mirror of
https://github.com/denoland/deno.git
synced 2024-11-25 15:29:32 -05:00
feat(ext/crypto): generate ECDH keys (#11870)
Add support for ECDH algorithm in SubtleCrypto#generateKey.
This commit is contained in:
Luca Casonato
GitHub
parent
2199bdaf64
commit
d0b5ff6db9
3 changed files with 86 additions and 97 deletions
|
|
@ -82,6 +82,7 @@
|
||||||
"RSA-PSS": "RsaHashedKeyGenParams",
|
"RSA-PSS": "RsaHashedKeyGenParams",
|
||||||
"RSA-OAEP": "RsaHashedKeyGenParams",
|
"RSA-OAEP": "RsaHashedKeyGenParams",
|
||||||
"ECDSA": "EcKeyGenParams",
|
"ECDSA": "EcKeyGenParams",
|
||||||
|
"ECDH": "EcKeyGenParams",
|
||||||
"AES-CTR": "AesKeyGenParams",
|
"AES-CTR": "AesKeyGenParams",
|
||||||
"AES-CBC": "AesKeyGenParams",
|
"AES-CBC": "AesKeyGenParams",
|
||||||
"AES-GCM": "AesKeyGenParams",
|
"AES-GCM": "AesKeyGenParams",
|
||||||
|
|
@ -1575,7 +1576,64 @@
|
||||||
// 17-20.
|
// 17-20.
|
||||||
return { publicKey, privateKey };
|
return { publicKey, privateKey };
|
||||||
}
|
}
|
||||||
// TODO(lucacasonato): ECDH
|
case "ECDH": {
|
||||||
|
// 1.
|
||||||
|
if (
|
||||||
|
ArrayPrototypeFind(
|
||||||
|
usages,
|
||||||
|
(u) => !ArrayPrototypeIncludes(["deriveKey", "deriveBits"], u),
|
||||||
|
) !== undefined
|
||||||
|
) {
|
||||||
|
throw new DOMException("Invalid key usages", "SyntaxError");
|
||||||
|
}
|
||||||
|
|
||||||
|
// 2-3.
|
||||||
|
const handle = {};
|
||||||
|
if (
|
||||||
|
ArrayPrototypeIncludes(
|
||||||
|
supportedNamedCurves,
|
||||||
|
normalizedAlgorithm.namedCurve,
|
||||||
|
)
|
||||||
|
) {
|
||||||
|
const keyData = await core.opAsync("op_crypto_generate_key", {
|
||||||
|
name: "ECDH",
|
||||||
|
namedCurve: normalizedAlgorithm.namedCurve,
|
||||||
|
});
|
||||||
|
WeakMapPrototypeSet(KEY_STORE, handle, {
|
||||||
|
type: "pkcs8",
|
||||||
|
data: keyData,
|
||||||
|
});
|
||||||
|
} else {
|
||||||
|
throw new DOMException("Curve not supported", "NotSupportedError");
|
||||||
|
}
|
||||||
|
|
||||||
|
// 4-6.
|
||||||
|
const algorithm = {
|
||||||
|
name: "ECDH",
|
||||||
|
namedCurve: normalizedAlgorithm.namedCurve,
|
||||||
|
};
|
||||||
|
|
||||||
|
// 7-11.
|
||||||
|
const publicKey = constructKey(
|
||||||
|
"public",
|
||||||
|
true,
|
||||||
|
usageIntersection(usages, []),
|
||||||
|
algorithm,
|
||||||
|
handle,
|
||||||
|
);
|
||||||
|
|
||||||
|
// 12-16.
|
||||||
|
const privateKey = constructKey(
|
||||||
|
"private",
|
||||||
|
extractable,
|
||||||
|
usageIntersection(usages, ["deriveKey", "deriveBits"]),
|
||||||
|
algorithm,
|
||||||
|
handle,
|
||||||
|
);
|
||||||
|
|
||||||
|
// 17-20.
|
||||||
|
return { publicKey, privateKey };
|
||||||
|
}
|
||||||
case "AES-CTR":
|
case "AES-CTR":
|
||||||
case "AES-CBC":
|
case "AES-CBC":
|
||||||
case "AES-GCM": {
|
case "AES-GCM": {
|
||||||
|
|
|
||||||
|
|
@ -168,7 +168,7 @@ pub async fn op_crypto_generate_key(
|
||||||
|
|
||||||
private_key.to_pkcs1_der()?.as_ref().to_vec()
|
private_key.to_pkcs1_der()?.as_ref().to_vec()
|
||||||
}
|
}
|
||||||
Algorithm::Ecdsa => {
|
Algorithm::Ecdsa | Algorithm::Ecdh => {
|
||||||
let curve: &EcdsaSigningAlgorithm =
|
let curve: &EcdsaSigningAlgorithm =
|
||||||
args.named_curve.ok_or_else(not_supported)?.into();
|
args.named_curve.ok_or_else(not_supported)?.into();
|
||||||
let rng = RingRand::SystemRandom::new();
|
let rng = RingRand::SystemRandom::new();
|
||||||
|
|
|
||||||
|
|
@ -12060,100 +12060,6 @@
|
||||||
"failures_AES-GCM.https.any.html": true,
|
"failures_AES-GCM.https.any.html": true,
|
||||||
"failures_AES-KW.https.any.html": true,
|
"failures_AES-KW.https.any.html": true,
|
||||||
"failures_ECDH.https.any.html": [
|
"failures_ECDH.https.any.html": [
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-256}, true, [encrypt])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-256}, true, [deriveKey, encrypt])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-256}, true, [deriveBits, deriveKey, encrypt])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-256}, true, [deriveBits, encrypt])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-256}, true, [deriveKey, deriveBits, deriveKey, deriveBits, deriveKey, deriveBits, encrypt])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-256}, true, [decrypt])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-256}, true, [deriveKey, decrypt])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-256}, true, [deriveBits, deriveKey, decrypt])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-256}, true, [deriveBits, decrypt])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-256}, true, [deriveKey, deriveBits, deriveKey, deriveBits, deriveKey, deriveBits, decrypt])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-256}, true, [sign])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-256}, true, [deriveKey, sign])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-256}, true, [deriveBits, deriveKey, sign])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-256}, true, [deriveBits, sign])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-256}, true, [deriveKey, deriveBits, deriveKey, deriveBits, deriveKey, deriveBits, sign])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-256}, true, [verify])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-256}, true, [deriveKey, verify])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-256}, true, [deriveBits, deriveKey, verify])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-256}, true, [deriveBits, verify])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-256}, true, [deriveKey, deriveBits, deriveKey, deriveBits, deriveKey, deriveBits, verify])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-256}, true, [wrapKey])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-256}, true, [deriveKey, wrapKey])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-256}, true, [deriveBits, deriveKey, wrapKey])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-256}, true, [deriveBits, wrapKey])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-256}, true, [deriveKey, deriveBits, deriveKey, deriveBits, deriveKey, deriveBits, wrapKey])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-256}, true, [unwrapKey])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-256}, true, [deriveKey, unwrapKey])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-256}, true, [deriveBits, deriveKey, unwrapKey])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-256}, true, [deriveBits, unwrapKey])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-256}, true, [deriveKey, deriveBits, deriveKey, deriveBits, deriveKey, deriveBits, unwrapKey])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-384}, true, [encrypt])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-384}, true, [deriveKey, encrypt])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-384}, true, [deriveBits, deriveKey, encrypt])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-384}, true, [deriveBits, encrypt])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-384}, true, [deriveKey, deriveBits, deriveKey, deriveBits, deriveKey, deriveBits, encrypt])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-384}, true, [decrypt])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-384}, true, [deriveKey, decrypt])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-384}, true, [deriveBits, deriveKey, decrypt])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-384}, true, [deriveBits, decrypt])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-384}, true, [deriveKey, deriveBits, deriveKey, deriveBits, deriveKey, deriveBits, decrypt])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-384}, true, [sign])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-384}, true, [deriveKey, sign])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-384}, true, [deriveBits, deriveKey, sign])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-384}, true, [deriveBits, sign])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-384}, true, [deriveKey, deriveBits, deriveKey, deriveBits, deriveKey, deriveBits, sign])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-384}, true, [verify])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-384}, true, [deriveKey, verify])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-384}, true, [deriveBits, deriveKey, verify])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-384}, true, [deriveBits, verify])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-384}, true, [deriveKey, deriveBits, deriveKey, deriveBits, deriveKey, deriveBits, verify])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-384}, true, [wrapKey])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-384}, true, [deriveKey, wrapKey])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-384}, true, [deriveBits, deriveKey, wrapKey])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-384}, true, [deriveBits, wrapKey])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-384}, true, [deriveKey, deriveBits, deriveKey, deriveBits, deriveKey, deriveBits, wrapKey])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-384}, true, [unwrapKey])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-384}, true, [deriveKey, unwrapKey])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-384}, true, [deriveBits, deriveKey, unwrapKey])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-384}, true, [deriveBits, unwrapKey])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-384}, true, [deriveKey, deriveBits, deriveKey, deriveBits, deriveKey, deriveBits, unwrapKey])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-521}, true, [encrypt])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-521}, true, [deriveKey, encrypt])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-521}, true, [deriveBits, deriveKey, encrypt])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-521}, true, [deriveBits, encrypt])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-521}, true, [deriveKey, deriveBits, deriveKey, deriveBits, deriveKey, deriveBits, encrypt])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-521}, true, [decrypt])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-521}, true, [deriveKey, decrypt])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-521}, true, [deriveBits, deriveKey, decrypt])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-521}, true, [deriveBits, decrypt])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-521}, true, [deriveKey, deriveBits, deriveKey, deriveBits, deriveKey, deriveBits, decrypt])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-521}, true, [sign])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-521}, true, [deriveKey, sign])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-521}, true, [deriveBits, deriveKey, sign])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-521}, true, [deriveBits, sign])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-521}, true, [deriveKey, deriveBits, deriveKey, deriveBits, deriveKey, deriveBits, sign])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-521}, true, [verify])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-521}, true, [deriveKey, verify])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-521}, true, [deriveBits, deriveKey, verify])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-521}, true, [deriveBits, verify])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-521}, true, [deriveKey, deriveBits, deriveKey, deriveBits, deriveKey, deriveBits, verify])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-521}, true, [wrapKey])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-521}, true, [deriveKey, wrapKey])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-521}, true, [deriveBits, deriveKey, wrapKey])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-521}, true, [deriveBits, wrapKey])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-521}, true, [deriveKey, deriveBits, deriveKey, deriveBits, deriveKey, deriveBits, wrapKey])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-521}, true, [unwrapKey])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-521}, true, [deriveKey, unwrapKey])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-521}, true, [deriveBits, deriveKey, unwrapKey])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-521}, true, [deriveBits, unwrapKey])",
|
|
||||||
"Bad usages: generateKey({name: ECDH, namedCurve: P-521}, true, [deriveKey, deriveBits, deriveKey, deriveBits, deriveKey, deriveBits, unwrapKey])",
|
|
||||||
"Empty usages: generateKey({name: ECDH, namedCurve: P-256}, false, [])",
|
|
||||||
"Empty usages: generateKey({name: ECDH, namedCurve: P-256}, true, [])",
|
|
||||||
"Empty usages: generateKey({name: ECDH, namedCurve: P-384}, false, [])",
|
|
||||||
"Empty usages: generateKey({name: ECDH, namedCurve: P-384}, true, [])",
|
|
||||||
"Empty usages: generateKey({name: ECDH, namedCurve: P-521}, false, [])",
|
"Empty usages: generateKey({name: ECDH, namedCurve: P-521}, false, [])",
|
||||||
"Empty usages: generateKey({name: ECDH, namedCurve: P-521}, true, [])"
|
"Empty usages: generateKey({name: ECDH, namedCurve: P-521}, true, [])"
|
||||||
],
|
],
|
||||||
|
|
@ -12170,7 +12076,32 @@
|
||||||
"successes_AES-GCM.https.any.html": true,
|
"successes_AES-GCM.https.any.html": true,
|
||||||
"successes_AES-KW.https.any.html": true,
|
"successes_AES-KW.https.any.html": true,
|
||||||
"successes_HMAC.https.any.html": true,
|
"successes_HMAC.https.any.html": true,
|
||||||
"successes_ECDH.https.any.html": false,
|
"successes_ECDH.https.any.html": [
|
||||||
|
"Success: generateKey({name: ECDH, namedCurve: P-521}, false, [deriveKey])",
|
||||||
|
"Success: generateKey({name: ECDH, namedCurve: P-521}, true, [deriveKey])",
|
||||||
|
"Success: generateKey({name: ECDH, namedCurve: P-521}, false, [deriveBits, deriveKey])",
|
||||||
|
"Success: generateKey({name: ECDH, namedCurve: P-521}, true, [deriveBits, deriveKey])",
|
||||||
|
"Success: generateKey({name: ECDH, namedCurve: P-521}, false, [deriveBits])",
|
||||||
|
"Success: generateKey({name: ECDH, namedCurve: P-521}, true, [deriveBits])",
|
||||||
|
"Success: generateKey({name: ECDH, namedCurve: P-521}, false, [deriveKey, deriveBits, deriveKey, deriveBits, deriveKey, deriveBits])",
|
||||||
|
"Success: generateKey({name: ECDH, namedCurve: P-521}, true, [deriveKey, deriveBits, deriveKey, deriveBits, deriveKey, deriveBits])",
|
||||||
|
"Success: generateKey({name: ecdh, namedCurve: P-521}, false, [deriveKey])",
|
||||||
|
"Success: generateKey({name: ecdh, namedCurve: P-521}, true, [deriveKey])",
|
||||||
|
"Success: generateKey({name: ecdh, namedCurve: P-521}, false, [deriveBits, deriveKey])",
|
||||||
|
"Success: generateKey({name: ecdh, namedCurve: P-521}, true, [deriveBits, deriveKey])",
|
||||||
|
"Success: generateKey({name: ecdh, namedCurve: P-521}, false, [deriveBits])",
|
||||||
|
"Success: generateKey({name: ecdh, namedCurve: P-521}, true, [deriveBits])",
|
||||||
|
"Success: generateKey({name: ecdh, namedCurve: P-521}, false, [deriveKey, deriveBits, deriveKey, deriveBits, deriveKey, deriveBits])",
|
||||||
|
"Success: generateKey({name: ecdh, namedCurve: P-521}, true, [deriveKey, deriveBits, deriveKey, deriveBits, deriveKey, deriveBits])",
|
||||||
|
"Success: generateKey({name: Ecdh, namedCurve: P-521}, false, [deriveKey])",
|
||||||
|
"Success: generateKey({name: Ecdh, namedCurve: P-521}, true, [deriveKey])",
|
||||||
|
"Success: generateKey({name: Ecdh, namedCurve: P-521}, false, [deriveBits, deriveKey])",
|
||||||
|
"Success: generateKey({name: Ecdh, namedCurve: P-521}, true, [deriveBits, deriveKey])",
|
||||||
|
"Success: generateKey({name: Ecdh, namedCurve: P-521}, false, [deriveBits])",
|
||||||
|
"Success: generateKey({name: Ecdh, namedCurve: P-521}, true, [deriveBits])",
|
||||||
|
"Success: generateKey({name: Ecdh, namedCurve: P-521}, false, [deriveKey, deriveBits, deriveKey, deriveBits, deriveKey, deriveBits])",
|
||||||
|
"Success: generateKey({name: Ecdh, namedCurve: P-521}, true, [deriveKey, deriveBits, deriveKey, deriveBits, deriveKey, deriveBits])"
|
||||||
|
],
|
||||||
"successes_ECDSA.https.any.html": [
|
"successes_ECDSA.https.any.html": [
|
||||||
"Success: generateKey({name: ECDSA, namedCurve: P-521}, false, [sign])",
|
"Success: generateKey({name: ECDSA, namedCurve: P-521}, false, [sign])",
|
||||||
"Success: generateKey({name: ECDSA, namedCurve: P-521}, true, [sign])",
|
"Success: generateKey({name: ECDSA, namedCurve: P-521}, true, [sign])",
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue