRG curves, ML-DSA, ML-KEM, and SLH-DSA).

Also wire these to the Web Cryptography APIs and remove the unnecessary
KeyExportJob. The KeyExportJob classes were removed because the export
operations they performed are not computationally expensive. They're
just serialization of already-available key data (SPKI, PKCS8, raw
bytes). Running them as async CryptoJobs on the libuv thread pool added
unnecessary overhead and complexity for operations that complete
instantly.

Author: panva

lib/internal/crypto/cfrg.js

@@ -2,19 +2,23 @@
 
 const {
   SafeSet,
+  TypedArrayPrototypeGetBuffer,
 } = primordials;
 
 const { Buffer } = require('buffer');
 
 const {
-  ECKeyExportJob,
   KeyObjectHandle,
   SignJob,
   kCryptoJobAsync,
+  kKeyFormatDER,
   kKeyTypePrivate,
   kKeyTypePublic,
   kSignJobModeSign,
   kSignJobModeVerify,
+  kWebCryptoKeyFormatPKCS8,
+  kWebCryptoKeyFormatRaw,
+  kWebCryptoKeyFormatSPKI,
 } = internalBinding('crypto');
 
 const {
@@ -195,10 +199,30 @@ async function cfrgGenerateKey(algorithm, extractable, keyUsages) {
 }
 
 function cfrgExportKey(key, format) {
-  return jobPromise(() => new ECKeyExportJob(
-    kCryptoJobAsync,
-    format,
-    key[kKeyObject][kHandle]));
+  try {
+    switch (format) {
+      case kWebCryptoKeyFormatRaw: {
+        if (key[kKeyType] === 'private') {
+          return TypedArrayPrototypeGetBuffer(key[kKeyObject][kHandle].rawPrivateKey());
+        }
+        return TypedArrayPrototypeGetBuffer(key[kKeyObject][kHandle].rawPublicKey());
+      }
+      case kWebCryptoKeyFormatSPKI: {
+        return TypedArrayPrototypeGetBuffer(
+          key[kKeyObject][kHandle].export(kKeyFormatDER, kWebCryptoKeyFormatSPKI));
+      }
+      case kWebCryptoKeyFormatPKCS8: {
+        return TypedArrayPrototypeGetBuffer(
+          key[kKeyObject][kHandle].export(kKeyFormatDER, kWebCryptoKeyFormatPKCS8, null, null));
+      }
+      default:
+        return undefined;
+    }
+  } catch (err) {
+    throw lazyDOMException(
+      'The operation failed for an operation-specific reason',
+      { name: 'OperationError', cause: err });
+  }
 }
 
 function cfrgImportKey(

lib/internal/crypto/ec.js

@@ -2,19 +2,30 @@
 
 const {
   SafeSet,
+  TypedArrayPrototypeGetBuffer,
+  TypedArrayPrototypeGetByteLength,
 } = primordials;
 
 const {
-  ECKeyExportJob,
   KeyObjectHandle,
   SignJob,
   kCryptoJobAsync,
+  kKeyFormatDER,
   kKeyTypePrivate,
   kSignJobModeSign,
   kSignJobModeVerify,
   kSigEncP1363,
+  kWebCryptoKeyFormatPKCS8,
+  kWebCryptoKeyFormatRaw,
+  kWebCryptoKeyFormatSPKI,
 } = internalBinding('crypto');
 
+const {
+  crypto: {
+    POINT_CONVERSION_UNCOMPRESSED,
+  },
+} = internalBinding('constants');
+
 const {
   getUsagesUnion,
   hasAnyNotIn,
@@ -41,6 +52,7 @@ const {
   PublicKeyObject,
   createPrivateKey,
   createPublicKey,
+  kAlgorithm,
   kKeyType,
 } = require('internal/crypto/keys');
 
@@ -139,10 +151,40 @@ async function ecGenerateKey(algorithm, extractable, keyUsages) {
 }
 
 function ecExportKey(key, format) {
-  return jobPromise(() => new ECKeyExportJob(
-    kCryptoJobAsync,
-    format,
-    key[kKeyObject][kHandle]));
+  try {
+    const handle = key[kKeyObject][kHandle];
+    switch (format) {
+      case kWebCryptoKeyFormatRaw: {
+        return TypedArrayPrototypeGetBuffer(
+          handle.exportECPublicRaw(POINT_CONVERSION_UNCOMPRESSED));
+      }
+      case kWebCryptoKeyFormatSPKI: {
+        let spki = handle.export(kKeyFormatDER, kWebCryptoKeyFormatSPKI);
+        // WebCrypto requires uncompressed point format for SPKI exports.
+        // This is a very rare edge case dependent on the imported key
+        // using compressed point format.
+        if (TypedArrayPrototypeGetByteLength(spki) !== {
+          '__proto__': null, 'P-256': 91, 'P-384': 120, 'P-521': 158,
+        }[key[kAlgorithm].namedCurve]) {
+          const raw = handle.exportECPublicRaw(POINT_CONVERSION_UNCOMPRESSED);
+          const tmp = new KeyObjectHandle();
+          tmp.initECRaw(kNamedCurveAliases[key[kAlgorithm].namedCurve], raw);
+          spki = tmp.export(kKeyFormatDER, kWebCryptoKeyFormatSPKI);
+        }
+        return TypedArrayPrototypeGetBuffer(spki);
+      }
+      case kWebCryptoKeyFormatPKCS8: {
+        return TypedArrayPrototypeGetBuffer(
+          handle.export(kKeyFormatDER, kWebCryptoKeyFormatPKCS8, null, null));
+      }
+      default:
+        return undefined;
+    }
+  } catch (err) {
+    throw lazyDOMException(
+      'The operation failed for an operation-specific reason',
+      { name: 'OperationError', cause: err });
+  }
 }
 
 function ecImportKey(

lib/internal/crypto/keys.js

@@ -27,6 +27,15 @@ const {
   kKeyEncodingSEC1,
 } = internalBinding('crypto');
 
+const hasPqcSupport = KeyObjectHandle.prototype.initPqcRaw !== undefined;
+
+const {
+  crypto: {
+    POINT_CONVERSION_COMPRESSED,
+    POINT_CONVERSION_UNCOMPRESSED,
+  },
+} = internalBinding('constants');
+
 const {
   validateObject,
   validateOneOf,
@@ -82,6 +91,7 @@ const kKeyUsages = Symbol('kKeyUsages');
 const kCachedAlgorithm = Symbol('kCachedAlgorithm');
 const kCachedKeyUsages = Symbol('kCachedKeyUsages');
 
+
 // Key input contexts.
 const kConsumePublic = 0;
 const kConsumePrivate = 1;
@@ -340,14 +350,27 @@ const {
     }
 
     export(options) {
-      if (options && options.format === 'jwk') {
-        return this[kHandle].exportJwk({}, false);
+      switch (options?.format) {
+        case 'jwk':
+          return this[kHandle].exportJwk({}, false);
+        case 'raw-public': {
+          if (this.asymmetricKeyType === 'ec') {
+            const { type = 'compressed' } = options;
+            validateOneOf(type, 'options.type', ['compressed', 'uncompressed']);
+            const form = type === 'compressed' ?
+              POINT_CONVERSION_COMPRESSED : POINT_CONVERSION_UNCOMPRESSED;
+            return this[kHandle].exportECPublicRaw(form);
+          }
+          return this[kHandle].rawPublicKey();
+        }
+        default: {
+          const {
+            format,
+            type,
+          } = parsePublicKeyEncoding(options, this.asymmetricKeyType);
+          return this[kHandle].export(format, type);
+        }
       }
-      const {
-        format,
-        type,
-      } = parsePublicKeyEncoding(options, this.asymmetricKeyType);
-      return this[kHandle].export(format, type);
     }
   }
 
@@ -357,20 +380,32 @@ const {
     }
 
     export(options) {
-      if (options && options.format === 'jwk') {
-        if (options.passphrase !== undefined) {
-          throw new ERR_CRYPTO_INCOMPATIBLE_KEY_OPTIONS(
-            'jwk', 'does not support encryption');
+      if (options?.passphrase !== undefined &&
+          options.format !== 'pem' && options.format !== 'der') {
+        throw new ERR_CRYPTO_INCOMPATIBLE_KEY_OPTIONS(
+          options.format, 'does not support encryption');
+      }
+      switch (options?.format) {
+        case 'jwk':
+          return this[kHandle].exportJwk({}, false);
+        case 'raw-private': {
+          if (this.asymmetricKeyType === 'ec') {
+            return this[kHandle].exportECPrivateRaw();
+          }
+          return this[kHandle].rawPrivateKey();
+        }
+        case 'raw-seed':
+          return this[kHandle].rawSeed();
+        default: {
+          const {
+            format,
+            type,
+            cipher,
+            passphrase,
+          } = parsePrivateKeyEncoding(options, this.asymmetricKeyType);
+          return this[kHandle].export(format, type, cipher, passphrase);
         }
-        return this[kHandle].exportJwk({}, false);
       }
-      const {
-        format,
-        type,
-        cipher,
-        passphrase,
-      } = parsePrivateKeyEncoding(options, this.asymmetricKeyType);
-      return this[kHandle].export(format, type, cipher, passphrase);
     }
   }
 
@@ -549,7 +584,7 @@ function mlDsaPubLen(alg) {
 
 function getKeyObjectHandleFromJwk(key, ctx) {
   validateObject(key, 'key');
-  if (KeyObjectHandle.prototype.initPqcRaw) {
+  if (hasPqcSupport) {
     validateOneOf(
       key.kty, 'key.kty', ['RSA', 'EC', 'OKP', 'AKP']);
   } else {
@@ -691,6 +726,82 @@ function getKeyObjectHandleFromJwk(key, ctx) {
   return handle;
 }
 
+
+function getKeyObjectHandleFromRaw(options, data, format) {
+  if (!isStringOrBuffer(data)) {
+    throw new ERR_INVALID_ARG_TYPE(
+      'key.key',
+      ['ArrayBuffer', 'Buffer', 'TypedArray', 'DataView'],
+      data);
+  }
+
+  const keyData = getArrayBufferOrView(data, 'key.key');
+
+  validateString(options.asymmetricKeyType, 'key.asymmetricKeyType');
+  const asymmetricKeyType = options.asymmetricKeyType;
+
+  const handle = new KeyObjectHandle();
+
+  switch (asymmetricKeyType) {
+    case 'ec': {
+      validateString(options.namedCurve, 'key.namedCurve');
+      if (format === 'raw-public') {
+        if (!handle.initECRaw(options.namedCurve, keyData)) {
+          throw new ERR_INVALID_ARG_VALUE('key.key', keyData);
+        }
+      } else if (!handle.initECPrivateRaw(options.namedCurve, keyData)) {
+        throw new ERR_INVALID_ARG_VALUE('key.key', keyData);
+      }
+      return handle;
+    }
+    case 'ed25519':
+    case 'ed448':
+    case 'x25519':
+    case 'x448': {
+      const keyType = format === 'raw-public' ? kKeyTypePublic : kKeyTypePrivate;
+      if (!handle.initEDRaw(asymmetricKeyType, keyData, keyType)) {
+        throw new ERR_INVALID_ARG_VALUE('key.key', keyData);
+      }
+      return handle;
+    }
+    case 'rsa':
+    case 'rsa-pss':
+    case 'dsa':
+    case 'dh':
+      throw new ERR_CRYPTO_INCOMPATIBLE_KEY_OPTIONS(
+        format, `is not supported for ${asymmetricKeyType} keys`);
+    case 'ml-dsa-44':
+    case 'ml-dsa-65':
+    case 'ml-dsa-87':
+    case 'ml-kem-512':
+    case 'ml-kem-768':
+    case 'ml-kem-1024':
+    case 'slh-dsa-sha2-128f':
+    case 'slh-dsa-sha2-128s':
+    case 'slh-dsa-sha2-192f':
+    case 'slh-dsa-sha2-192s':
+    case 'slh-dsa-sha2-256f':
+    case 'slh-dsa-sha2-256s':
+    case 'slh-dsa-shake-128f':
+    case 'slh-dsa-shake-128s':
+    case 'slh-dsa-shake-192f':
+    case 'slh-dsa-shake-192s':
+    case 'slh-dsa-shake-256f':
+    case 'slh-dsa-shake-256s': {
+      if (!hasPqcSupport) {
+        throw new ERR_INVALID_ARG_VALUE('asymmetricKeyType', asymmetricKeyType);
+      }
+      const keyType = format === 'raw-public' ? kKeyTypePublic : kKeyTypePrivate;
+      if (!handle.initPqcRaw(asymmetricKeyType, keyData, keyType)) {
+        throw new ERR_INVALID_ARG_VALUE('key.key', keyData);
+      }
+      return handle;
+    }
+    default:
+      throw new ERR_INVALID_ARG_VALUE('asymmetricKeyType', asymmetricKeyType);
+  }
+}
+
 function prepareAsymmetricKey(key, ctx) {
   if (isKeyObject(key)) {
     // Best case: A key object, as simple as that.
@@ -712,6 +823,12 @@ function prepareAsymmetricKey(key, ctx) {
     else if (format === 'jwk') {
       validateObject(data, 'key.key');
       return { data: getKeyObjectHandleFromJwk(data, ctx), format: 'jwk' };
+    } else if (format === 'raw-public' || format === 'raw-private' ||
+               format === 'raw-seed') {
+      return {
+        data: getKeyObjectHandleFromRaw(key, data, format),
+        format,
+      };
     }
 
     // Either PEM or DER using PKCS#1 or SPKI.
@@ -777,7 +894,7 @@ function createPublicKey(key) {
   const { format, type, data, passphrase } =
     prepareAsymmetricKey(key, kCreatePublic);
   let handle;
-  if (format === 'jwk') {
+  if (format === 'jwk' || format === 'raw-public') {
     handle = data;
   } else {
     handle = new KeyObjectHandle();
@@ -790,7 +907,7 @@ function createPrivateKey(key) {
   const { format, type, data, passphrase } =
     prepareAsymmetricKey(key, kCreatePrivate);
   let handle;
-  if (format === 'jwk') {
+  if (format === 'jwk' || format === 'raw-private' || format === 'raw-seed') {
     handle = data;
   } else {
     handle = new KeyObjectHandle();