crypto: support ML-DSA spki/pkcs8 key formats in Web Cryptography

PR-URL: #59365 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Ethan Arrowood <[email protected]> Reviewed-By: Yagiz Nizipli <[email protected]> Reviewed-By: Joyee Cheung <[email protected]>

Author: panva

doc/api/webcrypto.md

@@ -939,9 +939,9 @@ specification.
 | `'Ed25519'` | ✔ | ✔ | ✔ | ✔ | | ✔ | |
 | `'Ed448'`[^secure-curves] | ✔ | ✔ | ✔ | ✔ | | ✔ | |
 | `'HMAC'` | | | ✔ | ✔ | ✔ | | |
-| `'ML-DSA-44'`[^modern-algos] |  |  | ✔ | | | ✔ | ✔ |
-| `'ML-DSA-65'`[^modern-algos] |  |  | ✔ | | | ✔ | ✔ |
-| `'ML-DSA-87'`[^modern-algos] |  |  | ✔ | | | ✔ | ✔ |
+| `'ML-DSA-44'`[^modern-algos] | ✔| ✔ | ✔ | | | ✔ | ✔ |
+| `'ML-DSA-65'`[^modern-algos] | ✔| ✔ | ✔ | | | ✔ | ✔ |
+| `'ML-DSA-87'`[^modern-algos] | ✔| ✔ | ✔ | | | ✔ | ✔ |
 | `'RSA-OAEP'` | ✔ | ✔ | ✔ | | | | |
 | `'RSA-PSS'` | ✔ | ✔ | ✔ | | | | |
 | `'RSASSA-PKCS1-v1_5'` | ✔ | ✔ | ✔ | | | | |
@@ -1070,9 +1070,9 @@ The algorithms currently supported include:
 | `'Ed448'`[^secure-curves] | ✔ | ✔ | ✔ | ✔ | | ✔ | |
 | `'HDKF'` | | | | ✔ | ✔ | | |
 | `'HMAC'` | | | ✔ | ✔ | ✔ | | |
-| `'ML-DSA-44'`[^modern-algos] |  |  | ✔ | | | ✔ | ✔ |
-| `'ML-DSA-65'`[^modern-algos] |  |  | ✔ | | | ✔ | ✔ |
-| `'ML-DSA-87'`[^modern-algos] |  |  | ✔ | | | ✔ | ✔ |
+| `'ML-DSA-44'`[^modern-algos] | ✔| ✔ | ✔ | | | ✔ | ✔ |
+| `'ML-DSA-65'`[^modern-algos] | ✔| ✔ | ✔ | | | ✔ | ✔ |
+| `'ML-DSA-87'`[^modern-algos] | ✔| ✔ | ✔ | | | ✔ | ✔ |
 | `'PBKDF2'` | | | | ✔ | ✔ | | |
 | `'RSA-OAEP'` | ✔ | ✔ | ✔ | | | | |
 | `'RSA-PSS'` | ✔ | ✔ | ✔ | | | | |

lib/internal/crypto/ml_dsa.js

@@ -2,6 +2,7 @@
 
 const{
  SafeSet,
+ Uint8Array,
 }=primordials;
 
 const{ Buffer }=require('buffer');
@@ -14,6 +15,10 @@ const{
  kKeyTypePublic,
  kSignJobModeSign,
  kSignJobModeVerify,
+ kKeyFormatDER,
+ kWebCryptoKeyFormatRaw,
+ kWebCryptoKeyFormatPKCS8,
+ kWebCryptoKeyFormatSPKI,
 }=internalBinding('crypto');
 
 const{
@@ -44,6 +49,7 @@ const{
  InternalCryptoKey,
  PrivateKeyObject,
  PublicKeyObject,
+ createPrivateKey,
  createPublicKey,
 }=require('internal/crypto/keys');
 
@@ -106,15 +112,47 @@ async function mlDsaGenerateKey(algorithm, extractable, keyUsages){
 return{__proto__: null, privateKey, publicKey };
 }
 
-functionmlDsaExportKey(key){
+functionmlDsaExportKey(key,format){
 try{
-if(key.type==='private'){
-const{ priv }=key[kKeyObject][kHandle].exportJwk({},false);
-returnBuffer.alloc(32,priv,'base64url').buffer;
-}
+switch(format){
+casekWebCryptoKeyFormatRaw: {
+if(key.type==='private'){
+const{ priv }=key[kKeyObject][kHandle].exportJwk({},false);
+returnBuffer.alloc(32,priv,'base64url').buffer;
+}
 
-const{ pub }=key[kKeyObject][kHandle].exportJwk({},false);
-returnBuffer.alloc(Buffer.byteLength(pub,'base64url'),pub,'base64url').buffer;
+const{ pub }=key[kKeyObject][kHandle].exportJwk({},false);
+returnBuffer.alloc(Buffer.byteLength(pub,'base64url'),pub,'base64url').buffer;
+}
+casekWebCryptoKeyFormatSPKI: {
+returnkey[kKeyObject][kHandle].export(kKeyFormatDER,kWebCryptoKeyFormatSPKI).buffer;
+}
+casekWebCryptoKeyFormatPKCS8: {
+const{ priv }=key[kKeyObject][kHandle].exportJwk({},false);
+constseed=Buffer.alloc(32,priv,'base64url');
+constbuffer=newUint8Array(54);
+buffer.set([
+0x30,0x34,0x02,0x01,0x00,0x30,0x0B,0x06,
+0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,
+0x03,0x00,0x04,0x22,0x80,0x20,
+],0);
+switch(key.algorithm.name){
+case'ML-DSA-44':
+buffer.set([0x11],17);
+break;
+case'ML-DSA-65':
+buffer.set([0x12],17);
+break;
+case'ML-DSA-87':
+buffer.set([0x13],17);
+break;
+}
+buffer.set(seed,22);
+returnbuffer.buffer;
+}
+default:
+returnundefined;
+}
 }catch(err){
 throwlazyDOMException(
 'The operation failed for an operation-specific reason',
@@ -138,6 +176,34 @@ function mlDsaImportKey(
 keyObject=keyData;
 break;
 }
+case'spki': {
+verifyAcceptableMlDsaKeyUse(name,true,usagesSet);
+try{
+keyObject=createPublicKey({
+key: keyData,
+format: 'der',
+type: 'spki',
+});
+}catch(err){
+throwlazyDOMException(
+'Invalid keyData',{name: 'DataError',cause: err});
+}
+break;
+}
+case'pkcs8': {
+verifyAcceptableMlDsaKeyUse(name,false,usagesSet);
+try{
+keyObject=createPrivateKey({
+key: keyData,
+format: 'der',
+type: 'pkcs8',
+});
+}catch(err){
+throwlazyDOMException(
+'Invalid keyData',{name: 'DataError',cause: err});
+}
+break;
+}
 case'jwk': {
 if(!keyData.kty)
 throwlazyDOMException('Invalid keyData','DataError');

lib/internal/crypto/webcrypto.js

@@ -357,6 +357,14 @@ async function exportKeySpki(key){
 case'X448':
 returnrequire('internal/crypto/cfrg')
 .cfrgExportKey(key,kWebCryptoKeyFormatSPKI);
+case'ML-DSA-44':
+// Fall through
+case'ML-DSA-65':
+// Fall through
+case'ML-DSA-87': {
+returnrequire('internal/crypto/ml_dsa')
+.mlDsaExportKey(key,kWebCryptoKeyFormatSPKI);
+}
 default:
 returnundefined;
 }
@@ -385,6 +393,14 @@ async function exportKeyPkcs8(key){
 case'X448':
 returnrequire('internal/crypto/cfrg')
 .cfrgExportKey(key,kWebCryptoKeyFormatPKCS8);
+case'ML-DSA-44':
+// Fall through
+case'ML-DSA-65':
+// Fall through
+case'ML-DSA-87': {
+returnrequire('internal/crypto/ml_dsa')
+.mlDsaExportKey(key,kWebCryptoKeyFormatPKCS8);
+}
 default:
 returnundefined;
 }