crypto: support Ed448 and ML-DSA context parameter in Web Cryptography

PR-URL: #59570 Reviewed-By: James M Snell <[email protected]>

Author: panva

deps/ncrypto/ncrypto.cc

@@ -4288,6 +4288,54 @@ std::optional<EVP_PKEY_CTX*> EVPMDCtxPointer::verifyInit(
 return ctx;
 }
 
+std::optional<EVP_PKEY_CTX*> EVPMDCtxPointer::signInitWithContext(
+const EVPKeyPointer& key,
+const Digest& digest,
+const Buffer<constunsignedchar>& context_string){
+#ifdef OSSL_SIGNATURE_PARAM_CONTEXT_STRING
+ EVP_PKEY_CTX* ctx = nullptr;
+
+const OSSL_PARAM params[] ={
+OSSL_PARAM_construct_octet_string(
+ OSSL_SIGNATURE_PARAM_CONTEXT_STRING,
+const_cast<unsignedchar*>(context_string.data),
+ context_string.len),
+ OSSL_PARAM_END};
+
+if (!EVP_DigestSignInit_ex(
+ ctx_.get(), &ctx, nullptr, nullptr, nullptr, key.get(), params)){
+return std::nullopt;
+ }
+return ctx;
+#else
+return std::nullopt;
+#endif
+}
+
+std::optional<EVP_PKEY_CTX*> EVPMDCtxPointer::verifyInitWithContext(
+const EVPKeyPointer& key,
+const Digest& digest,
+const Buffer<constunsignedchar>& context_string){
+#ifdef OSSL_SIGNATURE_PARAM_CONTEXT_STRING
+ EVP_PKEY_CTX* ctx = nullptr;
+
+const OSSL_PARAM params[] ={
+OSSL_PARAM_construct_octet_string(
+ OSSL_SIGNATURE_PARAM_CONTEXT_STRING,
+const_cast<unsignedchar*>(context_string.data),
+ context_string.len),
+ OSSL_PARAM_END};
+
+if (!EVP_DigestVerifyInit_ex(
+ ctx_.get(), &ctx, nullptr, nullptr, nullptr, key.get(), params)){
+return std::nullopt;
+ }
+return ctx;
+#else
+return std::nullopt;
+#endif
+}
+
 DataPointer EVPMDCtxPointer::signOneShot(
 const Buffer<constunsignedchar>& buf) const{
 if (!ctx_) return{};

deps/ncrypto/ncrypto.h

@@ -1409,6 +1409,15 @@ class EVPMDCtxPointer final{
  std::optional<EVP_PKEY_CTX*> verifyInit(const EVPKeyPointer& key,
 const Digest& digest);
 
+ std::optional<EVP_PKEY_CTX*> signInitWithContext(
+const EVPKeyPointer& key,
+const Digest& digest,
+const Buffer<constunsignedchar>& context_string);
+ std::optional<EVP_PKEY_CTX*> verifyInitWithContext(
+const EVPKeyPointer& key,
+const Digest& digest,
+const Buffer<constunsignedchar>& context_string);
+
  DataPointer signOneShot(const Buffer<constunsignedchar>& buf) const;
  DataPointer sign(const Buffer<constunsignedchar>& buf) const;
 boolverify(const Buffer<constunsignedchar>& buf,

doc/api/webcrypto.md

@@ -1341,7 +1341,7 @@ changes:
 
 <!--lint disable maximum-line-length remark-lint-->
 
-* `algorithm`{string|Algorithm|RsaPssParams|EcdsaParams|Ed448Params|ContextParams|KmacParams}
+* `algorithm`{string|Algorithm|RsaPssParams|EcdsaParams|ContextParams|KmacParams}
 * `key`{CryptoKey}
 * `data`{ArrayBuffer|TypedArray|DataView|Buffer}
 * Returns:{Promise} Fulfills with an{ArrayBuffer} upon success.
@@ -1462,7 +1462,7 @@ changes:
 
 <!--lint disable maximum-line-length remark-lint-->
 
-* `algorithm`{string|Algorithm|RsaPssParams|EcdsaParams|Ed448Params|ContextParams}
+* `algorithm`{string|Algorithm|RsaPssParams|EcdsaParams|ContextParams|KmacParams}
 * `key`{CryptoKey}
 * `signature`{ArrayBuffer|TypedArray|DataView|Buffer}
 * `data`{ArrayBuffer|TypedArray|DataView|Buffer}
@@ -1829,20 +1829,23 @@ added: v24.7.0
 added: v24.7.0
 -->
 
-* Type:{string} Must be `'ML-DSA-44'`[^modern-algos], `'ML-DSA-65'`[^modern-algos], or `'ML-DSA-87'`[^modern-algos].
+* Type:{string} Must be `Ed448`[^secure-curves], `'ML-DSA-44'`[^modern-algos],
+`'ML-DSA-65'`[^modern-algos], or `'ML-DSA-87'`[^modern-algos].
 
 #### `contextParams.context`
 
 <!-- YAML
 added: v24.7.0
+changes:
+ - version: REPLACEME
+ pr-url: https://github.com/nodejs/node/pull/59570
+ description: Non-empty context is now supported.
 -->
 
 * Type:{ArrayBuffer|TypedArray|DataView|Buffer|undefined}
 
 The `context` member represents the optional context data to associate with
 the message.
-The Node.js Web Crypto API implementation only supports zero-length context
-which is equivalent to not providing context at all.
 
 ### Class: `CShakeParams`
 
@@ -2023,37 +2026,6 @@ added: v15.0.0
 
 * Type:{string} Must be one of `'P-256'`, `'P-384'`, `'P-521'`.
 
-### Class: `Ed448Params`
-
-<!-- YAML
-added: v15.0.0
--->
-
-#### `ed448Params.name`
-
-<!-- YAML
-added:
- - v18.4.0
- - v16.17.0
--->
-
-* Type:{string} Must be `'Ed448'`[^secure-curves].
-
-#### `ed448Params.context`
-
-<!-- YAML
-added:
- - v18.4.0
- - v16.17.0
--->
-
-* Type:{ArrayBuffer|TypedArray|DataView|Buffer|undefined}
-
-The `context` member represents the optional context data to associate with
-the message.
-The Node.js Web Crypto API implementation only supports zero-length context
-which is equivalent to not providing context at all.
-
 ### Class: `EncapsulatedBits`
 
 <!-- YAML

lib/internal/crypto/cfrg.js

@@ -359,6 +359,7 @@ function eddsaSignVerify(key, data, algorithm, signature){
 undefined,
 undefined,
 undefined,
+algorithm.name==='Ed448' ? algorithm.context : undefined,
 signature));
 }
 

lib/internal/crypto/ec.js

@@ -302,6 +302,7 @@ function ecdsaSignVerify(key, data,{name, hash }, signature){
 undefined,// Salt length, not used with ECDSA
 undefined,// PSS Padding, not used with ECDSA
 kSigEncP1363,
+undefined,
 signature));
 }
 

lib/internal/crypto/ml_dsa.js

@@ -303,6 +303,7 @@ function mlDsaSignVerify(key, data, algorithm, signature){
 undefined,
 undefined,
 undefined,
+algorithm.context,
 signature));
 }
 

lib/internal/crypto/rsa.js

@@ -355,6 +355,7 @@ function rsaSignVerify(key, data,{saltLength }, signature){
 saltLength,
 key[kAlgorithm].name==='RSA-PSS' ? RSA_PKCS1_PSS_PADDING : undefined,
 undefined,
+undefined,
 signature);
 });
 }

lib/internal/crypto/sig.js

@@ -171,7 +171,9 @@ function signOneShot(algorithm, data, key, callback){
 algorithm,
 pssSaltLength,
 rsaPadding,
-dsaSigEnc);
+dsaSigEnc,
+undefined,
+undefined);
 
 if(!callback){
 const{0: err,1: signature}=job.run();
@@ -276,6 +278,7 @@ function verifyOneShot(algorithm, data, key, signature, callback){
 pssSaltLength,
 rsaPadding,
 dsaSigEnc,
+undefined,
 signature);
 
 if(!callback){

lib/internal/crypto/util.js

@@ -268,8 +268,8 @@ const kAlgorithmDefinitions ={
 'generateKey': null,
 'exportKey': null,
 'importKey': null,
-'sign': 'Ed448Params',
-'verify': 'Ed448Params',
+'sign': 'ContextParams',
+'verify': 'ContextParams',
 },
 'HKDF': {
 'importKey': null,
@@ -494,7 +494,6 @@ const simpleAlgorithmDictionaries ={
 salt: 'BufferSource',
 info: 'BufferSource',
 },
-Ed448Params: {context: 'BufferSource'},
 ContextParams: {context: 'BufferSource'},
 Pbkdf2Params: {hash: 'HashAlgorithmIdentifier',salt: 'BufferSource'},
 RsaOaepParams: {label: 'BufferSource'},

lib/internal/crypto/webidl.js

@@ -19,6 +19,7 @@ const{
  MathTrunc,
  Number,
  NumberIsFinite,
+ NumberParseInt,
  ObjectPrototypeHasOwnProperty,
  ObjectPrototypeIsPrototypeOf,
  SafeArrayIterator,
@@ -304,13 +305,12 @@ function createDictionaryConverter(name, dictionaries){
 constcontext=`'${key}' of '${name}'${
 opts.context ? ` (${opts.context})` : ''
 }`;
-const{ converter, validator }=member;
-constidlMemberValue=converter(esMemberValue,{
+constidlMemberValue=member.converter(esMemberValue,{
 __proto__: null,
  ...opts,
  context,
 });
-validator?.(idlMemberValue,esDict);
+member.validator?.(idlMemberValue,esDict);
 setOwnProperty(idlDict,key,idlMemberValue);
 }elseif(member.required){
 throwmakeException(
@@ -769,17 +769,25 @@ converters.EcdhKeyDeriveParams = createDictionaryConverter(
 },
 ]);
 
-for(constnameof['Ed448Params','ContextParams']){
-converters[name]=createDictionaryConverter(
-name,[
- ...newSafeArrayIterator(dictAlgorithm),
-{
-key: 'context',
-converter: converters.BufferSource,
-validator: validateZeroLength(`${name}.context`),
+converters.ContextParams=createDictionaryConverter(
+'ContextParams',[
+ ...newSafeArrayIterator(dictAlgorithm),
+{
+key: 'context',
+converter: converters.BufferSource,
+validator(V,dict){
+let{0: major,1: minor}=process.versions.openssl.split('.');
+major=NumberParseInt(major,10);
+minor=NumberParseInt(minor,10);
+if(major>3||(major===3&&minor>=2)){
+this.validator=undefined;
+}else{
+this.validator=validateZeroLength('ContextParams.context');
+this.validator(V,dict);
+}
 },
-]);
-}
+},
+]);
 
 converters.Argon2Params=createDictionaryConverter(
 'Argon2Params',[