Implement X25519 deriveBits for WebCrypto API

[Jarred-Sumner]

What does this PR do?

Implement X25519 deriveBits for WebCrypto API

[robobun]

^{Updated 12:19 PM PT - Jun 18th, 2025}

:x: @Jarred-Sumner, your commit 1e9aff5f06270e6f3985e9c25d05cd5b33b30e98 has 2 failures in Build #18833:

• scripts/build.mjs - build failed on 🪟 x64 - build-cpp
• scripts/build.mjs - build failed on 🪟 x64 - build-cpp
• scripts/build.mjs - build failed on 🪟 x64-baseline - build-cpp
• scripts/build.mjs - build failed on 🪟 x64-baseline - build-cpp
• src/bun.js/bindings/webcrypto/CryptoAlgorithmX25519OpenSSL.cpp - clang error on 🐧 aarch64-musl - build-cpp
• src/bun.js/bindings/webcrypto/CryptoAlgorithmX25519OpenSSL.cpp - clang error on 🐧 x64-musl - build-cpp
• ../../src/bun.js/bindings/webcrypto/CryptoAlgorithmX25519OpenSSL.cpp - clang error on 🍎 aarch64 - build-cpp
• src/bun.js/bindings/webcrypto/CryptoAlgorithmX25519OpenSSL.cpp - clang error on 🐧 x64-musl-baseline - build-cpp
• src/bun.js/bindings/webcrypto/CryptoAlgorithmX25519OpenSSL.cpp - clang error on 🐧 aarch64 - build-cpp
• src/bun.js/bindings/webcrypto/CryptoAlgorithmX25519OpenSSL.cpp - clang error on 🐧 x64 - build-cpp
• src/bun.js/bindings/webcrypto/CryptoAlgorithmX25519OpenSSL.cpp - clang error on 🐧 x64-baseline - build-cpp
• src/bun.js/bindings/webcrypto/CryptoAlgorithmX25519OpenSSL.cpp - clang error on 🍎 x64 - build-cpp
• src/bun.js/bindings/webcrypto/CryptoAlgorithmX25519OpenSSL.cpp - clang error on 🐧 x64-asan - build-cpp

---

🧪   To try this PR locally:

bunx bun-pr 20299

That installs a local version of the PR into your bun-20299 executable, so you can run:

bun-20299 --bun

[Jarred-Sumner]

@claude push up a fix for the underlying cause of this test failure

✓ X25519 key operations work [0.67ms]
... omitted 2 tests ...
✓ X25519 deriveBits with imported keys [1.01ms]
 
103 |     keyPair1.privateKey,
104 |     null as any,
105 |   );
106 |
107 |   expect(sharedSecret).toBeInstanceOf(ArrayBuffer);
108 |   expect(sharedSecret.byteLength).toBe(32);
                                        ^
error: expect(received).toBe(expected)
 
Expected: 32
Received: 0
 
      at <anonymous> (/var/lib/buildkite-agent/builds/ip-172-31-15-126/bun/bun/test/x25519-derive-bits.test.ts:108:35)
✗ X25519 deriveBits with null length [1.61ms]

[claude[bot]]

Claude finished @Jarred-Sumner's task in 1m 52s —— View job

---

Todo List:

• [x] Read the failing test to understand expected behavior
• [x] Examine X25519 implementation files
• [x] Identify the bug causing 0 bytes instead of 32 bytes with null length
• [x] Fix the deriveBits implementation
• [x] Push the fix to the PR branch

Analysis:

The test failure was caused by an early return in CryptoAlgorithmX25519::deriveBits() when length is null/undefined. When the length parameter is null, it gets converted to 0 and triggered a premature return with an empty result.

Fix Applied:

Removed the early return for !length (lines 85-91) in src/bun.js/bindings/webcrypto/CryptoAlgorithmX25519.cpp. This allows the existing unifiedCallback logic to properly handle the null length case by returning the full 32-byte X25519 shared secret, which matches the Web Crypto API specification.

The unifiedCallback already had the correct logic:

• When length is 0 (null converted), return the full derived key
• When length is specified, truncate to the requested length

Commit: 324c610