Implement generateKey & other crypto operations for actions (#36130)

1. Remove `secure_rng_unavailable` and replace it with a wrapper `CryptoRng` which indicates that access to system randomness is allowed. This is only provided in the action environment.
2. Fix RSA-PSS verify to use the provided `saltLength`, which was otherwise incorrect when the value was non default.
3. Allow a number of operations that use SecureRandom but aren't actually nondeterministic - e.g. converting ECDSA private keys into public keys. (`ring` uses the random number generator to initialize some state for signing, but we don't always need to sign.)
4. Add new a crypto op for generating keypairs for RSA, ECDSA/ECDH, and Ed25519/X25519. These all use CryptoRng and are therefore available only in actions. Expose this operation from SubtleCrypto.generateKey.
5. Enable the relevant deno crypto tests & write another one for ed25519.
6. Fix Typescript typing for SubtleCrypto implementation. Most importantly I made the type of `algorithmNameLiteralWithParams` more precise so that we get proper literal types from `z.infer`.

GitOrigin-RevId: a6775d39655bdcfe972d13f66c63ecfadf72fcaf

Author: goffrie

crates/isolate/src/environment/action/mod.rs

@@ -123,10 +123,13 @@ use self::{
     },
     task_executor::TaskExecutor,
 };
-use super::warnings::{
-    approaching_duration_limit_warning,
-    approaching_limit_warning,
-    SystemWarning,
+use super::{
+    crypto_rng::CryptoRng,
+    warnings::{
+        approaching_duration_limit_warning,
+        approaching_limit_warning,
+        SystemWarning,
+    },
 };
 use crate::{
     client::{
@@ -1364,6 +1367,10 @@ impl<RT: Runtime> IsolateEnvironment<RT> for ActionEnvironment<RT> {
         self.phase.rng()
     }
 
+    fn crypto_rng(&mut self) -> anyhow::Result<CryptoRng> {
+        Ok(CryptoRng::new())
+    }
+
     fn unix_timestamp(&mut self) -> anyhow::Result<UnixTimestamp> {
         self.phase.unix_timestamp()
     }

crates/isolate/src/environment/analyze.rs

@@ -146,6 +146,13 @@ impl<RT: Runtime> IsolateEnvironment<RT> for AnalyzeEnvironment {
         Ok(&mut self.rng)
     }
 
+    fn crypto_rng(&mut self) -> anyhow::Result<super::crypto_rng::CryptoRng> {
+        anyhow::bail!(ErrorMetadata::bad_request(
+            "NoCryptoRngDuringImport",
+            "Cannot use cryptographic randomness at import time"
+        ))
+    }
+
     fn unix_timestamp(&mut self) -> anyhow::Result<UnixTimestamp> {
         Ok(self.unix_timestamp)
     }

crates/isolate/src/environment/auth_config.rs

@@ -83,6 +83,13 @@ impl<RT: Runtime> IsolateEnvironment<RT> for AuthConfigEnvironment {
         ))
     }
 
+    fn crypto_rng(&mut self) -> anyhow::Result<super::crypto_rng::CryptoRng> {
+        anyhow::bail!(ErrorMetadata::bad_request(
+            "NoCryptoRngDuringAuthConfig",
+            "Cannot use cryptographic randomness when evaluating auth config file"
+        ))
+    }
+
     fn unix_timestamp(&mut self) -> anyhow::Result<UnixTimestamp> {
         anyhow::bail!(ErrorMetadata::bad_request(
             "NoDateDuringAuthConfig",

crates/isolate/src/environment/component_definitions.rs

@@ -470,6 +470,13 @@ impl<RT: Runtime> IsolateEnvironment<RT> for DefinitionEnvironment {
         ))
     }
 
+    fn crypto_rng(&mut self) -> anyhow::Result<super::crypto_rng::CryptoRng> {
+        anyhow::bail!(ErrorMetadata::bad_request(
+            "NoCryptoRngDuringDefinitionEvaluation",
+            "Cannot use cryptographic randomness when evaluating app definition"
+        ))
+    }
+
     fn unix_timestamp(&mut self) -> anyhow::Result<UnixTimestamp> {
         anyhow::bail!(ErrorMetadata::bad_request(
             "NoDateDuringDefinitionEvaluation",

crates/isolate/src/environment/crypto_rng.rs

@@ -0,0 +1,21 @@
+/// Represents access to an RNG suitable for cryptographic operations like key
+/// generation, i.e. system randomness.
+///
+/// This is unavailable in deterministic UDFs (i.e. queries/mutations).
+pub struct CryptoRng(());
+
+impl CryptoRng {
+    pub fn new() -> Self {
+        CryptoRng(())
+    }
+
+    /// Returns a `ring`-compatible random number generator
+    pub fn ring(&self) -> ring::rand::SystemRandom {
+        ring::rand::SystemRandom::new()
+    }
+
+    /// Returns an `rsa`-compatible random number generator
+    pub fn rsa(&self) -> rsa::rand_core::OsRng {
+        rsa::rand_core::OsRng
+    }
+}

crates/isolate/src/environment/mod.rs

@@ -7,11 +7,14 @@ use model::{
     },
     modules::module_versions::FullModuleSource,
 };
+
+use self::crypto_rng::CryptoRng;
 pub mod action;
 pub mod analyze;
 pub mod async_op;
 pub mod auth_config;
 pub mod component_definitions;
+pub mod crypto_rng;
 pub mod helpers;
 pub mod schema;
 pub mod udf;
@@ -76,6 +79,7 @@ pub trait IsolateEnvironment<RT: Runtime>: 'static {
 
     fn trace(&mut self, level: LogLevel, messages: Vec<String>) -> anyhow::Result<()>;
     fn rng(&mut self) -> anyhow::Result<&mut ChaCha12Rng>;
+    fn crypto_rng(&mut self) -> anyhow::Result<CryptoRng>;
     fn unix_timestamp(&mut self) -> anyhow::Result<UnixTimestamp>;
 
     fn get_environment_variable(&mut self, name: EnvVarName)

crates/isolate/src/environment/schema.rs

@@ -84,6 +84,13 @@ impl<RT: Runtime> IsolateEnvironment<RT> for SchemaEnvironment {
         Ok(&mut self.rng)
     }
 
+    fn crypto_rng(&mut self) -> anyhow::Result<super::crypto_rng::CryptoRng> {
+        anyhow::bail!(ErrorMetadata::bad_request(
+            "NoCryptoRngInSchema",
+            "Cannot use cryptographic randomness when evaluating schema"
+        ))
+    }
+
     fn unix_timestamp(&mut self) -> anyhow::Result<UnixTimestamp> {
         Ok(self.unix_timestamp)
     }

crates/isolate/src/environment/udf/mod.rs

@@ -196,6 +196,16 @@ pub struct DatabaseUdfEnvironment<RT: Runtime> {
     udf_callback: Box<dyn UdfCallback<RT>>,
 }
 
+fn not_allowed_in_udf(name: &str, description: &str) -> ErrorMetadata {
+    ErrorMetadata::bad_request(
+        format!("No{name}InQueriesOrMutations"),
+        format!(
+            "Can't use {description} in queries and mutations. Please consider using an action. \
+            See https://docs.convex.dev/functions/actions for more details.",
+        ),
+    )
+}
+
 impl<RT: Runtime> IsolateEnvironment<RT> for DatabaseUdfEnvironment<RT> {
     fn trace(&mut self, level: LogLevel, messages: Vec<String>) -> anyhow::Result<()> {
         self.emit_log_line(LogLine::new_developer_log_line(
@@ -212,6 +222,10 @@ impl<RT: Runtime> IsolateEnvironment<RT> for DatabaseUdfEnvironment<RT> {
         self.phase.rng()
     }
 
+    fn crypto_rng(&mut self) -> anyhow::Result<super::crypto_rng::CryptoRng> {
+        anyhow::bail!(not_allowed_in_udf("CryptoRng", "cryptographic randomness"))
+    }
+
     fn unix_timestamp(&mut self) -> anyhow::Result<UnixTimestamp> {
         self.phase.unix_timestamp()
     }
@@ -271,13 +285,10 @@ impl<RT: Runtime> IsolateEnvironment<RT> for DatabaseUdfEnvironment<RT> {
         request: AsyncOpRequest,
         _resolver: v8::Global<v8::PromiseResolver>,
     ) -> anyhow::Result<()> {
-        anyhow::bail!(ErrorMetadata::bad_request(
-                format!("No{}InQueriesOrMutations", request.name_for_error()),
-                format!(
-                    "Can't use {} in queries and mutations. Please consider using an action. See https://docs.convex.dev/functions/actions for more details.",
-                    request.description_for_error()
-                ),
-            ))
+        anyhow::bail!(not_allowed_in_udf(
+            request.name_for_error(),
+            &request.description_for_error(),
+        ))
     }
 
     fn record_heap_stats(&self, mut isolate_stats: IsolateHeapStats) {

crates/isolate/src/isolate2/callback_context.rs

@@ -480,6 +480,11 @@ mod op_provider {
             state.environment.rng()
         }
 
+        fn crypto_rng(&mut self) -> anyhow::Result<crate::environment::crypto_rng::CryptoRng> {
+            // TODO: this needs to detect if we are in an action
+            anyhow::bail!("TODO: CryptoRng in isolate2")
+        }
+
         fn scope(&mut self) -> &mut v8::HandleScope<'scope> {
             self.scope
         }

crates/isolate/src/ops/crypto/generate_key.rs

@@ -0,0 +1,120 @@
+use anyhow::Context as _;
+use deno_core::ToJsBuffer;
+use ring::{
+    rand::SecureRandom,
+    signature::{
+        EcdsaKeyPair,
+        Ed25519KeyPair,
+        KeyPair,
+    },
+};
+use rsa::pkcs1::{
+    EncodeRsaPrivateKey,
+    EncodeRsaPublicKey,
+};
+
+use super::{
+    shared::RustRawKeyData,
+    Algorithm,
+    CryptoOps,
+    Curve25519Algorithm,
+    GenerateKeypairAlgorithm,
+    GeneratedKey,
+    GeneratedKeypair,
+};
+use crate::environment::crypto_rng::CryptoRng;
+
+impl CryptoOps {
+    pub fn generate_keypair(
+        rng: CryptoRng,
+        algorithm: GenerateKeypairAlgorithm,
+    ) -> anyhow::Result<GeneratedKeypair> {
+        match algorithm {
+            GenerateKeypairAlgorithm::Rsa {
+                name: Algorithm::RsaPss | Algorithm::RsaOaep | Algorithm::RsassaPkcs1v15,
+                modulus_length,
+                public_exponent,
+            } => {
+                let exp = rsa::BigUint::from_bytes_be(&public_exponent);
+                let private_key =
+                    rsa::RsaPrivateKey::new_with_exp(&mut rng.rsa(), modulus_length, &exp)?;
+                let public_key = private_key.to_public_key();
+                Ok(GeneratedKeypair {
+                    private_raw_data: GeneratedKey::KeyData(RustRawKeyData::Private(
+                        private_key.to_pkcs1_der()?.as_bytes().to_vec().into(),
+                    )),
+                    public_raw_data: GeneratedKey::KeyData(RustRawKeyData::Public(
+                        public_key.to_pkcs1_der()?.into_vec().into(),
+                    )),
+                })
+            },
+            GenerateKeypairAlgorithm::Ec {
+                name: Algorithm::Ecdsa | Algorithm::Ecdh,
+                named_curve,
+            } => {
+                let private_key_pkcs8 =
+                    EcdsaKeyPair::generate_pkcs8(named_curve.into(), &rng.ring())
+                        .ok()
+                        .context("failed to generate ecdsa keypair")?;
+                let keypair = EcdsaKeyPair::from_pkcs8(
+                    named_curve.into(),
+                    private_key_pkcs8.as_ref(),
+                    &rng.ring(),
+                )
+                .ok()
+                .context("failed to parse ecdsa pkcs8 that we just generated")?;
+                Ok(GeneratedKeypair {
+                    private_raw_data: GeneratedKey::KeyData(RustRawKeyData::Private(
+                        // private key is PKCS#8-encoded
+                        private_key_pkcs8.as_ref().to_vec().into(),
+                    )),
+                    public_raw_data: GeneratedKey::KeyData(RustRawKeyData::Public(
+                        // public key is just the elliptic curve point
+                        keypair.public_key().as_ref().to_vec().into(),
+                    )),
+                })
+            },
+            GenerateKeypairAlgorithm::Curve25519 {
+                name: Curve25519Algorithm::Ed25519,
+            } => {
+                let pkcs8_keypair = Ed25519KeyPair::generate_pkcs8(&rng.ring())
+                    .ok()
+                    .context("failed to generate ed25519 key")?;
+                // ring is really annoying and needs to jump through hoops to get the public key
+                // that we just generated
+                let public_key = Ed25519KeyPair::from_pkcs8(pkcs8_keypair.as_ref())
+                    .ok()
+                    .context("failed to parse ed25519 pkcs8 that we just generated")?
+                    .public_key()
+                    .as_ref()
+                    .to_vec();
+                // ring is really really annoying and doesn't export the raw
+                // seed at all, so use RustCrypto instead
+                let private_key = Self::import_pkcs8_ed25519(pkcs8_keypair.as_ref())
+                    .context("failed to import ed25519 pkcs8 that we just generated")?;
+                Ok(GeneratedKeypair {
+                    private_raw_data: GeneratedKey::RawBytes(private_key),
+                    public_raw_data: GeneratedKey::RawBytes(public_key.into()),
+                })
+            },
+            GenerateKeypairAlgorithm::Curve25519 {
+                name: Curve25519Algorithm::X25519,
+            } => {
+                // ring refuses to generate exportable X25519 keys
+                // (this should be unreachable as X25519 is rejected in the UDF runtime as well)
+                anyhow::bail!("TODO: not yet supported");
+            },
+            _ => anyhow::bail!("invalid algorithm"),
+        }
+    }
+
+    pub fn generate_key_bytes(rng: CryptoRng, length: usize) -> anyhow::Result<ToJsBuffer> {
+        anyhow::ensure!(length <= 1024, "key too long");
+        let mut buf = vec![0; length];
+        rng.ring()
+            .fill(&mut buf)
+            .ok()
+            .context("failed to generate random bytes")?;
+        Ok(buf.into())
+    }
+}