crypto: harden KeyObject internal slots

Move KeyObject type and handle storage behind NativeKeyObject and
expose it to JS through a module-private slot reader, mirroring the
CryptoKey hardening. Cache the native slot tuple in a private field
and lazily derive secret and asymmetric metadata from the cached
KeyObjectHandle.

Update internal crypto, QUIC, and comparison callers to use private
helpers instead of public KeyObject accessors. Keep getKeyObjectSlots
restricted to internal/crypto/keys with an ESLint guard.

Add regression coverage for brand checks, hidden slots, clone and
transfer behavior, own-property reflection, and post-clone crypto
operations. Extend the CryptoKey brand test to assert getSlots is not
reachable through the public constructor or prototype chain.

Signed-off-by: Filip Skokan <panva.ip@gmail.com>
PR-URL: #63111
Backport-PR-URL: #63563
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>

Author: panva

lib/eslint.config_partial.mjs

@@ -61,7 +61,13 @@ export default [
     rules: {
       'prefer-object-spread': 'error',
       'no-buffer-constructor': 'error',
-      'no-restricted-syntax': noRestrictedSyntax,
+      'no-restricted-syntax': [
+        ...noRestrictedSyntax,
+        {
+          selector: "VariableDeclarator[init.type='CallExpression'][init.callee.name='internalBinding'][init.arguments.0.value='crypto'] > ObjectPattern > Property[key.name='getKeyObjectSlots']",
+          message: "Use `const { getKeyObjectSlots } = require('internal/crypto/keys');` instead of destructuring it from `internalBinding('crypto')`.",
+        },
+      ],
       'no-restricted-globals': [
         'error',
         {

lib/internal/crypto/aes.js

@@ -30,7 +30,6 @@ const {
   getUsagesMask,
   hasAnyNotIn,
   jobPromise,
-  kHandle,
 } = require('internal/crypto/util');
 
 const {
@@ -41,6 +40,8 @@ const {
   InternalCryptoKey,
   getCryptoKeyAlgorithm,
   getCryptoKeyHandle,
+  getKeyObjectHandle,
+  getKeyObjectSymmetricKeySize,
 } = require('internal/crypto/keys');
 
 const {
@@ -219,9 +220,9 @@ function aesImportKey(
   let length;
   switch (format) {
     case 'KeyObject': {
-      length = keyData.symmetricKeySize * 8;
+      length = getKeyObjectSymmetricKeySize(keyData) * 8;
       validateKeyLength(length);
-      handle = keyData[kHandle];
+      handle = getKeyObjectHandle(keyData);
       break;
     }
     case 'raw-secret':

lib/internal/crypto/cfrg.js

@@ -30,7 +30,6 @@ const {
   getUsagesUnion,
   hasAnyNotIn,
   jobPromise,
-  kHandle,
 } = require('internal/crypto/util');
 
 const {
@@ -40,6 +39,8 @@ const {
 const {
   getCryptoKeyHandle,
   getCryptoKeyType,
+  getKeyObjectHandle,
+  getKeyObjectType,
   InternalCryptoKey,
 } = require('internal/crypto/keys');
 
@@ -190,8 +191,9 @@ function cfrgImportKey(
   const usagesSet = new SafeSet(keyUsages);
   switch (format) {
     case 'KeyObject': {
-      verifyAcceptableCfrgKeyUse(name, keyData.type === 'public', usagesSet);
-      handle = keyData[kHandle];
+      verifyAcceptableCfrgKeyUse(
+        name, getKeyObjectType(keyData) === 'public', usagesSet);
+      handle = getKeyObjectHandle(keyData);
       break;
     }
     case 'spki': {

lib/internal/crypto/chacha20_poly1305.js

@@ -14,7 +14,6 @@ const {
   getUsagesMask,
   hasAnyNotIn,
   jobPromise,
-  kHandle,
 } = require('internal/crypto/util');
 
 const {
@@ -24,6 +23,7 @@ const {
 const {
   InternalCryptoKey,
   getCryptoKeyHandle,
+  getKeyObjectHandle,
 } = require('internal/crypto/keys');
 
 const {
@@ -87,7 +87,7 @@ function c20pImportKey(
   let handle;
   switch (format) {
     case 'KeyObject': {
-      handle = keyData[kHandle];
+      handle = getKeyObjectHandle(keyData);
       break;
     }
     case 'raw-secret': {

lib/internal/crypto/ec.js

@@ -34,7 +34,6 @@ const {
   hasAnyNotIn,
   jobPromise,
   normalizeHashName,
-  kHandle,
   kNamedCurveAliases,
 } = require('internal/crypto/util');
 
@@ -47,6 +46,8 @@ const {
   getCryptoKeyAlgorithm,
   getCryptoKeyHandle,
   getCryptoKeyType,
+  getKeyObjectHandle,
+  getKeyObjectType,
 } = require('internal/crypto/keys');
 
 const {
@@ -189,8 +190,9 @@ function ecImportKey(
   const usagesSet = new SafeSet(keyUsages);
   switch (format) {
     case 'KeyObject': {
-      verifyAcceptableEcKeyUse(name, keyData.type === 'public', usagesSet);
-      handle = keyData[kHandle];
+      verifyAcceptableEcKeyUse(
+        name, getKeyObjectType(keyData) === 'public', usagesSet);
+      handle = getKeyObjectHandle(keyData);
       break;
     }
     case 'spki': {

lib/internal/crypto/hkdf.js

@@ -29,6 +29,7 @@ const {
 const {
   createSecretKey,
   getCryptoKeyHandle,
+  getKeyObjectHandle,
   isKeyObject,
 } = require('internal/crypto/keys');
 
@@ -75,10 +76,10 @@ const validateParameters = hideStackFrames((hash, key, salt, info, length) => {
 
 function prepareKey(key) {
   if (isKeyObject(key))
-    return key;
+    return getKeyObjectHandle(key);
 
   if (isAnyArrayBuffer(key))
-    return createSecretKey(key);
+    return getKeyObjectHandle(createSecretKey(key));
 
   key = toBuf(key);
 
@@ -96,7 +97,7 @@ function prepareKey(key) {
       key);
   }
 
-  return createSecretKey(key);
+  return getKeyObjectHandle(createSecretKey(key));
 }
 
 function hkdf(hash, key, salt, info, length, callback) {