Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(ext/crypto): JWK support for unwrapKey/wrapKey #13261

Merged
merged 4 commits into from
Jan 7, 2022
Merged

feat(ext/crypto): JWK support for unwrapKey/wrapKey #13261

merged 4 commits into from
Jan 7, 2022

Conversation

cryptographix
Copy link
Contributor

@cryptographix cryptographix commented Jan 2, 2022
edited
Loading

Towards #11690 - implements jwk format for wrapKey+unwrapKey using TextEncoder/TextDecoder for utf-8.

Additionally, fixes usages passed internally to encrypt()/decrypt() which was not working, since [un]wrappingKey has [un]wrapKey usage but decrypt() expects a decrypt usage.

Note: subtle.encrypt() is currently not validating usages.

wpt(WebCrypto/wrapKey_unwrapKey) now passes 105/183

  • still 78 failures due to missing AES-KW and AES-GCM algorithms.

@cryptographix cryptographix marked this pull request as draft January 2, 2022 04:16
@cryptographix
Copy link
Contributor Author

cryptographix commented Jan 2, 2022
edited
Loading

Changed to DRAFT due to indeterministic results from wpt.

If debug single-step test passes, but will sometimes fail on running, for example: Can wrap and unwrap AES-CBC keys as non-extractable using raw and AES-CBC assert_unreached: Round trip for key unwrapped non-extractable threw an error - DataError: "invalid key data"

update: WPT tests were flaky due to:

  1. exportKey(jwk) (HMAC/AES) using unpaddedBase64 which does NOT code as base64url bug(ext/crypto) - exportKey JWK in js not base64url #13263 - merged
  2. ~~importKey not forgiving ~~ - fix(ext/crypto) base-64 for JWK #13240 merged.

@cryptographix cryptographix marked this pull request as ready for review January 5, 2022 01:54
@cryptographix cryptographix mentioned this pull request Jan 5, 2022
Merged
bartlomieju
bartlomieju approved these changes Jan 6, 2022
View reviewed changes
Copy link
Member

@bartlomieju bartlomieju left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thank you @seanwykes

@lucacasonato @littledivy please take a look

tools/wpt/expectation.json Show resolved Hide resolved
littledivy
littledivy approved these changes Jan 7, 2022
View reviewed changes
Copy link
Member

@littledivy littledivy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@littledivy littledivy changed the title fix(ext/crypto) - wrapKey/unwrapKey jwk + usages fix(ext/crypto): JWK support for unwrapKey/wrapKey Jan 7, 2022
@littledivy littledivy changed the title fix(ext/crypto): JWK support for unwrapKey/wrapKey feat(ext/crypto): JWK support for unwrapKey/wrapKey Jan 7, 2022
@littledivy littledivy merged commit 59f0eaf into denoland:main Jan 7, 2022
@cryptographix cryptographix deleted the fix-wrapkey-unwrapkey branch January 7, 2022 12:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@littledivy littledivy littledivy approved these changes

@bartlomieju bartlomieju bartlomieju approved these changes

@bnoordhuis bnoordhuis Awaiting requested review from bnoordhuis

@lucacasonato lucacasonato Awaiting requested review from lucacasonato

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@cryptographix @bartlomieju @littledivy