crypto: fix CryptoKey internal slot behaviours

lib/internal/crypto/aes.js

@@ -47,6 +47,7 @@ const {
   InternalCryptoKey,
   SecretKeyObject,
   createSecretKey,
+  kAlgorithm,
 } = require('internal/crypto/keys');
 
 const {
@@ -108,7 +109,7 @@ function asyncAesCtrCipher(mode, key, data, algorithm) {
     mode,
     key[kKeyObject][kHandle],
     data,
-    getVariant('AES-CTR', key.algorithm.length),
+    getVariant('AES-CTR', key[kAlgorithm].length),
     algorithm.counter,
     algorithm.length));
 }
@@ -119,7 +120,7 @@ function asyncAesCbcCipher(mode, key, data, algorithm) {
     mode,
     key[kKeyObject][kHandle],
     data,
-    getVariant('AES-CBC', key.algorithm.length),
+    getVariant('AES-CBC', key[kAlgorithm].length),
     algorithm.iv));
 }
 
@@ -129,7 +130,7 @@ function asyncAesKwCipher(mode, key, data) {
     mode,
     key[kKeyObject][kHandle],
     data,
-    getVariant('AES-KW', key.algorithm.length)));
+    getVariant('AES-KW', key[kAlgorithm].length)));
 }
 
 function asyncAesGcmCipher(mode, key, data, algorithm) {
@@ -166,7 +167,7 @@ function asyncAesGcmCipher(mode, key, data, algorithm) {
     mode,
     key[kKeyObject][kHandle],
     data,
-    getVariant('AES-GCM', key.algorithm.length),
+    getVariant('AES-GCM', key[kAlgorithm].length),
     algorithm.iv,
     tag,
     algorithm.additionalData));

lib/internal/crypto/cfrg.js

@@ -47,6 +47,7 @@ const {
   PublicKeyObject,
   createPrivateKey,
   createPublicKey,
+  kKeyType,
 } = require('internal/crypto/keys');
 
 const generateKeyPair = promisify(_generateKeyPair);
@@ -343,7 +344,7 @@ function eddsaSignVerify(key, data, algorithm, signature) {
   const mode = signature === undefined ? kSignJobModeSign : kSignJobModeVerify;
   const type = mode === kSignJobModeSign ? 'private' : 'public';
 
-  if (key.type !== type)
+  if (key[kKeyType] !== type)
     throw lazyDOMException(`Key must be a ${type} key`, 'InvalidAccessError');
 
   return jobPromise(() => new SignJob(

lib/internal/crypto/diffiehellman.js

@@ -52,6 +52,8 @@ const {
 
 const {
   KeyObject,
+  kAlgorithm,
+  kKeyType,
 } = require('internal/crypto/keys');
 
 const {
@@ -328,20 +330,20 @@ let masks;
 async function ecdhDeriveBits(algorithm, baseKey, length) {
   const { 'public': key } = algorithm;
 
-  if (baseKey.type !== 'private') {
+  if (baseKey[kKeyType] !== 'private') {
     throw lazyDOMException(
       'baseKey must be a private key', 'InvalidAccessError');
   }
 
-  if (key.algorithm.name !== baseKey.algorithm.name) {
+  if (key[kAlgorithm].name !== baseKey[kAlgorithm].name) {
     throw lazyDOMException(
       'The public and private keys must be of the same type',
       'InvalidAccessError');
   }
 
   if (
-    key.algorithm.name === 'ECDH' &&
-    key.algorithm.namedCurve !== baseKey.algorithm.namedCurve
+    key[kAlgorithm].name === 'ECDH' &&
+    key[kAlgorithm].namedCurve !== baseKey[kAlgorithm].namedCurve
   ) {
     throw lazyDOMException('Named curve mismatch', 'InvalidAccessError');
   }

lib/internal/crypto/ec.js

@@ -41,6 +41,7 @@ const {
   PublicKeyObject,
   createPrivateKey,
   createPublicKey,
+  kKeyType,
 } = require('internal/crypto/keys');
 
 const generateKeyPair = promisify(_generateKeyPair);
@@ -284,7 +285,7 @@ function ecdsaSignVerify(key, data, { name, hash }, signature) {
   const mode = signature === undefined ? kSignJobModeSign : kSignJobModeVerify;
   const type = mode === kSignJobModeSign ? 'private' : 'public';
 
-  if (key.type !== type)
+  if (key[kKeyType] !== type)
     throw lazyDOMException(`Key must be a ${type} key`, 'InvalidAccessError');
 
   const hashname = normalizeHashName(hash.name);

lib/internal/crypto/keys.js

@@ -1,6 +1,7 @@
 'use strict';
 
 const {
+  ArrayFrom,
   ArrayPrototypeSlice,
   ObjectDefineProperties,
   ObjectDefineProperty,
@@ -81,6 +82,8 @@ const kAlgorithm = Symbol('kAlgorithm');
 const kExtractable = Symbol('kExtractable');
 const kKeyType = Symbol('kKeyType');
 const kKeyUsages = Symbol('kKeyUsages');
+const kCachedAlgorithm = Symbol('kCachedAlgorithm');
+const kCachedKeyUsages = Symbol('kCachedKeyUsages');
 
 // Key input contexts.
 const kConsumePublic = 0;
@@ -217,7 +220,7 @@ const {
           throw lazyDOMException('Unrecognized algorithm name', 'NotSupportedError');
       }
 
-      if (result.usages.length === 0) {
+      if (result[kKeyUsages].length === 0) {
         throw lazyDOMException(
           `Usages cannot be empty when importing a ${result.type} key.`,
           'SyntaxError');
@@ -309,7 +312,7 @@ const {
           throw lazyDOMException('Unrecognized algorithm name', 'NotSupportedError');
       }
 
-      if (result.type === 'private' && result.usages.length === 0) {
+      if (result.type === 'private' && result[kKeyUsages].length === 0) {
         throw lazyDOMException(
           `Usages cannot be empty when importing a ${result.type} key.`,
           'SyntaxError');
@@ -735,8 +738,8 @@ function prepareSecretKey(key, encoding, bufferOnly = false) {
         throw new ERR_CRYPTO_INVALID_KEY_OBJECT_TYPE(key.type, 'secret');
       return key[kHandle];
     } else if (isCryptoKey(key)) {
-      if (key.type !== 'secret')
-        throw new ERR_CRYPTO_INVALID_KEY_OBJECT_TYPE(key.type, 'secret');
+      if (key[kKeyType] !== 'secret')
+        throw new ERR_CRYPTO_INVALID_KEY_OBJECT_TYPE(key[kKeyType], 'secret');
       return key[kKeyObject][kHandle];
     }
   }
@@ -785,7 +788,7 @@ function createPrivateKey(key) {
 }
 
 function isKeyObject(obj) {
-  return obj != null && obj[kKeyType] !== undefined;
+  return obj != null && obj[kKeyType] !== undefined && obj[kKeyObject] === undefined;
 }
 
 // Our implementation of CryptoKey is a simple wrapper around a KeyObject
@@ -809,17 +812,21 @@ class CryptoKey {
     };
 
     return `CryptoKey ${inspect({
-      type: this.type,
-      extractable: this.extractable,
-      algorithm: this.algorithm,
-      usages: this.usages,
+      type: this[kKeyType],
+      extractable: this[kExtractable],
+      algorithm: this[kAlgorithm],
+      usages: this[kKeyUsages],
     }, opts)}`;
   }
 
+  get [kKeyType]() {
+    return this[kKeyObject].type;
+  }
+
   get type() {
     if (!(this instanceof CryptoKey))
       throw new ERR_INVALID_THIS('CryptoKey');
-    return this[kKeyObject].type;
+    return this[kKeyType];
   }
 
   get extractable() {
@@ -831,13 +838,19 @@ class CryptoKey {
   get algorithm() {
     if (!(this instanceof CryptoKey))
       throw new ERR_INVALID_THIS('CryptoKey');
-    return this[kAlgorithm];
+    if (!this[kCachedAlgorithm]) {
+      this[kCachedAlgorithm] ??= { ...this[kAlgorithm] };
+      this[kCachedAlgorithm].hash &&= { ...this[kCachedAlgorithm].hash };
+      this[kCachedAlgorithm].publicExponent &&= new Uint8Array(this[kCachedAlgorithm].publicExponent);
+    }
+    return this[kCachedAlgorithm];
   }
 
   get usages() {
     if (!(this instanceof CryptoKey))
       throw new ERR_INVALID_THIS('CryptoKey');
-    return this[kKeyUsages];
+    this[kCachedKeyUsages] ??= ArrayFrom(this[kKeyUsages]);
+    return this[kCachedKeyUsages];
   }
 }
 
@@ -1008,4 +1021,8 @@ module.exports = {
   isKeyObject,
   isCryptoKey,
   importGenericSecretKey,
+  kAlgorithm,
+  kExtractable,
+  kKeyType,
+  kKeyUsages,
 };

lib/internal/crypto/mac.js

@@ -36,6 +36,7 @@ const {
   InternalCryptoKey,
   SecretKeyObject,
   createSecretKey,
+  kAlgorithm,
 } = require('internal/crypto/keys');
 
 const generateKey = promisify(_generateKey);
@@ -161,7 +162,7 @@ function hmacSignVerify(key, data, algorithm, signature) {
   return jobPromise(() => new HmacJob(
     kCryptoJobAsync,
     mode,
-    normalizeHashName(key.algorithm.hash.name),
+    normalizeHashName(key[kAlgorithm].hash.name),
     key[kKeyObject][kHandle],
     data,
     signature));

lib/internal/crypto/ml_dsa.js

@@ -51,6 +51,8 @@ const {
   PublicKeyObject,
   createPrivateKey,
   createPublicKey,
+  kAlgorithm,
+  kKeyType,
 } = require('internal/crypto/keys');
 
 const generateKeyPair = promisify(_generateKeyPair);
@@ -116,7 +118,7 @@ function mlDsaExportKey(key, format) {
   try {
     switch (format) {
       case kWebCryptoKeyFormatRaw: {
-        if (key.type === 'private') {
+        if (key[kKeyType] === 'private') {
           const { priv } = key[kKeyObject][kHandle].exportJwk({}, false);
           return Buffer.alloc(32, priv, 'base64url').buffer;
         }
@@ -136,7 +138,7 @@ function mlDsaExportKey(key, format) {
           0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04,
           0x03, 0x00, 0x04, 0x22, 0x80, 0x20,
         ], 0);
-        switch (key.algorithm.name) {
+        switch (key[kAlgorithm].name) {
           case 'ML-DSA-44':
             buffer.set([0x11], 17);
             break;
@@ -292,7 +294,7 @@ function mlDsaSignVerify(key, data, algorithm, signature) {
   const mode = signature === undefined ? kSignJobModeSign : kSignJobModeVerify;
   const type = mode === kSignJobModeSign ? 'private' : 'public';
 
-  if (key.type !== type)
+  if (key[kKeyType] !== type)
     throw lazyDOMException(`Key must be a ${type} key`, 'InvalidAccessError');
 
   return jobPromise(() => new SignJob(

lib/internal/crypto/rsa.js

@@ -50,6 +50,8 @@ const {
   PublicKeyObject,
   createPublicKey,
   createPrivateKey,
+  kAlgorithm,
+  kKeyType,
 } = require('internal/crypto/keys');
 
 const {
@@ -95,7 +97,7 @@ function rsaOaepCipher(mode, key, data, algorithm) {
   validateRsaOaepAlgorithm(algorithm);
 
   const type = mode === kWebCryptoCipherEncrypt ? 'public' : 'private';
-  if (key.type !== type) {
+  if (key[kKeyType] !== type) {
     throw lazyDOMException(
       'The requested operation is not valid for the provided key',
       'InvalidAccessError');
@@ -107,7 +109,7 @@ function rsaOaepCipher(mode, key, data, algorithm) {
     key[kKeyObject][kHandle],
     data,
     kKeyVariantRSA_OAEP,
-    normalizeHashName(key.algorithm.hash.name),
+    normalizeHashName(key[kAlgorithm].hash.name),
     algorithm.label));
 }
 
@@ -201,7 +203,7 @@ function rsaExportKey(key, format) {
     kCryptoJobAsync,
     format,
     key[kKeyObject][kHandle],
-    kRsaVariants[key.algorithm.name]));
+    kRsaVariants[key[kAlgorithm].name]));
 }
 
 function rsaImportKey(
@@ -329,16 +331,16 @@ function rsaSignVerify(key, data, { saltLength }, signature) {
   const mode = signature === undefined ? kSignJobModeSign : kSignJobModeVerify;
   const type = mode === kSignJobModeSign ? 'private' : 'public';
 
-  if (key.type !== type)
+  if (key[kKeyType] !== type)
     throw lazyDOMException(`Key must be a ${type} key`, 'InvalidAccessError');
 
   return jobPromise(() => {
-    if (key.algorithm.name === 'RSA-PSS') {
+    if (key[kAlgorithm].name === 'RSA-PSS') {
       validateInt32(
         saltLength,
         'algorithm.saltLength',
         0,
-        MathCeil((key.algorithm.modulusLength - 1) / 8) - getDigestSizeInBytes(key.algorithm.hash.name) - 2);
+        MathCeil((key[kAlgorithm].modulusLength - 1) / 8) - getDigestSizeInBytes(key[kAlgorithm].hash.name) - 2);
     }
 
     return new SignJob(
@@ -349,9 +351,9 @@ function rsaSignVerify(key, data, { saltLength }, signature) {
       undefined,
       undefined,
       data,
-      normalizeHashName(key.algorithm.hash.name),
+      normalizeHashName(key[kAlgorithm].hash.name),
       saltLength,
-      key.algorithm.name === 'RSA-PSS' ? RSA_PKCS1_PSS_PADDING : undefined,
+      key[kAlgorithm].name === 'RSA-PSS' ? RSA_PKCS1_PSS_PADDING : undefined,
       undefined,
       signature);
   });

lib/internal/crypto/util.js

@@ -397,7 +397,9 @@ const kSupportedAlgorithms = createSupportedAlgorithms(kAlgorithmDefinitions);
 
 const simpleAlgorithmDictionaries = {
   AeadParams: { iv: 'BufferSource', additionalData: 'BufferSource' },
-  RsaHashedKeyGenParams: { hash: 'HashAlgorithmIdentifier' },
+  // publicExponent is not strictly a BufferSource but it is a Uint8Array that we normalize
+  // this way
+  RsaHashedKeyGenParams: { hash: 'HashAlgorithmIdentifier', publicExponent: 'BufferSource' },
   EcKeyGenParams: {},
   HmacKeyGenParams: { hash: 'HashAlgorithmIdentifier' },
   RsaPssParams: {},