#include #include #include #include "../utils/base64.h" #include "HybridKeyObjectHandle.hpp" #include "QuickCryptoUtils.hpp" #include #include #include #include #include #include #include #include namespace margelo::nitro::crypto { #if OPENSSL_VERSION_NUMBER >= 0x30600000L // Configure loaded providers to prefer seed-only PKCS#8 output for ML-DSA / // ML-KEM, falling back to priv-only when no seed is available. Without this, // OpenSSL defaults to "seed-priv" — a longer encoding that bundles both — // which breaks interop with Node and the exact-length export check in subtle.ts. // Mirrors src/crypto/crypto_util.cc in Node. static void configurePqcOutputFormats() { static std::once_flag once; std::call_once(once, []() { OSSL_PROVIDER_do_all( nullptr, [](OSSL_PROVIDER* provider, void*) -> int { OSSL_PROVIDER_add_conf_parameter(provider, "ml-kem.output_formats", "seed-only,priv-only"); OSSL_PROVIDER_add_conf_parameter(provider, "ml-dsa.output_formats", "seed-only,priv-only"); OSSL_PROVIDER_add_conf_parameter(provider, "slh-dsa.output_formats", "seed-only,priv-only"); return 1; }, nullptr); }); } #endif HybridKeyObjectHandle::HybridKeyObjectHandle() : HybridObject(TAG) { #if OPENSSL_VERSION_NUMBER >= 0x30600000L // Configure once on first handle construction. Providers are guaranteed // loaded by this point (any prior crypto op routed through ncrypto), and // the call_once flag makes subsequent constructions cheap. configurePqcOutputFormats(); #endif } // Helper functions for base64url encoding/decoding with BIGNUMs static std::string bn_to_base64url(const BIGNUM* bn, size_t expected_size = 0) { if (!bn) return ""; int num_bytes = BN_num_bytes(bn); if (num_bytes == 0) return ""; // If expected_size is provided and larger than num_bytes, pad with leading zeros size_t buffer_size = (expected_size > 0 && expected_size > static_cast(num_bytes)) ? expected_size : static_cast(num_bytes); std::vector buffer(buffer_size, 0); // BN_bn2bin writes to the end of the buffer if it's larger than needed size_t offset = buffer_size - num_bytes; BN_bn2bin(bn, buffer.data() + offset); // Return clean base64url - RFC 7517 compliant (no padding characters) return base64_encode(buffer.data(), buffer.size(), true); } // Helper to add padding to base64url strings static std::string add_base64_padding(const std::string& b64) { std::string padded = b64; // Base64 strings should be a multiple of 4 characters // Add '=' padding to make it so while (padded.length() % 4 != 0) { padded += '='; } return padded; } static BIGNUM* base64url_to_bn(const std::string& b64) { if (b64.empty()) return nullptr; try { // Strip trailing periods (some JWK implementations use '.' as padding) std::string cleaned = b64; while (!cleaned.empty() && cleaned.back() == '.') { cleaned.pop_back(); } // Add padding if needed for base64url std::string padded = add_base64_padding(cleaned); std::string decoded = base64_decode(padded, false); if (decoded.empty()) return nullptr; return BN_bin2bn(reinterpret_cast(decoded.data()), static_cast(decoded.size()), nullptr); } catch (const std::exception& e) { throw std::runtime_error(std::string("Input is not valid base64-encoded data.")); } } static std::string base64url_encode(const unsigned char* data, size_t len) { return base64_encode(data, len, true); } static std::string base64url_decode(const std::string& input) { // Strip trailing periods (some JWK implementations use '.' as padding) std::string cleaned = input; while (!cleaned.empty() && cleaned.back() == '.') { cleaned.pop_back(); } // Add padding if needed for base64url std::string padded = add_base64_padding(cleaned); return base64_decode(padded, false); } std::shared_ptr HybridKeyObjectHandle::exportKey(std::optional format, std::optional type, const std::optional& cipher, const std::optional>& passphrase) { auto keyType = data_.GetKeyType(); // Copy to avoid JSI ArrayBuffer GC issues. See #645. if (keyType == KeyType::SECRET) { return ToNativeArrayBuffer(data_.GetSymmetricKey()); } // Handle asymmetric keys (public/private) if (keyType == KeyType::PUBLIC || keyType == KeyType::PRIVATE) { const auto& pkey = data_.GetAsymmetricKey(); if (!pkey) { throw std::runtime_error("Invalid asymmetric key"); } int keyId = EVP_PKEY_id(pkey.get()); // For curve keys (X25519, X448, Ed25519, Ed448), use raw format if no format specified bool isCurveKey = (keyId == EVP_PKEY_X25519 || keyId == EVP_PKEY_X448 || keyId == EVP_PKEY_ED25519 || keyId == EVP_PKEY_ED448); // If no format specified and it's a curve key, export as raw if (!format.has_value() && !type.has_value() && isCurveKey) { if (keyType == KeyType::PUBLIC) { auto rawData = pkey.rawPublicKey(); if (!rawData) { throw std::runtime_error("Failed to get raw public key"); } return ToNativeArrayBuffer(std::string(reinterpret_cast(rawData.get()), rawData.size())); } else { auto rawData = pkey.rawPrivateKey(); if (!rawData) { throw std::runtime_error("Failed to get raw private key"); } return ToNativeArrayBuffer(std::string(reinterpret_cast(rawData.get()), rawData.size())); } } // For EC keys, handle raw format (uncompressed point) if (!format.has_value() && !type.has_value() && keyId == EVP_PKEY_EC && keyType == KeyType::PUBLIC) { size_t len = 0; if (EVP_PKEY_get_octet_string_param(pkey.get(), OSSL_PKEY_PARAM_PUB_KEY, nullptr, 0, &len) != 1 || len == 0) throw std::runtime_error("Failed to get EC public key size"); std::vector buf(len); if (EVP_PKEY_get_octet_string_param(pkey.get(), OSSL_PKEY_PARAM_PUB_KEY, buf.data(), buf.size(), &len) != 1) throw std::runtime_error("Failed to get EC public key"); return ToNativeArrayBuffer(std::string(reinterpret_cast(buf.data()), len)); } #if OPENSSL_VERSION_NUMBER >= 0x30500000L if (!format.has_value() && !type.has_value()) { const char* typeName = EVP_PKEY_get0_type_name(pkey.get()); if (typeName != nullptr) { std::string name(typeName); bool isPqcKey = (name.starts_with("ML-KEM-") || name.starts_with("ML-DSA-") || name.starts_with("SLH-DSA-")); if (isPqcKey) { if (keyType == KeyType::PUBLIC) { auto rawData = pkey.rawPublicKey(); if (!rawData) { throw std::runtime_error("Failed to get raw PQC public key"); } return ToNativeArrayBuffer(std::string(reinterpret_cast(rawData.get()), rawData.size())); } else { auto rawData = pkey.rawSeed(); if (!rawData) { throw std::runtime_error("Failed to get raw PQC seed"); } return ToNativeArrayBuffer(std::string(reinterpret_cast(rawData.get()), rawData.size())); } } } } #endif // Set default format and type if not provided auto exportFormat = format.value_or(KFormatType::DER); auto exportType = type.value_or(keyType == KeyType::PUBLIC ? KeyEncoding::SPKI : KeyEncoding::PKCS8); // If SPKI is requested, export as public key (works for both public and private keys) // This allows extracting the public key from a private key bool exportAsPublic = (exportType == KeyEncoding::SPKI) || (keyType == KeyType::PUBLIC); // Create encoding config if (exportAsPublic) { ncrypto::EVPKeyPointer::PublicKeyEncodingConfig config(false, static_cast(exportFormat), static_cast(exportType)); auto result = pkey.writePublicKey(config); if (!result) { throw std::runtime_error("Failed to export public key"); } auto bio = std::move(result.value); BUF_MEM* bptr = bio; return ToNativeArrayBuffer(std::string(bptr->data, bptr->length)); } else { ncrypto::EVPKeyPointer::PrivateKeyEncodingConfig config(false, static_cast(exportFormat), static_cast(exportType)); // Handle cipher and passphrase for encrypted private keys if (cipher.has_value()) { const EVP_CIPHER* evp_cipher = EVP_get_cipherbyname(cipher.value().c_str()); if (!evp_cipher) { throw std::runtime_error("Unknown cipher: " + cipher.value()); } config.cipher = evp_cipher; } if (passphrase.has_value()) { auto& passphrase_ptr = passphrase.value(); config.passphrase = std::make_optional(ncrypto::DataPointer::Copy(ncrypto::Buffer{passphrase_ptr->data(), passphrase_ptr->size()})); } auto result = pkey.writePrivateKey(config); if (!result) { throw std::runtime_error("Failed to export private key"); } auto bio = std::move(result.value); BUF_MEM* bptr = bio; return ToNativeArrayBuffer(std::string(bptr->data, bptr->length)); } } throw std::runtime_error("Unsupported key type for export"); } JWK HybridKeyObjectHandle::exportJwk(const JWK& key, bool handleRsaPss) { JWK result = key; auto keyType = data_.GetKeyType(); // Handle secret keys (AES, HMAC) if (keyType == KeyType::SECRET) { auto symKey = data_.GetSymmetricKey(); result.kty = JWKkty::OCT; // RFC 7517 compliant base64url encoding (no padding characters) result.k = base64url_encode(reinterpret_cast(symKey->data()), symKey->size()); return result; } // Handle asymmetric keys (RSA, EC) const auto& pkey = data_.GetAsymmetricKey(); if (!pkey) { throw std::runtime_error("Invalid key for JWK export"); } int keyId = EVP_PKEY_id(pkey.get()); // Export RSA keys if (keyId == EVP_PKEY_RSA || keyId == EVP_PKEY_RSA_PSS) { const RSA* rsa = EVP_PKEY_get0_RSA(pkey.get()); if (!rsa) throw std::runtime_error("Failed to get RSA key"); result.kty = JWKkty::RSA; const BIGNUM *n_bn, *e_bn, *d_bn, *p_bn, *q_bn, *dmp1_bn, *dmq1_bn, *iqmp_bn; RSA_get0_key(rsa, &n_bn, &e_bn, &d_bn); RSA_get0_factors(rsa, &p_bn, &q_bn); RSA_get0_crt_params(rsa, &dmp1_bn, &dmq1_bn, &iqmp_bn); // Public components (always present) if (n_bn) result.n = bn_to_base64url(n_bn); if (e_bn) result.e = bn_to_base64url(e_bn); // Private components (only for private keys) if (keyType == KeyType::PRIVATE) { if (d_bn) result.d = bn_to_base64url(d_bn); if (p_bn) result.p = bn_to_base64url(p_bn); if (q_bn) result.q = bn_to_base64url(q_bn); if (dmp1_bn) result.dp = bn_to_base64url(dmp1_bn); if (dmq1_bn) result.dq = bn_to_base64url(dmq1_bn); if (iqmp_bn) result.qi = bn_to_base64url(iqmp_bn); } return result; } // Export EC keys if (keyId == EVP_PKEY_EC) { char curve_name_buf[64]; size_t name_len = 0; if (EVP_PKEY_get_utf8_string_param(pkey.get(), OSSL_PKEY_PARAM_GROUP_NAME, curve_name_buf, sizeof(curve_name_buf), &name_len) != 1) throw std::runtime_error("Failed to get EC group name"); std::string curve_name(curve_name_buf, name_len); int bits = EVP_PKEY_bits(pkey.get()); if (bits <= 0) throw std::runtime_error("Failed to get EC key size"); size_t field_size = (static_cast(bits) + 7) / 8; result.kty = JWKkty::EC; // Map OpenSSL curve names to JWK curve names if (curve_name == "prime256v1") { result.crv = "P-256"; } else if (curve_name == "secp384r1") { result.crv = "P-384"; } else if (curve_name == "secp521r1") { result.crv = "P-521"; } else { result.crv = curve_name; } BIGNUM* x_bn = nullptr; BIGNUM* y_bn = nullptr; if (EVP_PKEY_get_bn_param(pkey.get(), OSSL_PKEY_PARAM_EC_PUB_X, &x_bn) != 1 || EVP_PKEY_get_bn_param(pkey.get(), OSSL_PKEY_PARAM_EC_PUB_Y, &y_bn) != 1) { BN_free(x_bn); BN_free(y_bn); throw std::runtime_error("Failed to get EC public key coordinates"); } result.x = bn_to_base64url(x_bn, field_size); result.y = bn_to_base64url(y_bn, field_size); BN_free(x_bn); BN_free(y_bn); // Export private key if this is a private key if (keyType == KeyType::PRIVATE) { BIGNUM* priv_bn = nullptr; if (EVP_PKEY_get_bn_param(pkey.get(), OSSL_PKEY_PARAM_PRIV_KEY, &priv_bn) == 1 && priv_bn) { result.d = bn_to_base64url(priv_bn, field_size); BN_free(priv_bn); } } return result; } // Export OKP keys (Ed25519, Ed448, X25519, X448) per RFC 8037 if (keyId == EVP_PKEY_ED25519 || keyId == EVP_PKEY_ED448 || keyId == EVP_PKEY_X25519 || keyId == EVP_PKEY_X448) { result.kty = JWKkty::OKP; switch (keyId) { case EVP_PKEY_ED25519: result.crv = "Ed25519"; break; case EVP_PKEY_ED448: result.crv = "Ed448"; break; case EVP_PKEY_X25519: result.crv = "X25519"; break; case EVP_PKEY_X448: result.crv = "X448"; break; default: break; } auto pubKey = pkey.rawPublicKey(); if (!pubKey) { throw std::runtime_error("Failed to get raw public key for OKP JWK export"); } result.x = base64url_encode(reinterpret_cast(pubKey.get()), pubKey.size()); if (keyType == KeyType::PRIVATE) { auto privKey = pkey.rawPrivateKey(); if (!privKey) { throw std::runtime_error("Failed to get raw private key for OKP JWK export"); } result.d = base64url_encode(reinterpret_cast(privKey.get()), privKey.size()); } return result; } #if OPENSSL_VERSION_NUMBER >= 0x30500000L // Export AKP keys (ML-DSA, ML-KEM) { const char* typeName = EVP_PKEY_get0_type_name(pkey.get()); if (typeName != nullptr) { std::string name(typeName); bool isPqcKey = (name.starts_with("ML-DSA-") || name.starts_with("ML-KEM-") || name.starts_with("SLH-DSA-")); if (isPqcKey) { result.kty = JWKkty::AKP; result.alg = name; auto pubKey = pkey.rawPublicKey(); if (!pubKey) { throw std::runtime_error("Failed to get raw public key for AKP JWK export"); } result.pub = base64url_encode(reinterpret_cast(pubKey.get()), pubKey.size()); if (keyType == KeyType::PRIVATE) { auto seed = pkey.rawSeed(); if (!seed) { throw std::runtime_error("Key does not have an available seed"); } result.priv = base64url_encode(reinterpret_cast(seed.get()), seed.size()); } return result; } } } #endif throw std::runtime_error("Unsupported key type for JWK export"); } // Returns true if the EVP_PKEY type supports raw public key export // (CFRG keys: Ed25519, Ed448, X25519, X448; PQC keys: ML-DSA, ML-KEM, SLH-DSA). static bool supportsRawPublic(int keyId, const char* typeName) { if (keyId == EVP_PKEY_ED25519 || keyId == EVP_PKEY_ED448 || keyId == EVP_PKEY_X25519 || keyId == EVP_PKEY_X448) { return true; } #if OPENSSL_VERSION_NUMBER >= 0x30500000L if (keyId == EVP_PKEY_ML_DSA_44 || keyId == EVP_PKEY_ML_DSA_65 || keyId == EVP_PKEY_ML_DSA_87) { return true; } if (typeName != nullptr) { std::string name(typeName); if (name.starts_with("ML-KEM-") || name.starts_with("ML-DSA-") || name.starts_with("SLH-DSA-")) { return true; } } #else (void)typeName; #endif return false; } // Returns true if the EVP_PKEY type supports raw private key export // (CFRG keys: Ed25519, Ed448, X25519, X448; SLH-DSA private keys). static bool supportsRawPrivate(int keyId, const char* typeName) { if (keyId == EVP_PKEY_ED25519 || keyId == EVP_PKEY_ED448 || keyId == EVP_PKEY_X25519 || keyId == EVP_PKEY_X448) { return true; } #if OPENSSL_VERSION_NUMBER >= 0x30500000L if (typeName != nullptr) { std::string name(typeName); if (name.starts_with("SLH-DSA-")) { return true; } } #else (void)typeName; #endif return false; } // Returns true if the EVP_PKEY type supports raw seed export // (PQC keys: ML-DSA, ML-KEM, SLH-DSA). static bool supportsRawSeed(int keyId, const char* typeName) { #if OPENSSL_VERSION_NUMBER >= 0x30500000L if (keyId == EVP_PKEY_ML_DSA_44 || keyId == EVP_PKEY_ML_DSA_65 || keyId == EVP_PKEY_ML_DSA_87) { return true; } if (typeName != nullptr) { std::string name(typeName); if (name.starts_with("ML-KEM-") || name.starts_with("ML-DSA-") || name.starts_with("SLH-DSA-")) { return true; } } #else (void)keyId; (void)typeName; #endif return false; } std::shared_ptr HybridKeyObjectHandle::exportRawPublic() { auto keyType = data_.GetKeyType(); if (keyType == KeyType::SECRET) { throw std::runtime_error("Raw public key export is not supported for secret keys"); } const auto& pkey = data_.GetAsymmetricKey(); if (!pkey) { throw std::runtime_error("Invalid asymmetric key"); } int keyId = EVP_PKEY_id(pkey.get()); const char* typeName = EVP_PKEY_get0_type_name(pkey.get()); if (!supportsRawPublic(keyId, typeName)) { throw std::runtime_error("The key type does not support raw public key export"); } auto rawData = pkey.rawPublicKey(); if (!rawData) { throw std::runtime_error("Failed to get raw public key"); } return ToNativeArrayBuffer(reinterpret_cast(rawData.get()), rawData.size()); } std::shared_ptr HybridKeyObjectHandle::exportRawPrivate() { auto keyType = data_.GetKeyType(); if (keyType != KeyType::PRIVATE) { throw std::runtime_error("Raw private key export requires a private key"); } const auto& pkey = data_.GetAsymmetricKey(); if (!pkey) { throw std::runtime_error("Invalid asymmetric key"); } int keyId = EVP_PKEY_id(pkey.get()); const char* typeName = EVP_PKEY_get0_type_name(pkey.get()); if (!supportsRawPrivate(keyId, typeName)) { throw std::runtime_error("The key type does not support raw private key export"); } auto rawData = pkey.rawPrivateKey(); if (!rawData) { throw std::runtime_error("Failed to get raw private key"); } return ToNativeArrayBuffer(reinterpret_cast(rawData.get()), rawData.size()); } std::shared_ptr HybridKeyObjectHandle::exportRawSeed() { #if OPENSSL_VERSION_NUMBER >= 0x30500000L auto keyType = data_.GetKeyType(); if (keyType != KeyType::PRIVATE) { throw std::runtime_error("Raw seed export requires a private key"); } const auto& pkey = data_.GetAsymmetricKey(); if (!pkey) { throw std::runtime_error("Invalid asymmetric key"); } int keyId = EVP_PKEY_id(pkey.get()); const char* typeName = EVP_PKEY_get0_type_name(pkey.get()); if (!supportsRawSeed(keyId, typeName)) { throw std::runtime_error("The key type does not support raw seed export"); } auto rawData = pkey.rawSeed(); if (!rawData) { throw std::runtime_error("Key does not have an available seed"); } return ToNativeArrayBuffer(reinterpret_cast(rawData.get()), rawData.size()); #else throw std::runtime_error("Raw seed export requires OpenSSL 3.5+"); #endif } std::shared_ptr HybridKeyObjectHandle::exportECPublicRaw(bool compressed) { auto keyType = data_.GetKeyType(); if (keyType == KeyType::SECRET) { throw std::runtime_error("EC raw public key export is not supported for secret keys"); } const auto& pkey = data_.GetAsymmetricKey(); if (!pkey) { throw std::runtime_error("Invalid asymmetric key"); } if (EVP_PKEY_id(pkey.get()) != EVP_PKEY_EC) { throw std::runtime_error("Key is not an EC key"); } const EC_KEY* ec_key = EVP_PKEY_get0_EC_KEY(pkey.get()); if (!ec_key) { throw std::runtime_error("Failed to get EC key"); } const EC_GROUP* group = EC_KEY_get0_group(ec_key); const EC_POINT* point = EC_KEY_get0_public_key(ec_key); if (!group || !point) { throw std::runtime_error("Failed to get EC public key point"); } point_conversion_form_t form = compressed ? POINT_CONVERSION_COMPRESSED : POINT_CONVERSION_UNCOMPRESSED; size_t len = EC_POINT_point2oct(group, point, form, nullptr, 0, nullptr); if (len == 0) { throw std::runtime_error("Failed to compute EC point size"); } std::vector buf(len); if (EC_POINT_point2oct(group, point, form, buf.data(), buf.size(), nullptr) != len) { throw std::runtime_error("Failed to encode EC public key point"); } return ToNativeArrayBuffer(buf.data(), buf.size()); } std::shared_ptr HybridKeyObjectHandle::exportECPrivateRaw() { auto keyType = data_.GetKeyType(); if (keyType != KeyType::PRIVATE) { throw std::runtime_error("EC raw private key export requires a private key"); } const auto& pkey = data_.GetAsymmetricKey(); if (!pkey) { throw std::runtime_error("Invalid asymmetric key"); } if (EVP_PKEY_id(pkey.get()) != EVP_PKEY_EC) { throw std::runtime_error("Key is not an EC key"); } const EC_KEY* ec_key = EVP_PKEY_get0_EC_KEY(pkey.get()); if (!ec_key) { throw std::runtime_error("Failed to get EC key"); } const BIGNUM* priv_bn = EC_KEY_get0_private_key(ec_key); if (!priv_bn) { throw std::runtime_error("EC key has no private component"); } const EC_GROUP* group = EC_KEY_get0_group(ec_key); if (!group) { throw std::runtime_error("Failed to get EC group"); } BIGNUM* order = BN_new(); if (!order) { throw std::runtime_error("Failed to allocate BIGNUM"); } if (EC_GROUP_get_order(group, order, nullptr) != 1) { BN_free(order); throw std::runtime_error("Failed to get EC group order"); } size_t order_size = (BN_num_bits(order) + 7) / 8; BN_free(order); std::vector buf(order_size, 0); if (BN_bn2binpad(priv_bn, buf.data(), static_cast(order_size)) < 0) { throw std::runtime_error("Failed to encode EC private key"); } return ToNativeArrayBuffer(buf.data(), buf.size()); } AsymmetricKeyType HybridKeyObjectHandle::getAsymmetricKeyType() { const auto& pkey = data_.GetAsymmetricKey(); if (!pkey) { throw std::runtime_error("Key is not an asymmetric key"); } int keyType = EVP_PKEY_id(pkey.get()); switch (keyType) { case EVP_PKEY_RSA: return AsymmetricKeyType::RSA; case EVP_PKEY_RSA_PSS: return AsymmetricKeyType::RSA_PSS; case EVP_PKEY_DSA: return AsymmetricKeyType::DSA; case EVP_PKEY_EC: return AsymmetricKeyType::EC; case EVP_PKEY_DH: return AsymmetricKeyType::DH; case EVP_PKEY_X25519: return AsymmetricKeyType::X25519; case EVP_PKEY_X448: return AsymmetricKeyType::X448; case EVP_PKEY_ED25519: return AsymmetricKeyType::ED25519; case EVP_PKEY_ED448: return AsymmetricKeyType::ED448; #if OPENSSL_VERSION_NUMBER >= 0x30500000L case EVP_PKEY_ML_DSA_44: return AsymmetricKeyType::ML_DSA_44; case EVP_PKEY_ML_DSA_65: return AsymmetricKeyType::ML_DSA_65; case EVP_PKEY_ML_DSA_87: return AsymmetricKeyType::ML_DSA_87; #endif default: break; } #if OPENSSL_VERSION_NUMBER >= 0x30500000L // EVP_PKEY_id returns -1 for provider-only key types (e.g. ML-KEM, SLH-DSA) // Fall back to string-based type name comparison const char* typeName = EVP_PKEY_get0_type_name(pkey.get()); if (typeName != nullptr) { std::string name(typeName); if (name == "ML-KEM-512") return AsymmetricKeyType::ML_KEM_512; if (name == "ML-KEM-768") return AsymmetricKeyType::ML_KEM_768; if (name == "ML-KEM-1024") return AsymmetricKeyType::ML_KEM_1024; if (name == "SLH-DSA-SHA2-128s") return AsymmetricKeyType::SLH_DSA_SHA2_128S; if (name == "SLH-DSA-SHA2-128f") return AsymmetricKeyType::SLH_DSA_SHA2_128F; if (name == "SLH-DSA-SHA2-192s") return AsymmetricKeyType::SLH_DSA_SHA2_192S; if (name == "SLH-DSA-SHA2-192f") return AsymmetricKeyType::SLH_DSA_SHA2_192F; if (name == "SLH-DSA-SHA2-256s") return AsymmetricKeyType::SLH_DSA_SHA2_256S; if (name == "SLH-DSA-SHA2-256f") return AsymmetricKeyType::SLH_DSA_SHA2_256F; if (name == "SLH-DSA-SHAKE-128s") return AsymmetricKeyType::SLH_DSA_SHAKE_128S; if (name == "SLH-DSA-SHAKE-128f") return AsymmetricKeyType::SLH_DSA_SHAKE_128F; if (name == "SLH-DSA-SHAKE-192s") return AsymmetricKeyType::SLH_DSA_SHAKE_192S; if (name == "SLH-DSA-SHAKE-192f") return AsymmetricKeyType::SLH_DSA_SHAKE_192F; if (name == "SLH-DSA-SHAKE-256s") return AsymmetricKeyType::SLH_DSA_SHAKE_256S; if (name == "SLH-DSA-SHAKE-256f") return AsymmetricKeyType::SLH_DSA_SHAKE_256F; } #endif throw std::runtime_error("Unsupported asymmetric key type"); } bool HybridKeyObjectHandle::init(KeyType keyType, const std::variant, std::string>& key, std::optional format, std::optional type, const std::optional>& passphrase) { // Reset any existing data to prevent state leakage data_ = KeyObjectData(); // get ArrayBuffer from key - always copy to ensure we own the data std::shared_ptr ab; if (std::holds_alternative(key)) { ab = ToNativeArrayBuffer(std::get(key)); } else { const auto& abPtr = std::get>(key); ab = ToNativeArrayBuffer(abPtr); } // Handle raw asymmetric key material - only for special curves with known raw sizes std::optional actualFormat = format; if (!actualFormat.has_value() && !type.has_value() && (keyType == KeyType::PUBLIC || keyType == KeyType::PRIVATE)) { size_t keySize = ab->size(); // Only route to initRawKey for exact special curve sizes: // X25519/Ed25519: 32 bytes, X448: 56 bytes, Ed448: 57 bytes // DER-encoded keys will be much larger and should use standard parsing if ((keySize == 32) || (keySize == 56) || (keySize == 57)) { return initRawKey(keyType, ab); } // For larger sizes (DER-encoded keys), fall through to standard parsing } switch (keyType) { case KeyType::SECRET: { this->data_ = KeyObjectData::CreateSecret(ab); break; } case KeyType::PUBLIC: { auto data = KeyObjectData::GetPublicOrPrivateKey(ab, actualFormat, type, passphrase); if (!data) return false; this->data_ = data.addRefWithType(KeyType::PUBLIC); break; } case KeyType::PRIVATE: { if (auto data = KeyObjectData::GetPrivateKey(ab, actualFormat, type, passphrase, false)) { this->data_ = std::move(data); } break; } } return true; } std::optional HybridKeyObjectHandle::initJwk(const JWK& keyData, std::optional namedCurve) { // Reset any existing data data_ = KeyObjectData(); if (!keyData.kty.has_value()) { throw std::runtime_error("JWK missing required 'kty' field"); } JWKkty kty = keyData.kty.value(); // Handle symmetric keys (AES, HMAC) if (kty == JWKkty::OCT) { if (!keyData.k.has_value()) { throw std::runtime_error("JWK oct key missing 'k' field"); } std::string decoded = base64url_decode(keyData.k.value()); auto keyBuffer = ToNativeArrayBuffer(decoded); data_ = KeyObjectData::CreateSecret(keyBuffer); return KeyType::SECRET; } // Handle RSA keys if (kty == JWKkty::RSA) { bool isPrivate = keyData.d.has_value(); if (!keyData.n.has_value() || !keyData.e.has_value()) { throw std::runtime_error("JWK RSA key missing required 'n' or 'e' fields"); } RSA* rsa = RSA_new(); if (!rsa) throw std::runtime_error("Failed to create RSA key"); // Set public components BIGNUM* n = base64url_to_bn(keyData.n.value()); BIGNUM* e = base64url_to_bn(keyData.e.value()); if (!n || !e) { RSA_free(rsa); throw std::runtime_error("Failed to decode RSA public components"); } if (isPrivate) { // Private key if (!keyData.d.has_value()) { BN_free(n); BN_free(e); RSA_free(rsa); throw std::runtime_error("JWK RSA private key missing 'd' field"); } BIGNUM* d = base64url_to_bn(keyData.d.value()); if (!d) { BN_free(n); BN_free(e); RSA_free(rsa); throw std::runtime_error("Failed to decode RSA 'd' component"); } // Set key components (RSA_set0_key takes ownership) if (RSA_set0_key(rsa, n, e, d) != 1) { BN_free(n); BN_free(e); BN_free(d); RSA_free(rsa); throw std::runtime_error("Failed to set RSA key components"); } // Set optional CRT parameters if present if (keyData.p.has_value() && keyData.q.has_value()) { BIGNUM* p = base64url_to_bn(keyData.p.value()); BIGNUM* q = base64url_to_bn(keyData.q.value()); if (p && q) { RSA_set0_factors(rsa, p, q); } } if (keyData.dp.has_value() && keyData.dq.has_value() && keyData.qi.has_value()) { BIGNUM* dmp1 = base64url_to_bn(keyData.dp.value()); BIGNUM* dmq1 = base64url_to_bn(keyData.dq.value()); BIGNUM* iqmp = base64url_to_bn(keyData.qi.value()); if (dmp1 && dmq1 && iqmp) { RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp); } } // Create EVP_PKEY from RSA EVP_PKEY* pkey = EVP_PKEY_new(); if (!pkey || EVP_PKEY_assign_RSA(pkey, rsa) != 1) { RSA_free(rsa); if (pkey) EVP_PKEY_free(pkey); throw std::runtime_error("Failed to create EVP_PKEY from RSA"); } data_ = KeyObjectData::CreateAsymmetric(KeyType::PRIVATE, ncrypto::EVPKeyPointer(pkey)); return KeyType::PRIVATE; } else { // Public key if (RSA_set0_key(rsa, n, e, nullptr) != 1) { BN_free(n); BN_free(e); RSA_free(rsa); throw std::runtime_error("Failed to set RSA public key components"); } EVP_PKEY* pkey = EVP_PKEY_new(); if (!pkey || EVP_PKEY_assign_RSA(pkey, rsa) != 1) { RSA_free(rsa); if (pkey) EVP_PKEY_free(pkey); throw std::runtime_error("Failed to create EVP_PKEY from RSA"); } data_ = KeyObjectData::CreateAsymmetric(KeyType::PUBLIC, ncrypto::EVPKeyPointer(pkey)); return KeyType::PUBLIC; } } // Handle EC keys if (kty == JWKkty::EC) { bool isPrivate = keyData.d.has_value(); if (!keyData.crv.has_value() || !keyData.x.has_value() || !keyData.y.has_value()) { throw std::runtime_error("JWK EC key missing required fields (crv, x, y)"); } std::string crv = keyData.crv.value(); // Map JWK curve names to OpenSSL group names and field sizes const char* group_name; size_t field_size; if (crv == "P-256") { group_name = "prime256v1"; field_size = 32; } else if (crv == "P-384") { group_name = "secp384r1"; field_size = 48; } else if (crv == "P-521") { group_name = "secp521r1"; field_size = 66; } else { throw std::runtime_error("Unsupported EC curve: " + crv); } // Decode public key coordinates BIGNUM* x_bn = base64url_to_bn(keyData.x.value()); BIGNUM* y_bn = base64url_to_bn(keyData.y.value()); if (!x_bn || !y_bn) { BN_free(x_bn); BN_free(y_bn); throw std::runtime_error("Failed to decode EC public key coordinates"); } // Build uncompressed point: 0x04 || x_padded || y_padded std::vector pub_oct(1 + 2 * field_size, 0); pub_oct[0] = 0x04; BN_bn2binpad(x_bn, pub_oct.data() + 1, static_cast(field_size)); BN_bn2binpad(y_bn, pub_oct.data() + 1 + field_size, static_cast(field_size)); BN_free(x_bn); BN_free(y_bn); BIGNUM* d_bn = nullptr; if (isPrivate) { d_bn = base64url_to_bn(keyData.d.value()); if (!d_bn) throw std::runtime_error("Failed to decode EC private key"); } EVP_PKEY* pkey = nullptr; try { pkey = createEcEvpPkey(group_name, pub_oct.data(), pub_oct.size(), d_bn); } catch (...) { BN_free(d_bn); throw; } BN_free(d_bn); KeyType type = isPrivate ? KeyType::PRIVATE : KeyType::PUBLIC; data_ = KeyObjectData::CreateAsymmetric(type, ncrypto::EVPKeyPointer(pkey)); return type; } // Handle OKP keys (Ed25519, Ed448, X25519, X448) per RFC 8037 if (kty == JWKkty::OKP) { bool isPrivate = keyData.d.has_value(); if (!keyData.crv.has_value() || !keyData.x.has_value()) { throw std::runtime_error("JWK OKP key missing required fields (crv, x)"); } std::string crv = keyData.crv.value(); int evpType; if (crv == "Ed25519") { evpType = EVP_PKEY_ED25519; } else if (crv == "Ed448") { evpType = EVP_PKEY_ED448; } else if (crv == "X25519") { evpType = EVP_PKEY_X25519; } else if (crv == "X448") { evpType = EVP_PKEY_X448; } else { throw std::runtime_error("Unsupported OKP curve: " + crv); } if (isPrivate) { std::string privBytes = base64url_decode(keyData.d.value()); EVP_PKEY* pkey = EVP_PKEY_new_raw_private_key(evpType, nullptr, reinterpret_cast(privBytes.data()), privBytes.size()); if (!pkey) { throw std::runtime_error("Failed to create OKP private key from JWK"); } data_ = KeyObjectData::CreateAsymmetric(KeyType::PRIVATE, ncrypto::EVPKeyPointer(pkey)); return KeyType::PRIVATE; } else { std::string pubBytes = base64url_decode(keyData.x.value()); EVP_PKEY* pkey = EVP_PKEY_new_raw_public_key(evpType, nullptr, reinterpret_cast(pubBytes.data()), pubBytes.size()); if (!pkey) { throw std::runtime_error("Failed to create OKP public key from JWK"); } data_ = KeyObjectData::CreateAsymmetric(KeyType::PUBLIC, ncrypto::EVPKeyPointer(pkey)); return KeyType::PUBLIC; } } #if OPENSSL_VERSION_NUMBER >= 0x30500000L // Handle AKP keys (ML-DSA, ML-KEM) if (kty == JWKkty::AKP) { if (!keyData.alg.has_value()) { throw std::runtime_error("JWK AKP key missing 'alg' field"); } if (!keyData.pub.has_value()) { throw std::runtime_error("JWK AKP key missing 'pub' field"); } const std::string& alg = keyData.alg.value(); int nid = 0; if (alg == "ML-DSA-44") nid = EVP_PKEY_ML_DSA_44; else if (alg == "ML-DSA-65") nid = EVP_PKEY_ML_DSA_65; else if (alg == "ML-DSA-87") nid = EVP_PKEY_ML_DSA_87; else if (alg == "ML-KEM-512") nid = EVP_PKEY_ML_KEM_512; else if (alg == "ML-KEM-768") nid = EVP_PKEY_ML_KEM_768; else if (alg == "ML-KEM-1024") nid = EVP_PKEY_ML_KEM_1024; else if (alg == "SLH-DSA-SHA2-128s") nid = EVP_PKEY_SLH_DSA_SHA2_128S; else if (alg == "SLH-DSA-SHA2-128f") nid = EVP_PKEY_SLH_DSA_SHA2_128F; else if (alg == "SLH-DSA-SHA2-192s") nid = EVP_PKEY_SLH_DSA_SHA2_192S; else if (alg == "SLH-DSA-SHA2-192f") nid = EVP_PKEY_SLH_DSA_SHA2_192F; else if (alg == "SLH-DSA-SHA2-256s") nid = EVP_PKEY_SLH_DSA_SHA2_256S; else if (alg == "SLH-DSA-SHA2-256f") nid = EVP_PKEY_SLH_DSA_SHA2_256F; else if (alg == "SLH-DSA-SHAKE-128s") nid = EVP_PKEY_SLH_DSA_SHAKE_128S; else if (alg == "SLH-DSA-SHAKE-128f") nid = EVP_PKEY_SLH_DSA_SHAKE_128F; else if (alg == "SLH-DSA-SHAKE-192s") nid = EVP_PKEY_SLH_DSA_SHAKE_192S; else if (alg == "SLH-DSA-SHAKE-192f") nid = EVP_PKEY_SLH_DSA_SHAKE_192F; else if (alg == "SLH-DSA-SHAKE-256s") nid = EVP_PKEY_SLH_DSA_SHAKE_256S; else if (alg == "SLH-DSA-SHAKE-256f") nid = EVP_PKEY_SLH_DSA_SHAKE_256F; else throw std::runtime_error("Unsupported JWK AKP \"alg\": " + alg); bool isPrivate = keyData.priv.has_value(); ncrypto::EVPKeyPointer pkey; if (isPrivate) { std::string seedBytes = base64url_decode(keyData.priv.value()); ncrypto::Buffer buf{ .data = reinterpret_cast(seedBytes.data()), .len = seedBytes.size(), }; pkey = ncrypto::EVPKeyPointer::NewRawSeed(nid, buf); if (!pkey) { throw std::runtime_error("Invalid JWK AKP key"); } // Verify the pub field matches the public key derived from the seed. std::string pubBytes = base64url_decode(keyData.pub.value()); auto derivedPub = pkey.rawPublicKey(); if (!derivedPub || derivedPub.size() != pubBytes.size() || CRYPTO_memcmp(derivedPub.get(), pubBytes.data(), pubBytes.size()) != 0) { throw std::runtime_error("Invalid JWK AKP key"); } data_ = KeyObjectData::CreateAsymmetric(KeyType::PRIVATE, std::move(pkey)); return KeyType::PRIVATE; } else { std::string pubBytes = base64url_decode(keyData.pub.value()); ncrypto::Buffer buf{ .data = reinterpret_cast(pubBytes.data()), .len = pubBytes.size(), }; pkey = ncrypto::EVPKeyPointer::NewRawPublic(nid, buf); if (!pkey) { throw std::runtime_error("Invalid JWK AKP key"); } data_ = KeyObjectData::CreateAsymmetric(KeyType::PUBLIC, std::move(pkey)); return KeyType::PUBLIC; } } #endif throw std::runtime_error("Unsupported JWK key type"); } KeyDetail HybridKeyObjectHandle::keyDetail() { const auto& pkey_ptr = data_.GetAsymmetricKey(); if (!pkey_ptr) { return KeyDetail{}; } EVP_PKEY* pkey = pkey_ptr.get(); int keyType = EVP_PKEY_base_id(pkey); if (keyType == EVP_PKEY_RSA) { // Extract RSA key details int modulusLength = EVP_PKEY_bits(pkey); // Extract public exponent (typically 65537 = 0x10001) const RSA* rsa = EVP_PKEY_get0_RSA(pkey); if (rsa) { const BIGNUM* e_bn = nullptr; RSA_get0_key(rsa, nullptr, &e_bn, nullptr); if (e_bn) { unsigned long exponent_val = BN_get_word(e_bn); return KeyDetail(std::nullopt, static_cast(exponent_val), static_cast(modulusLength), std::nullopt, std::nullopt, std::nullopt, std::nullopt); } } // Fallback if we couldn't extract the exponent return KeyDetail(std::nullopt, std::nullopt, static_cast(modulusLength), std::nullopt, std::nullopt, std::nullopt, std::nullopt); } if (keyType == EVP_PKEY_EC) { char curve_name[64]; size_t name_len = 0; if (EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_GROUP_NAME, curve_name, sizeof(curve_name), &name_len) == 1) { return KeyDetail(std::nullopt, std::nullopt, std::nullopt, std::nullopt, std::nullopt, std::nullopt, std::string(curve_name, name_len)); } } return KeyDetail{}; } bool HybridKeyObjectHandle::initRawKey(KeyType keyType, std::shared_ptr keyData) { // For asymmetric keys (x25519/x448/ed25519/ed448), we need to determine the curve type // Based on key size: x25519=32 bytes, x448=56 bytes, ed25519=32 bytes, ed448=57 bytes int curveId = -1; size_t keySize = keyData->size(); if (keySize == 32) { // Could be x25519 or ed25519 - for now assume x25519 based on test context curveId = EVP_PKEY_X25519; } else if (keySize == 56) { curveId = EVP_PKEY_X448; } else if (keySize == 57) { curveId = EVP_PKEY_ED448; } else { throw std::runtime_error("Invalid key size: expected 32, 56, or 57 bytes for curve keys"); } ncrypto::Buffer buffer{.data = reinterpret_cast(keyData->data()), .len = keyData->size()}; ncrypto::EVPKeyPointer pkey; if (keyType == KeyType::PRIVATE) { pkey = ncrypto::EVPKeyPointer::NewRawPrivate(curveId, buffer); } else if (keyType == KeyType::PUBLIC) { pkey = ncrypto::EVPKeyPointer::NewRawPublic(curveId, buffer); } else { throw std::runtime_error("Raw keys are only supported for asymmetric key types"); } if (!pkey) { throw std::runtime_error("Failed to create key from raw data"); } this->data_ = KeyObjectData::CreateAsymmetric(keyType, std::move(pkey)); return true; } bool HybridKeyObjectHandle::initECRaw(const std::string& namedCurve, const std::shared_ptr& keyData) { // Reset any existing data data_ = KeyObjectData(); // Map curve name to NID (same logic as HybridEcKeyPair::GetCurveFromName) int nid = 0; if (namedCurve == "prime256v1" || namedCurve == "P-256") { nid = NID_X9_62_prime256v1; } else if (namedCurve == "secp384r1" || namedCurve == "P-384") { nid = NID_secp384r1; } else if (namedCurve == "secp521r1" || namedCurve == "P-521") { nid = NID_secp521r1; } else if (namedCurve == "secp256k1") { nid = NID_secp256k1; } else { // Try standard OpenSSL name resolution nid = OBJ_txt2nid(namedCurve.c_str()); } if (nid == 0) { throw std::runtime_error("Unknown curve: " + namedCurve); } // Get the OpenSSL group name for this curve const char* group_name = OBJ_nid2sn(nid); if (!group_name) { throw std::runtime_error("Failed to get curve name for NID"); } EVP_PKEY* pkey = createEcEvpPkey(group_name, keyData->data(), keyData->size()); this->data_ = KeyObjectData::CreateAsymmetric(KeyType::PUBLIC, ncrypto::EVPKeyPointer(pkey)); return true; } bool HybridKeyObjectHandle::initPqcRaw(const std::string& algorithmName, const std::shared_ptr& keyData, bool isPublic) { #if OPENSSL_VERSION_NUMBER >= 0x30500000L data_ = KeyObjectData(); int nid = 0; if (algorithmName == "ML-KEM-512") nid = EVP_PKEY_ML_KEM_512; else if (algorithmName == "ML-KEM-768") nid = EVP_PKEY_ML_KEM_768; else if (algorithmName == "ML-KEM-1024") nid = EVP_PKEY_ML_KEM_1024; else if (algorithmName == "ML-DSA-44") nid = EVP_PKEY_ML_DSA_44; else if (algorithmName == "ML-DSA-65") nid = EVP_PKEY_ML_DSA_65; else if (algorithmName == "ML-DSA-87") nid = EVP_PKEY_ML_DSA_87; else if (algorithmName == "SLH-DSA-SHA2-128s") nid = EVP_PKEY_SLH_DSA_SHA2_128S; else if (algorithmName == "SLH-DSA-SHA2-128f") nid = EVP_PKEY_SLH_DSA_SHA2_128F; else if (algorithmName == "SLH-DSA-SHA2-192s") nid = EVP_PKEY_SLH_DSA_SHA2_192S; else if (algorithmName == "SLH-DSA-SHA2-192f") nid = EVP_PKEY_SLH_DSA_SHA2_192F; else if (algorithmName == "SLH-DSA-SHA2-256s") nid = EVP_PKEY_SLH_DSA_SHA2_256S; else if (algorithmName == "SLH-DSA-SHA2-256f") nid = EVP_PKEY_SLH_DSA_SHA2_256F; else if (algorithmName == "SLH-DSA-SHAKE-128s") nid = EVP_PKEY_SLH_DSA_SHAKE_128S; else if (algorithmName == "SLH-DSA-SHAKE-128f") nid = EVP_PKEY_SLH_DSA_SHAKE_128F; else if (algorithmName == "SLH-DSA-SHAKE-192s") nid = EVP_PKEY_SLH_DSA_SHAKE_192S; else if (algorithmName == "SLH-DSA-SHAKE-192f") nid = EVP_PKEY_SLH_DSA_SHAKE_192F; else if (algorithmName == "SLH-DSA-SHAKE-256s") nid = EVP_PKEY_SLH_DSA_SHAKE_256S; else if (algorithmName == "SLH-DSA-SHAKE-256f") nid = EVP_PKEY_SLH_DSA_SHAKE_256F; else throw std::runtime_error("Unknown PQC algorithm: " + algorithmName); ncrypto::Buffer buffer{.data = reinterpret_cast(keyData->data()), .len = keyData->size()}; ncrypto::EVPKeyPointer pkey; if (isPublic) { pkey = ncrypto::EVPKeyPointer::NewRawPublic(nid, buffer); } else { pkey = ncrypto::EVPKeyPointer::NewRawSeed(nid, buffer); } if (!pkey) { return false; } auto keyType = isPublic ? KeyType::PUBLIC : KeyType::PRIVATE; this->data_ = KeyObjectData::CreateAsymmetric(keyType, std::move(pkey)); return true; #else throw std::runtime_error("PQC raw key import requires OpenSSL 3.5+"); #endif } // Map a string asymmetricKeyType to an EVP_PKEY NID for OKP/PQC keys. // Returns 0 if the type is not a known OKP or PQC type. static int evpNidForAsymmetricKeyType(const std::string& asymmetricKeyType) { if (asymmetricKeyType == "ed25519") return EVP_PKEY_ED25519; if (asymmetricKeyType == "ed448") return EVP_PKEY_ED448; if (asymmetricKeyType == "x25519") return EVP_PKEY_X25519; if (asymmetricKeyType == "x448") return EVP_PKEY_X448; #if OPENSSL_VERSION_NUMBER >= 0x30500000L if (asymmetricKeyType == "ml-dsa-44") return EVP_PKEY_ML_DSA_44; if (asymmetricKeyType == "ml-dsa-65") return EVP_PKEY_ML_DSA_65; if (asymmetricKeyType == "ml-dsa-87") return EVP_PKEY_ML_DSA_87; if (asymmetricKeyType == "ml-kem-512") return EVP_PKEY_ML_KEM_512; if (asymmetricKeyType == "ml-kem-768") return EVP_PKEY_ML_KEM_768; if (asymmetricKeyType == "ml-kem-1024") return EVP_PKEY_ML_KEM_1024; if (asymmetricKeyType == "slh-dsa-sha2-128s") return EVP_PKEY_SLH_DSA_SHA2_128S; if (asymmetricKeyType == "slh-dsa-sha2-128f") return EVP_PKEY_SLH_DSA_SHA2_128F; if (asymmetricKeyType == "slh-dsa-sha2-192s") return EVP_PKEY_SLH_DSA_SHA2_192S; if (asymmetricKeyType == "slh-dsa-sha2-192f") return EVP_PKEY_SLH_DSA_SHA2_192F; if (asymmetricKeyType == "slh-dsa-sha2-256s") return EVP_PKEY_SLH_DSA_SHA2_256S; if (asymmetricKeyType == "slh-dsa-sha2-256f") return EVP_PKEY_SLH_DSA_SHA2_256F; if (asymmetricKeyType == "slh-dsa-shake-128s") return EVP_PKEY_SLH_DSA_SHAKE_128S; if (asymmetricKeyType == "slh-dsa-shake-128f") return EVP_PKEY_SLH_DSA_SHAKE_128F; if (asymmetricKeyType == "slh-dsa-shake-192s") return EVP_PKEY_SLH_DSA_SHAKE_192S; if (asymmetricKeyType == "slh-dsa-shake-192f") return EVP_PKEY_SLH_DSA_SHAKE_192F; if (asymmetricKeyType == "slh-dsa-shake-256s") return EVP_PKEY_SLH_DSA_SHAKE_256S; if (asymmetricKeyType == "slh-dsa-shake-256f") return EVP_PKEY_SLH_DSA_SHAKE_256F; #endif return 0; } bool HybridKeyObjectHandle::initRawPublic(const std::string& asymmetricKeyType, const std::shared_ptr& keyData, const std::optional& namedCurve) { data_ = KeyObjectData(); if (asymmetricKeyType == "ec") { if (!namedCurve.has_value()) { throw std::runtime_error("namedCurve is required for EC raw public key import"); } return initECRaw(namedCurve.value(), keyData); } int nid = evpNidForAsymmetricKeyType(asymmetricKeyType); if (nid == 0) { throw std::runtime_error("Invalid asymmetricKeyType for raw public key import: " + asymmetricKeyType); } ncrypto::Buffer buffer{.data = reinterpret_cast(keyData->data()), .len = keyData->size()}; auto pkey = ncrypto::EVPKeyPointer::NewRawPublic(nid, buffer); if (!pkey) { throw std::runtime_error("Failed to create raw public key"); } this->data_ = KeyObjectData::CreateAsymmetric(KeyType::PUBLIC, std::move(pkey)); return true; } bool HybridKeyObjectHandle::initRawPrivate(const std::string& asymmetricKeyType, const std::shared_ptr& keyData, const std::optional& namedCurve) { data_ = KeyObjectData(); if (asymmetricKeyType == "ec") { if (!namedCurve.has_value()) { throw std::runtime_error("namedCurve is required for EC raw private key import"); } int nid = 0; const std::string& curve = namedCurve.value(); if (curve == "prime256v1" || curve == "P-256") nid = NID_X9_62_prime256v1; else if (curve == "secp384r1" || curve == "P-384") nid = NID_secp384r1; else if (curve == "secp521r1" || curve == "P-521") nid = NID_secp521r1; else if (curve == "secp256k1") nid = NID_secp256k1; else nid = OBJ_txt2nid(curve.c_str()); if (nid == 0) { throw std::runtime_error("Unknown curve: " + curve); } auto ec_key = std::unique_ptr(EC_KEY_new_by_curve_name(nid), EC_KEY_free); if (!ec_key) { throw std::runtime_error("Failed to create EC_KEY"); } const EC_GROUP* group = EC_KEY_get0_group(ec_key.get()); BIGNUM* order = BN_new(); if (!order || EC_GROUP_get_order(group, order, nullptr) != 1) { if (order) BN_free(order); throw std::runtime_error("Failed to get EC group order"); } size_t order_size = (BN_num_bits(order) + 7) / 8; BN_free(order); if (keyData->size() != order_size) { throw std::runtime_error("Invalid EC private key length"); } BIGNUM* priv_bn = BN_bin2bn(reinterpret_cast(keyData->data()), static_cast(keyData->size()), nullptr); if (!priv_bn) { throw std::runtime_error("Failed to decode EC private key"); } if (EC_KEY_set_private_key(ec_key.get(), priv_bn) != 1) { BN_free(priv_bn); throw std::runtime_error("Failed to set EC private key"); } auto pub_point = std::unique_ptr(EC_POINT_new(group), EC_POINT_free); if (!pub_point || EC_POINT_mul(group, pub_point.get(), priv_bn, nullptr, nullptr, nullptr) != 1 || EC_KEY_set_public_key(ec_key.get(), pub_point.get()) != 1) { BN_free(priv_bn); throw std::runtime_error("Failed to derive EC public key"); } BN_free(priv_bn); EVP_PKEY* pkey = EVP_PKEY_new(); if (!pkey || EVP_PKEY_assign_EC_KEY(pkey, ec_key.get()) != 1) { if (pkey) EVP_PKEY_free(pkey); throw std::runtime_error("Failed to create EVP_PKEY from EC_KEY"); } ec_key.release(); this->data_ = KeyObjectData::CreateAsymmetric(KeyType::PRIVATE, ncrypto::EVPKeyPointer(pkey)); return true; } int nid = evpNidForAsymmetricKeyType(asymmetricKeyType); if (nid == 0) { throw std::runtime_error("Invalid asymmetricKeyType for raw private key import: " + asymmetricKeyType); } ncrypto::Buffer buffer{.data = reinterpret_cast(keyData->data()), .len = keyData->size()}; auto pkey = ncrypto::EVPKeyPointer::NewRawPrivate(nid, buffer); if (!pkey) { throw std::runtime_error("Failed to create raw private key"); } this->data_ = KeyObjectData::CreateAsymmetric(KeyType::PRIVATE, std::move(pkey)); return true; } bool HybridKeyObjectHandle::initRawSeed(const std::string& asymmetricKeyType, const std::shared_ptr& keyData) { #if OPENSSL_VERSION_NUMBER >= 0x30500000L data_ = KeyObjectData(); int nid = evpNidForAsymmetricKeyType(asymmetricKeyType); if (nid == 0) { throw std::runtime_error("Invalid asymmetricKeyType for raw seed import: " + asymmetricKeyType); } ncrypto::Buffer buffer{.data = reinterpret_cast(keyData->data()), .len = keyData->size()}; auto pkey = ncrypto::EVPKeyPointer::NewRawSeed(nid, buffer); if (!pkey) { throw std::runtime_error("Failed to create key from raw seed"); } this->data_ = KeyObjectData::CreateAsymmetric(KeyType::PRIVATE, std::move(pkey)); return true; #else throw std::runtime_error("Raw seed import requires OpenSSL 3.5+"); #endif } bool HybridKeyObjectHandle::keyEquals(const std::shared_ptr& other) { auto otherHandle = std::dynamic_pointer_cast(other); if (!otherHandle) return false; const auto& otherData = otherHandle->getKeyObjectData(); if (data_.GetKeyType() != otherData.GetKeyType()) return false; if (data_.GetKeyType() == KeyType::SECRET) { auto thisKey = data_.GetSymmetricKey(); auto otherKey = otherData.GetSymmetricKey(); if (thisKey->size() != otherKey->size()) return false; return CRYPTO_memcmp(thisKey->data(), otherKey->data(), thisKey->size()) == 0; } const auto& thisPkey = data_.GetAsymmetricKey(); const auto& otherPkey = otherData.GetAsymmetricKey(); if (!thisPkey || !otherPkey) return false; return EVP_PKEY_eq(thisPkey.get(), otherPkey.get()) == 1; } double HybridKeyObjectHandle::getSymmetricKeySize() { return static_cast(data_.GetSymmetricKeySize()); } bool HybridKeyObjectHandle::checkEcKeyData() { const auto& pkey = data_.GetAsymmetricKey(); if (!pkey || EVP_PKEY_id(pkey.get()) != EVP_PKEY_EC) { return false; } auto ctx = pkey.newCtx(); if (!ctx) { return false; } return data_.GetKeyType() == KeyType::PRIVATE ? ctx.privateCheck() : ctx.publicCheck(); } } // namespace margelo::nitro::crypto