[RFC] crypto: replace createECDHKey with generate/importECDHKey (!26445) · Merge requests · Rodrigo Test / Test Group-nodejs / node

Rodrigo Muino Tomonari requested to merge github/fork/nornagon/crypto-api-safety into master Mar 05, 2019

The current crypto APIs make it possible to create a key object that is invalid or partly valid, by calling the setPublicKey/setPrivateKey methods incorrectly. This proposal would make it impossible to hold an invalid key object, eliminating a class of errors relating to key objects.

Before:

const ecdh = crypto.createECDH('prime256v1')
ecdh.setPrivateKey('...', 'hex')
ecdh.setPublicKey('...', 'hex') // did it work? i hope so!

ecdh.generateKeys()
ecdh.setPublicKey(...) // what does this even mean?

After:

const ecdh = crypto.importECDHKey('prime256v1', privateKey, 'hex')
const ecdh2 = crypto.generateECDHKey('prime256v1')
// the ECDH objects are immutable and valid by definition.

I understand that this would be a rather large change to the API, but if this is something worth doing, I'm happy to do the refactors in other crypto APIs and write the relevant documentation, deprecation warnings, etc. Just wanted to get this sketch & proof of concept up for discussion first.

Checklist

make -j4 test (UNIX), or vcbuild test (Windows) passes
tests and/or benchmarks are included
documentation is changed or added
commit message follows commit guidelines

Admin message

Admin message

[RFC] crypto: replace createECDHKey with generate/importECDHKey

Checklist

Merge request reports