Implement node crypto HKDF, except for KeyObject inputs

Author: fhanau

src/node/crypto.ts

@@ -50,6 +50,11 @@ import {
   Hmac,
 } from 'node-internal:crypto_hash';
 
+import {
+  hkdf,
+  hkdfSync,
+} from 'node-internal:crypto_hkdf';
+
 import {
   pbkdf2,
   pbkdf2Sync,
@@ -97,6 +102,9 @@ export {
   Hash,
   HashOptions,
   Hmac,
+  // Hkdf
+  hkdf,
+  hkdfSync,
   // Pbkdf2
   pbkdf2,
   pbkdf2Sync,
@@ -195,6 +203,9 @@ export default {
   createHash,
   createHmac,
   getHashes,
+  // Hkdf
+  hkdf,
+  hkdfSync,
   // Pbkdf2
   pbkdf2,
   pbkdf2Sync,
@@ -286,8 +297,8 @@ export default {
 //   * [x] crypto.randomInt([min, ]max[, callback])
 //   * [x] crypto.randomUUID([options])
 // * Key Derivation
-//   * [ ] crypto.hkdf(digest, ikm, salt, info, keylen, callback)
-//   * [ ] crypto.hkdfSync(digest, ikm, salt, info, keylen)
+//   * [.] crypto.hkdf(digest, ikm, salt, info, keylen, callback) (* still needs KeyObject support)
+//   * [.] crypto.hkdfSync(digest, ikm, salt, info, keylen) (* still needs KeyObject support)
 //   * [x] crypto.pbkdf2(password, salt, iterations, keylen, digest, callback)
 //   * [x] crypto.pbkdf2Sync(password, salt, iterations, keylen, digest)
 //   * [ ] crypto.scrypt(password, salt, keylen[, options], callback)

src/node/internal/crypto.d.ts

@@ -19,14 +19,19 @@ export class HashHandle {
   public copy(xofLen: number): HashHandle;
 }
 
+export type ArrayLike = ArrayBuffer|string|Buffer|ArrayBufferView;
+
 export class HmacHandle {
   public constructor(algorithm: string, key: ArrayLike | CryptoKey);
   public update(data: Buffer | ArrayBufferView): number;
   public digest(): ArrayBuffer;
 }
 
+// hkdf
+export function getHkdf(hash: string, key: ArrayLike, salt: ArrayLike, info: ArrayLike,
+                        length: number): ArrayBuffer;
+
 // pbkdf2
-export type ArrayLike = ArrayBuffer|string|Buffer|ArrayBufferView;
 export function getPbkdf(password: ArrayLike, salt: ArrayLike, iterations: number, keylen: number,
                          digest: string): ArrayBuffer;
 

src/node/internal/crypto_hkdf.ts

@@ -0,0 +1,150 @@
+// Copyright (c) 2017-2023 Cloudflare, Inc.
+// Licensed under the Apache 2.0 license found in the LICENSE file or at:
+//     https://opensource.org/licenses/Apache-2.0
+//
+// Copyright Joyent, Inc. and other Node contributors.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a
+// copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to permit
+// persons to whom the Software is furnished to do so, subject to the
+// following conditions:
+//
+// The above copyright notice and this permission notice shall be included
+// in all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
+// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
+// USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+/* todo: the following is adopted code, enabling linting one day */
+/* eslint-disable */
+
+'use strict';
+
+import { default as cryptoImpl } from 'node-internal:crypto';
+
+import {
+  validateFunction,
+  validateInteger,
+  validateString,
+} from 'node-internal:validators';
+
+import {
+  KeyObject,
+} from 'node-internal:crypto_keys';
+
+type ArrayLike = cryptoImpl.ArrayLike;
+
+import {
+  kMaxLength,
+} from 'node-internal:internal_buffer';
+
+import {
+  toBuf,
+  validateByteSource,
+} from 'node-internal:crypto_util';
+
+import {
+  isAnyArrayBuffer,
+  isArrayBufferView,
+} from 'node-internal:internal_types';
+
+import {
+  NodeError,
+  ERR_INVALID_ARG_TYPE,
+  ERR_OUT_OF_RANGE,
+} from 'node-internal:internal_errors';
+
+function validateParameters(hash: string, key: ArrayLike | KeyObject, salt: ArrayLike,
+                            info: ArrayLike, length: number) {
+  // TODO(soon): Add support for KeyObject input.
+  if (key instanceof KeyObject) {
+    throw new NodeError("ERR_METHOD_NOT_IMPLEMENTED", "KeyObject support for hkdf() and " +
+                        "hkdfSync() is not yet implemented. Use ArrayBuffer, TypedArray, " +
+                        "DataView, or Buffer instead.");
+  }
+
+  validateString(hash, 'digest');
+  key = prepareKey(key as unknown as ArrayLike);
+  salt = validateByteSource(salt, 'salt');
+  info = validateByteSource(info, 'info');
+
+  validateInteger(length, 'length', 0, kMaxLength);
+
+  if (info.byteLength > 1024) {
+    throw new ERR_OUT_OF_RANGE(
+      'info',
+      'must not contain more than 1024 bytes',
+      info.byteLength);
+  }
+
+  return {
+    hash,
+    key,
+    salt,
+    info,
+    length,
+  };
+}
+
+function prepareKey(key: ArrayLike): ArrayLike {
+  key = toBuf(key);
+
+  if (!isAnyArrayBuffer(key) && !isArrayBufferView(key)) {
+    throw new ERR_INVALID_ARG_TYPE(
+      'ikm',
+      [
+        'string',
+        'SecretKeyObject',
+        'ArrayBuffer',
+        'TypedArray',
+        'DataView',
+        'Buffer',
+      ],
+      key);
+  }
+
+  return key;
+}
+
+export function hkdf(hash: string, key: ArrayLike | KeyObject, salt: ArrayLike, info: ArrayLike,
+                     length: number,
+                     callback: (err: Error|null, derivedKey?: ArrayBuffer) => void): void {
+  ({
+    hash,
+    key,
+    salt,
+    info,
+    length,
+  } = validateParameters(hash, key, salt, info, length));
+
+  validateFunction(callback, 'callback');
+
+  new Promise<ArrayBuffer>((res, rej) => {
+    try {
+      res(cryptoImpl.getHkdf(hash, key as ArrayLike, salt, info, length));
+    } catch(err) {
+      rej(err);
+    }
+  }).then((val: ArrayBuffer) => callback(null, val), (err) => callback(err));
+}
+
+export function hkdfSync(hash: string, key: ArrayLike | KeyObject, salt: ArrayLike,
+                         info: ArrayLike, length: number): ArrayBuffer {
+  ({
+    hash,
+    key,
+    salt,
+    info,
+    length,
+  } = validateParameters(hash, key, salt, info, length));
+
+  return cryptoImpl.getHkdf(hash, key, salt, info, length);
+}

src/node/internal/crypto_pbkdf2.ts

@@ -1,11 +1,8 @@
-// Copyright (c) 2017-2022 Cloudflare, Inc.
+// Copyright (c) 2017-2023 Cloudflare, Inc.
 // Licensed under the Apache 2.0 license found in the LICENSE file or at:
 //     https://opensource.org/licenses/Apache-2.0
 //
-// Adapted from Deno and Node.js:
-// Copyright 2018-2022 the Deno authors. All rights reserved. MIT license.
-//
-// Adapted from Node.js. Copyright Joyent, Inc. and other Node contributors.
+// Copyright Joyent, Inc. and other Node contributors.
 //
 // Permission is hereby granted, free of charge, to any person obtaining a
 // copy of this software and associated documentation files (the

src/node/internal/crypto_util.ts

@@ -1,11 +1,8 @@
-// Copyright (c) 2017-2022 Cloudflare, Inc.
+// Copyright (c) 2017-2023 Cloudflare, Inc.
 // Licensed under the Apache 2.0 license found in the LICENSE file or at:
 //     https://opensource.org/licenses/Apache-2.0
 //
-// Adapted from Deno and Node.js:
-// Copyright 2018-2022 the Deno authors. All rights reserved. MIT license.
-//
-// Adapted from Node.js. Copyright Joyent, Inc. and other Node contributors.
+// Copyright Joyent, Inc. and other Node contributors.
 //
 // Permission is hereby granted, free of charge, to any person obtaining a
 // copy of this software and associated documentation files (the
@@ -48,6 +45,9 @@ import {
   validateString,
 } from 'node-internal:validators';
 
+import { default as cryptoImpl } from 'node-internal:crypto';
+type ArrayLike = cryptoImpl.ArrayLike;
+
 export const kHandle = Symbol('kHandle');
 export const kFinalized = Symbol('kFinalized');
 export const kState = Symbol('kFinalized');
@@ -63,8 +63,9 @@ export function getArrayBufferOrView(buffer: Buffer | ArrayBuffer | ArrayBufferV
   if (isAnyArrayBuffer(buffer))
     return buffer as ArrayBuffer;
   if (typeof buffer === 'string') {
-    if (encoding === undefined || encoding === 'buffer')
+    if (encoding === undefined || encoding === 'buffer') {
       encoding = 'utf8';
+    }
     return Buffer.from(buffer, encoding);
   }
   if (!isArrayBufferView(buffer)) {
@@ -112,11 +113,32 @@ export function arrayBufferToUnsignedBigInt(buf: ArrayBuffer): bigint {
 // This is here because many functions accepted binary strings without
 // any explicit encoding in older versions of node, and we don't want
 // to break them unnecessarily.
-export function toBuf(val: string | ArrayBuffer | Buffer | ArrayBufferView, encoding: string): string | ArrayBuffer | Buffer | ArrayBufferView {
+export function toBuf(val: ArrayLike, encoding?: string): Buffer|ArrayBuffer|ArrayBufferView {
   if (typeof val === 'string') {
-    if (encoding === 'buffer')
+    if (encoding === 'buffer') {
       encoding = 'utf8';
+    }
     return Buffer.from(val, encoding);
   }
   return val;
-}
+}
+
+export function validateByteSource(val: ArrayLike,
+                                   name: string): Buffer|ArrayBuffer|ArrayBufferView {
+  val = toBuf(val);
+
+  if (isAnyArrayBuffer(val) || isArrayBufferView(val)) {
+    return val;
+  }
+
+  throw new ERR_INVALID_ARG_TYPE(
+    name,
+    [
+      'string',
+      'ArrayBuffer',
+      'TypedArray',
+      'DataView',
+      'Buffer',
+    ],
+    val);
+}

src/workerd/api/node/crypto.h

@@ -105,6 +105,10 @@ class CryptoImpl final: public jsg::Object {
       kj::Own<HMAC_CTX> hmac_ctx;
   };
 
+  // Hkdf
+  kj::Array<kj::byte> getHkdf(kj::String hash, kj::Array<kj::byte> key, kj::Array<kj::byte> salt,
+                              kj::Array<kj::byte> info, uint32_t length);
+
   // Pbkdf2
   kj::Array<kj::byte> getPbkdf(kj::Array<kj::byte> password, kj::Array<kj::byte> salt,
                                uint32_t num_iterations, uint32_t keylen, kj::String name);
@@ -187,6 +191,8 @@ class CryptoImpl final: public jsg::Object {
     // Hash and Hmac
     JSG_NESTED_TYPE(HashHandle);
     JSG_NESTED_TYPE(HmacHandle);
+    // Hkdf
+    JSG_METHOD(getHkdf);
     // Pbkdf2
     JSG_METHOD(getPbkdf);
     // Keys

src/workerd/api/node/crypto_hash-test.js

@@ -1,3 +1,28 @@
+// Copyright (c) 2017-2023 Cloudflare, Inc.
+// Licensed under the Apache 2.0 license found in the LICENSE file or at:
+//     https://opensource.org/licenses/Apache-2.0
+//
+// Adapted from Node.js. Copyright Joyent, Inc. and other Node contributors.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a
+// copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to permit
+// persons to whom the Software is furnished to do so, subject to the
+// following conditions:
+//
+// The above copyright notice and this permission notice shall be included
+// in all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
+// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
+// USE OR OTHER DEALINGS IN THE SOFTWARE.
+
 'use strict';
 
 import {