deno.land / x / deno@v1.28.2 / ext / crypto / 00_crypto.js
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388238923902391239223932394239523962397239823992400240124022403240424052406240724082409241024112412241324142415241624172418241924202421242224232424242524262427242824292430243124322433243424352436243724382439244024412442244324442445244624472448244924502451245224532454245524562457245824592460246124622463246424652466246724682469247024712472247324742475247624772478247924802481248224832484248524862487248824892490249124922493249424952496249724982499250025012502250325042505250625072508250925102511251225132514251525162517251825192520252125222523252425252526252725282529253025312532253325342535253625372538253925402541254225432544254525462547254825492550255125522553255425552556255725582559256025612562256325642565256625672568256925702571257225732574257525762577257825792580258125822583258425852586258725882589259025912592259325942595259625972598259926002601260226032604260526062607260826092610261126122613261426152616261726182619262026212622262326242625262626272628262926302631263226332634263526362637263826392640264126422643264426452646264726482649265026512652265326542655265626572658265926602661266226632664266526662667266826692670267126722673267426752676267726782679268026812682268326842685268626872688268926902691269226932694269526962697269826992700270127022703270427052706270727082709271027112712271327142715271627172718271927202721272227232724272527262727272827292730273127322733273427352736273727382739274027412742274327442745274627472748274927502751275227532754275527562757275827592760276127622763276427652766276727682769277027712772277327742775277627772778277927802781278227832784278527862787278827892790279127922793279427952796279727982799280028012802280328042805280628072808280928102811281228132814281528162817281828192820282128222823282428252826282728282829283028312832283328342835283628372838283928402841284228432844284528462847284828492850285128522853285428552856285728582859286028612862286328642865286628672868286928702871287228732874287528762877287828792880288128822883288428852886288728882889289028912892289328942895289628972898289929002901290229032904290529062907290829092910291129122913291429152916291729182919292029212922292329242925292629272928292929302931293229332934293529362937293829392940294129422943294429452946294729482949295029512952295329542955295629572958295929602961296229632964296529662967296829692970297129722973297429752976297729782979298029812982298329842985298629872988298929902991299229932994299529962997299829993000300130023003300430053006300730083009301030113012301330143015301630173018301930203021302230233024302530263027302830293030303130323033303430353036303730383039304030413042304330443045304630473048304930503051305230533054305530563057305830593060306130623063306430653066306730683069307030713072307330743075307630773078307930803081308230833084308530863087308830893090309130923093309430953096309730983099310031013102310331043105310631073108310931103111311231133114311531163117311831193120312131223123312431253126312731283129313031313132313331343135313631373138313931403141314231433144314531463147314831493150315131523153315431553156315731583159316031613162316331643165316631673168316931703171317231733174317531763177317831793180318131823183318431853186318731883189319031913192319331943195319631973198319932003201320232033204320532063207320832093210321132123213321432153216321732183219322032213222322332243225322632273228322932303231323232333234323532363237323832393240324132423243324432453246324732483249325032513252325332543255325632573258325932603261326232633264326532663267326832693270327132723273327432753276327732783279328032813282328332843285328632873288328932903291329232933294329532963297329832993300330133023303330433053306330733083309331033113312331333143315331633173318331933203321332233233324332533263327332833293330333133323333333433353336333733383339334033413342334333443345334633473348334933503351335233533354335533563357335833593360336133623363336433653366336733683369337033713372337333743375337633773378337933803381338233833384338533863387338833893390339133923393339433953396339733983399340034013402340334043405340634073408340934103411341234133414341534163417341834193420342134223423342434253426342734283429343034313432343334343435343634373438343934403441344234433444344534463447344834493450345134523453345434553456345734583459346034613462346334643465346634673468346934703471347234733474347534763477347834793480348134823483348434853486348734883489349034913492349334943495349634973498349935003501350235033504350535063507350835093510351135123513351435153516351735183519352035213522352335243525352635273528352935303531353235333534353535363537353835393540354135423543354435453546354735483549355035513552355335543555355635573558355935603561356235633564356535663567356835693570357135723573357435753576357735783579358035813582358335843585358635873588358935903591359235933594359535963597359835993600360136023603360436053606360736083609361036113612361336143615361636173618361936203621362236233624362536263627362836293630363136323633363436353636363736383639364036413642364336443645364636473648364936503651365236533654365536563657365836593660366136623663366436653666366736683669367036713672367336743675367636773678367936803681368236833684368536863687368836893690369136923693369436953696369736983699370037013702370337043705370637073708370937103711371237133714371537163717371837193720372137223723372437253726372737283729373037313732373337343735373637373738373937403741374237433744374537463747374837493750375137523753375437553756375737583759376037613762376337643765376637673768376937703771377237733774377537763777377837793780378137823783378437853786378737883789379037913792379337943795379637973798379938003801380238033804380538063807380838093810381138123813381438153816381738183819382038213822382338243825382638273828382938303831383238333834383538363837383838393840384138423843384438453846384738483849385038513852385338543855385638573858385938603861386238633864386538663867386838693870387138723873387438753876387738783879388038813882388338843885388638873888388938903891389238933894389538963897389838993900390139023903390439053906390739083909391039113912391339143915391639173918391939203921392239233924392539263927392839293930393139323933393439353936393739383939394039413942394339443945394639473948394939503951395239533954395539563957395839593960396139623963396439653966396739683969397039713972397339743975397639773978397939803981398239833984398539863987398839893990399139923993399439953996399739983999400040014002400340044005400640074008400940104011401240134014401540164017401840194020402140224023402440254026402740284029403040314032403340344035403640374038403940404041404240434044404540464047404840494050405140524053405440554056405740584059406040614062406340644065406640674068406940704071407240734074407540764077407840794080408140824083408440854086408740884089409040914092409340944095409640974098409941004101410241034104410541064107410841094110411141124113411441154116411741184119412041214122412341244125412641274128412941304131413241334134413541364137413841394140414141424143414441454146414741484149415041514152415341544155415641574158415941604161416241634164416541664167416841694170417141724173417441754176417741784179418041814182418341844185418641874188418941904191419241934194419541964197419841994200420142024203420442054206420742084209421042114212421342144215421642174218421942204221422242234224422542264227422842294230423142324233423442354236423742384239424042414242424342444245424642474248424942504251425242534254425542564257425842594260426142624263426442654266426742684269427042714272427342744275427642774278427942804281428242834284428542864287428842894290429142924293429442954296429742984299430043014302430343044305430643074308430943104311431243134314431543164317431843194320432143224323432443254326432743284329433043314332433343344335433643374338433943404341434243434344434543464347434843494350435143524353435443554356435743584359436043614362436343644365436643674368436943704371437243734374437543764377437843794380438143824383438443854386438743884389439043914392439343944395439643974398439944004401440244034404440544064407440844094410441144124413441444154416441744184419442044214422442344244425442644274428442944304431443244334434443544364437443844394440444144424443444444454446444744484449445044514452445344544455445644574458445944604461446244634464446544664467446844694470447144724473447444754476447744784479448044814482448344844485448644874488448944904491449244934494449544964497449844994500450145024503450445054506450745084509451045114512451345144515451645174518451945204521452245234524452545264527452845294530453145324533453445354536453745384539454045414542454345444545454645474548454945504551455245534554455545564557455845594560456145624563456445654566456745684569457045714572457345744575457645774578457945804581458245834584458545864587458845894590459145924593459445954596459745984599460046014602460346044605460646074608460946104611461246134614461546164617461846194620462146224623462446254626462746284629463046314632463346344635463646374638463946404641464246434644464546464647464846494650465146524653465446554656465746584659466046614662466346644665466646674668466946704671467246734674467546764677467846794680468146824683468446854686468746884689469046914692469346944695469646974698469947004701470247034704470547064707470847094710471147124713471447154716471747184719472047214722// Copyright 2018-2022 the Deno authors. All rights reserved. MIT license.
// @ts-check/// <reference path="../../core/internal.d.ts" />/// <reference path="../../core/lib.deno_core.d.ts" />/// <reference path="../webidl/internal.d.ts" />/// <reference path="../web/lib.deno_web.d.ts" />
"use strict";
((window) => { const core = window.Deno.core; const ops = core.ops; const webidl = window.__bootstrap.webidl; const { DOMException } = window.__bootstrap.domException; const { ArrayBufferPrototype, ArrayBufferIsView, ArrayPrototypeEvery, ArrayPrototypeFind, ArrayPrototypeIncludes, BigInt64ArrayPrototype, BigUint64ArrayPrototype, Int16ArrayPrototype, Int32ArrayPrototype, Int8ArrayPrototype, JSONParse, JSONStringify, MathCeil, ObjectAssign, ObjectPrototypeIsPrototypeOf, StringPrototypeToLowerCase, StringPrototypeToUpperCase, StringPrototypeCharCodeAt, StringFromCharCode, Symbol, SymbolFor, SyntaxError, TypedArrayPrototypeSlice, TypeError, Uint16ArrayPrototype, Uint32ArrayPrototype, Uint8Array, Uint8ArrayPrototype, Uint8ClampedArrayPrototype, WeakMap, WeakMapPrototypeGet, WeakMapPrototypeSet, } = window.__bootstrap.primordials; // P-521 is not yet supported. const supportedNamedCurves = ["P-256", "P-384"]; const recognisedUsages = [ "encrypt", "decrypt", "sign", "verify", "deriveKey", "deriveBits", "wrapKey", "unwrapKey", ]; const simpleAlgorithmDictionaries = { AesGcmParams: { iv: "BufferSource", additionalData: "BufferSource" }, RsaHashedKeyGenParams: { hash: "HashAlgorithmIdentifier" }, EcKeyGenParams: {}, HmacKeyGenParams: { hash: "HashAlgorithmIdentifier" }, RsaPssParams: {}, EcdsaParams: { hash: "HashAlgorithmIdentifier" }, HmacImportParams: { hash: "HashAlgorithmIdentifier" }, HkdfParams: { hash: "HashAlgorithmIdentifier", salt: "BufferSource", info: "BufferSource", }, Pbkdf2Params: { hash: "HashAlgorithmIdentifier", salt: "BufferSource" }, RsaOaepParams: { label: "BufferSource" }, RsaHashedImportParams: { hash: "HashAlgorithmIdentifier" }, EcKeyImportParams: {}, }; const supportedAlgorithms = { "digest": { "SHA-1": null, "SHA-256": null, "SHA-384": null, "SHA-512": null, }, "generateKey": { "RSASSA-PKCS1-v1_5": "RsaHashedKeyGenParams", "RSA-PSS": "RsaHashedKeyGenParams", "RSA-OAEP": "RsaHashedKeyGenParams", "ECDSA": "EcKeyGenParams", "ECDH": "EcKeyGenParams", "AES-CTR": "AesKeyGenParams", "AES-CBC": "AesKeyGenParams", "AES-GCM": "AesKeyGenParams", "AES-KW": "AesKeyGenParams", "HMAC": "HmacKeyGenParams", "X25519": null, "Ed25519": null, }, "sign": { "RSASSA-PKCS1-v1_5": null, "RSA-PSS": "RsaPssParams", "ECDSA": "EcdsaParams", "HMAC": null, "Ed25519": null, }, "verify": { "RSASSA-PKCS1-v1_5": null, "RSA-PSS": "RsaPssParams", "ECDSA": "EcdsaParams", "HMAC": null, "Ed25519": null, }, "importKey": { "RSASSA-PKCS1-v1_5": "RsaHashedImportParams", "RSA-PSS": "RsaHashedImportParams", "RSA-OAEP": "RsaHashedImportParams", "ECDSA": "EcKeyImportParams", "ECDH": "EcKeyImportParams", "HMAC": "HmacImportParams", "HKDF": null, "PBKDF2": null, "AES-CTR": null, "AES-CBC": null, "AES-GCM": null, "AES-KW": null, "Ed25519": null, "X25519": null, }, "deriveBits": { "HKDF": "HkdfParams", "PBKDF2": "Pbkdf2Params", "ECDH": "EcdhKeyDeriveParams", "X25519": "EcdhKeyDeriveParams", }, "encrypt": { "RSA-OAEP": "RsaOaepParams", "AES-CBC": "AesCbcParams", "AES-GCM": "AesGcmParams", "AES-CTR": "AesCtrParams", }, "decrypt": { "RSA-OAEP": "RsaOaepParams", "AES-CBC": "AesCbcParams", "AES-GCM": "AesGcmParams", "AES-CTR": "AesCtrParams", }, "get key length": { "AES-CBC": "AesDerivedKeyParams", "AES-CTR": "AesDerivedKeyParams", "AES-GCM": "AesDerivedKeyParams", "AES-KW": "AesDerivedKeyParams", "HMAC": "HmacImportParams", "HKDF": null, "PBKDF2": null, }, "wrapKey": { "AES-KW": null, }, "unwrapKey": { "AES-KW": null, }, }; const aesJwkAlg = { "AES-CTR": { 128: "A128CTR", 192: "A192CTR", 256: "A256CTR", }, "AES-CBC": { 128: "A128CBC", 192: "A192CBC", 256: "A256CBC", }, "AES-GCM": { 128: "A128GCM", 192: "A192GCM", 256: "A256GCM", }, "AES-KW": { 128: "A128KW", 192: "A192KW", 256: "A256KW", }, }; // See https://www.w3.org/TR/WebCryptoAPI/#dfn-normalize-an-algorithm // 18.4.4 function normalizeAlgorithm(algorithm, op) { if (typeof algorithm == "string") { return normalizeAlgorithm({ name: algorithm }, op); } // 1. const registeredAlgorithms = supportedAlgorithms[op]; // 2. 3. const initialAlg = webidl.converters.Algorithm(algorithm, { prefix: "Failed to normalize algorithm", context: "passed algorithm", }); // 4. let algName = initialAlg.name; // 5. let desiredType = undefined; for (const key in registeredAlgorithms) { if ( StringPrototypeToUpperCase(key) === StringPrototypeToUpperCase(algName) ) { algName = key; desiredType = registeredAlgorithms[key]; } } if (desiredType === undefined) { throw new DOMException( "Unrecognized algorithm name", "NotSupportedError", ); } // Fast path everything below if the registered dictionary is "None". if (desiredType === null) { return { name: algName }; } // 6. const normalizedAlgorithm = webidl.converters[desiredType](algorithm, { prefix: "Failed to normalize algorithm", context: "passed algorithm", }); // 7. normalizedAlgorithm.name = algName; // 9. const dict = simpleAlgorithmDictionaries[desiredType]; // 10. for (const member in dict) { const idlType = dict[member]; const idlValue = normalizedAlgorithm[member]; // 3. if (idlType === "BufferSource" && idlValue) { normalizedAlgorithm[member] = TypedArrayPrototypeSlice( new Uint8Array( ArrayBufferIsView(idlValue) ? idlValue.buffer : idlValue, idlValue.byteOffset ?? 0, idlValue.byteLength, ), ); } else if (idlType === "HashAlgorithmIdentifier") { normalizedAlgorithm[member] = normalizeAlgorithm(idlValue, "digest"); } else if (idlType === "AlgorithmIdentifier") { // TODO(lucacasonato): implement throw new TypeError("unimplemented"); } } return normalizedAlgorithm; } /** * @param {ArrayBufferView | ArrayBuffer} input * @returns {Uint8Array} */ function copyBuffer(input) { return TypedArrayPrototypeSlice( ArrayBufferIsView(input) ? new Uint8Array(input.buffer, input.byteOffset, input.byteLength) : new Uint8Array(input), ); } const _handle = Symbol("[[handle]]"); const _algorithm = Symbol("[[algorithm]]"); const _extractable = Symbol("[[extractable]]"); const _usages = Symbol("[[usages]]"); const _type = Symbol("[[type]]"); class CryptoKey { /** @type {string} */ [_type]; /** @type {boolean} */ [_extractable]; /** @type {object} */ [_algorithm]; /** @type {string[]} */ [_usages]; /** @type {object} */ [_handle]; constructor() { webidl.illegalConstructor(); } /** @returns {string} */ get type() { webidl.assertBranded(this, CryptoKeyPrototype); return this[_type]; } /** @returns {boolean} */ get extractable() { webidl.assertBranded(this, CryptoKeyPrototype); return this[_extractable]; } /** @returns {string[]} */ get usages() { webidl.assertBranded(this, CryptoKeyPrototype); // TODO(lucacasonato): return a SameObject copy return this[_usages]; } /** @returns {object} */ get algorithm() { webidl.assertBranded(this, CryptoKeyPrototype); // TODO(lucacasonato): return a SameObject copy return this[_algorithm]; } [SymbolFor("Deno.customInspect")](inspect) { return `${this.constructor.name} ${ inspect({ type: this.type, extractable: this.extractable, algorithm: this.algorithm, usages: this.usages, }) }`; } } webidl.configurePrototype(CryptoKey); const CryptoKeyPrototype = CryptoKey.prototype; /** * @param {string} type * @param {boolean} extractable * @param {string[]} usages * @param {object} algorithm * @param {object} handle * @returns */ function constructKey(type, extractable, usages, algorithm, handle) { const key = webidl.createBranded(CryptoKey); key[_type] = type; key[_extractable] = extractable; key[_usages] = usages; key[_algorithm] = algorithm; key[_handle] = handle; return key; } // https://w3c.github.io/webcrypto/#concept-usage-intersection /** * @param {string[]} a * @param {string[]} b * @returns */ function usageIntersection(a, b) { return a.filter((i) => b.includes(i)); } // TODO(lucacasonato): this should be moved to rust /** @type {WeakMap<object, object>} */ const KEY_STORE = new WeakMap(); function getKeyLength(algorithm) { switch (algorithm.name) { case "AES-CBC": case "AES-CTR": case "AES-GCM": case "AES-KW": { // 1. if (!ArrayPrototypeIncludes([128, 192, 256], algorithm.length)) { throw new DOMException( "length must be 128, 192, or 256", "OperationError", ); } // 2. return algorithm.length; } case "HMAC": { // 1. let length; if (algorithm.length === undefined) { switch (algorithm.hash.name) { case "SHA-1": length = 512; break; case "SHA-256": length = 512; break; case "SHA-384": length = 1024; break; case "SHA-512": length = 1024; break; default: throw new DOMException( "Unrecognized hash algorithm", "NotSupportedError", ); } } else if (algorithm.length !== 0) { length = algorithm.length; } else { throw new TypeError("Invalid length."); } // 2. return length; } case "HKDF": { // 1. return null; } case "PBKDF2": { // 1. return null; } default: throw new TypeError("unreachable"); } } class SubtleCrypto { constructor() { webidl.illegalConstructor(); } /** * @param {string} algorithm * @param {BufferSource} data * @returns {Promise<Uint8Array>} */ async digest(algorithm, data) { webidl.assertBranded(this, SubtleCryptoPrototype); const prefix = "Failed to execute 'digest' on 'SubtleCrypto'"; webidl.requiredArguments(arguments.length, 2, { prefix }); algorithm = webidl.converters.AlgorithmIdentifier(algorithm, { prefix, context: "Argument 1", }); data = webidl.converters.BufferSource(data, { prefix, context: "Argument 2", }); data = copyBuffer(data); algorithm = normalizeAlgorithm(algorithm, "digest"); const result = await core.opAsync( "op_crypto_subtle_digest", algorithm.name, data, ); return result.buffer; } /** * @param {string} algorithm * @param {CryptoKey} key * @param {BufferSource} data * @returns {Promise<any>} */ async encrypt(algorithm, key, data) { webidl.assertBranded(this, SubtleCryptoPrototype); const prefix = "Failed to execute 'encrypt' on 'SubtleCrypto'"; webidl.requiredArguments(arguments.length, 3, { prefix }); algorithm = webidl.converters.AlgorithmIdentifier(algorithm, { prefix, context: "Argument 1", }); key = webidl.converters.CryptoKey(key, { prefix, context: "Argument 2", }); data = webidl.converters.BufferSource(data, { prefix, context: "Argument 3", }); // 2. data = copyBuffer(data); // 3. const normalizedAlgorithm = normalizeAlgorithm(algorithm, "encrypt"); // 8. if (normalizedAlgorithm.name !== key[_algorithm].name) { throw new DOMException( "Encryption algorithm doesn't match key algorithm.", "InvalidAccessError", ); } // 9. if (!ArrayPrototypeIncludes(key[_usages], "encrypt")) { throw new DOMException( "Key does not support the 'encrypt' operation.", "InvalidAccessError", ); } return await encrypt(normalizedAlgorithm, key, data); } /** * @param {string} algorithm * @param {CryptoKey} key * @param {BufferSource} data * @returns {Promise<any>} */ async decrypt(algorithm, key, data) { webidl.assertBranded(this, SubtleCryptoPrototype); const prefix = "Failed to execute 'decrypt' on 'SubtleCrypto'"; webidl.requiredArguments(arguments.length, 3, { prefix }); algorithm = webidl.converters.AlgorithmIdentifier(algorithm, { prefix, context: "Argument 1", }); key = webidl.converters.CryptoKey(key, { prefix, context: "Argument 2", }); data = webidl.converters.BufferSource(data, { prefix, context: "Argument 3", }); // 2. data = copyBuffer(data); // 3. const normalizedAlgorithm = normalizeAlgorithm(algorithm, "decrypt"); // 8. if (normalizedAlgorithm.name !== key[_algorithm].name) { throw new DOMException( "Decryption algorithm doesn't match key algorithm.", "OperationError", ); } // 9. if (!ArrayPrototypeIncludes(key[_usages], "decrypt")) { throw new DOMException( "Key does not support the 'decrypt' operation.", "InvalidAccessError", ); } const handle = key[_handle]; const keyData = WeakMapPrototypeGet(KEY_STORE, handle); switch (normalizedAlgorithm.name) { case "RSA-OAEP": { // 1. if (key[_type] !== "private") { throw new DOMException( "Key type not supported", "InvalidAccessError", ); } // 2. if (normalizedAlgorithm.label) { normalizedAlgorithm.label = copyBuffer(normalizedAlgorithm.label); } else { normalizedAlgorithm.label = new Uint8Array(); } // 3-5. const hashAlgorithm = key[_algorithm].hash.name; const plainText = await core.opAsync("op_crypto_decrypt", { key: keyData, algorithm: "RSA-OAEP", hash: hashAlgorithm, label: normalizedAlgorithm.label, }, data); // 6. return plainText.buffer; } case "AES-CBC": { normalizedAlgorithm.iv = copyBuffer(normalizedAlgorithm.iv); // 1. if (normalizedAlgorithm.iv.byteLength !== 16) { throw new DOMException( "Counter must be 16 bytes", "OperationError", ); } const plainText = await core.opAsync("op_crypto_decrypt", { key: keyData, algorithm: "AES-CBC", iv: normalizedAlgorithm.iv, length: key[_algorithm].length, }, data); // 6. return plainText.buffer; } case "AES-CTR": { normalizedAlgorithm.counter = copyBuffer(normalizedAlgorithm.counter); // 1. if (normalizedAlgorithm.counter.byteLength !== 16) { throw new DOMException( "Counter vector must be 16 bytes", "OperationError", ); } // 2. if ( normalizedAlgorithm.length === 0 || normalizedAlgorithm.length > 128 ) { throw new DOMException( "Counter length must not be 0 or greater than 128", "OperationError", ); } // 3. const cipherText = await core.opAsync("op_crypto_decrypt", { key: keyData, algorithm: "AES-CTR", keyLength: key[_algorithm].length, counter: normalizedAlgorithm.counter, ctrLength: normalizedAlgorithm.length, }, data); // 4. return cipherText.buffer; } case "AES-GCM": { normalizedAlgorithm.iv = copyBuffer(normalizedAlgorithm.iv); // 1. if (normalizedAlgorithm.tagLength === undefined) { normalizedAlgorithm.tagLength = 128; } else if ( !ArrayPrototypeIncludes( [32, 64, 96, 104, 112, 120, 128], normalizedAlgorithm.tagLength, ) ) { throw new DOMException( "Invalid tag length", "OperationError", ); } // 2. if (data.byteLength < normalizedAlgorithm.tagLength / 8) { throw new DOMException( "Tag length overflows ciphertext", "OperationError", ); } // 3. We only support 96-bit and 128-bit nonce. if ( ArrayPrototypeIncludes( [12, 16], normalizedAlgorithm.iv.byteLength, ) === undefined ) { throw new DOMException( "Initialization vector length not supported", "NotSupportedError", ); } // 4. if (normalizedAlgorithm.additionalData !== undefined) { if (normalizedAlgorithm.additionalData.byteLength > (2 ** 64) - 1) { throw new DOMException( "Additional data too large", "OperationError", ); } normalizedAlgorithm.additionalData = copyBuffer( normalizedAlgorithm.additionalData, ); } // 5-8. const plaintext = await core.opAsync("op_crypto_decrypt", { key: keyData, algorithm: "AES-GCM", length: key[_algorithm].length, iv: normalizedAlgorithm.iv, additionalData: normalizedAlgorithm.additionalData || null, tagLength: normalizedAlgorithm.tagLength, }, data); // 9. return plaintext.buffer; } default: throw new DOMException("Not implemented", "NotSupportedError"); } } /** * @param {string} algorithm * @param {CryptoKey} key * @param {BufferSource} data * @returns {Promise<any>} */ async sign(algorithm, key, data) { webidl.assertBranded(this, SubtleCryptoPrototype); const prefix = "Failed to execute 'sign' on 'SubtleCrypto'"; webidl.requiredArguments(arguments.length, 3, { prefix }); algorithm = webidl.converters.AlgorithmIdentifier(algorithm, { prefix, context: "Argument 1", }); key = webidl.converters.CryptoKey(key, { prefix, context: "Argument 2", }); data = webidl.converters.BufferSource(data, { prefix, context: "Argument 3", }); // 1. data = copyBuffer(data); // 2. const normalizedAlgorithm = normalizeAlgorithm(algorithm, "sign"); const handle = key[_handle]; const keyData = WeakMapPrototypeGet(KEY_STORE, handle); // 8. if (normalizedAlgorithm.name !== key[_algorithm].name) { throw new DOMException( "Signing algorithm doesn't match key algorithm.", "InvalidAccessError", ); } // 9. if (!ArrayPrototypeIncludes(key[_usages], "sign")) { throw new DOMException( "Key does not support the 'sign' operation.", "InvalidAccessError", ); } switch (normalizedAlgorithm.name) { case "RSASSA-PKCS1-v1_5": { // 1. if (key[_type] !== "private") { throw new DOMException( "Key type not supported", "InvalidAccessError", ); } // 2. const hashAlgorithm = key[_algorithm].hash.name; const signature = await core.opAsync("op_crypto_sign_key", { key: keyData, algorithm: "RSASSA-PKCS1-v1_5", hash: hashAlgorithm, }, data); return signature.buffer; } case "RSA-PSS": { // 1. if (key[_type] !== "private") { throw new DOMException( "Key type not supported", "InvalidAccessError", ); } // 2. const hashAlgorithm = key[_algorithm].hash.name; const signature = await core.opAsync("op_crypto_sign_key", { key: keyData, algorithm: "RSA-PSS", hash: hashAlgorithm, saltLength: normalizedAlgorithm.saltLength, }, data); return signature.buffer; } case "ECDSA": { // 1. if (key[_type] !== "private") { throw new DOMException( "Key type not supported", "InvalidAccessError", ); } // 2. const hashAlgorithm = normalizedAlgorithm.hash.name; const namedCurve = key[_algorithm].namedCurve; if (!ArrayPrototypeIncludes(supportedNamedCurves, namedCurve)) { throw new DOMException("Curve not supported", "NotSupportedError"); } const signature = await core.opAsync("op_crypto_sign_key", { key: keyData, algorithm: "ECDSA", hash: hashAlgorithm, namedCurve, }, data); return signature.buffer; } case "HMAC": { const hashAlgorithm = key[_algorithm].hash.name; const signature = await core.opAsync("op_crypto_sign_key", { key: keyData, algorithm: "HMAC", hash: hashAlgorithm, }, data); return signature.buffer; } case "Ed25519": { // 1. if (key[_type] !== "private") { throw new DOMException( "Key type not supported", "InvalidAccessError", ); } // https://briansmith.org/rustdoc/src/ring/ec/curve25519/ed25519/signing.rs.html#260 const SIGNATURE_LEN = 32 * 2; // ELEM_LEN + SCALAR_LEN const signature = new Uint8Array(SIGNATURE_LEN); if (!ops.op_sign_ed25519(keyData, data, signature)) { throw new DOMException( "Failed to sign", "OperationError", ); } return signature.buffer; } } throw new TypeError("unreachable"); } /** * @param {string} format * @param {BufferSource} keyData * @param {string} algorithm * @param {boolean} extractable * @param {KeyUsages[]} keyUsages * @returns {Promise<any>} */ // deno-lint-ignore require-await async importKey(format, keyData, algorithm, extractable, keyUsages) { webidl.assertBranded(this, SubtleCryptoPrototype); const prefix = "Failed to execute 'importKey' on 'SubtleCrypto'"; webidl.requiredArguments(arguments.length, 4, { prefix }); format = webidl.converters.KeyFormat(format, { prefix, context: "Argument 1", }); keyData = webidl.converters["BufferSource or JsonWebKey"](keyData, { prefix, context: "Argument 2", }); algorithm = webidl.converters.AlgorithmIdentifier(algorithm, { prefix, context: "Argument 3", }); extractable = webidl.converters.boolean(extractable, { prefix, context: "Argument 4", }); keyUsages = webidl.converters["sequence<KeyUsage>"](keyUsages, { prefix, context: "Argument 5", }); // 2. if (format !== "jwk") { if ( ArrayBufferIsView(keyData) || ObjectPrototypeIsPrototypeOf(ArrayBufferPrototype, keyData) ) { keyData = copyBuffer(keyData); } else { throw new TypeError("keyData is a JsonWebKey"); } } else { if ( ArrayBufferIsView(keyData) || ObjectPrototypeIsPrototypeOf(ArrayBufferPrototype, keyData) ) { throw new TypeError("keyData is not a JsonWebKey"); } } const normalizedAlgorithm = normalizeAlgorithm(algorithm, "importKey"); const algorithmName = normalizedAlgorithm.name; switch (algorithmName) { case "HMAC": { return importKeyHMAC( format, normalizedAlgorithm, keyData, extractable, keyUsages, ); } case "ECDH": case "ECDSA": { return importKeyEC( format, normalizedAlgorithm, keyData, extractable, keyUsages, ); } case "RSASSA-PKCS1-v1_5": case "RSA-PSS": case "RSA-OAEP": { return importKeyRSA( format, normalizedAlgorithm, keyData, extractable, keyUsages, ); } case "HKDF": { return importKeyHKDF(format, keyData, extractable, keyUsages); } case "PBKDF2": { return importKeyPBKDF2(format, keyData, extractable, keyUsages); } case "AES-CTR": case "AES-CBC": case "AES-GCM": { return importKeyAES( format, normalizedAlgorithm, keyData, extractable, keyUsages, ["encrypt", "decrypt", "wrapKey", "unwrapKey"], ); } case "AES-KW": { return importKeyAES( format, normalizedAlgorithm, keyData, extractable, keyUsages, ["wrapKey", "unwrapKey"], ); } case "X25519": { return importKeyX25519( format, keyData, extractable, keyUsages, ); } case "Ed25519": { return importKeyEd25519( format, keyData, extractable, keyUsages, ); } default: throw new DOMException("Not implemented", "NotSupportedError"); } } /** * @param {string} format * @param {CryptoKey} key * @returns {Promise<any>} */ // deno-lint-ignore require-await async exportKey(format, key) { webidl.assertBranded(this, SubtleCryptoPrototype); const prefix = "Failed to execute 'exportKey' on 'SubtleCrypto'"; webidl.requiredArguments(arguments.length, 2, { prefix }); format = webidl.converters.KeyFormat(format, { prefix, context: "Argument 1", }); key = webidl.converters.CryptoKey(key, { prefix, context: "Argument 2", }); const handle = key[_handle]; // 2. const innerKey = WeakMapPrototypeGet(KEY_STORE, handle); const algorithmName = key[_algorithm].name; let result; switch (algorithmName) { case "HMAC": { result = exportKeyHMAC(format, key, innerKey); break; } case "RSASSA-PKCS1-v1_5": case "RSA-PSS": case "RSA-OAEP": { result = exportKeyRSA(format, key, innerKey); break; } case "ECDH": case "ECDSA": { result = exportKeyEC(format, key, innerKey); break; } case "Ed25519": { result = exportKeyEd25519(format, key, innerKey); break; } case "X25519": { result = exportKeyX25519(format, key, innerKey); break; } case "AES-CTR": case "AES-CBC": case "AES-GCM": case "AES-KW": { result = exportKeyAES(format, key, innerKey); break; } default: throw new DOMException("Not implemented", "NotSupportedError"); } if (key.extractable === false) { throw new DOMException( "Key is not extractable", "InvalidAccessError", ); } return result; } /** * @param {AlgorithmIdentifier} algorithm * @param {CryptoKey} baseKey * @param {number | null} length * @returns {Promise<ArrayBuffer>} */ async deriveBits(algorithm, baseKey, length) { webidl.assertBranded(this, SubtleCryptoPrototype); const prefix = "Failed to execute 'deriveBits' on 'SubtleCrypto'"; webidl.requiredArguments(arguments.length, 3, { prefix }); algorithm = webidl.converters.AlgorithmIdentifier(algorithm, { prefix, context: "Argument 1", }); baseKey = webidl.converters.CryptoKey(baseKey, { prefix, context: "Argument 2", }); if (length !== null) { length = webidl.converters["unsigned long"](length, { prefix, context: "Argument 3", }); } // 2. const normalizedAlgorithm = normalizeAlgorithm(algorithm, "deriveBits"); // 4-6. const result = await deriveBits(normalizedAlgorithm, baseKey, length); // 7. if (normalizedAlgorithm.name !== baseKey[_algorithm].name) { throw new DOMException("Invalid algorithm name", "InvalidAccessError"); } // 8. if (!ArrayPrototypeIncludes(baseKey[_usages], "deriveBits")) { throw new DOMException( "baseKey usages does not contain `deriveBits`", "InvalidAccessError", ); } // 9-10. return result; } /** * @param {AlgorithmIdentifier} algorithm * @param {CryptoKey} baseKey * @param {number} length * @returns {Promise<ArrayBuffer>} */ async deriveKey( algorithm, baseKey, derivedKeyType, extractable, keyUsages, ) { webidl.assertBranded(this, SubtleCryptoPrototype); const prefix = "Failed to execute 'deriveKey' on 'SubtleCrypto'"; webidl.requiredArguments(arguments.length, 5, { prefix }); algorithm = webidl.converters.AlgorithmIdentifier(algorithm, { prefix, context: "Argument 1", }); baseKey = webidl.converters.CryptoKey(baseKey, { prefix, context: "Argument 2", }); derivedKeyType = webidl.converters.AlgorithmIdentifier(derivedKeyType, { prefix, context: "Argument 3", }); extractable = webidl.converters["boolean"](extractable, { prefix, context: "Argument 4", }); keyUsages = webidl.converters["sequence<KeyUsage>"](keyUsages, { prefix, context: "Argument 5", }); // 2-3. const normalizedAlgorithm = normalizeAlgorithm(algorithm, "deriveBits"); // 4-5. const normalizedDerivedKeyAlgorithmImport = normalizeAlgorithm( derivedKeyType, "importKey", ); // 6-7. const normalizedDerivedKeyAlgorithmLength = normalizeAlgorithm( derivedKeyType, "get key length", ); // 8-10. // 11. if (normalizedAlgorithm.name !== baseKey[_algorithm].name) { throw new DOMException( "Invalid algorithm name", "InvalidAccessError", ); } // 12. if (!ArrayPrototypeIncludes(baseKey[_usages], "deriveKey")) { throw new DOMException( "baseKey usages does not contain `deriveKey`", "InvalidAccessError", ); } // 13. const length = getKeyLength(normalizedDerivedKeyAlgorithmLength); // 14. const secret = await this.deriveBits( normalizedAlgorithm, baseKey, length, ); // 15. const result = await this.importKey( "raw", secret, normalizedDerivedKeyAlgorithmImport, extractable, keyUsages, ); // 16. if ( ArrayPrototypeIncludes(["private", "secret"], result[_type]) && keyUsages.length == 0 ) { throw new SyntaxError("Invalid key usages"); } // 17. return result; } /** * @param {string} algorithm * @param {CryptoKey} key * @param {BufferSource} signature * @param {BufferSource} data * @returns {Promise<boolean>} */ async verify(algorithm, key, signature, data) { webidl.assertBranded(this, SubtleCryptoPrototype); const prefix = "Failed to execute 'verify' on 'SubtleCrypto'"; webidl.requiredArguments(arguments.length, 4, { prefix }); algorithm = webidl.converters.AlgorithmIdentifier(algorithm, { prefix, context: "Argument 1", }); key = webidl.converters.CryptoKey(key, { prefix, context: "Argument 2", }); signature = webidl.converters.BufferSource(signature, { prefix, context: "Argument 3", }); data = webidl.converters.BufferSource(data, { prefix, context: "Argument 4", }); // 2. signature = copyBuffer(signature); // 3. data = copyBuffer(data); const normalizedAlgorithm = normalizeAlgorithm(algorithm, "verify"); const handle = key[_handle]; const keyData = WeakMapPrototypeGet(KEY_STORE, handle); if (normalizedAlgorithm.name !== key[_algorithm].name) { throw new DOMException( "Verifying algorithm doesn't match key algorithm.", "InvalidAccessError", ); } if (!ArrayPrototypeIncludes(key[_usages], "verify")) { throw new DOMException( "Key does not support the 'verify' operation.", "InvalidAccessError", ); } switch (normalizedAlgorithm.name) { case "RSASSA-PKCS1-v1_5": { if (key[_type] !== "public") { throw new DOMException( "Key type not supported", "InvalidAccessError", ); } const hashAlgorithm = key[_algorithm].hash.name; return await core.opAsync("op_crypto_verify_key", { key: keyData, algorithm: "RSASSA-PKCS1-v1_5", hash: hashAlgorithm, signature, }, data); } case "RSA-PSS": { if (key[_type] !== "public") { throw new DOMException( "Key type not supported", "InvalidAccessError", ); } const hashAlgorithm = key[_algorithm].hash.name; const saltLength = normalizedAlgorithm.saltLength; return await core.opAsync("op_crypto_verify_key", { key: keyData, algorithm: "RSA-PSS", hash: hashAlgorithm, saltLength, signature, }, data); } case "HMAC": { const hash = key[_algorithm].hash.name; return await core.opAsync("op_crypto_verify_key", { key: keyData, algorithm: "HMAC", hash, signature, }, data); } case "ECDSA": { // 1. if (key[_type] !== "public") { throw new DOMException( "Key type not supported", "InvalidAccessError", ); } // 2. const hash = normalizedAlgorithm.hash.name; // 3-8. return await core.opAsync("op_crypto_verify_key", { key: keyData, algorithm: "ECDSA", hash, signature, namedCurve: key[_algorithm].namedCurve, }, data); } case "Ed25519": { // 1. if (key[_type] !== "public") { throw new DOMException( "Key type not supported", "InvalidAccessError", ); } return ops.op_verify_ed25519(keyData, data, signature); } } throw new TypeError("unreachable"); } /** * @param {string} algorithm * @param {boolean} extractable * @param {KeyUsage[]} keyUsages * @returns {Promise<any>} */ async wrapKey(format, key, wrappingKey, wrapAlgorithm) { webidl.assertBranded(this, SubtleCryptoPrototype); const prefix = "Failed to execute 'wrapKey' on 'SubtleCrypto'"; webidl.requiredArguments(arguments.length, 4, { prefix }); format = webidl.converters.KeyFormat(format, { prefix, context: "Argument 1", }); key = webidl.converters.CryptoKey(key, { prefix, context: "Argument 2", }); wrappingKey = webidl.converters.CryptoKey(wrappingKey, { prefix, context: "Argument 3", }); wrapAlgorithm = webidl.converters.AlgorithmIdentifier(wrapAlgorithm, { prefix, context: "Argument 4", }); let normalizedAlgorithm; try { // 2. normalizedAlgorithm = normalizeAlgorithm(wrapAlgorithm, "wrapKey"); } catch (_) { // 3. normalizedAlgorithm = normalizeAlgorithm(wrapAlgorithm, "encrypt"); } // 8. if (normalizedAlgorithm.name !== wrappingKey[_algorithm].name) { throw new DOMException( "Wrapping algorithm doesn't match key algorithm.", "InvalidAccessError", ); } // 9. if (!ArrayPrototypeIncludes(wrappingKey[_usages], "wrapKey")) { throw new DOMException( "Key does not support the 'wrapKey' operation.", "InvalidAccessError", ); } // 10. NotSupportedError will be thrown in step 12. // 11. if (key[_extractable] === false) { throw new DOMException( "Key is not extractable", "InvalidAccessError", ); } // 12. const exportedKey = await this.exportKey(format, key); let bytes; // 13. if (format !== "jwk") { bytes = new Uint8Array(exportedKey); } else { const jwk = JSONStringify(exportedKey); const ret = new Uint8Array(jwk.length); for (let i = 0; i < jwk.length; i++) { ret[i] = StringPrototypeCharCodeAt(jwk, i); } bytes = ret; } // 14-15. if ( supportedAlgorithms["wrapKey"][normalizedAlgorithm.name] !== undefined ) { const handle = wrappingKey[_handle]; const keyData = WeakMapPrototypeGet(KEY_STORE, handle); switch (normalizedAlgorithm.name) { case "AES-KW": { const cipherText = await ops.op_crypto_wrap_key({ key: keyData, algorithm: normalizedAlgorithm.name, }, bytes); // 4. return cipherText.buffer; } default: { throw new DOMException( "Not implemented", "NotSupportedError", ); } } } else if ( supportedAlgorithms["encrypt"][normalizedAlgorithm.name] !== undefined ) { // must construct a new key, since keyUsages is ["wrapKey"] and not ["encrypt"] return await encrypt( normalizedAlgorithm, constructKey( wrappingKey[_type], wrappingKey[_extractable], ["encrypt"], wrappingKey[_algorithm], wrappingKey[_handle], ), bytes, ); } else { throw new DOMException( "Algorithm not supported", "NotSupportedError", ); } } /** * @param {string} format * @param {BufferSource} wrappedKey * @param {CryptoKey} unwrappingKey * @param {AlgorithmIdentifier} unwrapAlgorithm * @param {AlgorithmIdentifier} unwrappedKeyAlgorithm * @param {boolean} extractable * @param {KeyUsage[]} keyUsages * @returns {Promise<CryptoKey>} */ async unwrapKey( format, wrappedKey, unwrappingKey, unwrapAlgorithm, unwrappedKeyAlgorithm, extractable, keyUsages, ) { webidl.assertBranded(this, SubtleCryptoPrototype); const prefix = "Failed to execute 'unwrapKey' on 'SubtleCrypto'"; webidl.requiredArguments(arguments.length, 7, { prefix }); format = webidl.converters.KeyFormat(format, { prefix, context: "Argument 1", }); wrappedKey = webidl.converters.BufferSource(wrappedKey, { prefix, context: "Argument 2", }); unwrappingKey = webidl.converters.CryptoKey(unwrappingKey, { prefix, context: "Argument 3", }); unwrapAlgorithm = webidl.converters.AlgorithmIdentifier(unwrapAlgorithm, { prefix, context: "Argument 4", }); unwrappedKeyAlgorithm = webidl.converters.AlgorithmIdentifier( unwrappedKeyAlgorithm, { prefix, context: "Argument 5", }, ); extractable = webidl.converters.boolean(extractable, { prefix, context: "Argument 6", }); keyUsages = webidl.converters["sequence<KeyUsage>"](keyUsages, { prefix, context: "Argument 7", }); // 2. wrappedKey = copyBuffer(wrappedKey); let normalizedAlgorithm; try { // 3. normalizedAlgorithm = normalizeAlgorithm(unwrapAlgorithm, "unwrapKey"); } catch (_) { // 4. normalizedAlgorithm = normalizeAlgorithm(unwrapAlgorithm, "decrypt"); } // 6. const normalizedKeyAlgorithm = normalizeAlgorithm( unwrappedKeyAlgorithm, "importKey", ); // 11. if (normalizedAlgorithm.name !== unwrappingKey[_algorithm].name) { throw new DOMException( "Unwrapping algorithm doesn't match key algorithm.", "InvalidAccessError", ); } // 12. if (!ArrayPrototypeIncludes(unwrappingKey[_usages], "unwrapKey")) { throw new DOMException( "Key does not support the 'unwrapKey' operation.", "InvalidAccessError", ); } // 13. let key; if ( supportedAlgorithms["unwrapKey"][normalizedAlgorithm.name] !== undefined ) { const handle = unwrappingKey[_handle]; const keyData = WeakMapPrototypeGet(KEY_STORE, handle); switch (normalizedAlgorithm.name) { case "AES-KW": { const plainText = await ops.op_crypto_unwrap_key({ key: keyData, algorithm: normalizedAlgorithm.name, }, wrappedKey); // 4. key = plainText.buffer; break; } default: { throw new DOMException( "Not implemented", "NotSupportedError", ); } } } else if ( supportedAlgorithms["decrypt"][normalizedAlgorithm.name] !== undefined ) { // must construct a new key, since keyUsages is ["unwrapKey"] and not ["decrypt"] key = await this.decrypt( normalizedAlgorithm, constructKey( unwrappingKey[_type], unwrappingKey[_extractable], ["decrypt"], unwrappingKey[_algorithm], unwrappingKey[_handle], ), wrappedKey, ); } else { throw new DOMException( "Algorithm not supported", "NotSupportedError", ); } let bytes; // 14. if (format !== "jwk") { bytes = key; } else { const k = new Uint8Array(key); let str = ""; for (let i = 0; i < k.length; i++) { str += StringFromCharCode(k[i]); } bytes = JSONParse(str); } // 15. const result = await this.importKey( format, bytes, normalizedKeyAlgorithm, extractable, keyUsages, ); // 16. if ( (result[_type] == "secret" || result[_type] == "private") && keyUsages.length == 0 ) { throw new SyntaxError("Invalid key type."); } // 17. result[_extractable] = extractable; // 18. result[_usages] = usageIntersection(keyUsages, recognisedUsages); // 19. return result; } /** * @param {string} algorithm * @param {boolean} extractable * @param {KeyUsage[]} keyUsages * @returns {Promise<any>} */ async generateKey(algorithm, extractable, keyUsages) { webidl.assertBranded(this, SubtleCryptoPrototype); const prefix = "Failed to execute 'generateKey' on 'SubtleCrypto'"; webidl.requiredArguments(arguments.length, 3, { prefix }); algorithm = webidl.converters.AlgorithmIdentifier(algorithm, { prefix, context: "Argument 1", }); extractable = webidl.converters["boolean"](extractable, { prefix, context: "Argument 2", }); keyUsages = webidl.converters["sequence<KeyUsage>"](keyUsages, { prefix, context: "Argument 3", }); const usages = keyUsages; const normalizedAlgorithm = normalizeAlgorithm(algorithm, "generateKey"); const result = await generateKey( normalizedAlgorithm, extractable, usages, ); if (ObjectPrototypeIsPrototypeOf(CryptoKeyPrototype, result)) { const type = result[_type]; if ((type === "secret" || type === "private") && usages.length === 0) { throw new DOMException("Invalid key usages", "SyntaxError"); } } else if ( ObjectPrototypeIsPrototypeOf(CryptoKeyPrototype, result.privateKey) ) { if (result.privateKey[_usages].length === 0) { throw new DOMException("Invalid key usages", "SyntaxError"); } } return result; } } const SubtleCryptoPrototype = SubtleCrypto.prototype; async function generateKey(normalizedAlgorithm, extractable, usages) { const algorithmName = normalizedAlgorithm.name; switch (algorithmName) { case "RSASSA-PKCS1-v1_5": case "RSA-PSS": { // 1. if ( ArrayPrototypeFind( usages, (u) => !ArrayPrototypeIncludes(["sign", "verify"], u), ) !== undefined ) { throw new DOMException("Invalid key usages", "SyntaxError"); } // 2. const keyData = await core.opAsync( "op_crypto_generate_key", { algorithm: "RSA", modulusLength: normalizedAlgorithm.modulusLength, publicExponent: normalizedAlgorithm.publicExponent, }, ); const handle = {}; WeakMapPrototypeSet(KEY_STORE, handle, { type: "private", data: keyData, }); // 4-8. const algorithm = { name: algorithmName, modulusLength: normalizedAlgorithm.modulusLength, publicExponent: normalizedAlgorithm.publicExponent, hash: normalizedAlgorithm.hash, }; // 9-13. const publicKey = constructKey( "public", true, usageIntersection(usages, ["verify"]), algorithm, handle, ); // 14-18. const privateKey = constructKey( "private", extractable, usageIntersection(usages, ["sign"]), algorithm, handle, ); // 19-22. return { publicKey, privateKey }; } case "RSA-OAEP": { if ( ArrayPrototypeFind( usages, (u) => !ArrayPrototypeIncludes([ "encrypt", "decrypt", "wrapKey", "unwrapKey", ], u), ) !== undefined ) { throw new DOMException("Invalid key usages", "SyntaxError"); } // 2. const keyData = await core.opAsync( "op_crypto_generate_key", { algorithm: "RSA", modulusLength: normalizedAlgorithm.modulusLength, publicExponent: normalizedAlgorithm.publicExponent, }, ); const handle = {}; WeakMapPrototypeSet(KEY_STORE, handle, { type: "private", data: keyData, }); // 4-8. const algorithm = { name: algorithmName, modulusLength: normalizedAlgorithm.modulusLength, publicExponent: normalizedAlgorithm.publicExponent, hash: normalizedAlgorithm.hash, }; // 9-13. const publicKey = constructKey( "public", true, usageIntersection(usages, ["encrypt", "wrapKey"]), algorithm, handle, ); // 14-18. const privateKey = constructKey( "private", extractable, usageIntersection(usages, ["decrypt", "unwrapKey"]), algorithm, handle, ); // 19-22. return { publicKey, privateKey }; } case "ECDSA": { const namedCurve = normalizedAlgorithm.namedCurve; // 1. if ( ArrayPrototypeFind( usages, (u) => !ArrayPrototypeIncludes(["sign", "verify"], u), ) !== undefined ) { throw new DOMException("Invalid key usages", "SyntaxError"); } // 2-3. const handle = {}; if ( ArrayPrototypeIncludes( supportedNamedCurves, namedCurve, ) ) { const keyData = await core.opAsync("op_crypto_generate_key", { algorithm: "EC", namedCurve, }); WeakMapPrototypeSet(KEY_STORE, handle, { type: "private", data: keyData, }); } else { throw new DOMException("Curve not supported", "NotSupportedError"); } // 4-6. const algorithm = { name: algorithmName, namedCurve, }; // 7-11. const publicKey = constructKey( "public", true, usageIntersection(usages, ["verify"]), algorithm, handle, ); // 12-16. const privateKey = constructKey( "private", extractable, usageIntersection(usages, ["sign"]), algorithm, handle, ); // 17-20. return { publicKey, privateKey }; } case "ECDH": { const namedCurve = normalizedAlgorithm.namedCurve; // 1. if ( ArrayPrototypeFind( usages, (u) => !ArrayPrototypeIncludes(["deriveKey", "deriveBits"], u), ) !== undefined ) { throw new DOMException("Invalid key usages", "SyntaxError"); } // 2-3. const handle = {}; if ( ArrayPrototypeIncludes( supportedNamedCurves, namedCurve, ) ) { const keyData = await core.opAsync("op_crypto_generate_key", { algorithm: "EC", namedCurve, }); WeakMapPrototypeSet(KEY_STORE, handle, { type: "private", data: keyData, }); } else { throw new DOMException("Curve not supported", "NotSupportedError"); } // 4-6. const algorithm = { name: algorithmName, namedCurve, }; // 7-11. const publicKey = constructKey( "public", true, usageIntersection(usages, []), algorithm, handle, ); // 12-16. const privateKey = constructKey( "private", extractable, usageIntersection(usages, ["deriveKey", "deriveBits"]), algorithm, handle, ); // 17-20. return { publicKey, privateKey }; } case "AES-CTR": case "AES-CBC": case "AES-GCM": { // 1. if ( ArrayPrototypeFind( usages, (u) => !ArrayPrototypeIncludes([ "encrypt", "decrypt", "wrapKey", "unwrapKey", ], u), ) !== undefined ) { throw new DOMException("Invalid key usages", "SyntaxError"); } return generateKeyAES(normalizedAlgorithm, extractable, usages); } case "AES-KW": { // 1. if ( ArrayPrototypeFind( usages, (u) => !ArrayPrototypeIncludes(["wrapKey", "unwrapKey"], u), ) !== undefined ) { throw new DOMException("Invalid key usages", "SyntaxError"); } return generateKeyAES(normalizedAlgorithm, extractable, usages); } case "X25519": { if ( ArrayPrototypeFind( usages, (u) => !ArrayPrototypeIncludes(["deriveKey", "deriveBits"], u), ) !== undefined ) { throw new DOMException("Invalid key usages", "SyntaxError"); } const privateKeyData = new Uint8Array(32); const publicKeyData = new Uint8Array(32); ops.op_generate_x25519_keypair(privateKeyData, publicKeyData); const handle = {}; WeakMapPrototypeSet(KEY_STORE, handle, privateKeyData); const publicHandle = {}; WeakMapPrototypeSet(KEY_STORE, publicHandle, publicKeyData); const algorithm = { name: algorithmName, }; const publicKey = constructKey( "public", true, usageIntersection(usages, []), algorithm, publicHandle, ); const privateKey = constructKey( "private", extractable, usageIntersection(usages, ["deriveKey", "deriveBits"]), algorithm, handle, ); return { publicKey, privateKey }; } case "Ed25519": { if ( ArrayPrototypeFind( usages, (u) => !ArrayPrototypeIncludes(["sign", "verify"], u), ) !== undefined ) { throw new DOMException("Invalid key usages", "SyntaxError"); } const ED25519_SEED_LEN = 32; const ED25519_PUBLIC_KEY_LEN = 32; const privateKeyData = new Uint8Array(ED25519_SEED_LEN); const publicKeyData = new Uint8Array(ED25519_PUBLIC_KEY_LEN); if ( !ops.op_generate_ed25519_keypair(privateKeyData, publicKeyData) ) { throw new DOMException("Failed to generate key", "OperationError"); } const handle = {}; WeakMapPrototypeSet(KEY_STORE, handle, privateKeyData); const publicHandle = {}; WeakMapPrototypeSet(KEY_STORE, publicHandle, publicKeyData); const algorithm = { name: algorithmName, }; const publicKey = constructKey( "public", true, usageIntersection(usages, ["verify"]), algorithm, publicHandle, ); const privateKey = constructKey( "private", extractable, usageIntersection(usages, ["sign"]), algorithm, handle, ); return { publicKey, privateKey }; } case "HMAC": { // 1. if ( ArrayPrototypeFind( usages, (u) => !ArrayPrototypeIncludes(["sign", "verify"], u), ) !== undefined ) { throw new DOMException("Invalid key usages", "SyntaxError"); } // 2. let length; if (normalizedAlgorithm.length === undefined) { length = null; } else if (normalizedAlgorithm.length !== 0) { length = normalizedAlgorithm.length; } else { throw new DOMException("Invalid length", "OperationError"); } // 3-4. const keyData = await core.opAsync("op_crypto_generate_key", { algorithm: "HMAC", hash: normalizedAlgorithm.hash.name, length, }); const handle = {}; WeakMapPrototypeSet(KEY_STORE, handle, { type: "secret", data: keyData, }); // 6-10. const algorithm = { name: algorithmName, hash: { name: normalizedAlgorithm.hash.name, }, length: keyData.byteLength * 8, }; // 5, 11-13. const key = constructKey( "secret", extractable, usages, algorithm, handle, ); // 14. return key; } } } function importKeyEd25519( format, keyData, extractable, keyUsages, ) { switch (format) { case "raw": { // 1. if ( ArrayPrototypeFind( keyUsages, (u) => !ArrayPrototypeIncludes(["verify"], u), ) !== undefined ) { throw new DOMException("Invalid key usages", "SyntaxError"); } const handle = {}; WeakMapPrototypeSet(KEY_STORE, handle, keyData); // 2-3. const algorithm = { name: "Ed25519", }; // 4-6. return constructKey( "public", extractable, usageIntersection(keyUsages, recognisedUsages), algorithm, handle, ); } case "spki": { // 1. if ( ArrayPrototypeFind( keyUsages, (u) => !ArrayPrototypeIncludes(["verify"], u), ) !== undefined ) { throw new DOMException("Invalid key usages", "SyntaxError"); } const publicKeyData = new Uint8Array(32); if (!ops.op_import_spki_ed25519(keyData, publicKeyData)) { throw new DOMException("Invalid key data", "DataError"); } const handle = {}; WeakMapPrototypeSet(KEY_STORE, handle, publicKeyData); const algorithm = { name: "Ed25519", }; return constructKey( "public", extractable, usageIntersection(keyUsages, recognisedUsages), algorithm, handle, ); } case "pkcs8": { // 1. if ( ArrayPrototypeFind( keyUsages, (u) => !ArrayPrototypeIncludes(["sign"], u), ) !== undefined ) { throw new DOMException("Invalid key usages", "SyntaxError"); } const privateKeyData = new Uint8Array(32); if (!ops.op_import_pkcs8_ed25519(keyData, privateKeyData)) { throw new DOMException("Invalid key data", "DataError"); } const handle = {}; WeakMapPrototypeSet(KEY_STORE, handle, privateKeyData); const algorithm = { name: "Ed25519", }; return constructKey( "private", extractable, usageIntersection(keyUsages, recognisedUsages), algorithm, handle, ); } case "jwk": { // 1. const jwk = keyData; // 2. if (jwk.d !== undefined) { if ( ArrayPrototypeFind( keyUsages, (u) => !ArrayPrototypeIncludes( ["sign"], u, ), ) !== undefined ) { throw new DOMException("Invalid key usages", "SyntaxError"); } } else { if ( ArrayPrototypeFind( keyUsages, (u) => !ArrayPrototypeIncludes( ["verify"], u, ), ) !== undefined ) { throw new DOMException("Invalid key usages", "SyntaxError"); } } // 3. if (jwk.kty !== "OKP") { throw new DOMException("Invalid key type", "DataError"); } // 4. if (jwk.crv !== "Ed25519") { throw new DOMException("Invalid curve", "DataError"); } // 5. if (jwk.alg !== undefined && jwk.alg !== "EdDSA") { throw new DOMException("Invalid algorithm", "DataError"); } // 6. if ( keyUsages.length > 0 && jwk.use !== undefined && jwk.use !== "sig" ) { throw new DOMException("Invalid key usage", "DataError"); } // 7. if (jwk.key_ops !== undefined) { if ( ArrayPrototypeFind( jwk.key_ops, (u) => !ArrayPrototypeIncludes(recognisedUsages, u), ) !== undefined ) { throw new DOMException( "'key_ops' property of JsonWebKey is invalid", "DataError", ); } if ( !ArrayPrototypeEvery( jwk.key_ops, (u) => ArrayPrototypeIncludes(keyUsages, u), ) ) { throw new DOMException( "'key_ops' property of JsonWebKey is invalid", "DataError", ); } } // 8. if (jwk.ext !== undefined && jwk.ext === false && extractable) { throw new DOMException("Invalid key extractability", "DataError"); } // 9. if (jwk.d !== undefined) { // https://www.rfc-editor.org/rfc/rfc8037#section-2 const privateKeyData = ops.op_crypto_base64url_decode(jwk.d); const handle = {}; WeakMapPrototypeSet(KEY_STORE, handle, privateKeyData); const algorithm = { name: "Ed25519", }; return constructKey( "private", extractable, usageIntersection(keyUsages, recognisedUsages), algorithm, handle, ); } else { // https://www.rfc-editor.org/rfc/rfc8037#section-2 const publicKeyData = ops.op_crypto_base64url_decode(jwk.x); const handle = {}; WeakMapPrototypeSet(KEY_STORE, handle, publicKeyData); const algorithm = { name: "Ed25519", }; return constructKey( "public", extractable, usageIntersection(keyUsages, recognisedUsages), algorithm, handle, ); } } default: throw new DOMException("Not implemented", "NotSupportedError"); } } function importKeyX25519( format, keyData, extractable, keyUsages, ) { switch (format) { case "raw": { // 1. if (keyUsages.length > 0) { throw new DOMException("Invalid key usages", "SyntaxError"); } const handle = {}; WeakMapPrototypeSet(KEY_STORE, handle, keyData); // 2-3. const algorithm = { name: "X25519", }; // 4-6. return constructKey( "public", extractable, [], algorithm, handle, ); } case "spki": { // 1. if (keyUsages.length > 0) { throw new DOMException("Invalid key usages", "SyntaxError"); } const publicKeyData = new Uint8Array(32); if (!ops.op_import_spki_x25519(keyData, publicKeyData)) { throw new DOMException("Invalid key data", "DataError"); } const handle = {}; WeakMapPrototypeSet(KEY_STORE, handle, publicKeyData); const algorithm = { name: "X25519", }; return constructKey( "public", extractable, [], algorithm, handle, ); } case "pkcs8": { // 1. if ( ArrayPrototypeFind( keyUsages, (u) => !ArrayPrototypeIncludes(["deriveKey", "deriveBits"], u), ) !== undefined ) { throw new DOMException("Invalid key usages", "SyntaxError"); } const privateKeyData = new Uint8Array(32); if (!ops.op_import_pkcs8_x25519(keyData, privateKeyData)) { throw new DOMException("Invalid key data", "DataError"); } const handle = {}; WeakMapPrototypeSet(KEY_STORE, handle, privateKeyData); const algorithm = { name: "X25519", }; return constructKey( "private", extractable, usageIntersection(keyUsages, recognisedUsages), algorithm, handle, ); } case "jwk": { // 1. const jwk = keyData; // 2. if (jwk.d !== undefined) { if ( ArrayPrototypeFind( keyUsages, (u) => !ArrayPrototypeIncludes( ["deriveKey", "deriveBits"], u, ), ) !== undefined ) { throw new DOMException("Invalid key usages", "SyntaxError"); } } // 3. if (jwk.d === undefined && keyUsages.length > 0) { throw new DOMException("Invalid key usages", "SyntaxError"); } // 4. if (jwk.kty !== "OKP") { throw new DOMException("Invalid key type", "DataError"); } // 5. if (jwk.crv !== "X25519") { throw new DOMException("Invalid curve", "DataError"); } // 6. if (keyUsages.length > 0 && jwk.use !== undefined) { if (jwk.use !== "enc") { throw new DOMException("Invalid key use", "DataError"); } } // 7. if (jwk.key_ops !== undefined) { if ( ArrayPrototypeFind( jwk.key_ops, (u) => !ArrayPrototypeIncludes(recognisedUsages, u), ) !== undefined ) { throw new DOMException( "'key_ops' property of JsonWebKey is invalid", "DataError", ); } if ( !ArrayPrototypeEvery( jwk.key_ops, (u) => ArrayPrototypeIncludes(keyUsages, u), ) ) { throw new DOMException( "'key_ops' property of JsonWebKey is invalid", "DataError", ); } } // 8. if (jwk.ext !== undefined && jwk.ext === false && extractable) { throw new DOMException("Invalid key extractability", "DataError"); } // 9. if (jwk.d !== undefined) { // https://www.rfc-editor.org/rfc/rfc8037#section-2 const privateKeyData = ops.op_crypto_base64url_decode(jwk.d); const handle = {}; WeakMapPrototypeSet(KEY_STORE, handle, privateKeyData); const algorithm = { name: "X25519", }; return constructKey( "private", extractable, usageIntersection(keyUsages, ["deriveKey", "deriveBits"]), algorithm, handle, ); } else { // https://www.rfc-editor.org/rfc/rfc8037#section-2 const publicKeyData = ops.op_crypto_base64url_decode(jwk.x); const handle = {}; WeakMapPrototypeSet(KEY_STORE, handle, publicKeyData); const algorithm = { name: "X25519", }; return constructKey( "public", extractable, [], algorithm, handle, ); } } default: throw new DOMException("Not implemented", "NotSupportedError"); } } function exportKeyAES( format, key, innerKey, ) { switch (format) { // 2. case "raw": { // 1. const data = innerKey.data; // 2. return data.buffer; } case "jwk": { // 1-2. const jwk = { kty: "oct", }; // 3. const data = ops.op_crypto_export_key({ format: "jwksecret", algorithm: "AES", }, innerKey); ObjectAssign(jwk, data); // 4. const algorithm = key[_algorithm]; switch (algorithm.length) { case 128: jwk.alg = aesJwkAlg[algorithm.name][128]; break; case 192: jwk.alg = aesJwkAlg[algorithm.name][192]; break; case 256: jwk.alg = aesJwkAlg[algorithm.name][256]; break; default: throw new DOMException( "Invalid key length", "NotSupportedError", ); } // 5. jwk.key_ops = key.usages; // 6. jwk.ext = key[_extractable]; // 7. return jwk; } default: throw new DOMException("Not implemented", "NotSupportedError"); } } function importKeyAES( format, normalizedAlgorithm, keyData, extractable, keyUsages, supportedKeyUsages, ) { // 1. if ( ArrayPrototypeFind( keyUsages, (u) => !ArrayPrototypeIncludes(supportedKeyUsages, u), ) !== undefined ) { throw new DOMException("Invalid key usages", "SyntaxError"); } const algorithmName = normalizedAlgorithm.name; // 2. let data = keyData; switch (format) { case "raw": { // 2. if ( !ArrayPrototypeIncludes([128, 192, 256], keyData.byteLength * 8) ) { throw new DOMException("Invalid key length", "Datarror"); } break; } case "jwk": { // 1. const jwk = keyData; // 2. if (jwk.kty !== "oct") { throw new DOMException( "'kty' property of JsonWebKey must be 'oct'", "DataError", ); } // Section 6.4.1 of RFC7518 if (jwk.k === undefined) { throw new DOMException( "'k' property of JsonWebKey must be present", "DataError", ); } // 4. const { rawData } = ops.op_crypto_import_key( { algorithm: "AES" }, { jwkSecret: jwk }, ); data = rawData.data; // 5. switch (data.byteLength * 8) { case 128: if ( jwk.alg !== undefined && jwk.alg !== aesJwkAlg[algorithmName][128] ) { throw new DOMException("Invalid algorithm", "DataError"); } break; case 192: if ( jwk.alg !== undefined && jwk.alg !== aesJwkAlg[algorithmName][192] ) { throw new DOMException("Invalid algorithm", "DataError"); } break; case 256: if ( jwk.alg !== undefined && jwk.alg !== aesJwkAlg[algorithmName][256] ) { throw new DOMException("Invalid algorithm", "DataError"); } break; default: throw new DOMException( "Invalid key length", "DataError", ); } // 6. if ( keyUsages.length > 0 && jwk.use !== undefined && jwk.use !== "enc" ) { throw new DOMException("Invalid key usages", "DataError"); } // 7. // Section 4.3 of RFC7517 if (jwk.key_ops !== undefined) { if ( ArrayPrototypeFind( jwk.key_ops, (u) => !ArrayPrototypeIncludes(recognisedUsages, u), ) !== undefined ) { throw new DOMException( "'key_ops' property of JsonWebKey is invalid", "DataError", ); } if ( !ArrayPrototypeEvery( jwk.key_ops, (u) => ArrayPrototypeIncludes(keyUsages, u), ) ) { throw new DOMException( "'key_ops' property of JsonWebKey is invalid", "DataError", ); } } // 8. if (jwk.ext === false && extractable === true) { throw new DOMException( "'ext' property of JsonWebKey must not be false if extractable is true", "DataError", ); } break; } default: throw new DOMException("Not implemented", "NotSupportedError"); } const handle = {}; WeakMapPrototypeSet(KEY_STORE, handle, { type: "secret", data, }); // 4-7. const algorithm = { name: algorithmName, length: data.byteLength * 8, }; const key = constructKey( "secret", extractable, usageIntersection(keyUsages, recognisedUsages), algorithm, handle, ); // 8. return key; } function importKeyHMAC( format, normalizedAlgorithm, keyData, extractable, keyUsages, ) { // 2. if ( ArrayPrototypeFind( keyUsages, (u) => !ArrayPrototypeIncludes(["sign", "verify"], u), ) !== undefined ) { throw new DOMException("Invalid key usages", "SyntaxError"); } // 3. let hash; let data; // 4. https://w3c.github.io/webcrypto/#hmac-operations switch (format) { case "raw": { data = keyData; hash = normalizedAlgorithm.hash; break; } case "jwk": { const jwk = keyData; // 2. if (jwk.kty !== "oct") { throw new DOMException( "'kty' property of JsonWebKey must be 'oct'", "DataError", ); } // Section 6.4.1 of RFC7518 if (jwk.k === undefined) { throw new DOMException( "'k' property of JsonWebKey must be present", "DataError", ); } // 4. const { rawData } = ops.op_crypto_import_key( { algorithm: "HMAC" }, { jwkSecret: jwk }, ); data = rawData.data; // 5. hash = normalizedAlgorithm.hash; // 6. switch (hash.name) { case "SHA-1": { if (jwk.alg !== undefined && jwk.alg !== "HS1") { throw new DOMException( "'alg' property of JsonWebKey must be 'HS1'", "DataError", ); } break; } case "SHA-256": { if (jwk.alg !== undefined && jwk.alg !== "HS256") { throw new DOMException( "'alg' property of JsonWebKey must be 'HS256'", "DataError", ); } break; } case "SHA-384": { if (jwk.alg !== undefined && jwk.alg !== "HS384") { throw new DOMException( "'alg' property of JsonWebKey must be 'HS384'", "DataError", ); } break; } case "SHA-512": { if (jwk.alg !== undefined && jwk.alg !== "HS512") { throw new DOMException( "'alg' property of JsonWebKey must be 'HS512'", "DataError", ); } break; } default: throw new TypeError("unreachable"); } // 7. if ( keyUsages.length > 0 && jwk.use !== undefined && jwk.use !== "sig" ) { throw new DOMException( "'use' property of JsonWebKey must be 'sig'", "DataError", ); } // 8. // Section 4.3 of RFC7517 if (jwk.key_ops !== undefined) { if ( ArrayPrototypeFind( jwk.key_ops, (u) => !ArrayPrototypeIncludes(recognisedUsages, u), ) !== undefined ) { throw new DOMException( "'key_ops' property of JsonWebKey is invalid", "DataError", ); } if ( !ArrayPrototypeEvery( jwk.key_ops, (u) => ArrayPrototypeIncludes(keyUsages, u), ) ) { throw new DOMException( "'key_ops' property of JsonWebKey is invalid", "DataError", ); } } // 9. if (jwk.ext === false && extractable === true) { throw new DOMException( "'ext' property of JsonWebKey must not be false if extractable is true", "DataError", ); } break; } default: throw new DOMException("Not implemented", "NotSupportedError"); } // 5. let length = data.byteLength * 8; // 6. if (length === 0) { throw new DOMException("Key length is zero", "DataError"); } // 7. if (normalizedAlgorithm.length !== undefined) { if ( normalizedAlgorithm.length > length || normalizedAlgorithm.length <= (length - 8) ) { throw new DOMException( "Key length is invalid", "DataError", ); } length = normalizedAlgorithm.length; } const handle = {}; WeakMapPrototypeSet(KEY_STORE, handle, { type: "secret", data, }); const algorithm = { name: "HMAC", length, hash, }; const key = constructKey( "secret", extractable, usageIntersection(keyUsages, recognisedUsages), algorithm, handle, ); return key; } function importKeyEC( format, normalizedAlgorithm, keyData, extractable, keyUsages, ) { const supportedUsages = SUPPORTED_KEY_USAGES[normalizedAlgorithm.name]; switch (format) { case "raw": { // 1. if ( !ArrayPrototypeIncludes( supportedNamedCurves, normalizedAlgorithm.namedCurve, ) ) { throw new DOMException( "Invalid namedCurve", "DataError", ); } // 2. if ( ArrayPrototypeFind( keyUsages, (u) => !ArrayPrototypeIncludes( SUPPORTED_KEY_USAGES[normalizedAlgorithm.name].public, u, ), ) !== undefined ) { throw new DOMException("Invalid key usages", "SyntaxError"); } // 3. const { rawData } = ops.op_crypto_import_key({ algorithm: normalizedAlgorithm.name, namedCurve: normalizedAlgorithm.namedCurve, }, { raw: keyData }); const handle = {}; WeakMapPrototypeSet(KEY_STORE, handle, rawData); // 4-5. const algorithm = { name: normalizedAlgorithm.name, namedCurve: normalizedAlgorithm.namedCurve, }; // 6-8. const key = constructKey( "public", extractable, usageIntersection(keyUsages, recognisedUsages), algorithm, handle, ); return key; } case "pkcs8": { // 1. if ( ArrayPrototypeFind( keyUsages, (u) => !ArrayPrototypeIncludes( SUPPORTED_KEY_USAGES[normalizedAlgorithm.name].private, u, ), ) !== undefined ) { throw new DOMException("Invalid key usages", "SyntaxError"); } // 2-9. const { rawData } = ops.op_crypto_import_key({ algorithm: normalizedAlgorithm.name, namedCurve: normalizedAlgorithm.namedCurve, }, { pkcs8: keyData }); const handle = {}; WeakMapPrototypeSet(KEY_STORE, handle, rawData); const algorithm = { name: normalizedAlgorithm.name, namedCurve: normalizedAlgorithm.namedCurve, }; const key = constructKey( "private", extractable, usageIntersection(keyUsages, recognisedUsages), algorithm, handle, ); return key; } case "spki": { // 1. if (normalizedAlgorithm.name == "ECDSA") { if ( ArrayPrototypeFind( keyUsages, (u) => !ArrayPrototypeIncludes( SUPPORTED_KEY_USAGES[normalizedAlgorithm.name].public, u, ), ) !== undefined ) { throw new DOMException("Invalid key usages", "SyntaxError"); } } else if (keyUsages.length != 0) { throw new DOMException("Key usage must be empty", "SyntaxError"); } // 2-12 const { rawData } = ops.op_crypto_import_key({ algorithm: normalizedAlgorithm.name, namedCurve: normalizedAlgorithm.namedCurve, }, { spki: keyData }); const handle = {}; WeakMapPrototypeSet(KEY_STORE, handle, rawData); const algorithm = { name: normalizedAlgorithm.name, namedCurve: normalizedAlgorithm.namedCurve, }; // 6-8. const key = constructKey( "public", extractable, usageIntersection(keyUsages, recognisedUsages), algorithm, handle, ); return key; } case "jwk": { const jwk = keyData; const keyType = (jwk.d !== undefined) ? "private" : "public"; // 2. if ( ArrayPrototypeFind( keyUsages, (u) => !ArrayPrototypeIncludes(supportedUsages[keyType], u), ) !== undefined ) { throw new DOMException("Invalid key usages", "SyntaxError"); } // 3. if (jwk.kty !== "EC") { throw new DOMException( "'kty' property of JsonWebKey must be 'EC'", "DataError", ); } // 4. if ( keyUsages.length > 0 && jwk.use !== undefined && jwk.use !== supportedUsages.jwkUse ) { throw new DOMException( `'use' property of JsonWebKey must be '${supportedUsages.jwkUse}'`, "DataError", ); } // 5. // Section 4.3 of RFC7517 if (jwk.key_ops !== undefined) { if ( ArrayPrototypeFind( jwk.key_ops, (u) => !ArrayPrototypeIncludes(recognisedUsages, u), ) !== undefined ) { throw new DOMException( "'key_ops' member of JsonWebKey is invalid", "DataError", ); } if ( !ArrayPrototypeEvery( jwk.key_ops, (u) => ArrayPrototypeIncludes(keyUsages, u), ) ) { throw new DOMException( "'key_ops' member of JsonWebKey is invalid", "DataError", ); } } // 6. if (jwk.ext === false && extractable === true) { throw new DOMException( "'ext' property of JsonWebKey must not be false if extractable is true", "DataError", ); } // 9. if (jwk.alg !== undefined && normalizedAlgorithm.name == "ECDSA") { let algNamedCurve; switch (jwk.alg) { case "ES256": { algNamedCurve = "P-256"; break; } case "ES384": { algNamedCurve = "P-384"; break; } case "ES512": { algNamedCurve = "P-521"; break; } default: throw new DOMException( "Curve algorithm not supported", "DataError", ); } if (algNamedCurve) { if (algNamedCurve !== normalizedAlgorithm.namedCurve) { throw new DOMException( "Mismatched curve algorithm", "DataError", ); } } } // Validate that this is a valid public key. if (jwk.x === undefined) { throw new DOMException( "'x' property of JsonWebKey is required for EC keys", "DataError", ); } if (jwk.y === undefined) { throw new DOMException( "'y' property of JsonWebKey is required for EC keys", "DataError", ); } if (jwk.d !== undefined) { // it's also a Private key const { rawData } = ops.op_crypto_import_key({ algorithm: normalizedAlgorithm.name, namedCurve: normalizedAlgorithm.namedCurve, }, { jwkPrivateEc: jwk }); const handle = {}; WeakMapPrototypeSet(KEY_STORE, handle, rawData); const algorithm = { name: normalizedAlgorithm.name, namedCurve: normalizedAlgorithm.namedCurve, }; const key = constructKey( "private", extractable, usageIntersection(keyUsages, recognisedUsages), algorithm, handle, ); return key; } else { const { rawData } = ops.op_crypto_import_key({ algorithm: normalizedAlgorithm.name, namedCurve: normalizedAlgorithm.namedCurve, }, { jwkPublicEc: jwk }); const handle = {}; WeakMapPrototypeSet(KEY_STORE, handle, rawData); const algorithm = { name: normalizedAlgorithm.name, namedCurve: normalizedAlgorithm.namedCurve, }; const key = constructKey( "public", extractable, usageIntersection(keyUsages, recognisedUsages), algorithm, handle, ); return key; } } default: throw new DOMException("Not implemented", "NotSupportedError"); } } const SUPPORTED_KEY_USAGES = { "RSASSA-PKCS1-v1_5": { public: ["verify"], private: ["sign"], jwkUse: "sig", }, "RSA-PSS": { public: ["verify"], private: ["sign"], jwkUse: "sig", }, "RSA-OAEP": { public: ["encrypt", "wrapKey"], private: ["decrypt", "unwrapKey"], jwkUse: "enc", }, "ECDSA": { public: ["verify"], private: ["sign"], jwkUse: "sig", }, "ECDH": { public: [], private: ["deriveKey", "deriveBits"], jwkUse: "enc", }, }; function importKeyRSA( format, normalizedAlgorithm, keyData, extractable, keyUsages, ) { switch (format) { case "pkcs8": { // 1. if ( ArrayPrototypeFind( keyUsages, (u) => !ArrayPrototypeIncludes( SUPPORTED_KEY_USAGES[normalizedAlgorithm.name].private, u, ), ) !== undefined ) { throw new DOMException("Invalid key usages", "SyntaxError"); } // 2-9. const { modulusLength, publicExponent, rawData } = ops .op_crypto_import_key( { algorithm: normalizedAlgorithm.name, // Needed to perform step 7 without normalization. hash: normalizedAlgorithm.hash.name, }, { pkcs8: keyData }, ); const handle = {}; WeakMapPrototypeSet(KEY_STORE, handle, rawData); const algorithm = { name: normalizedAlgorithm.name, modulusLength, publicExponent, hash: normalizedAlgorithm.hash, }; const key = constructKey( "private", extractable, usageIntersection(keyUsages, recognisedUsages), algorithm, handle, ); return key; } case "spki": { // 1. if ( ArrayPrototypeFind( keyUsages, (u) => !ArrayPrototypeIncludes( SUPPORTED_KEY_USAGES[normalizedAlgorithm.name].public, u, ), ) !== undefined ) { throw new DOMException("Invalid key usages", "SyntaxError"); } // 2-9. const { modulusLength, publicExponent, rawData } = ops .op_crypto_import_key( { algorithm: normalizedAlgorithm.name, // Needed to perform step 7 without normalization. hash: normalizedAlgorithm.hash.name, }, { spki: keyData }, ); const handle = {}; WeakMapPrototypeSet(KEY_STORE, handle, rawData); const algorithm = { name: normalizedAlgorithm.name, modulusLength, publicExponent, hash: normalizedAlgorithm.hash, }; const key = constructKey( "public", extractable, usageIntersection(keyUsages, recognisedUsages), algorithm, handle, ); return key; } case "jwk": { // 1. const jwk = keyData; // 2. if (jwk.d !== undefined) { if ( ArrayPrototypeFind( keyUsages, (u) => !ArrayPrototypeIncludes( SUPPORTED_KEY_USAGES[normalizedAlgorithm.name].private, u, ), ) !== undefined ) { throw new DOMException("Invalid key usages", "SyntaxError"); } } else if ( ArrayPrototypeFind( keyUsages, (u) => !ArrayPrototypeIncludes( SUPPORTED_KEY_USAGES[normalizedAlgorithm.name].public, u, ), ) !== undefined ) { throw new DOMException("Invalid key usages", "SyntaxError"); } // 3. if (StringPrototypeToUpperCase(jwk.kty) !== "RSA") { throw new DOMException( "'kty' property of JsonWebKey must be 'RSA'", "DataError", ); } // 4. if ( keyUsages.length > 0 && jwk.use !== undefined && StringPrototypeToLowerCase(jwk.use) !== SUPPORTED_KEY_USAGES[normalizedAlgorithm.name].jwkUse ) { throw new DOMException( `'use' property of JsonWebKey must be '${ SUPPORTED_KEY_USAGES[normalizedAlgorithm.name].jwkUse }'`, "DataError", ); } // 5. if (jwk.key_ops !== undefined) { if ( ArrayPrototypeFind( jwk.key_ops, (u) => !ArrayPrototypeIncludes(recognisedUsages, u), ) !== undefined ) { throw new DOMException( "'key_ops' property of JsonWebKey is invalid", "DataError", ); } if ( !ArrayPrototypeEvery( jwk.key_ops, (u) => ArrayPrototypeIncludes(keyUsages, u), ) ) { throw new DOMException( "'key_ops' property of JsonWebKey is invalid", "DataError", ); } } if (jwk.ext === false && extractable === true) { throw new DOMException( "'ext' property of JsonWebKey must not be false if extractable is true", "DataError", ); } // 7. let hash; // 8. if (normalizedAlgorithm.name === "RSASSA-PKCS1-v1_5") { switch (jwk.alg) { case undefined: hash = undefined; break; case "RS1": hash = "SHA-1"; break; case "RS256": hash = "SHA-256"; break; case "RS384": hash = "SHA-384"; break; case "RS512": hash = "SHA-512"; break; default: throw new DOMException( `'alg' property of JsonWebKey must be one of 'RS1', 'RS256', 'RS384', 'RS512'`, "DataError", ); } } else if (normalizedAlgorithm.name === "RSA-PSS") { switch (jwk.alg) { case undefined: hash = undefined; break; case "PS1": hash = "SHA-1"; break; case "PS256": hash = "SHA-256"; break; case "PS384": hash = "SHA-384"; break; case "PS512": hash = "SHA-512"; break; default: throw new DOMException( `'alg' property of JsonWebKey must be one of 'PS1', 'PS256', 'PS384', 'PS512'`, "DataError", ); } } else { switch (jwk.alg) { case undefined: hash = undefined; break; case "RSA-OAEP": hash = "SHA-1"; break; case "RSA-OAEP-256": hash = "SHA-256"; break; case "RSA-OAEP-384": hash = "SHA-384"; break; case "RSA-OAEP-512": hash = "SHA-512"; break; default: throw new DOMException( `'alg' property of JsonWebKey must be one of 'RSA-OAEP', 'RSA-OAEP-256', 'RSA-OAEP-384', or 'RSA-OAEP-512'`, "DataError", ); } } // 9. if (hash !== undefined) { // 9.1. const normalizedHash = normalizeAlgorithm(hash, "digest"); // 9.2. if (normalizedHash.name !== normalizedAlgorithm.hash.name) { throw new DOMException( `'alg' property of JsonWebKey must be '${normalizedAlgorithm.name}'`, "DataError", ); } } // 10. if (jwk.d !== undefined) { // Private key const optimizationsPresent = jwk.p !== undefined || jwk.q !== undefined || jwk.dp !== undefined || jwk.dq !== undefined || jwk.qi !== undefined; if (optimizationsPresent) { if (jwk.q === undefined) { throw new DOMException( "'q' property of JsonWebKey is required for private keys", "DataError", ); } if (jwk.dp === undefined) { throw new DOMException( "'dp' property of JsonWebKey is required for private keys", "DataError", ); } if (jwk.dq === undefined) { throw new DOMException( "'dq' property of JsonWebKey is required for private keys", "DataError", ); } if (jwk.qi === undefined) { throw new DOMException( "'qi' property of JsonWebKey is required for private keys", "DataError", ); } if (jwk.oth !== undefined) { throw new DOMException( "'oth' property of JsonWebKey is not supported", "NotSupportedError", ); } } else { throw new DOMException( "only optimized private keys are supported", "NotSupportedError", ); } const { modulusLength, publicExponent, rawData } = ops .op_crypto_import_key( { algorithm: normalizedAlgorithm.name, hash: normalizedAlgorithm.hash.name, }, { jwkPrivateRsa: jwk }, ); const handle = {}; WeakMapPrototypeSet(KEY_STORE, handle, rawData); const algorithm = { name: normalizedAlgorithm.name, modulusLength, publicExponent, hash: normalizedAlgorithm.hash, }; const key = constructKey( "private", extractable, usageIntersection(keyUsages, recognisedUsages), algorithm, handle, ); return key; } else { // Validate that this is a valid public key. if (jwk.n === undefined) { throw new DOMException( "'n' property of JsonWebKey is required for public keys", "DataError", ); } if (jwk.e === undefined) { throw new DOMException( "'e' property of JsonWebKey is required for public keys", "DataError", ); } const { modulusLength, publicExponent, rawData } = ops .op_crypto_import_key( { algorithm: normalizedAlgorithm.name, hash: normalizedAlgorithm.hash.name, }, { jwkPublicRsa: jwk }, ); const handle = {}; WeakMapPrototypeSet(KEY_STORE, handle, rawData); const algorithm = { name: normalizedAlgorithm.name, modulusLength, publicExponent, hash: normalizedAlgorithm.hash, }; const key = constructKey( "public", extractable, usageIntersection(keyUsages, recognisedUsages), algorithm, handle, ); return key; } } default: throw new DOMException("Not implemented", "NotSupportedError"); } } function importKeyHKDF( format, keyData, extractable, keyUsages, ) { if (format !== "raw") { throw new DOMException("Format not supported", "NotSupportedError"); } // 1. if ( ArrayPrototypeFind( keyUsages, (u) => !ArrayPrototypeIncludes(["deriveKey", "deriveBits"], u), ) !== undefined ) { throw new DOMException("Invalid key usages", "SyntaxError"); } // 2. if (extractable !== false) { throw new DOMException( "Key must not be extractable", "SyntaxError", ); } // 3. const handle = {}; WeakMapPrototypeSet(KEY_STORE, handle, { type: "secret", data: keyData, }); // 4-8. const algorithm = { name: "HKDF", }; const key = constructKey( "secret", false, usageIntersection(keyUsages, recognisedUsages), algorithm, handle, ); // 9. return key; } function importKeyPBKDF2( format, keyData, extractable, keyUsages, ) { // 1. if (format !== "raw") { throw new DOMException("Format not supported", "NotSupportedError"); } // 2. if ( ArrayPrototypeFind( keyUsages, (u) => !ArrayPrototypeIncludes(["deriveKey", "deriveBits"], u), ) !== undefined ) { throw new DOMException("Invalid key usages", "SyntaxError"); } // 3. if (extractable !== false) { throw new DOMException( "Key must not be extractable", "SyntaxError", ); } // 4. const handle = {}; WeakMapPrototypeSet(KEY_STORE, handle, { type: "secret", data: keyData, }); // 5-9. const algorithm = { name: "PBKDF2", }; const key = constructKey( "secret", false, usageIntersection(keyUsages, recognisedUsages), algorithm, handle, ); // 10. return key; } function exportKeyHMAC(format, key, innerKey) { // 1. if (innerKey == null) { throw new DOMException("Key is not available", "OperationError"); } switch (format) { // 3. case "raw": { const bits = innerKey.data; for (let _i = 7 & (8 - bits.length % 8); _i > 0; _i--) { bits.push(0); } // 4-5. return bits.buffer; } case "jwk": { // 1-2. const jwk = { kty: "oct", }; // 3. const data = ops.op_crypto_export_key({ format: "jwksecret", algorithm: key[_algorithm].name, }, innerKey); jwk.k = data.k; // 4. const algorithm = key[_algorithm]; // 5. const hash = algorithm.hash; // 6. switch (hash.name) { case "SHA-1": jwk.alg = "HS1"; break; case "SHA-256": jwk.alg = "HS256"; break; case "SHA-384": jwk.alg = "HS384"; break; case "SHA-512": jwk.alg = "HS512"; break; default: throw new DOMException( "Hash algorithm not supported", "NotSupportedError", ); } // 7. jwk.key_ops = key.usages; // 8. jwk.ext = key[_extractable]; // 9. return jwk; } default: throw new DOMException("Not implemented", "NotSupportedError"); } } function exportKeyRSA(format, key, innerKey) { switch (format) { case "pkcs8": { // 1. if (key[_type] !== "private") { throw new DOMException( "Key is not a private key", "InvalidAccessError", ); } // 2. const data = ops.op_crypto_export_key({ algorithm: key[_algorithm].name, format: "pkcs8", }, innerKey); // 3. return data.buffer; } case "spki": { // 1. if (key[_type] !== "public") { throw new DOMException( "Key is not a public key", "InvalidAccessError", ); } // 2. const data = ops.op_crypto_export_key({ algorithm: key[_algorithm].name, format: "spki", }, innerKey); // 3. return data.buffer; } case "jwk": { // 1-2. const jwk = { kty: "RSA", }; // 3. const hash = key[_algorithm].hash.name; // 4. if (key[_algorithm].name === "RSASSA-PKCS1-v1_5") { switch (hash) { case "SHA-1": jwk.alg = "RS1"; break; case "SHA-256": jwk.alg = "RS256"; break; case "SHA-384": jwk.alg = "RS384"; break; case "SHA-512": jwk.alg = "RS512"; break; default: throw new DOMException( "Hash algorithm not supported", "NotSupportedError", ); } } else if (key[_algorithm].name === "RSA-PSS") { switch (hash) { case "SHA-1": jwk.alg = "PS1"; break; case "SHA-256": jwk.alg = "PS256"; break; case "SHA-384": jwk.alg = "PS384"; break; case "SHA-512": jwk.alg = "PS512"; break; default: throw new DOMException( "Hash algorithm not supported", "NotSupportedError", ); } } else { switch (hash) { case "SHA-1": jwk.alg = "RSA-OAEP"; break; case "SHA-256": jwk.alg = "RSA-OAEP-256"; break; case "SHA-384": jwk.alg = "RSA-OAEP-384"; break; case "SHA-512": jwk.alg = "RSA-OAEP-512"; break; default: throw new DOMException( "Hash algorithm not supported", "NotSupportedError", ); } } // 5-6. const data = ops.op_crypto_export_key({ format: key[_type] === "private" ? "jwkprivate" : "jwkpublic", algorithm: key[_algorithm].name, }, innerKey); ObjectAssign(jwk, data); // 7. jwk.key_ops = key.usages; // 8. jwk.ext = key[_extractable]; return jwk; } default: throw new DOMException("Not implemented", "NotSupportedError"); } } function exportKeyEd25519(format, key, innerKey) { switch (format) { case "raw": { // 1. if (key[_type] !== "public") { throw new DOMException( "Key is not a public key", "InvalidAccessError", ); } // 2-3. return innerKey.buffer; } case "spki": { // 1. if (key[_type] !== "public") { throw new DOMException( "Key is not a public key", "InvalidAccessError", ); } const spkiDer = ops.op_export_spki_ed25519(innerKey); return spkiDer.buffer; } case "pkcs8": { // 1. if (key[_type] !== "private") { throw new DOMException( "Key is not a public key", "InvalidAccessError", ); } const pkcs8Der = ops.op_export_pkcs8_ed25519( new Uint8Array([0x04, 0x22, ...innerKey]), ); pkcs8Der[15] = 0x20; return pkcs8Der.buffer; } case "jwk": { const x = key[_type] === "private" ? ops.op_jwk_x_ed25519(innerKey) : ops.op_crypto_base64url_encode(innerKey); const jwk = { kty: "OKP", alg: "EdDSA", crv: "Ed25519", x, "key_ops": key.usages, ext: key[_extractable], }; if (key[_type] === "private") { jwk.d = ops.op_crypto_base64url_encode(innerKey); } return jwk; } default: throw new DOMException("Not implemented", "NotSupportedError"); } } function exportKeyX25519(format, key, innerKey) { switch (format) { case "raw": { // 1. if (key[_type] !== "public") { throw new DOMException( "Key is not a public key", "InvalidAccessError", ); } // 2-3. return innerKey.buffer; } case "spki": { // 1. if (key[_type] !== "public") { throw new DOMException( "Key is not a public key", "InvalidAccessError", ); } const spkiDer = ops.op_export_spki_x25519(innerKey); return spkiDer.buffer; } case "pkcs8": { // 1. if (key[_type] !== "private") { throw new DOMException( "Key is not a public key", "InvalidAccessError", ); } const pkcs8Der = ops.op_export_pkcs8_x25519( new Uint8Array([0x04, 0x22, ...innerKey]), ); pkcs8Der[15] = 0x20; return pkcs8Der.buffer; } case "jwk": { if (key[_type] === "private") { throw new DOMException("Not implemented", "NotSupportedError"); } const x = ops.op_crypto_base64url_encode(innerKey); const jwk = { kty: "OKP", crv: "X25519", x, "key_ops": key.usages, ext: key[_extractable], }; return jwk; } default: throw new DOMException("Not implemented", "NotSupportedError"); } } function exportKeyEC(format, key, innerKey) { switch (format) { case "raw": { // 1. if (key[_type] !== "public") { throw new DOMException( "Key is not a public key", "InvalidAccessError", ); } // 2. const data = ops.op_crypto_export_key({ algorithm: key[_algorithm].name, namedCurve: key[_algorithm].namedCurve, format: "raw", }, innerKey); return data.buffer; } case "pkcs8": { // 1. if (key[_type] !== "private") { throw new DOMException( "Key is not a private key", "InvalidAccessError", ); } // 2. const data = ops.op_crypto_export_key({ algorithm: key[_algorithm].name, namedCurve: key[_algorithm].namedCurve, format: "pkcs8", }, innerKey); return data.buffer; } case "spki": { // 1. if (key[_type] !== "public") { throw new DOMException( "Key is not a public key", "InvalidAccessError", ); } // 2. const data = ops.op_crypto_export_key({ algorithm: key[_algorithm].name, namedCurve: key[_algorithm].namedCurve, format: "spki", }, innerKey); return data.buffer; } case "jwk": { if (key[_algorithm].name == "ECDSA") { // 1-2. const jwk = { kty: "EC", }; // 3.1 jwk.crv = key[_algorithm].namedCurve; // Missing from spec let algNamedCurve; switch (key[_algorithm].namedCurve) { case "P-256": { algNamedCurve = "ES256"; break; } case "P-384": { algNamedCurve = "ES384"; break; } case "P-521": { algNamedCurve = "ES512"; break; } default: throw new DOMException( "Curve algorithm not supported", "DataError", ); } jwk.alg = algNamedCurve; // 3.2 - 3.4. const data = ops.op_crypto_export_key({ format: key[_type] === "private" ? "jwkprivate" : "jwkpublic", algorithm: key[_algorithm].name, namedCurve: key[_algorithm].namedCurve, }, innerKey); ObjectAssign(jwk, data); // 4. jwk.key_ops = key.usages; // 5. jwk.ext = key[_extractable]; return jwk; } else { // ECDH // 1-2. const jwk = { kty: "EC", }; // missing step from spec jwk.alg = "ECDH"; // 3.1 jwk.crv = key[_algorithm].namedCurve; // 3.2 - 3.4 const data = ops.op_crypto_export_key({ format: key[_type] === "private" ? "jwkprivate" : "jwkpublic", algorithm: key[_algorithm].name, namedCurve: key[_algorithm].namedCurve, }, innerKey); ObjectAssign(jwk, data); // 4. jwk.key_ops = key.usages; // 5. jwk.ext = key[_extractable]; return jwk; } } default: throw new DOMException("Not implemented", "NotSupportedError"); } } async function generateKeyAES(normalizedAlgorithm, extractable, usages) { const algorithmName = normalizedAlgorithm.name; // 2. if (!ArrayPrototypeIncludes([128, 192, 256], normalizedAlgorithm.length)) { throw new DOMException("Invalid key length", "OperationError"); } // 3. const keyData = await core.opAsync("op_crypto_generate_key", { algorithm: "AES", length: normalizedAlgorithm.length, }); const handle = {}; WeakMapPrototypeSet(KEY_STORE, handle, { type: "secret", data: keyData, }); // 6-8. const algorithm = { name: algorithmName, length: normalizedAlgorithm.length, }; // 9-11. const key = constructKey( "secret", extractable, usages, algorithm, handle, ); // 12. return key; } async function deriveBits(normalizedAlgorithm, baseKey, length) { switch (normalizedAlgorithm.name) { case "PBKDF2": { // 1. if (length == null || length == 0 || length % 8 !== 0) { throw new DOMException("Invalid length", "OperationError"); } if (normalizedAlgorithm.iterations == 0) { throw new DOMException( "iterations must not be zero", "OperationError", ); } const handle = baseKey[_handle]; const keyData = WeakMapPrototypeGet(KEY_STORE, handle); normalizedAlgorithm.salt = copyBuffer(normalizedAlgorithm.salt); const buf = await core.opAsync("op_crypto_derive_bits", { key: keyData, algorithm: "PBKDF2", hash: normalizedAlgorithm.hash.name, iterations: normalizedAlgorithm.iterations, length, }, normalizedAlgorithm.salt); return buf.buffer; } case "ECDH": { // 1. if (baseKey[_type] !== "private") { throw new DOMException("Invalid key type", "InvalidAccessError"); } // 2. const publicKey = normalizedAlgorithm.public; // 3. if (publicKey[_type] !== "public") { throw new DOMException("Invalid key type", "InvalidAccessError"); } // 4. if (publicKey[_algorithm].name !== baseKey[_algorithm].name) { throw new DOMException( "Algorithm mismatch", "InvalidAccessError", ); } // 5. if ( publicKey[_algorithm].namedCurve !== baseKey[_algorithm].namedCurve ) { throw new DOMException( "namedCurve mismatch", "InvalidAccessError", ); } // 6. if ( ArrayPrototypeIncludes( supportedNamedCurves, publicKey[_algorithm].namedCurve, ) ) { const baseKeyhandle = baseKey[_handle]; const baseKeyData = WeakMapPrototypeGet(KEY_STORE, baseKeyhandle); const publicKeyhandle = publicKey[_handle]; const publicKeyData = WeakMapPrototypeGet(KEY_STORE, publicKeyhandle); const buf = await core.opAsync("op_crypto_derive_bits", { key: baseKeyData, publicKey: publicKeyData, algorithm: "ECDH", namedCurve: publicKey[_algorithm].namedCurve, length, }); // 8. if (length === null) { return buf.buffer; } else if (buf.buffer.byteLength * 8 < length) { throw new DOMException("Invalid length", "OperationError"); } else { return buf.buffer.slice(0, MathCeil(length / 8)); } } else { throw new DOMException("Not implemented", "NotSupportedError"); } } case "HKDF": { // 1. if (length === null || length === 0 || length % 8 !== 0) { throw new DOMException("Invalid length", "OperationError"); } const handle = baseKey[_handle]; const keyDerivationKey = WeakMapPrototypeGet(KEY_STORE, handle); normalizedAlgorithm.salt = copyBuffer(normalizedAlgorithm.salt); normalizedAlgorithm.info = copyBuffer(normalizedAlgorithm.info); const buf = await core.opAsync("op_crypto_derive_bits", { key: keyDerivationKey, algorithm: "HKDF", hash: normalizedAlgorithm.hash.name, info: normalizedAlgorithm.info, length, }, normalizedAlgorithm.salt); return buf.buffer; } case "X25519": { // 1. if (baseKey[_type] !== "private") { throw new DOMException("Invalid key type", "InvalidAccessError"); } // 2. const publicKey = normalizedAlgorithm.public; // 3. if (publicKey[_type] !== "public") { throw new DOMException("Invalid key type", "InvalidAccessError"); } // 4. if (publicKey[_algorithm].name !== baseKey[_algorithm].name) { throw new DOMException( "Algorithm mismatch", "InvalidAccessError", ); } // 5. const kHandle = baseKey[_handle]; const k = WeakMapPrototypeGet(KEY_STORE, kHandle); const uHandle = publicKey[_handle]; const u = WeakMapPrototypeGet(KEY_STORE, uHandle); const secret = new Uint8Array(32); const isIdentity = ops.op_derive_bits_x25519(k, u, secret); // 6. if (isIdentity) { throw new DOMException("Invalid key", "OperationError"); } // 7. if (length === null) { return secret.buffer; } else if ( secret.buffer.byteLength * 8 < length ) { throw new DOMException("Invalid length", "OperationError"); } else { return secret.buffer.slice(0, MathCeil(length / 8)); } } default: throw new DOMException("Not implemented", "NotSupportedError"); } } async function encrypt(normalizedAlgorithm, key, data) { const handle = key[_handle]; const keyData = WeakMapPrototypeGet(KEY_STORE, handle); switch (normalizedAlgorithm.name) { case "RSA-OAEP": { // 1. if (key[_type] !== "public") { throw new DOMException( "Key type not supported", "InvalidAccessError", ); } // 2. if (normalizedAlgorithm.label) { normalizedAlgorithm.label = copyBuffer(normalizedAlgorithm.label); } else { normalizedAlgorithm.label = new Uint8Array(); } // 3-5. const hashAlgorithm = key[_algorithm].hash.name; const cipherText = await core.opAsync("op_crypto_encrypt", { key: keyData, algorithm: "RSA-OAEP", hash: hashAlgorithm, label: normalizedAlgorithm.label, }, data); // 6. return cipherText.buffer; } case "AES-CBC": { normalizedAlgorithm.iv = copyBuffer(normalizedAlgorithm.iv); // 1. if (normalizedAlgorithm.iv.byteLength !== 16) { throw new DOMException( "Initialization vector must be 16 bytes", "OperationError", ); } // 2. const cipherText = await core.opAsync("op_crypto_encrypt", { key: keyData, algorithm: "AES-CBC", length: key[_algorithm].length, iv: normalizedAlgorithm.iv, }, data); // 4. return cipherText.buffer; } case "AES-CTR": { normalizedAlgorithm.counter = copyBuffer(normalizedAlgorithm.counter); // 1. if (normalizedAlgorithm.counter.byteLength !== 16) { throw new DOMException( "Counter vector must be 16 bytes", "OperationError", ); } // 2. if ( normalizedAlgorithm.length == 0 || normalizedAlgorithm.length > 128 ) { throw new DOMException( "Counter length must not be 0 or greater than 128", "OperationError", ); } // 3. const cipherText = await core.opAsync("op_crypto_encrypt", { key: keyData, algorithm: "AES-CTR", keyLength: key[_algorithm].length, counter: normalizedAlgorithm.counter, ctrLength: normalizedAlgorithm.length, }, data); // 4. return cipherText.buffer; } case "AES-GCM": { normalizedAlgorithm.iv = copyBuffer(normalizedAlgorithm.iv); // 1. if (data.byteLength > (2 ** 39) - 256) { throw new DOMException( "Plaintext too large", "OperationError", ); } // 2. // We only support 96-bit and 128-bit nonce. if ( ArrayPrototypeIncludes( [12, 16], normalizedAlgorithm.iv.byteLength, ) === undefined ) { throw new DOMException( "Initialization vector length not supported", "NotSupportedError", ); } // 3. if (normalizedAlgorithm.additionalData !== undefined) { if (normalizedAlgorithm.additionalData.byteLength > (2 ** 64) - 1) { throw new DOMException( "Additional data too large", "OperationError", ); } } // 4. if (normalizedAlgorithm.tagLength == undefined) { normalizedAlgorithm.tagLength = 128; } else if ( !ArrayPrototypeIncludes( [32, 64, 96, 104, 112, 120, 128], normalizedAlgorithm.tagLength, ) ) { throw new DOMException( "Invalid tag length", "OperationError", ); } // 5. if (normalizedAlgorithm.additionalData) { normalizedAlgorithm.additionalData = copyBuffer( normalizedAlgorithm.additionalData, ); } // 6-7. const cipherText = await core.opAsync("op_crypto_encrypt", { key: keyData, algorithm: "AES-GCM", length: key[_algorithm].length, iv: normalizedAlgorithm.iv, additionalData: normalizedAlgorithm.additionalData || null, tagLength: normalizedAlgorithm.tagLength, }, data); // 8. return cipherText.buffer; } default: throw new DOMException("Not implemented", "NotSupportedError"); } } webidl.configurePrototype(SubtleCrypto); const subtle = webidl.createBranded(SubtleCrypto); class Crypto { constructor() { webidl.illegalConstructor(); } getRandomValues(arrayBufferView) { webidl.assertBranded(this, CryptoPrototype); const prefix = "Failed to execute 'getRandomValues' on 'Crypto'"; webidl.requiredArguments(arguments.length, 1, { prefix }); // Fast path for Uint8Array if (ObjectPrototypeIsPrototypeOf(Uint8ArrayPrototype, arrayBufferView)) { ops.op_crypto_get_random_values(arrayBufferView); return arrayBufferView; } arrayBufferView = webidl.converters.ArrayBufferView(arrayBufferView, { prefix, context: "Argument 1", }); if ( !( ObjectPrototypeIsPrototypeOf(Int8ArrayPrototype, arrayBufferView) || ObjectPrototypeIsPrototypeOf(Uint8ArrayPrototype, arrayBufferView) || ObjectPrototypeIsPrototypeOf( Uint8ClampedArrayPrototype, arrayBufferView, ) || ObjectPrototypeIsPrototypeOf(Int16ArrayPrototype, arrayBufferView) || ObjectPrototypeIsPrototypeOf(Uint16ArrayPrototype, arrayBufferView) || ObjectPrototypeIsPrototypeOf(Int32ArrayPrototype, arrayBufferView) || ObjectPrototypeIsPrototypeOf(Uint32ArrayPrototype, arrayBufferView) || ObjectPrototypeIsPrototypeOf( BigInt64ArrayPrototype, arrayBufferView, ) || ObjectPrototypeIsPrototypeOf(BigUint64ArrayPrototype, arrayBufferView) ) ) { throw new DOMException( "The provided ArrayBufferView is not an integer array type", "TypeMismatchError", ); } const ui8 = new Uint8Array( arrayBufferView.buffer, arrayBufferView.byteOffset, arrayBufferView.byteLength, ); ops.op_crypto_get_random_values(ui8); return arrayBufferView; } randomUUID() { webidl.assertBranded(this, CryptoPrototype); return ops.op_crypto_random_uuid(); } get subtle() { webidl.assertBranded(this, CryptoPrototype); return subtle; } [SymbolFor("Deno.customInspect")](inspect) { return `${this.constructor.name} ${inspect({})}`; } } webidl.configurePrototype(Crypto); const CryptoPrototype = Crypto.prototype; window.__bootstrap.crypto = { SubtleCrypto, crypto: webidl.createBranded(Crypto), Crypto, CryptoKey, };})(this);
Version Info