feat: Add support for SubtleCrypto

[JakeChampion]

This adds an implementation of a subset of SubtleCrypto, specifically for JSON Web Token signing and validating.

• SubtleCrypto.prototype.generateKey
• SubtleCrypto.prototype.importKey
• SubtleCrypto.prototype.sign
• SubtleCrypto.prototype.verify with the following algorithms:
• RSASSA_PKCS1_v1_5
• RSA_OAEP and the following digest algorithms:
• SHA_1
• SHA_224
• SHA_256
• SHA_384
• SHA_512

Work in the future will be done to add the remaining algorithms and SubtleCrypto method implementations

[elliottt]

Could you move this back to js-compute-builtins.cpp and make this declaration extern const uint8_t base64DecodeTable[]; instead? Otherwise this constant will be inlined into every file that includes it, adding a lot of duplicate declarations of the same data that won't inline.

[elliottt]

What drove making the decode table a parameter here?

[elliottt]

Are these all expected to fail with this pr?

[elliottt]

Would you mind pulling out all the new json test results into a separate pr? That way we could see what the diff in behavior between main and this pr is.

[elliottt]

Could you switch to header guards? If we ever change build systems, #pragma once could become problematic.

[JakeChampion]

Changing this to a draft as I will be breaking the PR up into a bunch of smaller PRs

[panva]

If I could lobby for a few more algorithms to be supported 🙏

• RSA-PSS
• ECDSA (at least P-256, but ideally all three curves)
• Ed25519 from https://wicg.github.io/webcrypto-secure-curves/
• almost forgot, the goto JWS algorithm - HMAC

Also pkcs8 and spki key format import/export are not to be overlooked. Developers LOOOVE to use in favour of JWKs.

I have a comprehensive test suite for different runtimes' webcrypto implementations that I could unload on js-compute-runtime eventually.

[stefan-guggisberg]

@JakeChampion We are using 3rd party dependencies relying on subtle.crypto, e.g. for signing AWS requests.

We're still getting errors like Supplied algorithm is not yet supported.

Here's a code fragment from https://github.com/mhart/aws4fetch which seems to trigger this error:

async function hmac(key2, string3) {
  const cryptoKey = await crypto.subtle.importKey(
    "raw",
    typeof key2 === "string" ? encoder2.encode(key2) : key2,
    { name: "HMAC", hash: { name: "SHA-256" } },
    false,
    ["sign"]
  );
  return crypto.subtle.sign("HMAC", cryptoKey, encoder2.encode(string3));
}

It seems like the lack of HMAC support is causing the error.

This is a blocker for us. Without this support we won't be able to use C@E.

Can you give us an ETA when this PR finally lands in production?

[mlegenhausen]

For a complete move to compute edge we would need support for the following API

• SubtleCrypto.prototype.encrypt
• SubtleCrypto.prototype.decrypt

Both with support for AES-CBC and AES-GCM

[JakeChampion]

Thanks all -- we've added HMAC and raw importkey support and I have opened issues for the other requests which have been added to this draft pull-request.

I will be closing this pull-request as it is never going to be merged, all the work is happening in other, smaller pull-requests 👍