[RFC] crypto: replace createECDHKey with generate/importECDHKey
The current crypto APIs make it possible to create a key object that is invalid or partly valid, by calling the setPublicKey
/setPrivateKey
methods incorrectly. This proposal would make it impossible to hold an invalid key object, eliminating a class of errors relating to key objects.
Before:
const ecdh = crypto.createECDH('prime256v1')
ecdh.setPrivateKey('...', 'hex')
ecdh.setPublicKey('...', 'hex') // did it work? i hope so!
ecdh.generateKeys()
ecdh.setPublicKey(...) // what does this even mean?
After:
const ecdh = crypto.importECDHKey('prime256v1', privateKey, 'hex')
const ecdh2 = crypto.generateECDHKey('prime256v1')
// the ECDH objects are immutable and valid by definition.
I understand that this would be a rather large change to the API, but if this is something worth doing, I'm happy to do the refactors in other crypto APIs and write the relevant documentation, deprecation warnings, etc. Just wanted to get this sketch & proof of concept up for discussion first.
Checklist
-
make -j4 test
(UNIX), orvcbuild test
(Windows) passes -
tests and/or benchmarks are included -
documentation is changed or added -
commit message follows commit guidelines