Commit b5cf012
crypto: harden KeyObject internal slots
Move KeyObject type and handle storage behind NativeKeyObject and
expose it to JS through a module-private slot reader, mirroring the
CryptoKey hardening. Cache the native slot tuple in a private field
and lazily derive secret and asymmetric metadata from the cached
KeyObjectHandle.
Update internal crypto, QUIC, and comparison callers to use private
helpers instead of public KeyObject accessors. Keep getKeyObjectSlots
restricted to internal/crypto/keys with an ESLint guard.
Add regression coverage for brand checks, hidden slots, clone and
transfer behavior, own-property reflection, and post-clone crypto
operations. Extend the CryptoKey brand test to assert getSlots is not
reachable through the public constructor or prototype chain.
Signed-off-by: Filip Skokan <panva.ip@gmail.com>
PR-URL: #63111
Backport-PR-URL: #63563
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>1 parent f6b2466 commit b5cf012
24 files changed
Lines changed: 861 additions & 129 deletions
File tree
- lib
- internal
- crypto
- quic
- util
- src
- crypto
- test/parallel
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
61 | 61 | | |
62 | 62 | | |
63 | 63 | | |
64 | | - | |
| 64 | + | |
| 65 | + | |
| 66 | + | |
| 67 | + | |
| 68 | + | |
| 69 | + | |
| 70 | + | |
65 | 71 | | |
66 | 72 | | |
67 | 73 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
30 | 30 | | |
31 | 31 | | |
32 | 32 | | |
33 | | - | |
34 | 33 | | |
35 | 34 | | |
36 | 35 | | |
| |||
41 | 40 | | |
42 | 41 | | |
43 | 42 | | |
| 43 | + | |
| 44 | + | |
44 | 45 | | |
45 | 46 | | |
46 | 47 | | |
| |||
219 | 220 | | |
220 | 221 | | |
221 | 222 | | |
222 | | - | |
| 223 | + | |
223 | 224 | | |
224 | | - | |
| 225 | + | |
225 | 226 | | |
226 | 227 | | |
227 | 228 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
30 | 30 | | |
31 | 31 | | |
32 | 32 | | |
33 | | - | |
34 | 33 | | |
35 | 34 | | |
36 | 35 | | |
| |||
40 | 39 | | |
41 | 40 | | |
42 | 41 | | |
| 42 | + | |
| 43 | + | |
43 | 44 | | |
44 | 45 | | |
45 | 46 | | |
| |||
190 | 191 | | |
191 | 192 | | |
192 | 193 | | |
193 | | - | |
194 | | - | |
| 194 | + | |
| 195 | + | |
| 196 | + | |
195 | 197 | | |
196 | 198 | | |
197 | 199 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
14 | 14 | | |
15 | 15 | | |
16 | 16 | | |
17 | | - | |
18 | 17 | | |
19 | 18 | | |
20 | 19 | | |
| |||
24 | 23 | | |
25 | 24 | | |
26 | 25 | | |
| 26 | + | |
27 | 27 | | |
28 | 28 | | |
29 | 29 | | |
| |||
87 | 87 | | |
88 | 88 | | |
89 | 89 | | |
90 | | - | |
| 90 | + | |
91 | 91 | | |
92 | 92 | | |
93 | 93 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
34 | 34 | | |
35 | 35 | | |
36 | 36 | | |
37 | | - | |
38 | 37 | | |
39 | 38 | | |
40 | 39 | | |
| |||
47 | 46 | | |
48 | 47 | | |
49 | 48 | | |
| 49 | + | |
| 50 | + | |
50 | 51 | | |
51 | 52 | | |
52 | 53 | | |
| |||
189 | 190 | | |
190 | 191 | | |
191 | 192 | | |
192 | | - | |
193 | | - | |
| 193 | + | |
| 194 | + | |
| 195 | + | |
194 | 196 | | |
195 | 197 | | |
196 | 198 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
29 | 29 | | |
30 | 30 | | |
31 | 31 | | |
| 32 | + | |
32 | 33 | | |
33 | 34 | | |
34 | 35 | | |
| |||
75 | 76 | | |
76 | 77 | | |
77 | 78 | | |
78 | | - | |
| 79 | + | |
79 | 80 | | |
80 | 81 | | |
81 | | - | |
| 82 | + | |
82 | 83 | | |
83 | 84 | | |
84 | 85 | | |
| |||
96 | 97 | | |
97 | 98 | | |
98 | 99 | | |
99 | | - | |
| 100 | + | |
100 | 101 | | |
101 | 102 | | |
102 | 103 | | |
| |||
0 commit comments