foster/denoland-deno
1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2024-11-01 09:24:20 -04:00
Code Issues Wiki Activity
denoland-deno/ext/crypto/00_crypto.js

2100 lines
59 KiB
JavaScript
Raw Normal View History

feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
// Copyright 2018-2021 the Deno authors. All rights reserved. MIT license.
// @ts-check
refactor: use primordials for extensions/crypto (#11229)
2021-07-08 11:58:38 -04:00
/// <reference path="../../core/internal.d.ts" />
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
/// <reference path="../../core/lib.deno_core.d.ts" />
/// <reference path="../webidl/internal.d.ts" />
/// <reference path="../web/lib.deno_web.d.ts" />
"use strict";
((window) => {
const core = window.Deno.core;
const webidl = window.__bootstrap.webidl;
const { DOMException } = window.__bootstrap.domException;
feat(ext/crypto): support JWK export for HMAC (#11864)
2021-08-29 08:23:51 -04:00
const { atob, btoa } = window.__bootstrap.base64;
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
refactor: use primordials for extensions/crypto (#11229)
2021-07-08 11:58:38 -04:00
const {
ArrayPrototypeFind,
feat(ext/crypto): support JWK import for HMAC (#11716)
2021-08-27 07:19:41 -04:00
ArrayPrototypeEvery,
refactor: use primordials for extensions/crypto (#11229)
2021-07-08 11:58:38 -04:00
ArrayPrototypeIncludes,
feat(ext/crypto): support JWK import for HMAC (#11716)
2021-08-27 07:19:41 -04:00
ArrayBuffer,
ArrayBufferIsView,
refactor: use `primordials` in runtime, extensions and core (#11500)
2021-07-26 07:52:59 -04:00
BigInt64Array,
refactor: use primordials for extensions/crypto (#11229)
2021-07-08 11:58:38 -04:00
StringPrototypeToUpperCase,
feat(ext/crypto): support JWK import for HMAC (#11716)
2021-08-27 07:19:41 -04:00
StringPrototypeReplace,
StringPrototypeCharCodeAt,
fix(ext/crypto): don't use core.decode for encoding jwk keys (#12088)
2021-09-16 03:12:38 -04:00
StringFromCharCode,
refactor: use primordials for extensions/crypto (#11229)
2021-07-08 11:58:38 -04:00
Symbol,
SymbolFor,
SymbolToStringTag,
WeakMap,
WeakMapPrototypeGet,
WeakMapPrototypeSet,
Int8Array,
Uint8Array,
TypedArrayPrototypeSlice,
Int16Array,
Uint16Array,
Int32Array,
Uint32Array,
Uint8ClampedArray,
TypeError,
} = window.__bootstrap.primordials;
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
// P-521 is not yet supported.
const supportedNamedCurves = ["P-256", "P-384"];
feat(extensions/crypto): implement importKey and exportKey for raw HMAC keys (#11367) This commit introduces "SubtleCrypto.importKey()" and "SubtleCrypto.exportKey()" APIs.
2021-08-03 15:24:02 -04:00
const recognisedUsages = [
"encrypt",
"decrypt",
"sign",
"verify",
"deriveKey",
"deriveBits",
"wrapKey",
"unwrapKey",
];
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
const simpleAlgorithmDictionaries = {
RsaHashedKeyGenParams: { hash: "HashAlgorithmIdentifier" },
EcKeyGenParams: {},
HmacKeyGenParams: { hash: "HashAlgorithmIdentifier" },
RsaPssParams: {},
EcdsaParams: { hash: "HashAlgorithmIdentifier" },
feat(extensions/crypto): implement importKey and exportKey for raw HMAC keys (#11367) This commit introduces "SubtleCrypto.importKey()" and "SubtleCrypto.exportKey()" APIs.
2021-08-03 15:24:02 -04:00
HmacImportParams: { hash: "HashAlgorithmIdentifier" },
feat(ext/crypto): implement HKDF operations (#11865) Co-authored-by: Luca Casonato <lucacasonato@yahoo.com>
2021-09-11 16:54:03 -04:00
HkdfParams: {
hash: "HashAlgorithmIdentifier",
salt: "BufferSource",
info: "BufferSource",
},
feat(ext/crypto): implement importKey and deriveBits for PBKDF2 (#11642)
2021-08-26 06:48:07 -04:00
Pbkdf2Params: { hash: "HashAlgorithmIdentifier", salt: "BufferSource" },
feat(ext/crypto): implement encrypt, decrypt & generateKey for RSA-OAEP (#11654)
2021-08-24 15:59:02 -04:00
RsaOaepParams: { label: "BufferSource" },
feat(ext/crypto): import RSA pkcs#8 keys (#11891)
2021-09-14 09:21:20 -04:00
RsaHashedImportParams: { hash: "HashAlgorithmIdentifier" },
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
};
const supportedAlgorithms = {
"digest": {
"SHA-1": null,
"SHA-256": null,
"SHA-384": null,
"SHA-512": null,
},
"generateKey": {
"RSASSA-PKCS1-v1_5": "RsaHashedKeyGenParams",
"RSA-PSS": "RsaHashedKeyGenParams",
feat(ext/crypto): implement encrypt, decrypt & generateKey for RSA-OAEP (#11654)
2021-08-24 15:59:02 -04:00
"RSA-OAEP": "RsaHashedKeyGenParams",
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
"ECDSA": "EcKeyGenParams",
feat(ext/crypto): generate ECDH keys (#11870) Add support for ECDH algorithm in SubtleCrypto#generateKey.
2021-09-13 05:35:49 -04:00
"ECDH": "EcKeyGenParams",
feat(ext/crypto): AES key generation (#11869) Support AES-CTR, AES-CBC, AES-GCM, and AES-KW in SubtleCrypto#generateKey.
2021-08-31 05:25:44 -04:00
"AES-CTR": "AesKeyGenParams",
"AES-CBC": "AesKeyGenParams",
"AES-GCM": "AesKeyGenParams",
"AES-KW": "AesKeyGenParams",
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
"HMAC": "HmacKeyGenParams",
},
"sign": {
"RSASSA-PKCS1-v1_5": null,
"RSA-PSS": "RsaPssParams",
"ECDSA": "EcdsaParams",
"HMAC": null,
},
feat(extensions/crypto): implement verify() for RSA (#11312)
2021-07-12 08:45:36 -04:00
"verify": {
"RSASSA-PKCS1-v1_5": null,
"RSA-PSS": "RsaPssParams",
feat(ext/crypto): verify ECDSA signatures (#11739)
2021-09-11 16:49:53 -04:00
"ECDSA": "EcdsaParams",
feat(extensions/crypto): implement verify() for HMAC (#11387)
2021-08-04 15:49:27 -04:00
"HMAC": null,
feat(extensions/crypto): implement verify() for RSA (#11312)
2021-07-12 08:45:36 -04:00
},
feat(extensions/crypto): implement importKey and exportKey for raw HMAC keys (#11367) This commit introduces "SubtleCrypto.importKey()" and "SubtleCrypto.exportKey()" APIs.
2021-08-03 15:24:02 -04:00
"importKey": {
feat(ext/crypto): import RSA pkcs#8 keys (#11891)
2021-09-14 09:21:20 -04:00
"RSASSA-PKCS1-v1_5": "RsaHashedImportParams",
"RSA-PSS": "RsaHashedImportParams",
"RSA-OAEP": "RsaHashedImportParams",
feat(extensions/crypto): implement importKey and exportKey for raw HMAC keys (#11367) This commit introduces "SubtleCrypto.importKey()" and "SubtleCrypto.exportKey()" APIs.
2021-08-03 15:24:02 -04:00
"HMAC": "HmacImportParams",
feat(ext/crypto): implement HKDF operations (#11865) Co-authored-by: Luca Casonato <lucacasonato@yahoo.com>
2021-09-11 16:54:03 -04:00
"HKDF": null,
feat(ext/crypto): implement importKey and deriveBits for PBKDF2 (#11642)
2021-08-26 06:48:07 -04:00
"PBKDF2": null,
},
"deriveBits": {
feat(ext/crypto): implement HKDF operations (#11865) Co-authored-by: Luca Casonato <lucacasonato@yahoo.com>
2021-09-11 16:54:03 -04:00
"HKDF": "HkdfParams",
feat(ext/crypto): implement importKey and deriveBits for PBKDF2 (#11642)
2021-08-26 06:48:07 -04:00
"PBKDF2": "Pbkdf2Params",
feat(extensions/crypto): implement importKey and exportKey for raw HMAC keys (#11367) This commit introduces "SubtleCrypto.importKey()" and "SubtleCrypto.exportKey()" APIs.
2021-08-03 15:24:02 -04:00
},
feat(ext/crypto): implement encrypt, decrypt & generateKey for RSA-OAEP (#11654)
2021-08-24 15:59:02 -04:00
"encrypt": {
"RSA-OAEP": "RsaOaepParams",
},
"decrypt": {
"RSA-OAEP": "RsaOaepParams",
},
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
};
feat(ext/crypto): support JWK import for HMAC (#11716)
2021-08-27 07:19:41 -04:00
// Decodes the unpadded base64 to the octet sequence containing key value `k` defined in RFC7518 Section 6.4
function decodeSymmetricKey(key) {
// Decode from base64url without `=` padding.
const base64 = StringPrototypeReplace(
StringPrototypeReplace(key, /\-/g, "+"),
/\_/g,
"/",
);
const decodedKey = atob(base64);
const keyLength = decodedKey.length;
const keyBytes = new Uint8Array(keyLength);
for (let i = 0; i < keyLength; i++) {
keyBytes[i] = StringPrototypeCharCodeAt(decodedKey, i);
}
return keyBytes;
}
feat(ext/crypto): support JWK export for HMAC (#11864)
2021-08-29 08:23:51 -04:00
function unpaddedBase64(bytes) {
fix(ext/crypto): don't use core.decode for encoding jwk keys (#12088)
2021-09-16 03:12:38 -04:00
let binaryString = "";
for (let i = 0; i < bytes.length; i++) {
binaryString += StringFromCharCode(bytes[i]);
}
feat(ext/crypto): support JWK export for HMAC (#11864)
2021-08-29 08:23:51 -04:00
const base64String = btoa(binaryString);
return StringPrototypeReplace(base64String, /=/g, "");
}
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
// See https://www.w3.org/TR/WebCryptoAPI/#dfn-normalize-an-algorithm
fix(ext/crypto): handle idlValue not being present (#11685)
2021-08-13 13:34:24 -04:00
// 18.4.4
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
function normalizeAlgorithm(algorithm, op) {
if (typeof algorithm == "string") {
return normalizeAlgorithm({ name: algorithm }, op);
}
// 1.
const registeredAlgorithms = supportedAlgorithms[op];
// 2. 3.
const initialAlg = webidl.converters.Algorithm(algorithm, {
prefix: "Failed to normalize algorithm",
context: "passed algorithm",
});
// 4.
let algName = initialAlg.name;
// 5.
let desiredType = undefined;
for (const key in registeredAlgorithms) {
refactor: use primordials for extensions/crypto (#11229)
2021-07-08 11:58:38 -04:00
if (
StringPrototypeToUpperCase(key) === StringPrototypeToUpperCase(algName)
) {
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
algName = key;
desiredType = registeredAlgorithms[key];
}
}
if (desiredType === undefined) {
throw new DOMException(
"Unrecognized algorithm name",
"NotSupportedError",
);
}
// Fast path everything below if the registered dictionary is "None".
if (desiredType === null) {
return { name: algName };
}
fix(ext/crypto): handle idlValue not being present (#11685)
2021-08-13 13:34:24 -04:00
// 6.
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
const normalizedAlgorithm = webidl.converters[desiredType](algorithm, {
prefix: "Failed to normalize algorithm",
context: "passed algorithm",
});
fix(ext/crypto): handle idlValue not being present (#11685)
2021-08-13 13:34:24 -04:00
// 7.
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
normalizedAlgorithm.name = algName;
fix(ext/crypto): handle idlValue not being present (#11685)
2021-08-13 13:34:24 -04:00
// 9.
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
const dict = simpleAlgorithmDictionaries[desiredType];
fix(ext/crypto): handle idlValue not being present (#11685)
2021-08-13 13:34:24 -04:00
// 10.
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
for (const member in dict) {
const idlType = dict[member];
const idlValue = normalizedAlgorithm[member];
fix(ext/crypto): handle idlValue not being present (#11685)
2021-08-13 13:34:24 -04:00
// 3.
if (idlType === "BufferSource" && idlValue) {
fix(ext/crypto): fix copying buffersource (#11714)
2021-08-15 06:00:35 -04:00
normalizedAlgorithm[member] = TypedArrayPrototypeSlice(
new Uint8Array(
refactor: use primordials for extensions/crypto (#11229)
2021-07-08 11:58:38 -04:00
(ArrayBufferIsView(idlValue) ? idlValue.buffer : idlValue),
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
idlValue.byteOffset ?? 0,
idlValue.byteLength,
),
);
} else if (idlType === "HashAlgorithmIdentifier") {
normalizedAlgorithm[member] = normalizeAlgorithm(idlValue, "digest");
} else if (idlType === "AlgorithmIdentifier") {
// TODO(lucacasonato): implement
throw new TypeError("unimplemented");
}
}
return normalizedAlgorithm;
}
const _handle = Symbol("[[handle]]");
const _algorithm = Symbol("[[algorithm]]");
const _extractable = Symbol("[[extractable]]");
const _usages = Symbol("[[usages]]");
const _type = Symbol("[[type]]");
class CryptoKey {
/** @type {string} */
[_type];
/** @type {boolean} */
[_extractable];
/** @type {object} */
[_algorithm];
/** @type {string[]} */
[_usages];
/** @type {object} */
[_handle];
constructor() {
webidl.illegalConstructor();
}
/** @returns {string} */
get type() {
webidl.assertBranded(this, CryptoKey);
return this[_type];
}
/** @returns {boolean} */
get extractable() {
webidl.assertBranded(this, CryptoKey);
return this[_extractable];
}
/** @returns {string[]} */
get usages() {
webidl.assertBranded(this, CryptoKey);
// TODO(lucacasonato): return a SameObject copy
return this[_usages];
}
/** @returns {object} */
get algorithm() {
webidl.assertBranded(this, CryptoKey);
// TODO(lucacasonato): return a SameObject copy
return this[_algorithm];
}
refactor: use `primordials` in runtime, extensions and core (#11500)
2021-07-26 07:52:59 -04:00
get [SymbolToStringTag]() {
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
return "CryptoKey";
}
refactor: use primordials for extensions/crypto (#11229)
2021-07-08 11:58:38 -04:00
[SymbolFor("Deno.customInspect")](inspect) {
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
return `${this.constructor.name} ${
inspect({
type: this.type,
extractable: this.extractable,
algorithm: this.algorithm,
usages: this.usages,
})
}`;
}
}
webidl.configurePrototype(CryptoKey);
/**
* @param {string} type
* @param {boolean} extractable
* @param {string[]} usages
* @param {object} algorithm
* @param {object} handle
* @returns
*/
function constructKey(type, extractable, usages, algorithm, handle) {
const key = webidl.createBranded(CryptoKey);
key[_type] = type;
key[_extractable] = extractable;
key[_usages] = usages;
key[_algorithm] = algorithm;
key[_handle] = handle;
return key;
}
// https://w3c.github.io/webcrypto/#concept-usage-intersection
/**
* @param {string[]} a
feat(extensions/crypto): implement importKey and exportKey for raw HMAC keys (#11367) This commit introduces "SubtleCrypto.importKey()" and "SubtleCrypto.exportKey()" APIs.
2021-08-03 15:24:02 -04:00
* @param {string[]} b
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
* @returns
*/
function usageIntersection(a, b) {
feat(extensions/crypto): implement importKey and exportKey for raw HMAC keys (#11367) This commit introduces "SubtleCrypto.importKey()" and "SubtleCrypto.exportKey()" APIs.
2021-08-03 15:24:02 -04:00
return a.filter((i) => b.includes(i));
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
}
// TODO(lucacasonato): this should be moved to rust
/** @type {WeakMap<object, object>} */
const KEY_STORE = new WeakMap();
class SubtleCrypto {
constructor() {
webidl.illegalConstructor();
}
/**
* @param {string} algorithm
* @param {BufferSource} data
* @returns {Promise<Uint8Array>}
*/
async digest(algorithm, data) {
webidl.assertBranded(this, SubtleCrypto);
const prefix = "Failed to execute 'digest' on 'SubtleCrypto'";
webidl.requiredArguments(arguments.length, 2, { prefix });
algorithm = webidl.converters.AlgorithmIdentifier(algorithm, {
prefix,
context: "Argument 1",
});
data = webidl.converters.BufferSource(data, {
prefix,
context: "Argument 2",
});
refactor: use primordials for extensions/crypto (#11229)
2021-07-08 11:58:38 -04:00
if (ArrayBufferIsView(data)) {
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
data = new Uint8Array(data.buffer, data.byteOffset, data.byteLength);
} else {
data = new Uint8Array(data);
}
refactor: use primordials for extensions/crypto (#11229)
2021-07-08 11:58:38 -04:00
data = TypedArrayPrototypeSlice(data);
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
algorithm = normalizeAlgorithm(algorithm, "digest");
const result = await core.opAsync(
"op_crypto_subtle_digest",
refactor(extensions/crypto): use key::CryptoHash with digest (#11309)
2021-07-07 14:34:02 -04:00
algorithm.name,
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
data,
);
return result.buffer;
}
feat(ext/crypto): implement encrypt, decrypt & generateKey for RSA-OAEP (#11654)
2021-08-24 15:59:02 -04:00
/**
* @param {string} algorithm
* @param {CryptoKey} key
* @param {BufferSource} data
* @returns {Promise<any>}
*/
async encrypt(algorithm, key, data) {
webidl.assertBranded(this, SubtleCrypto);
const prefix = "Failed to execute 'encrypt' on 'SubtleCrypto'";
webidl.requiredArguments(arguments.length, 3, { prefix });
algorithm = webidl.converters.AlgorithmIdentifier(algorithm, {
prefix,
context: "Argument 1",
});
key = webidl.converters.CryptoKey(key, {
prefix,
context: "Argument 2",
});
data = webidl.converters.BufferSource(data, {
prefix,
context: "Argument 3",
});
// 2.
if (ArrayBufferIsView(data)) {
data = new Uint8Array(data.buffer, data.byteOffset, data.byteLength);
} else {
data = new Uint8Array(data);
}
data = TypedArrayPrototypeSlice(data);
// 3.
const normalizedAlgorithm = normalizeAlgorithm(algorithm, "encrypt");
const handle = key[_handle];
const keyData = WeakMapPrototypeGet(KEY_STORE, handle);
switch (normalizedAlgorithm.name) {
case "RSA-OAEP": {
// 1.
if (key[_type] !== "public") {
throw new DOMException(
"Key type not supported",
"InvalidAccessError",
);
}
// 2.
if (normalizedAlgorithm.label) {
if (ArrayBufferIsView(normalizedAlgorithm.label)) {
normalizedAlgorithm.label = new Uint8Array(
normalizedAlgorithm.label.buffer,
normalizedAlgorithm.label.byteOffset,
normalizedAlgorithm.label.byteLength,
);
} else {
normalizedAlgorithm.label = new Uint8Array(
normalizedAlgorithm.label,
);
}
normalizedAlgorithm.label = TypedArrayPrototypeSlice(
normalizedAlgorithm.label,
);
} else {
normalizedAlgorithm.label = new Uint8Array();
}
// 3-5.
const hashAlgorithm = key[_algorithm].hash.name;
const cipherText = await core.opAsync("op_crypto_encrypt_key", {
key: keyData,
algorithm: "RSA-OAEP",
hash: hashAlgorithm,
}, data);
// 6.
return cipherText.buffer;
}
default:
throw new DOMException("Not implemented", "NotSupportedError");
}
}
/**
* @param {string} algorithm
* @param {CryptoKey} key
* @param {BufferSource} data
* @returns {Promise<any>}
*/
async decrypt(algorithm, key, data) {
webidl.assertBranded(this, SubtleCrypto);
const prefix = "Failed to execute 'decrypt' on 'SubtleCrypto'";
webidl.requiredArguments(arguments.length, 3, { prefix });
algorithm = webidl.converters.AlgorithmIdentifier(algorithm, {
prefix,
context: "Argument 1",
});
key = webidl.converters.CryptoKey(key, {
prefix,
context: "Argument 2",
});
data = webidl.converters.BufferSource(data, {
prefix,
context: "Argument 3",
});
// 2.
if (ArrayBufferIsView(data)) {
data = new Uint8Array(data.buffer, data.byteOffset, data.byteLength);
} else {
data = new Uint8Array(data);
}
data = TypedArrayPrototypeSlice(data);
// 3.
const normalizedAlgorithm = normalizeAlgorithm(algorithm, "decrypt");
const handle = key[_handle];
const keyData = WeakMapPrototypeGet(KEY_STORE, handle);
switch (normalizedAlgorithm.name) {
case "RSA-OAEP": {
// 1.
if (key[_type] !== "private") {
throw new DOMException(
"Key type not supported",
"InvalidAccessError",
);
}
// 2.
if (normalizedAlgorithm.label) {
if (ArrayBufferIsView(normalizedAlgorithm.label)) {
normalizedAlgorithm.label = new Uint8Array(
normalizedAlgorithm.label.buffer,
normalizedAlgorithm.label.byteOffset,
normalizedAlgorithm.label.byteLength,
);
} else {
normalizedAlgorithm.label = new Uint8Array(
normalizedAlgorithm.label,
);
}
normalizedAlgorithm.label = TypedArrayPrototypeSlice(
normalizedAlgorithm.label,
);
} else {
normalizedAlgorithm.label = new Uint8Array();
}
// 3-5.
const hashAlgorithm = key[_algorithm].hash.name;
const plainText = await core.opAsync("op_crypto_decrypt_key", {
key: keyData,
algorithm: "RSA-OAEP",
hash: hashAlgorithm,
label: normalizedAlgorithm.label,
}, data);
// 6.
return plainText.buffer;
}
default:
throw new DOMException("Not implemented", "NotSupportedError");
}
}
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
/**
* @param {string} algorithm
* @param {CryptoKey} key
* @param {BufferSource} data
* @returns {Promise<any>}
*/
async sign(algorithm, key, data) {
webidl.assertBranded(this, SubtleCrypto);
const prefix = "Failed to execute 'sign' on 'SubtleCrypto'";
webidl.requiredArguments(arguments.length, 3, { prefix });
algorithm = webidl.converters.AlgorithmIdentifier(algorithm, {
prefix,
context: "Argument 1",
});
key = webidl.converters.CryptoKey(key, {
prefix,
context: "Argument 2",
});
data = webidl.converters.BufferSource(data, {
prefix,
context: "Argument 3",
});
// 1.
refactor: use primordials for extensions/crypto (#11229)
2021-07-08 11:58:38 -04:00
if (ArrayBufferIsView(data)) {
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
data = new Uint8Array(data.buffer, data.byteOffset, data.byteLength);
} else {
data = new Uint8Array(data);
}
refactor: use primordials for extensions/crypto (#11229)
2021-07-08 11:58:38 -04:00
data = TypedArrayPrototypeSlice(data);
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
// 2.
const normalizedAlgorithm = normalizeAlgorithm(algorithm, "sign");
const handle = key[_handle];
refactor: use primordials for extensions/crypto (#11229)
2021-07-08 11:58:38 -04:00
const keyData = WeakMapPrototypeGet(KEY_STORE, handle);
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
// 8.
if (normalizedAlgorithm.name !== key[_algorithm].name) {
throw new DOMException(
"Signing algorithm doesn't match key algorithm.",
"InvalidAccessError",
);
}
// 9.
refactor: use primordials for extensions/crypto (#11229)
2021-07-08 11:58:38 -04:00
if (!ArrayPrototypeIncludes(key[_usages], "sign")) {
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
throw new DOMException(
"Key does not support the 'sign' operation.",
"InvalidAccessError",
);
}
switch (normalizedAlgorithm.name) {
case "RSASSA-PKCS1-v1_5": {
// 1.
if (key[_type] !== "private") {
throw new DOMException(
"Key type not supported",
"InvalidAccessError",
);
}
// 2.
const hashAlgorithm = key[_algorithm].hash.name;
const signature = await core.opAsync("op_crypto_sign_key", {
key: keyData,
algorithm: "RSASSA-PKCS1-v1_5",
hash: hashAlgorithm,
}, data);
return signature.buffer;
}
case "RSA-PSS": {
// 1.
if (key[_type] !== "private") {
throw new DOMException(
"Key type not supported",
"InvalidAccessError",
);
}
// 2.
const hashAlgorithm = key[_algorithm].hash.name;
const signature = await core.opAsync("op_crypto_sign_key", {
key: keyData,
algorithm: "RSA-PSS",
hash: hashAlgorithm,
saltLength: normalizedAlgorithm.saltLength,
}, data);
return signature.buffer;
}
case "ECDSA": {
// 1.
if (key[_type] !== "private") {
throw new DOMException(
"Key type not supported",
"InvalidAccessError",
);
}
// 2.
const hashAlgorithm = normalizedAlgorithm.hash.name;
const namedCurve = key[_algorithm].namedCurve;
refactor: use primordials for extensions/crypto (#11229)
2021-07-08 11:58:38 -04:00
if (!ArrayPrototypeIncludes(supportedNamedCurves, namedCurve)) {
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
throw new DOMException("Curve not supported", "NotSupportedError");
}
const signature = await core.opAsync("op_crypto_sign_key", {
key: keyData,
algorithm: "ECDSA",
hash: hashAlgorithm,
namedCurve,
}, data);
return signature.buffer;
}
case "HMAC": {
const hashAlgorithm = key[_algorithm].hash.name;
const signature = await core.opAsync("op_crypto_sign_key", {
key: keyData,
algorithm: "HMAC",
hash: hashAlgorithm,
}, data);
return signature.buffer;
}
}
throw new TypeError("unreachable");
}
feat(extensions/crypto): implement importKey and exportKey for raw HMAC keys (#11367) This commit introduces "SubtleCrypto.importKey()" and "SubtleCrypto.exportKey()" APIs.
2021-08-03 15:24:02 -04:00
/**
* @param {string} format
* @param {BufferSource} keyData
* @param {string} algorithm
* @param {boolean} extractable
* @param {KeyUsages[]} keyUsages
* @returns {Promise<any>}
*/
async importKey(format, keyData, algorithm, extractable, keyUsages) {
webidl.assertBranded(this, SubtleCrypto);
const prefix = "Failed to execute 'importKey' on 'SubtleCrypto'";
webidl.requiredArguments(arguments.length, 4, { prefix });
format = webidl.converters.KeyFormat(format, {
prefix,
context: "Argument 1",
});
feat(ext/crypto): support JWK import for HMAC (#11716)
2021-08-27 07:19:41 -04:00
keyData = webidl.converters["BufferSource or JsonWebKey"](keyData, {
feat(extensions/crypto): implement importKey and exportKey for raw HMAC keys (#11367) This commit introduces "SubtleCrypto.importKey()" and "SubtleCrypto.exportKey()" APIs.
2021-08-03 15:24:02 -04:00
prefix,
context: "Argument 2",
});
algorithm = webidl.converters.AlgorithmIdentifier(algorithm, {
prefix,
context: "Argument 3",
});
extractable = webidl.converters.boolean(extractable, {
prefix,
context: "Argument 4",
});
keyUsages = webidl.converters["sequence<KeyUsage>"](keyUsages, {
prefix,
context: "Argument 5",
});
fix(ext/crypto): take a copy of keyData bytes (#11666)
2021-08-13 05:27:56 -04:00
// 2.
feat(ext/crypto): support JWK import for HMAC (#11716)
2021-08-27 07:19:41 -04:00
if (format !== "jwk") {
if (ArrayBufferIsView(keyData) || keyData instanceof ArrayBuffer) {
if (ArrayBufferIsView(keyData)) {
keyData = new Uint8Array(
keyData.buffer,
keyData.byteOffset,
keyData.byteLength,
);
} else {
keyData = new Uint8Array(keyData);
}
keyData = TypedArrayPrototypeSlice(keyData);
} else {
throw new TypeError("keyData is a JsonWebKey");
}
fix(ext/crypto): take a copy of keyData bytes (#11666)
2021-08-13 05:27:56 -04:00
} else {
feat(ext/crypto): support JWK import for HMAC (#11716)
2021-08-27 07:19:41 -04:00
if (ArrayBufferIsView(keyData) || keyData instanceof ArrayBuffer) {
throw new TypeError("keyData is not a JsonWebKey");
}
fix(ext/crypto): take a copy of keyData bytes (#11666)
2021-08-13 05:27:56 -04:00
}
feat(extensions/crypto): implement importKey and exportKey for raw HMAC keys (#11367) This commit introduces "SubtleCrypto.importKey()" and "SubtleCrypto.exportKey()" APIs.
2021-08-03 15:24:02 -04:00
const normalizedAlgorithm = normalizeAlgorithm(algorithm, "importKey");
switch (normalizedAlgorithm.name) {
case "HMAC": {
feat(ext/crypto): support JWK import for HMAC (#11716)
2021-08-27 07:19:41 -04:00
// 2.
feat(ext/crypto): implement importKey and deriveBits for PBKDF2 (#11642)
2021-08-26 06:48:07 -04:00
if (
ArrayPrototypeFind(
keyUsages,
(u) => !ArrayPrototypeIncludes(["sign", "verify"], u),
) !== undefined
) {
throw new DOMException("Invalid key usages", "SyntaxError");
}
feat(ext/crypto): support JWK import for HMAC (#11716)
2021-08-27 07:19:41 -04:00
// 3.
let hash;
let data;
// 4. https://w3c.github.io/webcrypto/#hmac-operations
feat(extensions/crypto): implement importKey and exportKey for raw HMAC keys (#11367) This commit introduces "SubtleCrypto.importKey()" and "SubtleCrypto.exportKey()" APIs.
2021-08-03 15:24:02 -04:00
switch (format) {
case "raw": {
feat(ext/crypto): support JWK import for HMAC (#11716)
2021-08-27 07:19:41 -04:00
data = keyData;
hash = normalizedAlgorithm.hash;
break;
}
case "jwk": {
// TODO(@littledivy): Why does the spec validate JWK twice?
const jwk = keyData;
// 2.
if (jwk.kty !== "oct") {
throw new DOMException(
"`kty` member of JsonWebKey must be `oct`",
"DataError",
);
}
// Section 6.4.1 of RFC7518
if (!jwk.k) {
throw new DOMException(
"`k` member of JsonWebKey must be present",
"DataError",
);
}
// 4.
data = decodeSymmetricKey(jwk.k);
feat(extensions/crypto): implement importKey and exportKey for raw HMAC keys (#11367) This commit introduces "SubtleCrypto.importKey()" and "SubtleCrypto.exportKey()" APIs.
2021-08-03 15:24:02 -04:00
// 5.
feat(ext/crypto): support JWK import for HMAC (#11716)
2021-08-27 07:19:41 -04:00
hash = normalizedAlgorithm.hash;
feat(extensions/crypto): implement importKey and exportKey for raw HMAC keys (#11367) This commit introduces "SubtleCrypto.importKey()" and "SubtleCrypto.exportKey()" APIs.
2021-08-03 15:24:02 -04:00
// 6.
feat(ext/crypto): support JWK import for HMAC (#11716)
2021-08-27 07:19:41 -04:00
switch (hash.name) {
case "SHA-1": {
if (jwk.alg !== undefined && jwk.alg !== "HS1") {
throw new DOMException(
"`alg` member of JsonWebKey must be `HS1`",
"DataError",
);
}
break;
}
case "SHA-256": {
if (jwk.alg !== undefined && jwk.alg !== "HS256") {
throw new DOMException(
"`alg` member of JsonWebKey must be `HS256`",
"DataError",
);
}
break;
}
case "SHA-384": {
if (jwk.alg !== undefined && jwk.alg !== "HS384") {
throw new DOMException(
"`alg` member of JsonWebKey must be `HS384`",
"DataError",
);
}
break;
}
case "SHA-512": {
if (jwk.alg !== undefined && jwk.alg !== "HS512") {
throw new DOMException(
"`alg` member of JsonWebKey must be `HS512`",
"DataError",
);
}
break;
}
default:
throw new TypeError("unreachable");
feat(extensions/crypto): implement importKey and exportKey for raw HMAC keys (#11367) This commit introduces "SubtleCrypto.importKey()" and "SubtleCrypto.exportKey()" APIs.
2021-08-03 15:24:02 -04:00
}
feat(ext/crypto): support JWK import for HMAC (#11716)
2021-08-27 07:19:41 -04:00
// 7.
if (keyUsages.length > 0 && jwk.use && jwk.use !== "sign") {
throw new DOMException(
"`use` member of JsonWebKey must be `sign`",
"DataError",
);
}
// 8.
// Section 4.3 of RFC7517
if (jwk.key_ops) {
feat(extensions/crypto): implement importKey and exportKey for raw HMAC keys (#11367) This commit introduces "SubtleCrypto.importKey()" and "SubtleCrypto.exportKey()" APIs.
2021-08-03 15:24:02 -04:00
if (
feat(ext/crypto): support JWK import for HMAC (#11716)
2021-08-27 07:19:41 -04:00
ArrayPrototypeFind(
jwk.key_ops,
(u) => !ArrayPrototypeIncludes(recognisedUsages, u),
) !== undefined
feat(extensions/crypto): implement importKey and exportKey for raw HMAC keys (#11367) This commit introduces "SubtleCrypto.importKey()" and "SubtleCrypto.exportKey()" APIs.
2021-08-03 15:24:02 -04:00
) {
throw new DOMException(
feat(ext/crypto): support JWK import for HMAC (#11716)
2021-08-27 07:19:41 -04:00
"`key_ops` member of JsonWebKey is invalid",
feat(extensions/crypto): implement importKey and exportKey for raw HMAC keys (#11367) This commit introduces "SubtleCrypto.importKey()" and "SubtleCrypto.exportKey()" APIs.
2021-08-03 15:24:02 -04:00
"DataError",
);
}
feat(ext/crypto): support JWK import for HMAC (#11716)
2021-08-27 07:19:41 -04:00
if (
!ArrayPrototypeEvery(
jwk.key_ops,
(u) => ArrayPrototypeIncludes(keyUsages, u),
)
) {
throw new DOMException(
"`key_ops` member of JsonWebKey is invalid",
"DataError",
);
}
feat(extensions/crypto): implement importKey and exportKey for raw HMAC keys (#11367) This commit introduces "SubtleCrypto.importKey()" and "SubtleCrypto.exportKey()" APIs.
2021-08-03 15:24:02 -04:00
}
feat(ext/crypto): support JWK import for HMAC (#11716)
2021-08-27 07:19:41 -04:00
// 9.
if (jwk.ext === false && extractable == true) {
throw new DOMException(
"`ext` member of JsonWebKey is invalid",
"DataError",
);
}
feat(extensions/crypto): implement importKey and exportKey for raw HMAC keys (#11367) This commit introduces "SubtleCrypto.importKey()" and "SubtleCrypto.exportKey()" APIs.
2021-08-03 15:24:02 -04:00
feat(ext/crypto): support JWK import for HMAC (#11716)
2021-08-27 07:19:41 -04:00
break;
feat(extensions/crypto): implement importKey and exportKey for raw HMAC keys (#11367) This commit introduces "SubtleCrypto.importKey()" and "SubtleCrypto.exportKey()" APIs.
2021-08-03 15:24:02 -04:00
}
default:
throw new DOMException("Not implemented", "NotSupportedError");
}
feat(ext/crypto): support JWK import for HMAC (#11716)
2021-08-27 07:19:41 -04:00
// 5.
let length = data.byteLength * 8;
// 6.
if (length === 0) {
throw new DOMException("Key length is zero", "DataError");
}
// 7.
if (normalizedAlgorithm.length !== undefined) {
if (
normalizedAlgorithm.length > length ||
normalizedAlgorithm.length <= (length - 8)
) {
throw new DOMException(
"Key length is invalid",
"DataError",
);
}
length = normalizedAlgorithm.length;
}
if (keyUsages.length == 0) {
throw new DOMException("Key usage is empty", "SyntaxError");
}
const handle = {};
WeakMapPrototypeSet(KEY_STORE, handle, {
type: "raw",
data,
});
const algorithm = {
name: "HMAC",
length,
hash,
};
const key = constructKey(
"secret",
extractable,
usageIntersection(keyUsages, recognisedUsages),
algorithm,
handle,
);
return key;
feat(extensions/crypto): implement importKey and exportKey for raw HMAC keys (#11367) This commit introduces "SubtleCrypto.importKey()" and "SubtleCrypto.exportKey()" APIs.
2021-08-03 15:24:02 -04:00
}
feat(ext/crypto): import RSA pkcs#8 keys (#11891)
2021-09-14 09:21:20 -04:00
case "RSASSA-PKCS1-v1_5": {
switch (format) {
case "pkcs8": {
// 1.
if (
ArrayPrototypeFind(
keyUsages,
(u) => !ArrayPrototypeIncludes(["sign"], u),
) !== undefined
) {
throw new DOMException("Invalid key usages", "SyntaxError");
}
if (keyUsages.length == 0) {
throw new DOMException("Key usage is empty", "SyntaxError");
}
// 2-9.
const { modulusLength, publicExponent, data } = await core
.opAsync(
"op_crypto_import_key",
{
algorithm: "RSASSA-PKCS1-v1_5",
format: "pkcs8",
// Needed to perform step 7 without normalization.
hash: normalizedAlgorithm.hash.name,
},
keyData,
);
const handle = {};
WeakMapPrototypeSet(KEY_STORE, handle, {
// PKCS#1 for RSA
type: "raw",
data,
});
const algorithm = {
name: "RSASSA-PKCS1-v1_5",
modulusLength,
publicExponent,
hash: normalizedAlgorithm.hash,
};
const key = constructKey(
"private",
extractable,
usageIntersection(keyUsages, recognisedUsages),
algorithm,
handle,
);
return key;
}
default:
throw new DOMException("Not implemented", "NotSupportedError");
}
}
case "RSA-PSS": {
switch (format) {
case "pkcs8": {
// 1.
if (
ArrayPrototypeFind(
keyUsages,
(u) => !ArrayPrototypeIncludes(["sign"], u),
) !== undefined
) {
throw new DOMException("Invalid key usages", "SyntaxError");
}
if (keyUsages.length == 0) {
throw new DOMException("Key usage is empty", "SyntaxError");
}
// 2-9.
const { modulusLength, publicExponent, data } = await core
.opAsync(
"op_crypto_import_key",
{
algorithm: "RSA-PSS",
format: "pkcs8",
// Needed to perform step 7 without normalization.
hash: normalizedAlgorithm.hash.name,
},
keyData,
);
const handle = {};
WeakMapPrototypeSet(KEY_STORE, handle, {
// PKCS#1 for RSA
type: "raw",
data,
});
const algorithm = {
name: "RSA-PSS",
modulusLength,
publicExponent,
hash: normalizedAlgorithm.hash,
};
const key = constructKey(
"private",
extractable,
usageIntersection(keyUsages, recognisedUsages),
algorithm,
handle,
);
return key;
}
default:
throw new DOMException("Not implemented", "NotSupportedError");
}
}
case "RSA-OAEP": {
switch (format) {
case "pkcs8": {
// 1.
if (
ArrayPrototypeFind(
keyUsages,
(u) => !ArrayPrototypeIncludes(["decrypt", "unwrapKey"], u),
) !== undefined
) {
throw new DOMException("Invalid key usages", "SyntaxError");
}
if (keyUsages.length == 0) {
throw new DOMException("Key usage is empty", "SyntaxError");
}
// 2-9.
const { modulusLength, publicExponent, data } = await core
.opAsync(
"op_crypto_import_key",
{
algorithm: "RSA-OAEP",
format: "pkcs8",
// Needed to perform step 7 without normalization.
hash: normalizedAlgorithm.hash.name,
},
keyData,
);
const handle = {};
WeakMapPrototypeSet(KEY_STORE, handle, {
// PKCS#1 for RSA
type: "raw",
data,
});
const algorithm = {
name: "RSA-OAEP",
modulusLength,
publicExponent,
hash: normalizedAlgorithm.hash,
};
const key = constructKey(
"private",
extractable,
usageIntersection(keyUsages, recognisedUsages),
algorithm,
handle,
);
return key;
}
default:
throw new DOMException("Not implemented", "NotSupportedError");
}
}
feat(extensions/crypto): implement importKey and exportKey for raw HMAC keys (#11367) This commit introduces "SubtleCrypto.importKey()" and "SubtleCrypto.exportKey()" APIs.
2021-08-03 15:24:02 -04:00
// TODO(@littledivy): ECDSA
feat(ext/crypto): implement HKDF operations (#11865) Co-authored-by: Luca Casonato <lucacasonato@yahoo.com>
2021-09-11 16:54:03 -04:00
case "HKDF": {
if (format !== "raw") {
throw new DOMException("Format not supported", "NotSupportedError");
}
// 1.
if (
ArrayPrototypeFind(
keyUsages,
(u) => !ArrayPrototypeIncludes(["deriveKey", "deriveBits"], u),
) !== undefined
) {
throw new DOMException("Invalid key usages", "SyntaxError");
}
// 2.
if (extractable !== false) {
throw new DOMException(
"Key must not be extractable",
"SyntaxError",
);
}
// 3.
const handle = {};
WeakMapPrototypeSet(KEY_STORE, handle, {
type: "raw",
data: keyData,
});
// 4-8.
const algorithm = {
name: "HKDF",
};
const key = constructKey(
"secret",
false,
usageIntersection(keyUsages, recognisedUsages),
algorithm,
handle,
);
// 9.
return key;
}
feat(ext/crypto): implement importKey and deriveBits for PBKDF2 (#11642)
2021-08-26 06:48:07 -04:00
case "PBKDF2": {
// 1.
if (format !== "raw") {
throw new DOMException("Format not supported", "NotSupportedError");
}
// 2.
if (
ArrayPrototypeFind(
keyUsages,
(u) => !ArrayPrototypeIncludes(["deriveKey", "deriveBits"], u),
) !== undefined
) {
throw new DOMException("Invalid key usages", "SyntaxError");
}
// 3.
if (extractable !== false) {
throw new DOMException(
"Key must not be extractable",
"SyntaxError",
);
}
// 4.
const handle = {};
WeakMapPrototypeSet(KEY_STORE, handle, {
type: "raw",
data: keyData,
});
// 5-9.
const algorithm = {
name: "PBKDF2",
};
const key = constructKey(
"secret",
false,
usageIntersection(keyUsages, recognisedUsages),
algorithm,
handle,
);
// 10.
return key;
}
feat(extensions/crypto): implement importKey and exportKey for raw HMAC keys (#11367) This commit introduces "SubtleCrypto.importKey()" and "SubtleCrypto.exportKey()" APIs.
2021-08-03 15:24:02 -04:00
default:
throw new DOMException("Not implemented", "NotSupportedError");
}
}
/**
feat(fmt): add basic JS doc formatting (#11902)
2021-09-02 18:28:12 -04:00
* @param {string} format
* @param {CryptoKey} key
* @returns {Promise<any>}
*/
feat(extensions/crypto): implement importKey and exportKey for raw HMAC keys (#11367) This commit introduces "SubtleCrypto.importKey()" and "SubtleCrypto.exportKey()" APIs.
2021-08-03 15:24:02 -04:00
async exportKey(format, key) {
webidl.assertBranded(this, SubtleCrypto);
const prefix = "Failed to execute 'exportKey' on 'SubtleCrypto'";
webidl.requiredArguments(arguments.length, 2, { prefix });
format = webidl.converters.KeyFormat(format, {
prefix,
context: "Argument 1",
});
key = webidl.converters.CryptoKey(key, {
prefix,
context: "Argument 2",
});
const handle = key[_handle];
// 2.
fix(ext/crypto): exportKey() for HMAC (#11737) Fixes typings and innerKey processing (WPT doesn't test exportKey for HMAC so this wasn't caught earlier).
2021-08-17 05:29:32 -04:00
const innerKey = WeakMapPrototypeGet(KEY_STORE, handle);
feat(extensions/crypto): implement importKey and exportKey for raw HMAC keys (#11367) This commit introduces "SubtleCrypto.importKey()" and "SubtleCrypto.exportKey()" APIs.
2021-08-03 15:24:02 -04:00
switch (key[_algorithm].name) {
case "HMAC": {
fix(ext/crypto): exportKey() for HMAC (#11737) Fixes typings and innerKey processing (WPT doesn't test exportKey for HMAC so this wasn't caught earlier).
2021-08-17 05:29:32 -04:00
if (innerKey == null) {
feat(extensions/crypto): implement importKey and exportKey for raw HMAC keys (#11367) This commit introduces "SubtleCrypto.importKey()" and "SubtleCrypto.exportKey()" APIs.
2021-08-03 15:24:02 -04:00
throw new DOMException("Key is not available", "OperationError");
}
switch (format) {
// 3.
case "raw": {
fix(ext/crypto): exportKey() for HMAC (#11737) Fixes typings and innerKey processing (WPT doesn't test exportKey for HMAC so this wasn't caught earlier).
2021-08-17 05:29:32 -04:00
const bits = innerKey.data;
feat(extensions/crypto): implement importKey and exportKey for raw HMAC keys (#11367) This commit introduces "SubtleCrypto.importKey()" and "SubtleCrypto.exportKey()" APIs.
2021-08-03 15:24:02 -04:00
for (let _i = 7 & (8 - bits.length % 8); _i > 0; _i--) {
bits.push(0);
}
// 4-5.
return bits.buffer;
}
feat(ext/crypto): support JWK export for HMAC (#11864)
2021-08-29 08:23:51 -04:00
case "jwk": {
// 1-3.
const jwk = {
kty: "oct",
k: unpaddedBase64(innerKey.data),
};
// 4.
const algorithm = key[_algorithm];
// 5.
const hash = algorithm.hash;
// 6.
switch (hash.name) {
case "SHA-1":
jwk.alg = "HS1";
break;
case "SHA-256":
jwk.alg = "HS256";
break;
case "SHA-384":
jwk.alg = "HS384";
break;
case "SHA-512":
jwk.alg = "HS512";
break;
default:
throw new DOMException(
"Hash algorithm not supported",
"NotSupportedError",
);
}
// 7.
jwk.key_ops = key.usages;
// 8.
jwk.ext = key[_extractable];
// 9.
return jwk;
}
feat(extensions/crypto): implement importKey and exportKey for raw HMAC keys (#11367) This commit introduces "SubtleCrypto.importKey()" and "SubtleCrypto.exportKey()" APIs.
2021-08-03 15:24:02 -04:00
default:
throw new DOMException("Not implemented", "NotSupportedError");
}
feat(ext/crypto): support JWK export for HMAC (#11864)
2021-08-29 08:23:51 -04:00
// TODO(@littledivy): Redundant break but deno_lint complains without it
break;
feat(extensions/crypto): implement importKey and exportKey for raw HMAC keys (#11367) This commit introduces "SubtleCrypto.importKey()" and "SubtleCrypto.exportKey()" APIs.
2021-08-03 15:24:02 -04:00
}
feat(ext/crypto): export RSA keys as pkcs#8 (#11880)
2021-09-13 05:33:28 -04:00
case "RSASSA-PKCS1-v1_5": {
switch (format) {
case "pkcs8": {
// 1.
if (key[_type] !== "private") {
throw new DOMException(
"Key is not a private key",
"InvalidAccessError",
);
}
// 2.
const data = await core.opAsync(
"op_crypto_export_key",
{
key: innerKey,
format: "pkcs8",
algorithm: "RSASSA-PKCS1-v1_5",
},
);
// 3.
return data.buffer;
}
default:
throw new DOMException("Not implemented", "NotSupportedError");
}
}
case "RSA-PSS": {
switch (format) {
case "pkcs8": {
// 1.
if (key[_type] !== "private") {
throw new DOMException(
"Key is not a private key",
"InvalidAccessError",
);
}
// 2.
const data = await core.opAsync(
"op_crypto_export_key",
{
key: innerKey,
format: "pkcs8",
algorithm: "RSA-PSS",
hash: key[_algorithm].hash.name,
},
);
// 3.
return data.buffer;
}
default:
throw new DOMException("Not implemented", "NotSupportedError");
}
}
case "RSA-OAEP": {
switch (format) {
case "pkcs8": {
// 1.
if (key[_type] !== "private") {
throw new DOMException(
"Key is not a private key",
"InvalidAccessError",
);
}
// 2.
const data = await core.opAsync(
"op_crypto_export_key",
{
key: innerKey,
format: "pkcs8",
algorithm: "RSA-PSS",
hash: key[_algorithm].hash.name,
},
);
// 3.
return data.buffer;
}
default:
throw new DOMException("Not implemented", "NotSupportedError");
}
}
feat(extensions/crypto): implement importKey and exportKey for raw HMAC keys (#11367) This commit introduces "SubtleCrypto.importKey()" and "SubtleCrypto.exportKey()" APIs.
2021-08-03 15:24:02 -04:00
// TODO(@littledivy): ECDSA
default:
throw new DOMException("Not implemented", "NotSupportedError");
}
}
feat(ext/crypto): implement importKey and deriveBits for PBKDF2 (#11642)
2021-08-26 06:48:07 -04:00
/**
feat(fmt): add basic JS doc formatting (#11902)
2021-09-02 18:28:12 -04:00
* @param {AlgorithmIdentifier} algorithm
* @param {CryptoKey} baseKey
* @param {number} length
* @returns {Promise<ArrayBuffer>}
*/
feat(ext/crypto): implement importKey and deriveBits for PBKDF2 (#11642)
2021-08-26 06:48:07 -04:00
async deriveBits(algorithm, baseKey, length) {
webidl.assertBranded(this, SubtleCrypto);
const prefix = "Failed to execute 'deriveBits' on 'SubtleCrypto'";
webidl.requiredArguments(arguments.length, 3, { prefix });
algorithm = webidl.converters.AlgorithmIdentifier(algorithm, {
prefix,
context: "Argument 1",
});
baseKey = webidl.converters.CryptoKey(baseKey, {
prefix,
context: "Argument 2",
});
length = webidl.converters["unsigned long"](length, {
prefix,
context: "Argument 3",
});
// 2.
const normalizedAlgorithm = normalizeAlgorithm(algorithm, "deriveBits");
// 4-6.
const result = await deriveBits(normalizedAlgorithm, baseKey, length);
// 7.
if (normalizedAlgorithm.name !== baseKey[_algorithm].name) {
throw new DOMException("InvalidAccessError", "Invalid algorithm name");
}
// 8.
if (!ArrayPrototypeIncludes(baseKey[_usages], "deriveBits")) {
throw new DOMException(
"InvalidAccessError",
"baseKey usages does not contain `deriveBits`",
);
}
// 9-10.
return result;
}
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
/**
* @param {string} algorithm
feat(extensions/crypto): implement verify() for RSA (#11312)
2021-07-12 08:45:36 -04:00
* @param {CryptoKey} key
* @param {BufferSource} signature
* @param {BufferSource} data
* @returns {Promise<boolean>}
*/
async verify(algorithm, key, signature, data) {
webidl.assertBranded(this, SubtleCrypto);
const prefix = "Failed to execute 'verify' on 'SubtleCrypto'";
webidl.requiredArguments(arguments.length, 4, { prefix });
algorithm = webidl.converters.AlgorithmIdentifier(algorithm, {
prefix,
context: "Argument 1",
});
key = webidl.converters.CryptoKey(key, {
prefix,
context: "Argument 2",
});
signature = webidl.converters.BufferSource(signature, {
prefix,
context: "Argument 3",
});
data = webidl.converters.BufferSource(data, {
prefix,
context: "Argument 4",
});
// 2.
chore(extensions/crypto): use primoridials with verify() (#11384)
2021-07-13 12:52:59 -04:00
if (ArrayBufferIsView(signature)) {
feat(extensions/crypto): implement verify() for RSA (#11312)
2021-07-12 08:45:36 -04:00
signature = new Uint8Array(
signature.buffer,
signature.byteOffset,
signature.byteLength,
);
} else {
signature = new Uint8Array(signature);
}
chore(extensions/crypto): use primoridials with verify() (#11384)
2021-07-13 12:52:59 -04:00
signature = TypedArrayPrototypeSlice(signature);
feat(extensions/crypto): implement verify() for RSA (#11312)
2021-07-12 08:45:36 -04:00
// 3.
chore(extensions/crypto): use primoridials with verify() (#11384)
2021-07-13 12:52:59 -04:00
if (ArrayBufferIsView(data)) {
feat(extensions/crypto): implement verify() for RSA (#11312)
2021-07-12 08:45:36 -04:00
data = new Uint8Array(data.buffer, data.byteOffset, data.byteLength);
} else {
data = new Uint8Array(data);
}
chore(extensions/crypto): use primoridials with verify() (#11384)
2021-07-13 12:52:59 -04:00
data = TypedArrayPrototypeSlice(data);
feat(extensions/crypto): implement verify() for RSA (#11312)
2021-07-12 08:45:36 -04:00
const normalizedAlgorithm = normalizeAlgorithm(algorithm, "verify");
const handle = key[_handle];
chore(extensions/crypto): use primoridials with verify() (#11384)
2021-07-13 12:52:59 -04:00
const keyData = WeakMapPrototypeGet(KEY_STORE, handle);
feat(extensions/crypto): implement verify() for RSA (#11312)
2021-07-12 08:45:36 -04:00
if (normalizedAlgorithm.name !== key[_algorithm].name) {
throw new DOMException(
"Verifying algorithm doesn't match key algorithm.",
"InvalidAccessError",
);
}
chore(extensions/crypto): use primoridials with verify() (#11384)
2021-07-13 12:52:59 -04:00
if (!ArrayPrototypeIncludes(key[_usages], "verify")) {
feat(extensions/crypto): implement verify() for RSA (#11312)
2021-07-12 08:45:36 -04:00
throw new DOMException(
"Key does not support the 'verify' operation.",
"InvalidAccessError",
);
}
switch (normalizedAlgorithm.name) {
case "RSASSA-PKCS1-v1_5": {
if (key[_type] !== "public") {
throw new DOMException(
"Key type not supported",
"InvalidAccessError",
);
}
const hashAlgorithm = key[_algorithm].hash.name;
return await core.opAsync("op_crypto_verify_key", {
key: keyData,
algorithm: "RSASSA-PKCS1-v1_5",
hash: hashAlgorithm,
signature,
}, data);
}
case "RSA-PSS": {
if (key[_type] !== "public") {
throw new DOMException(
"Key type not supported",
"InvalidAccessError",
);
}
const hashAlgorithm = key[_algorithm].hash.name;
const saltLength = normalizedAlgorithm.saltLength;
return await core.opAsync("op_crypto_verify_key", {
key: keyData,
algorithm: "RSA-PSS",
hash: hashAlgorithm,
saltLength,
signature,
}, data);
}
feat(extensions/crypto): implement verify() for HMAC (#11387)
2021-08-04 15:49:27 -04:00
case "HMAC": {
const hash = key[_algorithm].hash.name;
return await core.opAsync("op_crypto_verify_key", {
key: keyData,
algorithm: "HMAC",
hash,
signature,
}, data);
}
feat(ext/crypto): verify ECDSA signatures (#11739)
2021-09-11 16:49:53 -04:00
case "ECDSA": {
// 1.
if (key[_type] !== "public") {
throw new DOMException(
"Key type not supported",
"InvalidAccessError",
);
}
// 2.
const hash = normalizedAlgorithm.hash.name;
// 3-8.
return await core.opAsync("op_crypto_verify_key", {
key: keyData,
algorithm: "ECDSA",
hash,
signature,
namedCurve: key[_algorithm].namedCurve,
}, data);
}
feat(extensions/crypto): implement verify() for RSA (#11312)
2021-07-12 08:45:36 -04:00
}
throw new TypeError("unreachable");
}
/**
* @param {string} algorithm
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
* @param {boolean} extractable
* @param {KeyUsage[]} keyUsages
* @returns {Promise<any>}
*/
async generateKey(algorithm, extractable, keyUsages) {
webidl.assertBranded(this, SubtleCrypto);
const prefix = "Failed to execute 'generateKey' on 'SubtleCrypto'";
webidl.requiredArguments(arguments.length, 3, { prefix });
algorithm = webidl.converters.AlgorithmIdentifier(algorithm, {
prefix,
context: "Argument 1",
});
extractable = webidl.converters["boolean"](extractable, {
prefix,
context: "Argument 2",
});
keyUsages = webidl.converters["sequence<KeyUsage>"](keyUsages, {
prefix,
context: "Argument 3",
});
const usages = keyUsages;
const normalizedAlgorithm = normalizeAlgorithm(algorithm, "generateKey");
const result = await generateKey(
normalizedAlgorithm,
extractable,
usages,
);
if (result instanceof CryptoKey) {
const type = result[_type];
if ((type === "secret" || type === "private") && usages.length === 0) {
throw new DOMException("Invalid key usages", "SyntaxError");
}
} else if (result.privateKey instanceof CryptoKey) {
if (result.privateKey[_usages].length === 0) {
throw new DOMException("Invalid key usages", "SyntaxError");
}
}
return result;
}
chore(extensions/crypto): enable WPT stringification test (#11336)
2021-07-09 11:04:50 -04:00
get [SymbolToStringTag]() {
return "SubtleCrypto";
}
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
}
async function generateKey(normalizedAlgorithm, extractable, usages) {
switch (normalizedAlgorithm.name) {
case "RSASSA-PKCS1-v1_5":
case "RSA-PSS": {
// 1.
refactor: use primordials for extensions/crypto (#11229)
2021-07-08 11:58:38 -04:00
if (
ArrayPrototypeFind(
usages,
(u) => !ArrayPrototypeIncludes(["sign", "verify"], u),
) !== undefined
) {
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
throw new DOMException("Invalid key usages", "SyntaxError");
}
// 2.
const keyData = await core.opAsync(
"op_crypto_generate_key",
{
name: normalizedAlgorithm.name,
modulusLength: normalizedAlgorithm.modulusLength,
publicExponent: normalizedAlgorithm.publicExponent,
},
);
const handle = {};
refactor: use primordials for extensions/crypto (#11229)
2021-07-08 11:58:38 -04:00
WeakMapPrototypeSet(KEY_STORE, handle, {
feat(ext/crypto): export RSA keys as pkcs#8 (#11880)
2021-09-13 05:33:28 -04:00
// PKCS#1 for RSA
type: "raw",
refactor: use primordials for extensions/crypto (#11229)
2021-07-08 11:58:38 -04:00
data: keyData,
});
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
// 4-8.
const algorithm = {
name: normalizedAlgorithm.name,
modulusLength: normalizedAlgorithm.modulusLength,
publicExponent: normalizedAlgorithm.publicExponent,
hash: normalizedAlgorithm.hash,
};
// 9-13.
const publicKey = constructKey(
"public",
true,
feat(extensions/crypto): implement importKey and exportKey for raw HMAC keys (#11367) This commit introduces "SubtleCrypto.importKey()" and "SubtleCrypto.exportKey()" APIs.
2021-08-03 15:24:02 -04:00
usageIntersection(usages, ["verify"]),
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
algorithm,
handle,
);
// 14-18.
const privateKey = constructKey(
"private",
extractable,
feat(extensions/crypto): implement importKey and exportKey for raw HMAC keys (#11367) This commit introduces "SubtleCrypto.importKey()" and "SubtleCrypto.exportKey()" APIs.
2021-08-03 15:24:02 -04:00
usageIntersection(usages, ["sign"]),
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
algorithm,
handle,
);
// 19-22.
return { publicKey, privateKey };
}
feat(ext/crypto): implement encrypt, decrypt & generateKey for RSA-OAEP (#11654)
2021-08-24 15:59:02 -04:00
case "RSA-OAEP": {
if (
ArrayPrototypeFind(
usages,
(u) =>
!ArrayPrototypeIncludes([
"encrypt",
"decrypt",
"wrapKey",
"unwrapKey",
], u),
) !== undefined
) {
throw new DOMException("Invalid key usages", "SyntaxError");
}
// 2.
const keyData = await core.opAsync(
"op_crypto_generate_key",
{
name: normalizedAlgorithm.name,
modulusLength: normalizedAlgorithm.modulusLength,
publicExponent: normalizedAlgorithm.publicExponent,
},
);
const handle = {};
WeakMapPrototypeSet(KEY_STORE, handle, {
feat(ext/crypto): export RSA keys as pkcs#8 (#11880)
2021-09-13 05:33:28 -04:00
// PKCS#1 for RSA
type: "raw",
feat(ext/crypto): implement encrypt, decrypt & generateKey for RSA-OAEP (#11654)
2021-08-24 15:59:02 -04:00
data: keyData,
});
// 4-8.
const algorithm = {
name: normalizedAlgorithm.name,
modulusLength: normalizedAlgorithm.modulusLength,
publicExponent: normalizedAlgorithm.publicExponent,
hash: normalizedAlgorithm.hash,
};
// 9-13.
const publicKey = constructKey(
"public",
true,
usageIntersection(usages, ["encrypt", "wrapKey"]),
algorithm,
handle,
);
// 14-18.
const privateKey = constructKey(
"private",
extractable,
usageIntersection(usages, ["decrypt", "unwrapKey"]),
algorithm,
handle,
);
// 19-22.
return { publicKey, privateKey };
}
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
case "ECDSA": {
// 1.
refactor: use primordials for extensions/crypto (#11229)
2021-07-08 11:58:38 -04:00
if (
ArrayPrototypeFind(
usages,
(u) => !ArrayPrototypeIncludes(["sign", "verify"], u),
) !== undefined
) {
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
throw new DOMException("Invalid key usages", "SyntaxError");
}
// 2-3.
const handle = {};
refactor: use primordials for extensions/crypto (#11229)
2021-07-08 11:58:38 -04:00
if (
ArrayPrototypeIncludes(
supportedNamedCurves,
normalizedAlgorithm.namedCurve,
)
) {
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
const keyData = await core.opAsync("op_crypto_generate_key", {
name: "ECDSA",
namedCurve: normalizedAlgorithm.namedCurve,
});
refactor: use primordials for extensions/crypto (#11229)
2021-07-08 11:58:38 -04:00
WeakMapPrototypeSet(KEY_STORE, handle, {
type: "pkcs8",
data: keyData,
});
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
} else {
throw new DOMException("Curve not supported", "NotSupportedError");
}
// 4-6.
const algorithm = {
name: "ECDSA",
namedCurve: normalizedAlgorithm.namedCurve,
};
// 7-11.
const publicKey = constructKey(
"public",
true,
feat(extensions/crypto): implement importKey and exportKey for raw HMAC keys (#11367) This commit introduces "SubtleCrypto.importKey()" and "SubtleCrypto.exportKey()" APIs.
2021-08-03 15:24:02 -04:00
usageIntersection(usages, ["verify"]),
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
algorithm,
handle,
);
// 12-16.
const privateKey = constructKey(
"private",
extractable,
feat(extensions/crypto): implement importKey and exportKey for raw HMAC keys (#11367) This commit introduces "SubtleCrypto.importKey()" and "SubtleCrypto.exportKey()" APIs.
2021-08-03 15:24:02 -04:00
usageIntersection(usages, ["sign"]),
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
algorithm,
handle,
);
// 17-20.
return { publicKey, privateKey };
}
feat(ext/crypto): generate ECDH keys (#11870) Add support for ECDH algorithm in SubtleCrypto#generateKey.
2021-09-13 05:35:49 -04:00
case "ECDH": {
// 1.
if (
ArrayPrototypeFind(
usages,
(u) => !ArrayPrototypeIncludes(["deriveKey", "deriveBits"], u),
) !== undefined
) {
throw new DOMException("Invalid key usages", "SyntaxError");
}
// 2-3.
const handle = {};
if (
ArrayPrototypeIncludes(
supportedNamedCurves,
normalizedAlgorithm.namedCurve,
)
) {
const keyData = await core.opAsync("op_crypto_generate_key", {
name: "ECDH",
namedCurve: normalizedAlgorithm.namedCurve,
});
WeakMapPrototypeSet(KEY_STORE, handle, {
type: "pkcs8",
data: keyData,
});
} else {
throw new DOMException("Curve not supported", "NotSupportedError");
}
// 4-6.
const algorithm = {
name: "ECDH",
namedCurve: normalizedAlgorithm.namedCurve,
};
// 7-11.
const publicKey = constructKey(
"public",
true,
usageIntersection(usages, []),
algorithm,
handle,
);
// 12-16.
const privateKey = constructKey(
"private",
extractable,
usageIntersection(usages, ["deriveKey", "deriveBits"]),
algorithm,
handle,
);
// 17-20.
return { publicKey, privateKey };
}
feat(ext/crypto): AES key generation (#11869) Support AES-CTR, AES-CBC, AES-GCM, and AES-KW in SubtleCrypto#generateKey.
2021-08-31 05:25:44 -04:00
case "AES-CTR":
case "AES-CBC":
case "AES-GCM": {
// 1.
if (
ArrayPrototypeFind(
usages,
(u) =>
!ArrayPrototypeIncludes([
"encrypt",
"decrypt",
"wrapKey",
"unwrapKey",
], u),
) !== undefined
) {
throw new DOMException("Invalid key usages", "SyntaxError");
}
return generateKeyAES(normalizedAlgorithm, extractable, usages);
}
case "AES-KW": {
// 1.
if (
ArrayPrototypeFind(
usages,
(u) => !ArrayPrototypeIncludes(["wrapKey", "unwrapKey"], u),
) !== undefined
) {
throw new DOMException("Invalid key usages", "SyntaxError");
}
return generateKeyAES(normalizedAlgorithm, extractable, usages);
}
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
case "HMAC": {
// 1.
if (
refactor: use primordials for extensions/crypto (#11229)
2021-07-08 11:58:38 -04:00
ArrayPrototypeFind(
usages,
(u) => !ArrayPrototypeIncludes(["sign", "verify"], u),
) !== undefined
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
) {
throw new DOMException("Invalid key usages", "SyntaxError");
}
// 2.
let length;
if (normalizedAlgorithm.length === undefined) {
length = null;
} else if (normalizedAlgorithm.length !== 0) {
length = normalizedAlgorithm.length;
} else {
throw new DOMException("Invalid length", "OperationError");
}
// 3-4.
const keyData = await core.opAsync("op_crypto_generate_key", {
name: "HMAC",
hash: normalizedAlgorithm.hash.name,
length,
});
const handle = {};
refactor: use primordials for extensions/crypto (#11229)
2021-07-08 11:58:38 -04:00
WeakMapPrototypeSet(KEY_STORE, handle, { type: "raw", data: keyData });
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
// 6-10.
const algorithm = {
name: "HMAC",
hash: {
name: normalizedAlgorithm.hash.name,
},
length: keyData.byteLength * 8,
};
// 5, 11-13.
const key = constructKey(
"secret",
extractable,
usages,
algorithm,
handle,
);
// 14.
return key;
}
}
}
feat(ext/crypto): AES key generation (#11869) Support AES-CTR, AES-CBC, AES-GCM, and AES-KW in SubtleCrypto#generateKey.
2021-08-31 05:25:44 -04:00
async function generateKeyAES(normalizedAlgorithm, extractable, usages) {
// 2.
if (!ArrayPrototypeIncludes([128, 192, 256], normalizedAlgorithm.length)) {
throw new DOMException("Invalid key length", "OperationError");
}
// 3.
const keyData = await core.opAsync("op_crypto_generate_key", {
name: normalizedAlgorithm.name,
length: normalizedAlgorithm.length,
});
const handle = {};
WeakMapPrototypeSet(KEY_STORE, handle, {
type: "raw",
data: keyData,
});
// 6-8.
const algorithm = {
name: normalizedAlgorithm.name,
length: normalizedAlgorithm.length,
};
// 9-11.
const key = constructKey(
"secret",
extractable,
usages,
algorithm,
handle,
);
// 12.
return key;
}
feat(ext/crypto): implement importKey and deriveBits for PBKDF2 (#11642)
2021-08-26 06:48:07 -04:00
async function deriveBits(normalizedAlgorithm, baseKey, length) {
switch (normalizedAlgorithm.name) {
case "PBKDF2": {
// 1.
if (length == null || length == 0 || length % 8 !== 0) {
throw new DOMException("Invalid length", "OperationError");
}
if (normalizedAlgorithm.iterations == 0) {
throw new DOMException(
"iterations must not be zero",
"OperationError",
);
}
const handle = baseKey[_handle];
const keyData = WeakMapPrototypeGet(KEY_STORE, handle);
if (ArrayBufferIsView(normalizedAlgorithm.salt)) {
normalizedAlgorithm.salt = new Uint8Array(
normalizedAlgorithm.salt.buffer,
normalizedAlgorithm.salt.byteOffset,
normalizedAlgorithm.salt.byteLength,
);
} else {
normalizedAlgorithm.salt = new Uint8Array(normalizedAlgorithm.salt);
}
normalizedAlgorithm.salt = TypedArrayPrototypeSlice(
normalizedAlgorithm.salt,
);
const buf = await core.opAsync("op_crypto_derive_bits", {
key: keyData,
algorithm: "PBKDF2",
hash: normalizedAlgorithm.hash.name,
iterations: normalizedAlgorithm.iterations,
length,
}, normalizedAlgorithm.salt);
return buf.buffer;
}
feat(ext/crypto): implement HKDF operations (#11865) Co-authored-by: Luca Casonato <lucacasonato@yahoo.com>
2021-09-11 16:54:03 -04:00
case "HKDF": {
// 1.
if (length === null || length === 0 || length % 8 !== 0) {
throw new DOMException("Invalid length", "OperationError");
}
const handle = baseKey[_handle];
const keyDerivationKey = WeakMapPrototypeGet(KEY_STORE, handle);
if (ArrayBufferIsView(normalizedAlgorithm.salt)) {
normalizedAlgorithm.salt = new Uint8Array(
normalizedAlgorithm.salt.buffer,
normalizedAlgorithm.salt.byteOffset,
normalizedAlgorithm.salt.byteLength,
);
} else {
normalizedAlgorithm.salt = new Uint8Array(normalizedAlgorithm.salt);
}
normalizedAlgorithm.salt = TypedArrayPrototypeSlice(
normalizedAlgorithm.salt,
);
if (ArrayBufferIsView(normalizedAlgorithm.info)) {
normalizedAlgorithm.info = new Uint8Array(
normalizedAlgorithm.info.buffer,
normalizedAlgorithm.info.byteOffset,
normalizedAlgorithm.info.byteLength,
);
} else {
normalizedAlgorithm.info = new Uint8Array(normalizedAlgorithm.info);
}
normalizedAlgorithm.info = TypedArrayPrototypeSlice(
normalizedAlgorithm.info,
);
const buf = await core.opAsync("op_crypto_derive_bits", {
key: keyDerivationKey,
algorithm: "HKDF",
hash: normalizedAlgorithm.hash.name,
info: normalizedAlgorithm.info,
length,
}, normalizedAlgorithm.salt);
return buf.buffer;
}
feat(ext/crypto): implement importKey and deriveBits for PBKDF2 (#11642)
2021-08-26 06:48:07 -04:00
default:
throw new DOMException("Not implemented", "NotSupportedError");
}
}
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
const subtle = webidl.createBranded(SubtleCrypto);
class Crypto {
constructor() {
webidl.illegalConstructor();
}
getRandomValues(arrayBufferView) {
webidl.assertBranded(this, Crypto);
const prefix = "Failed to execute 'getRandomValues' on 'Crypto'";
webidl.requiredArguments(arguments.length, 1, { prefix });
arrayBufferView = webidl.converters.ArrayBufferView(arrayBufferView, {
prefix,
context: "Argument 1",
});
if (
!(
arrayBufferView instanceof Int8Array ||
arrayBufferView instanceof Uint8Array ||
fix: Big{U|}Int64Array in crypto.getRandomValues (#11447) Relevant spec change: https://github.com/w3c/webcrypto/pull/266
2021-07-19 09:35:47 -04:00
arrayBufferView instanceof Uint8ClampedArray ||
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
arrayBufferView instanceof Int16Array ||
arrayBufferView instanceof Uint16Array ||
arrayBufferView instanceof Int32Array ||
arrayBufferView instanceof Uint32Array ||
fix: Big{U|}Int64Array in crypto.getRandomValues (#11447) Relevant spec change: https://github.com/w3c/webcrypto/pull/266
2021-07-19 09:35:47 -04:00
arrayBufferView instanceof BigInt64Array ||
arrayBufferView instanceof BigUint64Array
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
)
) {
throw new DOMException(
"The provided ArrayBufferView is not an integer array type",
"TypeMismatchError",
);
}
const ui8 = new Uint8Array(
arrayBufferView.buffer,
arrayBufferView.byteOffset,
arrayBufferView.byteLength,
);
core.opSync("op_crypto_get_random_values", ui8);
return arrayBufferView;
}
randomUUID() {
webidl.assertBranded(this, Crypto);
return core.opSync("op_crypto_random_uuid");
}
get subtle() {
webidl.assertBranded(this, Crypto);
return subtle;
}
refactor: use primordials for extensions/crypto (#11229)
2021-07-08 11:58:38 -04:00
get [SymbolToStringTag]() {
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
return "Crypto";
}
refactor: use primordials for extensions/crypto (#11229)
2021-07-08 11:58:38 -04:00
[SymbolFor("Deno.customInspect")](inspect) {
feat(crypto): implement generateKey() and sign() (#9614) Co-authored-by: Luca Casonato <hello@lcas.dev> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2021-07-06 08:16:04 -04:00
return `${this.constructor.name} ${inspect({})}`;
}
}
webidl.configurePrototype(Crypto);
window.__bootstrap.crypto = {
SubtleCrypto,
crypto: webidl.createBranded(Crypto),
Crypto,
CryptoKey,
};
})(this);
Copy permalink