-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Add support for SubtleCrypto #440
Conversation
0b8af04
to
b2083a0
Compare
5500fba
to
ad97434
Compare
This adds an implementation of a subset of SubtleCrypto, specifically for JSON Web Token signing and validating. - SubtleCrypto.prototype.generateKey - SubtleCrypto.prototype.importKey - SubtleCrypto.prototype.sign - SubtleCrypto.prototype.verify with the following algorithms: - RSASSA_PKCS1_v1_5 - RSA_OAEP and the following digest algorithms: - SHA_1 - SHA_224 - SHA_256 - SHA_384 - SHA_512 Work in the future will be done to add the remaining algorithms and SubtleCrypto method implementations
ad97434
to
328fab3
Compare
|
||
constexpr uint8_t nonAlphabet = 255; | ||
|
||
static const uint8_t base64DecodeTable[] = { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you move this back to js-compute-builtins.cpp
and make this declaration extern const uint8_t base64DecodeTable[];
instead? Otherwise this constant will be inlined into every file that includes it, adding a lot of duplicate declarations of the same data that won't inline.
inline JS::Result<mozilla::Ok> base64Decode4to3(std::string_view input, std::string &output, | ||
const uint8_t *decodeTable) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What drove making the decode table a parameter here?
"Context is discarded in generateKey": { | ||
"status": "FAIL" | ||
}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are these all expected to fail with this pr?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would you mind pulling out all the new json test results into a separate pr? That way we could see what the diff in behavior between main and this pr is.
@@ -0,0 +1,942 @@ | |||
#pragma once |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you switch to header guards? If we ever change build systems, #pragma once
could become problematic.
Changing this to a draft as I will be breaking the PR up into a bunch of smaller PRs |
If I could lobby for a few more algorithms to be supported 🙏
Also I have a comprehensive test suite for different runtimes' webcrypto implementations that I could unload on js-compute-runtime eventually. |
9d26f5a
to
5198884
Compare
@JakeChampion We are using 3rd party dependencies relying on subtle.crypto, e.g. for signing AWS requests. We're still getting errors like Here's a code fragment from https://github.com/mhart/aws4fetch which seems to trigger this error:
It seems like the lack of HMAC support is causing the error. This is a blocker for us. Without this support we won't be able to use C@E. Can you give us an ETA when this PR finally lands in production? |
For a complete move to compute edge we would need support for the following API
Both with support for |
Thanks all -- we've added HMAC and raw importkey support and I have opened issues for the other requests which have been added to this draft pull-request. I will be closing this pull-request as it is never going to be merged, all the work is happening in other, smaller pull-requests 👍 |
This adds an implementation of a subset of SubtleCrypto, specifically for JSON Web Token signing and validating.
Work in the future will be done to add the remaining algorithms and SubtleCrypto method implementations