src,lib: switch usages internal slot to a bitmask

Signed-off-by: Filip Skokan <[email protected]>

Author: panva

lib/internal/crypto/aes.js

@@ -27,7 +27,7 @@ const {
 } = internalBinding('crypto');
 
 const {
-  getSortedUsages,
+  getUsagesMask,
   hasAnyNotIn,
   jobPromise,
   kHandle,
@@ -193,7 +193,7 @@ async function aesGenerateKey(algorithm, extractable, keyUsages) {
   return new InternalCryptoKey(
     handle,
     { name, length },
-    getSortedUsages(usagesSet),
+    getUsagesMask(usagesSet),
     extractable);
 }
 
@@ -254,7 +254,7 @@ function aesImportKey(
   return new InternalCryptoKey(
     handle,
     { name, length },
-    getSortedUsages(usagesSet),
+    getUsagesMask(usagesSet),
     extractable);
 }
 

lib/internal/crypto/cfrg.js

@@ -24,7 +24,7 @@ const {
 } = internalBinding('crypto');
 
 const {
-  getSortedUsages,
+  getUsagesMask,
   getUsagesUnion,
   hasAnyNotIn,
   jobPromise,
@@ -137,14 +137,14 @@ async function cfrgGenerateKey(algorithm, extractable, keyUsages) {
     new InternalCryptoKey(
       handles[0],
       keyAlgorithm,
-      getSortedUsages(publicUsages),
+      getUsagesMask(publicUsages),
       true);
 
   const privateKey =
     new InternalCryptoKey(
       handles[1],
       keyAlgorithm,
-      getSortedUsages(privateUsages),
+      getUsagesMask(privateUsages),
       extractable);
 
   return { __proto__: null, privateKey, publicKey };
@@ -237,7 +237,7 @@ function cfrgImportKey(
   return new InternalCryptoKey(
     handle,
     { name },
-    getSortedUsages(usagesSet),
+    getUsagesMask(usagesSet),
     extractable);
 }
 

lib/internal/crypto/chacha20_poly1305.js

@@ -11,7 +11,7 @@ const {
 } = internalBinding('crypto');
 
 const {
-  getSortedUsages,
+  getUsagesMask,
   hasAnyNotIn,
   jobPromise,
   kHandle,
@@ -64,7 +64,7 @@ async function c20pGenerateKey(algorithm, extractable, keyUsages) {
   return new InternalCryptoKey(
     handle,
     { name },
-    getSortedUsages(usagesSet),
+    getUsagesMask(usagesSet),
     extractable);
 }
 
@@ -116,7 +116,7 @@ function c20pImportKey(
   return new InternalCryptoKey(
     handle,
     { name },
-    getSortedUsages(usagesSet),
+    getUsagesMask(usagesSet),
     extractable);
 }
 

lib/internal/crypto/ec.js

@@ -29,7 +29,7 @@ const {
 } = internalBinding('constants');
 
 const {
-  getSortedUsages,
+  getUsagesMask,
   getUsagesUnion,
   hasAnyNotIn,
   jobPromise,
@@ -119,14 +119,14 @@ async function ecGenerateKey(algorithm, extractable, keyUsages) {
     new InternalCryptoKey(
       handles[0],
       keyAlgorithm,
-      getSortedUsages(publicUsages),
+      getUsagesMask(publicUsages),
       true);
 
   const privateKey =
     new InternalCryptoKey(
       handles[1],
       keyAlgorithm,
-      getSortedUsages(privateUsages),
+      getUsagesMask(privateUsages),
       extractable);
 
   return { __proto__: null, publicKey, privateKey };
@@ -258,7 +258,7 @@ function ecImportKey(
   return new InternalCryptoKey(
     handle,
     { name, namedCurve },
-    getSortedUsages(usagesSet),
+    getUsagesMask(usagesSet),
     extractable);
 }
 

lib/internal/crypto/keys.js

@@ -1,7 +1,6 @@
 'use strict';
 
 const {
-  ArrayFrom,
   ArrayPrototypeSlice,
   ObjectDefineProperties,
   ObjectDefineProperty,
@@ -63,7 +62,9 @@ const {
   bigIntArrayToUnsignedBigInt,
   normalizeAlgorithm,
   hasAnyNotIn,
-  getSortedUsages,
+  getUsagesMask,
+  getUsagesFromMask,
+  hasUsage,
 } = require('internal/crypto/util');
 
 const {
@@ -255,7 +256,7 @@ const {
           throw lazyDOMException('Unrecognized algorithm name', 'NotSupportedError');
       }
 
-      if (getCryptoKeyUsages(result).length === 0) {
+      if (getCryptoKeyUsagesMask(result) === 0) {
         throw lazyDOMException(
           `Usages cannot be empty when importing a ${getCryptoKeyType(result)} key.`,
           'SyntaxError');
@@ -351,7 +352,7 @@ const {
       }
 
       const resultType = getCryptoKeyType(result);
-      if (resultType === 'private' && getCryptoKeyUsages(result).length === 0) {
+      if (resultType === 'private' && getCryptoKeyUsagesMask(result) === 0) {
         throw lazyDOMException(
           `Usages cannot be empty when importing a ${resultType} key.`,
           'SyntaxError');
@@ -770,9 +771,9 @@ function isKeyObject(obj) {
 }
 
 // CryptoKey is a plain JS class whose prototype's [[Prototype]] is
-// Object.prototype, as Web Crypto requires. Instance storage (type,
-// extractable, algorithm, usages, and the KeyObject handle) lives on
-// a C++ class, NativeCryptoKey, created by createCryptoKeyClass.
+// Object.prototype, as Web Crypto requires. Instance storage (type enum,
+// extractable, algorithm, usages mask, and the KeyObject handle) lives
+// on a C++ class, NativeCryptoKey, created by createCryptoKeyClass.
 // InternalCryptoKey is the only constructor we expose to internal
 // code; it extends NativeCryptoKey to get that storage and then has
 // its prototype spliced so the chain visible to user code is:
@@ -786,18 +787,21 @@ function isKeyObject(obj) {
 // reflection (`Object.getOwnPropertySymbols` etc.) and leaves each
 // CryptoKey's hidden class pristine. The `getCryptoKey{Type,
 // Extractable,Algorithm,Usages,Handle}` helpers index into that
-// array; the public `algorithm` / `usages` getters further cache a
-// cloned copy (as Web Crypto requires repeat reads to return the
-// same object so a consumer's mutation is visible next time).
+// array and convert native enums/masks back to Web Crypto strings.
+// The public `algorithm` getter caches a cloned dictionary and the
+// public `usages` getter caches a synthesized array (as Web Crypto
+// requires repeat reads to return the same object so a consumer's
+// mutation is visible next time).
 let getSlots; // Populated by the createCryptoKeyClass callback below.
 
 const kSlotType = 0;
 const kSlotExtractable = 1;
 const kSlotAlgorithm = 2;
-const kSlotUsages = 3;
+const kSlotUsagesMask = 3;
 const kSlotHandle = 4;
 const kSlotClonedAlgorithm = 5;
 const kSlotClonedUsages = 6;
+const kSlotUsages = 7;
 
 function cloneAlgorithm(raw) {
   const cloned = { ...raw };
@@ -855,7 +859,7 @@ const {
       const slots = getSlots(this);
       let cached = slots[kSlotClonedUsages];
       if (cached === undefined) {
-        cached = ArrayFrom(slots[kSlotUsages]);
+        cached = ArrayPrototypeSlice(getCryptoKeyUsagesFromSlots(slots), 0);
         slots[kSlotClonedUsages] = cached;
       }
       return cached;
@@ -900,8 +904,9 @@ const {
 // The helpers below return a CryptoKey's internal slot value,
 // populating the per-instance cache on first access via a single
 // native call. The public `type` getter converts the native enum to
-// the Web Crypto string. The public `algorithm` / `usages` getters on
-// `CryptoKey.prototype` further clone their slot before returning.
+// the Web Crypto string. The `usages` helper converts the native usage
+// mask to Web Crypto strings. The public `algorithm` / `usages` getters
+// on `CryptoKey.prototype` cache their returned objects.
 
 /**
  * Returns the value of a CryptoKey's `[[type]]` internal slot.
@@ -914,7 +919,6 @@ function getCryptoKeyType(key) {
     case kKeyTypePublic: return 'public';
     case kKeyTypePrivate: return 'private';
     default: {
-      // It is not possible to get here because all possible cases are handled above.
       const assert = require('internal/assert');
       assert.fail('Unreachable code');
     }
@@ -940,14 +944,31 @@ function getCryptoKeyAlgorithm(key) {
   return getSlots(key)[kSlotAlgorithm];
 }
 
+function getCryptoKeyUsagesMask(key) {
+  return getSlots(key)[kSlotUsagesMask];
+}
+
+function hasCryptoKeyUsage(key, usage) {
+  return hasUsage(getCryptoKeyUsagesMask(key), usage);
+}
+
+function getCryptoKeyUsagesFromSlots(slots) {
+  let usages = slots[kSlotUsages];
+  if (usages === undefined) {
+    usages = getUsagesFromMask(slots[kSlotUsagesMask]);
+    slots[kSlotUsages] = usages;
+  }
+  return usages;
+}
+
 /**
  * Returns the CryptoKey's `[[usages]]` internal slot, bypassing the
  * public `usages` getter (which returns a cloned array).
  * @param {CryptoKey} key
  * @returns {string[]}
  */
 function getCryptoKeyUsages(key) {
-  return getSlots(key)[kSlotUsages];
+  return getCryptoKeyUsagesFromSlots(getSlots(key));
 }
 
 /**
@@ -1009,7 +1030,7 @@ function importGenericSecretKey(
   return new InternalCryptoKey(
     handle,
     { name },
-    getSortedUsages(usagesSet),
+    getUsagesMask(usagesSet),
     false);
 }
 
@@ -1038,6 +1059,8 @@ module.exports = {
   getCryptoKeyExtractable,
   getCryptoKeyAlgorithm,
   getCryptoKeyUsages,
+  getCryptoKeyUsagesMask,
+  hasCryptoKeyUsage,
   getCryptoKeyHandle,
   importGenericSecretKey,
 };

lib/internal/crypto/mac.js

@@ -16,7 +16,7 @@ const {
 
 const {
   getBlockSize,
-  getSortedUsages,
+  getUsagesMask,
   hasAnyNotIn,
   jobPromise,
   normalizeHashName,
@@ -58,7 +58,7 @@ async function hmacGenerateKey(algorithm, extractable, keyUsages) {
   return new InternalCryptoKey(
     handle,
     { name, length, hash },
-    getSortedUsages(usageSet),
+    getUsagesMask(usageSet),
     extractable);
 }
 
@@ -84,7 +84,7 @@ async function kmacGenerateKey(algorithm, extractable, keyUsages) {
   return new InternalCryptoKey(
     handle,
     { name, length },
-    getSortedUsages(usageSet),
+    getUsagesMask(usageSet),
     extractable);
 }
 
@@ -160,7 +160,7 @@ function macImportKey(
   return new InternalCryptoKey(
     handle,
     algorithmObject,
-    getSortedUsages(usagesSet),
+    getUsagesMask(usagesSet),
     extractable);
 }
 

lib/internal/crypto/ml_dsa.js

@@ -25,7 +25,7 @@ const {
 } = internalBinding('crypto');
 
 const {
-  getSortedUsages,
+  getUsagesMask,
   getUsagesUnion,
   hasAnyNotIn,
   jobPromise,
@@ -82,23 +82,23 @@ async function mlDsaGenerateKey(algorithm, extractable, keyUsages) {
   }
 
   const handles = await jobPromise(() => new NidKeyPairGenJob(kCryptoJobAsync, nid));
-  const publicUsages = getSortedUsages(getUsagesUnion(usageSet, 'verify'));
-  const privateUsages = getSortedUsages(getUsagesUnion(usageSet, 'sign'));
+  const publicUsagesMask = getUsagesMask(getUsagesUnion(usageSet, 'verify'));
+  const privateUsagesMask = getUsagesMask(getUsagesUnion(usageSet, 'sign'));
 
   const keyAlgorithm = { name };
 
   const publicKey =
     new InternalCryptoKey(
       handles[0],
       keyAlgorithm,
-      publicUsages,
+      publicUsagesMask,
       true);
 
   const privateKey =
     new InternalCryptoKey(
       handles[1],
       keyAlgorithm,
-      privateUsages,
+      privateUsagesMask,
       extractable);
 
   return { __proto__: null, privateKey, publicKey };
@@ -208,7 +208,7 @@ function mlDsaImportKey(
   return new InternalCryptoKey(
     handle,
     { name },
-    getSortedUsages(usagesSet),
+    getUsagesMask(usagesSet),
     extractable);
 }