feat: US-003 - Fix crypto DH/ECDH key agreement

Author: NathanFlurry

.agent/contracts/node-bridge.md

@@ -94,6 +94,19 @@ Bridge-provided randomness for global `crypto` APIs MUST delegate to host `node:
 - **WHEN** host `node:crypto` randomness primitives are unavailable or fail
 - **THEN** the bridge MUST throw a deterministic error matching the unsupported API format (`"<module>.<api> is not supported in sandbox"`) for the invoked randomness API and MUST NOT fall back to non-cryptographic randomness
 
+### Requirement: Diffie-Hellman And ECDH Bridge Uses Host Node Crypto Objects
+Bridge-provided `crypto` Diffie-Hellman and ECDH APIs SHALL delegate to host `node:crypto` objects so constructor validation, session state, encodings, and shared-secret derivation match Node.js semantics.
+
+#### Scenario: Sandbox creates a Diffie-Hellman session
+- **WHEN** sandboxed code calls `crypto.createDiffieHellman(...)`, `crypto.getDiffieHellman(...)`, or `crypto.createECDH(...)`
+- **THEN** the bridge MUST construct the corresponding host `node:crypto` object
+- **AND** subsequent method calls such as `generateKeys()`, `computeSecret()`, `getPublicKey()`, and `setPrivateKey()` MUST execute against that host object rather than an isolate-local reimplementation
+
+#### Scenario: Sandbox uses stateless crypto.diffieHellman
+- **WHEN** sandboxed code calls `crypto.diffieHellman({ privateKey, publicKey })`
+- **THEN** the bridge MUST delegate to host `node:crypto.diffieHellman`
+- **AND** the returned shared secret and thrown validation errors MUST preserve Node-compatible behavior
+
 ### Requirement: Bridge FS Open Flag Translation Uses Named Constants
 The bridge `fs` implementation MUST express string-flag translation using named open-flag constants (for example `O_WRONLY | O_CREAT | O_TRUNC`) aligned with Node `fs.constants` semantics, and MUST NOT rely on undocumented numeric literals.
 

docs/nodejs-conformance-report.mdx

@@ -12,18 +12,18 @@ description: Node.js v22 test/parallel/ conformance results for the secure-exec
 | Node.js version | 22.14.0 |
 | Source | v22.14.0 (test/parallel/) |
 | Total tests | 3532 |
-| Passing (genuine) | 737 (20.9%) |
+| Passing (genuine) | 738 (20.9%) |
 | Passing (vacuous self-skip) | 34 |
-| Passing (total) | 771 (21.8%) |
-| Expected fail | 2690 |
+| Passing (total) | 772 (21.9%) |
+| Expected fail | 2689 |
 | Skip | 71 |
 | Last updated | 2026-03-25 |
 
 ## Failure Categories
 
 | Category | Tests |
 | --- | --- |
-| implementation-gap | 1389 |
+| implementation-gap | 1388 |
 | unsupported-module | 737 |
 | requires-v8-flags | 239 |
 | requires-exec-path | 200 |
@@ -70,7 +70,7 @@ description: Node.js v22 test/parallel/ conformance results for the secure-exec
 | constants | 1 | 0 | 1 | 0 | 0.0% |
 | corepack | 1 | 0 | 1 | 0 | 0.0% |
 | coverage | 1 | 0 | 1 | 0 | 0.0% |
-| crypto | 99 | 49 (13 vacuous) | 50 | 0 | 49.5% |
+| crypto | 99 | 50 (13 vacuous) | 49 | 0 | 50.5% |
 | cwd | 3 | 0 | 3 | 0 | 0.0% |
 | data | 1 | 0 | 1 | 0 | 0.0% |
 | datetime | 1 | 0 | 1 | 0 | 0.0% |
@@ -245,11 +245,11 @@ description: Node.js v22 test/parallel/ conformance results for the secure-exec
 | wrap | 4 | 0 | 4 | 0 | 0.0% |
 | x509 | 1 | 0 | 1 | 0 | 0.0% |
 | zlib | 53 | 17 | 33 | 3 | 34.0% |
-| **Total** | **3532** | **771** | **2690** | **71** | **22.3%** |
+| **Total** | **3532** | **772** | **2689** | **71** | **22.3%** |
 
 ## Expectations Detail
 
-### implementation-gap (708 entries)
+### implementation-gap (707 entries)
 
 **Glob patterns:**
 
@@ -260,7 +260,7 @@ description: Node.js v22 test/parallel/ conformance results for the secure-exec
 - `test-https-*.js` — https depends on tls — most tests fail on missing TLS fixture files or crypto API gaps
 - `test-http2-*.js` — http2 module bridged via kernel — most tests fail on API gaps, missing fixtures, or protocol handling
 
-*702 individual tests — see expectations.json for full list.*
+*701 individual tests — see expectations.json for full list.*
 
 ### unsupported-module (190 entries)
 

packages/core/isolate-runtime/src/inject/require-setup.ts

@@ -826,6 +826,216 @@
             };
           }
 
+          if (
+            typeof _cryptoDiffieHellmanSessionCreate !== 'undefined' &&
+            typeof _cryptoDiffieHellmanSessionCall !== 'undefined'
+          ) {
+            function serializeDhKeyObject(value) {
+              if (value.type === 'secret') {
+                return {
+                  type: 'secret',
+                  raw: Buffer.from(value.export()).toString('base64'),
+                };
+              }
+              return {
+                type: value.type,
+                pem: value._pem || value.export({
+                  type: value.type === 'private' ? 'pkcs8' : 'spki',
+                  format: 'pem',
+                }),
+              };
+            }
+
+            function serializeDhValue(value) {
+              if (
+                value === null ||
+                typeof value === 'string' ||
+                typeof value === 'number' ||
+                typeof value === 'boolean'
+              ) {
+                return value;
+              }
+              if (Buffer.isBuffer(value)) {
+                return {
+                  __type: 'buffer',
+                  value: Buffer.from(value).toString('base64'),
+                };
+              }
+              if (value instanceof ArrayBuffer) {
+                return {
+                  __type: 'buffer',
+                  value: Buffer.from(new Uint8Array(value)).toString('base64'),
+                };
+              }
+              if (ArrayBuffer.isView(value)) {
+                return {
+                  __type: 'buffer',
+                  value: Buffer.from(value.buffer, value.byteOffset, value.byteLength).toString('base64'),
+                };
+              }
+              if (typeof value === 'bigint') {
+                return {
+                  __type: 'bigint',
+                  value: value.toString(),
+                };
+              }
+              if (
+                value &&
+                typeof value === 'object' &&
+                (value.type === 'public' || value.type === 'private' || value.type === 'secret') &&
+                typeof value.export === 'function'
+              ) {
+                return {
+                  __type: 'keyObject',
+                  value: serializeDhKeyObject(value),
+                };
+              }
+              if (Array.isArray(value)) {
+                return value.map(serializeDhValue);
+              }
+              if (value && typeof value === 'object') {
+                var output = {};
+                var keys = Object.keys(value);
+                for (var i = 0; i < keys.length; i++) {
+                  if (value[keys[i]] !== undefined) {
+                    output[keys[i]] = serializeDhValue(value[keys[i]]);
+                  }
+                }
+                return output;
+              }
+              return String(value);
+            }
+
+            function restoreDhValue(value) {
+              if (!value || typeof value !== 'object') {
+                return value;
+              }
+              if (value.__type === 'buffer') {
+                return Buffer.from(value.value, 'base64');
+              }
+              if (value.__type === 'bigint') {
+                return BigInt(value.value);
+              }
+              if (Array.isArray(value)) {
+                return value.map(restoreDhValue);
+              }
+              var output = {};
+              var keys = Object.keys(value);
+              for (var i = 0; i < keys.length; i++) {
+                output[keys[i]] = restoreDhValue(value[keys[i]]);
+              }
+              return output;
+            }
+
+            function createDhSession(type, name, argsLike) {
+              var args = [];
+              for (var i = 0; i < argsLike.length; i++) {
+                args.push(serializeDhValue(argsLike[i]));
+              }
+              return _cryptoDiffieHellmanSessionCreate.applySync(undefined, [
+                JSON.stringify({
+                  type: type,
+                  name: name,
+                  args: args,
+                }),
+              ]);
+            }
+
+            function callDhSession(sessionId, method, argsLike) {
+              var args = [];
+              for (var i = 0; i < argsLike.length; i++) {
+                args.push(serializeDhValue(argsLike[i]));
+              }
+              var response = JSON.parse(_cryptoDiffieHellmanSessionCall.applySync(undefined, [
+                sessionId,
+                JSON.stringify({
+                  method: method,
+                  args: args,
+                }),
+              ]));
+              if (response && response.hasResult === false) {
+                return undefined;
+              }
+              return restoreDhValue(response && response.result);
+            }
+
+            function SandboxDiffieHellman(sessionId) {
+              this._sessionId = sessionId;
+            }
+
+            Object.defineProperty(SandboxDiffieHellman.prototype, 'verifyError', {
+              get: function getVerifyError() {
+                return callDhSession(this._sessionId, 'verifyError', []);
+              },
+            });
+
+            SandboxDiffieHellman.prototype.generateKeys = function generateKeys(encoding) {
+              if (arguments.length === 0) return callDhSession(this._sessionId, 'generateKeys', []);
+              return callDhSession(this._sessionId, 'generateKeys', [encoding]);
+            };
+            SandboxDiffieHellman.prototype.computeSecret = function computeSecret(key, inputEncoding, outputEncoding) {
+              return callDhSession(this._sessionId, 'computeSecret', Array.prototype.slice.call(arguments));
+            };
+            SandboxDiffieHellman.prototype.getPrime = function getPrime(encoding) {
+              if (arguments.length === 0) return callDhSession(this._sessionId, 'getPrime', []);
+              return callDhSession(this._sessionId, 'getPrime', [encoding]);
+            };
+            SandboxDiffieHellman.prototype.getGenerator = function getGenerator(encoding) {
+              if (arguments.length === 0) return callDhSession(this._sessionId, 'getGenerator', []);
+              return callDhSession(this._sessionId, 'getGenerator', [encoding]);
+            };
+            SandboxDiffieHellman.prototype.getPublicKey = function getPublicKey(encoding) {
+              if (arguments.length === 0) return callDhSession(this._sessionId, 'getPublicKey', []);
+              return callDhSession(this._sessionId, 'getPublicKey', [encoding]);
+            };
+            SandboxDiffieHellman.prototype.getPrivateKey = function getPrivateKey(encoding) {
+              if (arguments.length === 0) return callDhSession(this._sessionId, 'getPrivateKey', []);
+              return callDhSession(this._sessionId, 'getPrivateKey', [encoding]);
+            };
+            SandboxDiffieHellman.prototype.setPublicKey = function setPublicKey(key, encoding) {
+              return callDhSession(this._sessionId, 'setPublicKey', Array.prototype.slice.call(arguments));
+            };
+            SandboxDiffieHellman.prototype.setPrivateKey = function setPrivateKey(key, encoding) {
+              return callDhSession(this._sessionId, 'setPrivateKey', Array.prototype.slice.call(arguments));
+            };
+
+            function SandboxECDH(sessionId) {
+              SandboxDiffieHellman.call(this, sessionId);
+            }
+            SandboxECDH.prototype = Object.create(SandboxDiffieHellman.prototype);
+            SandboxECDH.prototype.constructor = SandboxECDH;
+            SandboxECDH.prototype.getPublicKey = function getPublicKey(encoding, format) {
+              return callDhSession(this._sessionId, 'getPublicKey', Array.prototype.slice.call(arguments));
+            };
+
+            result.createDiffieHellman = function createDiffieHellman() {
+              return new SandboxDiffieHellman(createDhSession('dh', undefined, arguments));
+            };
+
+            result.getDiffieHellman = function getDiffieHellman(name) {
+              return new SandboxDiffieHellman(createDhSession('group', name, []));
+            };
+
+            result.createDiffieHellmanGroup = result.getDiffieHellman;
+
+            result.createECDH = function createECDH(curve) {
+              return new SandboxECDH(createDhSession('ecdh', curve, []));
+            };
+
+            if (typeof _cryptoDiffieHellman !== 'undefined') {
+              result.diffieHellman = function diffieHellman(options) {
+                var resultJson = _cryptoDiffieHellman.applySync(undefined, [
+                  JSON.stringify(serializeDhValue(options)),
+                ]);
+                return restoreDhValue(JSON.parse(resultJson));
+              };
+            }
+
+            result.DiffieHellman = SandboxDiffieHellman;
+            result.DiffieHellmanGroup = SandboxDiffieHellman;
+            result.ECDH = SandboxECDH;
+          }
+
           // Overlay host-backed generateKeyPairSync/generateKeyPair and KeyObject helpers
           if (typeof _cryptoGenerateKeyPairSync !== 'undefined') {
             function restoreBridgeValue(value) {

packages/core/src/generated/isolate-runtime.ts

@@ -44,6 +44,10 @@ export const HOST_BRIDGE_GLOBAL_KEYS = {
 	cryptoGenerateKeyPairSync: "_cryptoGenerateKeyPairSync",
 	cryptoGenerateKeySync: "_cryptoGenerateKeySync",
 	cryptoGeneratePrimeSync: "_cryptoGeneratePrimeSync",
+	cryptoDiffieHellman: "_cryptoDiffieHellman",
+	cryptoDiffieHellmanGroup: "_cryptoDiffieHellmanGroup",
+	cryptoDiffieHellmanSessionCreate: "_cryptoDiffieHellmanSessionCreate",
+	cryptoDiffieHellmanSessionCall: "_cryptoDiffieHellmanSessionCall",
 	cryptoSubtle: "_cryptoSubtle",
 	fsReadFile: "_fsReadFile",
 	fsWriteFile: "_fsWriteFile",
@@ -231,6 +235,13 @@ export type CryptoGeneratePrimeSyncBridgeRef = BridgeApplySyncRef<
 	[number, string],
 	string
 >;
+export type CryptoDiffieHellmanBridgeRef = BridgeApplySyncRef<[string], string>;
+export type CryptoDiffieHellmanGroupBridgeRef = BridgeApplySyncRef<[string], string>;
+export type CryptoDiffieHellmanSessionCreateBridgeRef = BridgeApplySyncRef<[string], number>;
+export type CryptoDiffieHellmanSessionCallBridgeRef = BridgeApplySyncRef<
+	[number, string],
+	string
+>;
 export type CryptoSubtleBridgeRef = BridgeApplySyncRef<[string], string>;
 
 // Filesystem boundary contracts.

packages/core/src/shared/bridge-contract.ts

@@ -268,6 +268,26 @@ export const NODE_CUSTOM_GLOBAL_INVENTORY: readonly CustomGlobalInventoryEntry[]
 		classification: "hardened",
 		rationale: "Host prime generation bridge reference.",
 	},
+	{
+		name: "_cryptoDiffieHellman",
+		classification: "hardened",
+		rationale: "Host stateless Diffie-Hellman bridge reference.",
+	},
+	{
+		name: "_cryptoDiffieHellmanGroup",
+		classification: "hardened",
+		rationale: "Host Diffie-Hellman group bridge reference.",
+	},
+	{
+		name: "_cryptoDiffieHellmanSessionCreate",
+		classification: "hardened",
+		rationale: "Host Diffie-Hellman/ECDH session creation bridge reference.",
+	},
+	{
+		name: "_cryptoDiffieHellmanSessionCall",
+		classification: "hardened",
+		rationale: "Host Diffie-Hellman/ECDH session method bridge reference.",
+	},
 	{
 		name: "_cryptoSubtle",
 		classification: "hardened",

packages/core/src/shared/global-exposure.ts

@@ -40,6 +40,10 @@ export const HOST_BRIDGE_GLOBAL_KEYS = {
 	cryptoGenerateKeyPairSync: "_cryptoGenerateKeyPairSync",
 	cryptoGenerateKeySync: "_cryptoGenerateKeySync",
 	cryptoGeneratePrimeSync: "_cryptoGeneratePrimeSync",
+	cryptoDiffieHellman: "_cryptoDiffieHellman",
+	cryptoDiffieHellmanGroup: "_cryptoDiffieHellmanGroup",
+	cryptoDiffieHellmanSessionCreate: "_cryptoDiffieHellmanSessionCreate",
+	cryptoDiffieHellmanSessionCall: "_cryptoDiffieHellmanSessionCall",
 	cryptoSubtle: "_cryptoSubtle",
 	fsReadFile: "_fsReadFile",
 	fsWriteFile: "_fsWriteFile",
@@ -236,6 +240,13 @@ export type CryptoGeneratePrimeSyncBridgeRef = BridgeApplySyncRef<
 	[number, string],
 	string
 >;
+export type CryptoDiffieHellmanBridgeRef = BridgeApplySyncRef<[string], string>;
+export type CryptoDiffieHellmanGroupBridgeRef = BridgeApplySyncRef<[string], string>;
+export type CryptoDiffieHellmanSessionCreateBridgeRef = BridgeApplySyncRef<[string], number>;
+export type CryptoDiffieHellmanSessionCallBridgeRef = BridgeApplySyncRef<
+	[number, string],
+	string
+>;
 export type CryptoSubtleBridgeRef = BridgeApplySyncRef<[string], string>;
 
 // Filesystem boundary contracts.