[CX-6055] [crypto] implement exportKey (#23813)

copy from deno (with license).
the only code change is i removed `SafeArrayIterator` (a deno primordial).

enable round trip tests.

GitOrigin-RevId: 70162f6c15f6c6b918bb03ed004d41fe186246ad

Author: ldanilek

crates/isolate/src/execution_scope.rs

@@ -585,7 +585,14 @@ impl<'a, 'b: 'a, RT: Runtime, E: IsolateEnvironment<RT>> ExecutionScope<'a, 'b,
             "crypto/importPkcs8Ed25519" => self.op_crypto_import_pkcs8_ed25519(args, rv)?,
             "crypto/importSpkiX25519" => self.op_crypto_import_spki_x25519(args, rv)?,
             "crypto/importPkcs8X25519" => self.op_crypto_import_pkcs8_x25519(args, rv)?,
+            "crypto/base64UrlEncode" => self.op_crypto_base64_url_encode(args, rv)?,
             "crypto/base64UrlDecode" => self.op_crypto_base64_url_decode(args, rv)?,
+            "crypto/exportKey" => self.op_crypto_export_key(args, rv)?,
+            "crypto/exportSpkiEd25519" => self.op_crypto_export_spki_ed25519(args, rv)?,
+            "crypto/exportPkcs8Ed25519" => self.op_crypto_export_pkcs8_ed25519(args, rv)?,
+            "crypto/JwkXEd25519" => self.op_crypto_jwk_x_ed25519(args, rv)?,
+            "crypto/exportSpkiX25519" => self.op_crypto_export_spki_x25519(args, rv)?,
+            "crypto/exportPkcs8X25519" => self.op_crypto_export_pkcs8_x25519(args, rv)?,
             _ => {
                 anyhow::bail!(ErrorMetadata::bad_request(
                     "UnknownOperation",

crates/isolate/src/ops/crypto/ed25519.rs

@@ -7,16 +7,27 @@ use deno_core::{
 };
 use elliptic_curve::pkcs8::PrivateKeyInfo;
 use p256::pkcs8::der::Decode as _;
-use ring::signature::Ed25519KeyPair;
+use ring::signature::{
+    Ed25519KeyPair,
+    KeyPair,
+};
 use spki::{
     der::{
+        asn1::BitString,
         AnyRef,
         Decode,
+        Encode,
     },
     SubjectPublicKeyInfo,
 };
 
-use super::CryptoOps;
+use super::{
+    shared::{
+        custom_error,
+        AnyError,
+    },
+    CryptoOps,
+};
 
 // id-Ed25519 OBJECT IDENTIFIER ::= { 1 3 101 112 }
 pub const ED25519_OID: const_oid::ObjectIdentifier =
@@ -79,4 +90,46 @@ impl CryptoOps {
         }
         Some(pk_info.private_key[2..].to_vec().into())
     }
+
+    pub fn export_spki_ed25519(pubkey: &[u8]) -> Result<ToJsBuffer, AnyError> {
+        let key_info = spki::SubjectPublicKeyInfo {
+            algorithm: spki::AlgorithmIdentifierOwned {
+                // id-Ed25519
+                oid: ED25519_OID,
+                parameters: None,
+            },
+            subject_public_key: BitString::from_bytes(pubkey)?,
+        };
+        Ok(key_info
+            .to_der()
+            .map_err(|_| custom_error("DOMExceptionOperationError", "Failed to export key"))?
+            .into())
+    }
+
+    pub fn export_pkcs8_ed25519(pkey: &[u8]) -> Result<ToJsBuffer, AnyError> {
+        // This should probably use OneAsymmetricKey instead
+        let pk_info = rsa::pkcs8::PrivateKeyInfo {
+            public_key: None,
+            algorithm: rsa::pkcs8::AlgorithmIdentifierRef {
+                // id-Ed25519
+                oid: ED25519_OID,
+                parameters: None,
+            },
+            private_key: pkey, // OCTET STRING
+        };
+
+        let mut buf = Vec::new();
+        pk_info.encode_to_vec(&mut buf)?;
+        Ok(buf.into())
+    }
+
+    // 'x' from Section 2 of RFC 8037
+    // https://www.rfc-editor.org/rfc/rfc8037#section-2
+    pub fn jwk_x_ed25519(pkey: &[u8]) -> Result<String, AnyError> {
+        let pair = Ed25519KeyPair::from_seed_unchecked(pkey).map_err(|e| anyhow::anyhow!(e))?;
+        Ok(base64::encode_config(
+            pair.public_key().as_ref(),
+            base64::URL_SAFE_NO_PAD,
+        ))
+    }
 }