Fix finalizers (#25)

* Migrate RSA algorithms to _EvpPKey

* Migrate EC algorithms to _EvpPKey

Author: jonasfj

lib/src/impl_ffi/impl_ffi.ec_common.dart

@@ -64,15 +64,15 @@ String _ecCurveToJwkCrv(EllipticCurve curve) {
 
 /// Perform some post-import validation for EC keys.
 void _validateEllipticCurveKey(
-  ffi.Pointer<EVP_PKEY> key,
+  _EvpPKey key,
   EllipticCurve curve,
 ) {
   final scope = _Scope();
   try {
-    _checkData(ssl.EVP_PKEY_id(key) == EVP_PKEY_EC,
+    _checkData(ssl.EVP_PKEY_id.invoke(key) == EVP_PKEY_EC,
         message: 'key is not an EC key');
 
-    final ec = ssl.EVP_PKEY_get1_EC_KEY(key);
+    final ec = ssl.EVP_PKEY_get1_EC_KEY.invoke(key);
     _checkData(ec.address != 0, fallback: 'key is not an EC key');
     scope.defer(() => ssl.EC_KEY_free(ec));
 
@@ -93,35 +93,35 @@ void _validateEllipticCurveKey(
   }
 }
 
-ffi.Pointer<EVP_PKEY> _importPkcs8EcPrivateKey(
+_EvpPKey _importPkcs8EcPrivateKey(
   List<int> keyData,
   EllipticCurve curve,
 ) {
-  final key = _withDataAsCBS(keyData, ssl.EVP_parse_private_key);
-  _checkData(key.address != 0, fallback: 'unable to parse key');
-  _attachFinalizerEVP_PKEY(key);
+  final k = _withDataAsCBS(keyData, ssl.EVP_parse_private_key);
+  _checkData(k.address != 0, fallback: 'unable to parse key');
+  final key = _EvpPKey.wrap(k);
 
   _validateEllipticCurveKey(key, curve);
   return key;
 }
 
-ffi.Pointer<EVP_PKEY> _importSpkiEcPublicKey(
+_EvpPKey _importSpkiEcPublicKey(
   List<int> keyData,
   EllipticCurve curve,
 ) {
   // TODO: When calling EVP_parse_public_key it might wise to check that CBS_len(cbs) == 0 is true afterwards
   // otherwise it might be that all of the contents of the key was not consumed and we should throw
   // a FormatException. Notice that this the case for private/public keys, and RSA keys.
-  final key = _withDataAsCBS(keyData, ssl.EVP_parse_public_key);
-  _checkData(key.address != 0, fallback: 'unable to parse key');
-  _attachFinalizerEVP_PKEY(key);
+  final k = _withDataAsCBS(keyData, ssl.EVP_parse_public_key);
+  _checkData(k.address != 0, fallback: 'unable to parse key');
+  final key = _EvpPKey.wrap(k);
 
   _validateEllipticCurveKey(key, curve);
 
   return key;
 }
 
-ffi.Pointer<EVP_PKEY> _importJwkEcPrivateOrPublicKey(
+_EvpPKey _importJwkEcPrivateOrPublicKey(
   JsonWebKey jwk,
   EllipticCurve curve, {
   required bool isPrivateKey,
@@ -212,16 +212,16 @@ ffi.Pointer<EVP_PKEY> _importJwkEcPrivateOrPublicKey(
     _checkDataIsOne(ssl.EC_KEY_check_key(ec), fallback: 'invalid EC key');
 
     // Wrap with an EVP_KEY
-    final key = _createEVP_PKEYwithFinalizer();
-    _checkOpIsOne(ssl.EVP_PKEY_set1_EC_KEY(key, ec));
+    final key = _EvpPKey();
+    _checkOpIsOne(ssl.EVP_PKEY_set1_EC_KEY.invoke(key, ec));
 
     return key;
   } finally {
     scope.release();
   }
 }
 
-ffi.Pointer<EVP_PKEY> _importRawEcPublicKey(
+_EvpPKey _importRawEcPublicKey(
   List<int> keyData,
   EllipticCurve curve,
 ) {
@@ -248,8 +248,8 @@ ffi.Pointer<EVP_PKEY> _importRawEcPublicKey(
       _checkDataIsOne(ssl.EC_KEY_set_public_key(ec, pub),
           fallback: 'invalid keyData');
 
-      final key = _createEVP_PKEYwithFinalizer();
-      _checkOpIsOne(ssl.EVP_PKEY_set1_EC_KEY(key, ec));
+      final key = _EvpPKey();
+      _checkOpIsOne(ssl.EVP_PKEY_set1_EC_KEY.invoke(key, ec));
       _validateEllipticCurveKey(key, curve);
 
       return key;
@@ -261,10 +261,10 @@ ffi.Pointer<EVP_PKEY> _importRawEcPublicKey(
   }
 }
 
-Uint8List _exportRawEcPublicKey(ffi.Pointer<EVP_PKEY> key) {
+Uint8List _exportRawEcPublicKey(_EvpPKey key) {
   final scope = _Scope();
   try {
-    final ec = ssl.EVP_PKEY_get1_EC_KEY(key);
+    final ec = ssl.EVP_PKEY_get1_EC_KEY.invoke(key);
     _checkOp(ec.address != 0, fallback: 'internal key type invariant error');
     scope.defer(() => ssl.EC_KEY_free(ec));
 
@@ -285,13 +285,13 @@ Uint8List _exportRawEcPublicKey(ffi.Pointer<EVP_PKEY> key) {
 }
 
 Map<String, dynamic> _exportJwkEcPrivateOrPublicKey(
-  ffi.Pointer<EVP_PKEY> key, {
+  _EvpPKey key, {
   required bool isPrivateKey,
   String? jwkUse,
 }) {
   final scope = _Scope();
   try {
-    final ec = ssl.EVP_PKEY_get1_EC_KEY(key);
+    final ec = ssl.EVP_PKEY_get1_EC_KEY.invoke(key);
     _checkOp(ec.address != 0, fallback: 'internal key type invariant error');
     scope.defer(() => ssl.EC_KEY_free(ec));
 
@@ -340,7 +340,7 @@ Map<String, dynamic> _exportJwkEcPrivateOrPublicKey(
   }
 }
 
-KeyPair<ffi.Pointer<EVP_PKEY>, ffi.Pointer<EVP_PKEY>> _generateEcKeyPair(
+KeyPair<_EvpPKey, _EvpPKey> _generateEcKeyPair(
   EllipticCurve curve,
 ) {
   final scope = _Scope();
@@ -351,8 +351,8 @@ KeyPair<ffi.Pointer<EVP_PKEY>, ffi.Pointer<EVP_PKEY>> _generateEcKeyPair(
 
     _checkOpIsOne(ssl.EC_KEY_generate_key(ecPriv));
 
-    final privKey = _createEVP_PKEYwithFinalizer();
-    _checkOpIsOne(ssl.EVP_PKEY_set1_EC_KEY(privKey, ecPriv));
+    final privKey = _EvpPKey();
+    _checkOpIsOne(ssl.EVP_PKEY_set1_EC_KEY.invoke(privKey, ecPriv));
 
     final ecPub = ssl.EC_KEY_new_by_curve_name(_ecCurveToNID(curve));
     _checkOp(ecPub.address != 0);
@@ -362,8 +362,8 @@ KeyPair<ffi.Pointer<EVP_PKEY>, ffi.Pointer<EVP_PKEY>> _generateEcKeyPair(
       ssl.EC_KEY_get0_public_key(ecPriv),
     ));
 
-    final pubKey = _createEVP_PKEYwithFinalizer();
-    _checkOpIsOne(ssl.EVP_PKEY_set1_EC_KEY(pubKey, ecPub));
+    final pubKey = _EvpPKey();
+    _checkOpIsOne(ssl.EVP_PKEY_set1_EC_KEY.invoke(pubKey, ecPub));
 
     return _KeyPair(
       privateKey: privKey,

lib/src/impl_ffi/impl_ffi.ecdh.dart

@@ -67,7 +67,7 @@ Future<EcdhPublicKey> ecdhPublicKey_importJsonWebKey(
     ));
 
 class _EcdhPrivateKey implements EcdhPrivateKey {
-  final ffi.Pointer<EVP_PKEY> _key;
+  final _EvpPKey _key;
 
   _EcdhPrivateKey(this._key);
 
@@ -88,11 +88,11 @@ class _EcdhPrivateKey implements EcdhPrivateKey {
 
     final scope = _Scope();
     try {
-      final pubEcKey = ssl.EVP_PKEY_get1_EC_KEY(publicKey._key);
+      final pubEcKey = ssl.EVP_PKEY_get1_EC_KEY.invoke(publicKey._key);
       _checkOp(pubEcKey.address != 0, fallback: 'not an ec key');
       scope.defer(() => ssl.EC_KEY_free(pubEcKey));
 
-      final privEcKey = ssl.EVP_PKEY_get1_EC_KEY(_key);
+      final privEcKey = ssl.EVP_PKEY_get1_EC_KEY.invoke(_key);
       _checkOp(privEcKey.address != 0, fallback: 'not an ec key');
       scope.defer(() => ssl.EC_KEY_free(privEcKey));
 
@@ -164,13 +164,13 @@ class _EcdhPrivateKey implements EcdhPrivateKey {
   @override
   Future<Uint8List> exportPkcs8Key() async {
     return _withOutCBB((cbb) {
-      _checkOp(ssl.EVP_marshal_private_key(cbb, _key) == 1);
+      _checkOp(ssl.EVP_marshal_private_key.invoke(cbb, _key) == 1);
     });
   }
 }
 
 class _EcdhPublicKey implements EcdhPublicKey {
-  final ffi.Pointer<EVP_PKEY> _key;
+  final _EvpPKey _key;
 
   _EcdhPublicKey(this._key);
 
@@ -188,7 +188,7 @@ class _EcdhPublicKey implements EcdhPublicKey {
   @override
   Future<Uint8List> exportSpkiKey() async {
     return _withOutCBB((cbb) {
-      _checkOp(ssl.EVP_marshal_public_key(cbb, _key) == 1);
+      _checkOp(ssl.EVP_marshal_public_key.invoke(cbb, _key) == 1);
     });
   }
 }

lib/src/impl_ffi/impl_ffi.ecdsa.dart

@@ -89,7 +89,7 @@ Future<EcdsaPublicKey> ecdsaPublicKey_importJsonWebKey(
 ///
 /// See also: https://chromium.googlesource.com/chromium/src/+/43d62c50b705f88c67b14539e91fd8fd017f70c4/components/webcrypto/algorithms/ecdsa.cc#69
 Uint8List _convertEcdsaDerSignatureToWebCryptoSignature(
-  ffi.Pointer<EVP_PKEY> key,
+  _EvpPKey key,
   Uint8List signature,
 ) {
   final scope = _Scope();
@@ -100,7 +100,7 @@ Uint8List _convertEcdsaDerSignatureToWebCryptoSignature(
     scope.defer(() => ssl.ECDSA_SIG_free(ecdsa));
 
     // Read EC key and get the number of bytes required to encode R and S.
-    final ec = ssl.EVP_PKEY_get1_EC_KEY(key);
+    final ec = ssl.EVP_PKEY_get1_EC_KEY.invoke(key);
     _checkOp(ec.address != 0, message: 'internal key type invariant violation');
     scope.defer(() => ssl.EC_KEY_free(ec));
 
@@ -139,13 +139,13 @@ Uint8List _convertEcdsaDerSignatureToWebCryptoSignature(
 ///
 /// See also: https://chromium.googlesource.com/chromium/src/+/43d62c50b705f88c67b14539e91fd8fd017f70c4/components/webcrypto/algorithms/ecdsa.cc#111
 Uint8List? _convertEcdsaWebCryptoSignatureToDerSignature(
-  ffi.Pointer<EVP_PKEY> key,
+  _EvpPKey key,
   List<int> signature,
 ) {
   final scope = _Scope();
   try {
     // Read EC key and get the number of bytes required to encode R and S.
-    final ec = ssl.EVP_PKEY_get1_EC_KEY(key);
+    final ec = ssl.EVP_PKEY_get1_EC_KEY.invoke(key);
     _checkOp(ec.address != 0, message: 'internal key type invariant violation');
     scope.defer(() => ssl.EC_KEY_free(ec));
 
@@ -193,7 +193,7 @@ Uint8List? _convertEcdsaWebCryptoSignatureToDerSignature(
 }
 
 class _EcdsaPrivateKey implements EcdsaPrivateKey {
-  final ffi.Pointer<EVP_PKEY> _key;
+  final _EvpPKey _key;
 
   _EcdsaPrivateKey(this._key);
 
@@ -211,9 +211,13 @@ class _EcdsaPrivateKey implements EcdsaPrivateKey {
     final _hash = _Hash.fromHash(hash).MD;
 
     final sig = await _withEVP_MD_CTX((ctx) async {
-      _checkOpIsOne(
-        ssl.EVP_DigestSignInit(ctx, ffi.nullptr, _hash, ffi.nullptr, _key),
-      );
+      _checkOpIsOne(ssl.EVP_DigestSignInit.invoke(
+        ctx,
+        ffi.nullptr,
+        _hash,
+        ffi.nullptr,
+        _key,
+      ));
 
       await _streamToUpdate(data, ctx, ssl.EVP_DigestSignUpdate);
       return _withAllocation(_sslAlloc<ffi.IntPtr>(),
@@ -235,13 +239,13 @@ class _EcdsaPrivateKey implements EcdsaPrivateKey {
   @override
   Future<Uint8List> exportPkcs8Key() async {
     return _withOutCBB((cbb) {
-      _checkOp(ssl.EVP_marshal_private_key(cbb, _key) == 1);
+      _checkOp(ssl.EVP_marshal_private_key.invoke(cbb, _key) == 1);
     });
   }
 }
 
 class _EcdsaPublicKey implements EcdsaPublicKey {
-  final ffi.Pointer<EVP_PKEY> _key;
+  final _EvpPKey _key;
 
   _EcdsaPublicKey(this._key);
 
@@ -273,9 +277,13 @@ class _EcdsaPublicKey implements EcdsaPublicKey {
 
     return await _withEVP_MD_CTX((ctx) async {
       return await _withPEVP_PKEY_CTX((pctx) async {
-        _checkOpIsOne(
-          ssl.EVP_DigestVerifyInit(ctx, pctx, _hash, ffi.nullptr, _key),
-        );
+        _checkOpIsOne(ssl.EVP_DigestVerifyInit.invoke(
+          ctx,
+          pctx,
+          _hash,
+          ffi.nullptr,
+          _key,
+        ));
         await _streamToUpdate(data, ctx, ssl.EVP_DigestVerifyUpdate);
         return _withDataAsPointer(sig, (ffi.Pointer<ffi.Uint8> p) {
           final result = ssl.EVP_DigestVerifyFinal(ctx, p, sig.length);
@@ -302,7 +310,7 @@ class _EcdsaPublicKey implements EcdsaPublicKey {
   @override
   Future<Uint8List> exportSpkiKey() async {
     return _withOutCBB((cbb) {
-      _checkOp(ssl.EVP_marshal_public_key(cbb, _key) == 1);
+      _checkOp(ssl.EVP_marshal_public_key.invoke(cbb, _key) == 1);
     });
   }
 }