Switch from ring to aws-lc-rs for SubtleCrypto (#37069)

GitOrigin-RevId: e7c1ba31a601f9e31f7267dda348c692780cc1d7

Author: goffrie

Cargo.lock

@@ -18,6 +18,7 @@ cbc = { version = "0.1.2" }
 csv-async = "1.2"
 atomic_refcell = "0.1.13"
 aws-config = { version = "1.6", default-features = false, features = [ "client-hyper", "default-https-client", "rustls", "rt-tokio" ] }
+aws-lc-rs = { version = "1.13", default-features = false, features = [ "aws-lc-sys", "prebuilt-nasm" ] }
 aws-sdk-s3 = { version = "1.83", default-features = false, features = [ "default-https-client", "rt-tokio", "sigv4a" ] }
 aws-smithy-http = "0.60.8"
 aws-smithy-types-convert = { version = "0.60", features = [ "convert-streams" ] }
@@ -130,7 +131,6 @@ ref-cast = "1.0.20"
 regex = "1"
 reqwest = { version = "0.12.7", features = [ "json", "stream", "gzip", "native-tls-vendored" ] }
 reqwest-middleware = "0.4.1"
-ring = "0.17.8"
 rsa = "0.9.6"
 rusqlite = { version = "0.32", features = [ "bundled" ] }
 saffron = { git = "https://github.com/get-convex/saffron", rev = "1d842379919fb5c1988ac127cebd6167b1eb9bec", features = [ "std" ] }

Cargo.toml

@@ -21,6 +21,7 @@ async-broadcast = { workspace = true }
 async-channel = { workspace = true }
 async-recursion = { workspace = true }
 async-trait = { workspace = true }
+aws-lc-rs = { workspace = true }
 axum = { workspace = true }
 base64 = { workspace = true }
 bytes = { workspace = true }
@@ -65,7 +66,6 @@ proptest-http = { workspace = true, optional = true }
 rand = { workspace = true }
 rand_chacha = { workspace = true }
 regex = { workspace = true }
-ring = { workspace = true }
 runtime = { path = "../runtime" }
 search = { path = "../search" }
 semver = { workspace = true }

crates/isolate/Cargo.toml

@@ -9,8 +9,8 @@ impl CryptoRng {
         CryptoRng(())
     }
 
-    /// Returns a `ring`-compatible random number generator
-    pub fn ring(&self) -> ring::rand::SystemRandom {
-        ring::rand::SystemRandom::new()
+    /// Returns a `aws_lc_rs`-compatible random number generator
+    pub fn aws_lc(&self) -> aws_lc_rs::rand::SystemRandom {
+        aws_lc_rs::rand::SystemRandom::new()
     }
 }

crates/isolate/src/environment/crypto_rng.rs

@@ -1,12 +1,12 @@
 // Copyright 2018-2023 the Deno authors. All rights reserved. MIT license.
 // https://github.com/denoland/deno/blob/main/ext/crypto/ed25519.rs
 
-use deno_core::ToJsBuffer;
-use elliptic_curve::pkcs8::PrivateKeyInfo;
-use ring::signature::{
+use aws_lc_rs::signature::{
     Ed25519KeyPair,
     KeyPair,
 };
+use deno_core::ToJsBuffer;
+use elliptic_curve::pkcs8::PrivateKeyInfo;
 use spki::{
     der::{
         asn1::BitString,
@@ -40,7 +40,7 @@ impl CryptoOps {
     }
 
     pub fn verify_ed25519(pubkey: &[u8], data: &[u8], signature: &[u8]) -> bool {
-        ring::signature::UnparsedPublicKey::new(&ring::signature::ED25519, pubkey)
+        aws_lc_rs::signature::UnparsedPublicKey::new(&aws_lc_rs::signature::ED25519, pubkey)
             .verify(data, signature)
             .is_ok()
     }

crates/isolate/src/ops/crypto/ed25519.rs

@@ -1,17 +1,18 @@
 use anyhow::Context as _;
-use deno_core::ToJsBuffer;
-use openssl::{
-    bn::BigNum,
-    rsa::Rsa,
-};
-use ring::{
+use aws_lc_rs::{
+    encoding::AsBigEndian as _,
     rand::SecureRandom,
     signature::{
         EcdsaKeyPair,
         Ed25519KeyPair,
         KeyPair,
     },
 };
+use deno_core::ToJsBuffer;
+use openssl::{
+    bn::BigNum,
+    rsa::Rsa,
+};
 
 use super::{
     shared::RustRawKeyData,
@@ -26,7 +27,7 @@ use crate::environment::crypto_rng::CryptoRng;
 
 impl CryptoOps {
     pub fn generate_keypair(
-        rng: CryptoRng,
+        _rng: CryptoRng,
         algorithm: GenerateKeypairAlgorithm,
     ) -> anyhow::Result<GeneratedKeypair> {
         match algorithm {
@@ -53,21 +54,17 @@ impl CryptoOps {
                 name: Algorithm::Ecdsa | Algorithm::Ecdh,
                 named_curve,
             } => {
-                let private_key_pkcs8 =
-                    EcdsaKeyPair::generate_pkcs8(named_curve.into(), &rng.ring())
-                        .ok()
-                        .context("failed to generate ecdsa keypair")?;
-                let keypair = EcdsaKeyPair::from_pkcs8(
-                    named_curve.into(),
-                    private_key_pkcs8.as_ref(),
-                    &rng.ring(),
-                )
-                .ok()
-                .context("failed to parse ecdsa pkcs8 that we just generated")?;
+                let keypair = EcdsaKeyPair::generate(named_curve.into())
+                    .context("failed to generate ecdsa keypair")?;
                 Ok(GeneratedKeypair {
                     private_raw_data: GeneratedKey::KeyData(RustRawKeyData::Private(
                         // private key is PKCS#8-encoded
-                        private_key_pkcs8.as_ref().to_vec().into(),
+                        keypair
+                            .to_pkcs8v1()
+                            .context("failed to serialize ecdsa keypair")?
+                            .as_ref()
+                            .to_vec()
+                            .into(),
                     )),
                     public_raw_data: GeneratedKey::KeyData(RustRawKeyData::Public(
                         // public key is just the elliptic curve point
@@ -78,23 +75,16 @@ impl CryptoOps {
             GenerateKeypairAlgorithm::Curve25519 {
                 name: Curve25519Algorithm::Ed25519,
             } => {
-                let pkcs8_keypair = Ed25519KeyPair::generate_pkcs8(&rng.ring())
-                    .ok()
-                    .context("failed to generate ed25519 key")?;
-                // ring is really annoying and needs to jump through hoops to get the public key
-                // that we just generated
-                let public_key = Ed25519KeyPair::from_pkcs8(pkcs8_keypair.as_ref())
-                    .ok()
-                    .context("failed to parse ed25519 pkcs8 that we just generated")?
-                    .public_key()
-                    .as_ref()
-                    .to_vec();
-                // ring is really really annoying and doesn't export the raw
-                // seed at all, so use RustCrypto instead
-                let private_key = Self::import_pkcs8_ed25519(pkcs8_keypair.as_ref())
-                    .context("failed to import ed25519 pkcs8 that we just generated")?;
+                let keypair =
+                    Ed25519KeyPair::generate().context("failed to generate ed25519 key")?;
+                let public_key = keypair.public_key().as_ref().to_vec();
+                let private_key = keypair
+                    .seed()
+                    .context("failed to get generated ed25519 seed")?
+                    .as_be_bytes()
+                    .context("failed to get generated ed25519 seed")?;
                 Ok(GeneratedKeypair {
-                    private_raw_data: GeneratedKey::RawBytes(private_key),
+                    private_raw_data: GeneratedKey::RawBytes(private_key.as_ref().to_vec().into()),
                     public_raw_data: GeneratedKey::RawBytes(public_key.into()),
                 })
             },
@@ -112,7 +102,7 @@ impl CryptoOps {
     pub fn generate_key_bytes(rng: CryptoRng, length: usize) -> anyhow::Result<ToJsBuffer> {
         anyhow::ensure!(length <= 1024, "key too long");
         let mut buf = vec![0; length];
-        rng.ring()
+        rng.aws_lc()
             .fill(&mut buf)
             .ok()
             .context("failed to generate random bytes")?;

crates/isolate/src/ops/crypto/generate_key.rs

@@ -2,11 +2,11 @@
 // https://github.com/denoland/deno/blob/main/ext/crypto/import_key.rs
 
 use anyhow::Context as _;
+use aws_lc_rs::signature::EcdsaKeyPair;
 use deno_core::ToJsBuffer;
 use elliptic_curve::pkcs8::PrivateKeyInfo;
 use p256::pkcs8::EncodePrivateKey;
 use pkcs1::UintRef;
-use ring::signature::EcdsaKeyPair;
 use serde::{
     Deserialize,
     Serialize,
@@ -549,32 +549,19 @@ fn import_key_ec_jwk(
 }
 
 fn validate_ecdsa_pkcs8(
-    key_alg: &'static ring::signature::EcdsaSigningAlgorithm,
+    key_alg: &'static aws_lc_rs::signature::EcdsaSigningAlgorithm,
     pkcs8: &[u8],
-) -> Result<(), ring::error::KeyRejected> {
-    EcdsaKeyPair::from_pkcs8(
-        key_alg,
-        pkcs8,
-        // This randomness does not affect whether the key is accepted or rejected, and we throw
-        // away the returned keypair
-        &ring::rand::SystemRandom::new(),
-    )?;
+) -> Result<(), aws_lc_rs::error::KeyRejected> {
+    EcdsaKeyPair::from_pkcs8(key_alg, pkcs8)?;
     Ok(())
 }
 
 fn validate_ecdsa_private_key(
-    key_alg: &'static ring::signature::EcdsaSigningAlgorithm,
+    key_alg: &'static aws_lc_rs::signature::EcdsaSigningAlgorithm,
     private_key: &[u8],
     public_key: &[u8],
-) -> Result<(), ring::error::KeyRejected> {
-    EcdsaKeyPair::from_private_key_and_public_key(
-        key_alg,
-        private_key,
-        public_key,
-        // This randomness does not affect whether the key is accepted or rejected, and we throw
-        // away the returned keypair
-        &ring::rand::SystemRandom::new(),
-    )?;
+) -> Result<(), aws_lc_rs::error::KeyRejected> {
+    EcdsaKeyPair::from_private_key_and_public_key(key_alg, private_key, public_key)?;
     Ok(())
 }