Revert "Update node crypto kdf apis to use BufferSource" (#3118)

Author: danlapid

src/workerd/api/crypto/hkdf.c++

@@ -54,11 +54,8 @@ private:
 
     auto derivedLengthBytes = length / 8;
 
-    auto bs = JSG_REQUIRE_NONNULL(hkdf(js, derivedLengthBytes, hashType, keyData, salt, info),
+    return JSG_REQUIRE_NONNULL(hkdf(derivedLengthBytes, hashType, keyData, salt, info),
         DOMOperationError, "HKDF deriveBits failed.");
-
-    // TODO(cleanup): deriveBits should return a BufferSource and will do so soon.
-    return bs.asArrayPtr().attach(kj::mv(bs));
   }
 
   kj::StringPtr getAlgorithmName() const override {
@@ -83,18 +80,17 @@ private:
 
 }  // namespace
 
-kj::Maybe<jsg::BufferSource> hkdf(jsg::Lock& js,
-    size_t length,
+kj::Maybe<kj::Array<kj::byte>> hkdf(size_t length,
     const EVP_MD* digest,
     kj::ArrayPtr<const kj::byte> key,
     kj::ArrayPtr<const kj::byte> salt,
     kj::ArrayPtr<const kj::byte> info) {
-  auto buf = jsg::BackingStore::alloc<v8::ArrayBuffer>(js, length);
-  if (HKDF(buf.asArrayPtr().begin(), length, digest, key.begin(), key.size(), salt.begin(),
-          salt.size(), info.begin(), info.size()) != 1) {
+  auto buf = kj::heapArray<kj::byte>(length);
+  if (HKDF(buf.begin(), length, digest, key.begin(), key.size(), salt.begin(), salt.size(),
+          info.begin(), info.size()) != 1) {
     return kj::none;
   }
-  return jsg::BufferSource(js, kj::mv(buf));
+  return kj::mv(buf);
 }
 
 kj::Own<CryptoKey::Impl> CryptoKey::Impl::importHkdf(jsg::Lock& js,

src/workerd/api/crypto/kdf.h

@@ -9,32 +9,24 @@
 
 typedef struct env_md_st EVP_MD;
 
-namespace workerd::jsg {
-class Lock;
-class BufferSource;
-}  // namespace workerd::jsg
-
 namespace workerd::api {
 
 // Perform HKDF key derivation.
-kj::Maybe<jsg::BufferSource> hkdf(jsg::Lock& js,
-    size_t length,
+kj::Maybe<kj::Array<kj::byte>> hkdf(size_t length,
     const EVP_MD* digest,
     kj::ArrayPtr<const kj::byte> key,
     kj::ArrayPtr<const kj::byte> salt,
     kj::ArrayPtr<const kj::byte> info);
 
 // Perform PBKDF2 key derivation.
-kj::Maybe<jsg::BufferSource> pbkdf2(jsg::Lock& js,
-    size_t length,
+kj::Maybe<kj::Array<kj::byte>> pbkdf2(size_t length,
     size_t iterations,
     const EVP_MD* digest,
     kj::ArrayPtr<const kj::byte> password,
     kj::ArrayPtr<const kj::byte> salt);
 
 // Perform Scrypt key derivation.
-kj::Maybe<jsg::BufferSource> scrypt(jsg::Lock& js,
-    size_t length,
+kj::Maybe<kj::Array<kj::byte>> scrypt(size_t length,
     uint32_t N,
     uint32_t r,
     uint32_t p,

src/workerd/api/crypto/pbkdf2.c++

@@ -63,11 +63,8 @@ private:
     // wisest.
     checkPbkdfLimits(js, iterations);
 
-    auto buf = JSG_REQUIRE_NONNULL(pbkdf2(js, length / 8, iterations, hashType, keyData, salt),
-        Error, "PBKDF2 deriveBits failed.");
-    // TODO(cleanup): This is a bit of a hack. deriveBits should return a BufferSource and
-    // will do so soon.
-    return buf.asArrayPtr().attach(kj::mv(buf));
+    return JSG_REQUIRE_NONNULL(pbkdf2(length / 8, iterations, hashType, keyData, salt), Error,
+        "PBKDF2 deriveBits failed.");
   }
 
   // TODO(bug): Possibly by mistake, PBKDF2 was historically not on the allow list of
@@ -104,18 +101,17 @@ private:
 
 }  // namespace
 
-kj::Maybe<jsg::BufferSource> pbkdf2(jsg::Lock& js,
-    size_t length,
+kj::Maybe<kj::Array<kj::byte>> pbkdf2(size_t length,
     size_t iterations,
     const EVP_MD* digest,
     kj::ArrayPtr<const kj::byte> password,
     kj::ArrayPtr<const kj::byte> salt) {
-  auto buf = jsg::BackingStore::alloc<v8::ArrayBuffer>(js, length);
+  auto buf = kj::heapArray<kj::byte>(length);
   if (PKCS5_PBKDF2_HMAC(password.asChars().begin(), password.size(), salt.begin(), salt.size(),
-          iterations, digest, length, buf.asArrayPtr().begin()) != 1) {
+          iterations, digest, length, buf.begin()) != 1) {
     return kj::none;
   }
-  return jsg::BufferSource(js, kj::mv(buf));
+  return kj::mv(buf);
 }
 
 kj::Own<CryptoKey::Impl> CryptoKey::Impl::importPbkdf2(jsg::Lock& js,

src/workerd/api/crypto/scrypt.c++

@@ -10,18 +10,17 @@
 
 namespace workerd::api {
 
-kj::Maybe<jsg::BufferSource> scrypt(jsg::Lock& js,
-    size_t length,
+kj::Maybe<kj::Array<kj::byte>> scrypt(size_t length,
     uint32_t N,
     uint32_t r,
     uint32_t p,
     uint32_t maxmem,
     kj::ArrayPtr<const kj::byte> pass,
     kj::ArrayPtr<const kj::byte> salt) {
   ClearErrorOnReturn clearErrorOnReturn;
-  auto buf = jsg::BackingStore::alloc<v8::ArrayBuffer>(js, length);
+  auto buf = kj::heapArray<kj::byte>(length);
   if (!EVP_PBE_scrypt(pass.asChars().begin(), pass.size(), salt.begin(), salt.size(), N, r, p,
-          maxmem, buf.asArrayPtr().begin(), length)) {
+          maxmem, buf.begin(), length)) {
     // This does not currently handle the errors in exactly the same way as
     // the Node.js implementation but that's probably ok? We can update the
     // error thrown to match Node.js more closely later if necessary. There
@@ -31,7 +30,7 @@ kj::Maybe<jsg::BufferSource> scrypt(jsg::Lock& js,
     }
     return kj::none;
   }
-  return jsg::BufferSource(js, kj::mv(buf));
+  return kj::mv(buf);
 }
 
 }  // namespace workerd::api

src/workerd/api/node/crypto.c++

@@ -12,8 +12,7 @@
 
 namespace workerd::api::node {
 
-jsg::BufferSource CryptoImpl::getHkdf(jsg::Lock& js,
-    kj::String hash,
+kj::Array<kj::byte> CryptoImpl::getHkdf(kj::String hash,
     kj::Array<const kj::byte> key,
     kj::Array<const kj::byte> salt,
     kj::Array<const kj::byte> info,
@@ -44,10 +43,10 @@ jsg::BufferSource CryptoImpl::getHkdf(jsg::Lock& js,
   JSG_REQUIRE(
       length <= EVP_MD_size(digest) * kMaxDigestMultiplier, RangeError, "Invalid Hkdf key length");
 
-  return JSG_REQUIRE_NONNULL(hkdf(js, length, digest, key, salt, info), Error, "Hkdf failed");
+  return JSG_REQUIRE_NONNULL(hkdf(length, digest, key, salt, info), Error, "Hkdf failed");
 }
 
-jsg::BufferSource CryptoImpl::getPbkdf(jsg::Lock& js,
+kj::Array<kj::byte> CryptoImpl::getPbkdf(jsg::Lock& js,
     kj::Array<const kj::byte> password,
     kj::Array<const kj::byte> salt,
     uint32_t num_iterations,
@@ -71,10 +70,10 @@ jsg::BufferSource CryptoImpl::getPbkdf(jsg::Lock& js,
 
   // Both pass and salt may be zero length here.
   return JSG_REQUIRE_NONNULL(
-      pbkdf2(js, keylen, num_iterations, digest, password, salt), Error, "Pbkdf2 failed");
+      pbkdf2(keylen, num_iterations, digest, password, salt), Error, "Pbkdf2 failed");
 }
 
-jsg::BufferSource CryptoImpl::getScrypt(jsg::Lock& js,
+kj::Array<kj::byte> CryptoImpl::getScrypt(jsg::Lock& js,
     kj::Array<const kj::byte> password,
     kj::Array<const kj::byte> salt,
     uint32_t N,
@@ -87,7 +86,7 @@ jsg::BufferSource CryptoImpl::getScrypt(jsg::Lock& js,
   JSG_REQUIRE(salt.size() <= INT32_MAX, RangeError, "Scrypt failed: salt is too large");
 
   return JSG_REQUIRE_NONNULL(
-      scrypt(js, keylen, N, r, p, maxmem, password, salt), Error, "Scrypt failed");
+      scrypt(keylen, N, r, p, maxmem, password, salt), Error, "Scrypt failed");
 }
 
 bool CryptoImpl::verifySpkac(kj::Array<const kj::byte> input) {

src/workerd/api/node/crypto.h

@@ -115,23 +115,22 @@ class CryptoImpl final: public jsg::Object {
   };
 
   // Hkdf
-  jsg::BufferSource getHkdf(jsg::Lock& js,
-      kj::String hash,
+  kj::Array<kj::byte> getHkdf(kj::String hash,
       kj::Array<const kj::byte> key,
       kj::Array<const kj::byte> salt,
       kj::Array<const kj::byte> info,
       uint32_t length);
 
   // Pbkdf2
-  jsg::BufferSource getPbkdf(jsg::Lock& js,
+  kj::Array<kj::byte> getPbkdf(jsg::Lock& js,
       kj::Array<const kj::byte> password,
       kj::Array<const kj::byte> salt,
       uint32_t num_iterations,
       uint32_t keylen,
       kj::String name);
 
   // Scrypt
-  jsg::BufferSource getScrypt(jsg::Lock& js,
+  kj::Array<kj::byte> getScrypt(jsg::Lock& js,
       kj::Array<const kj::byte> password,
       kj::Array<const kj::byte> salt,
       uint32_t N,