peculiarventures / node-webcrypto-ossl Goto Github PK
View Code? Open in Web Editor NEWA WebCrypto Polyfill for Node in TypeScript built on OpenSSL.
License: MIT License
A WebCrypto Polyfill for Node in TypeScript built on OpenSSL.
License: MIT License
importKey("spki", SPKI, alg, true, ['verify'])
returns CryptoKey with empty usages array
It seems in some cases we are relying on C++ throw semantecs (THROW_OPENSSL ) and in others not.
If so, code would be easier to review and understand if we refactored to be consistent.
Verification fails for secp521r1 CSR:
function base64ToArrayBuffer (str) {
var buffer = new Buffer(str/*.replace(/[\n\r =]+/g, '').replace(/\+/g, '-').replace(/\//g, '_')*/, 'base64');
return new Uint8Array(buffer).buffer;
};
function pemToDer(PEM) {
var bufIdx = PEM.indexOf('\n') + 1;
var base64 = PEM.substring(bufIdx);
return base64ToArrayBuffer(base64.substring(0, base64.indexOf('--')));
};
var csr = pemToDer(`-----BEGIN CERTIFICATE REQUEST-----
MIIB1zCCATgCAQAwYzFhMAkGA1UEBhMCVVMwCQYDVQQIDAJDQTARBgNVBAcMCldh
c2hpbmd0b24wHQYDVQQLDBZQRUNVTElBUiBWRU5UVVJFUyBJTkMuMAoGA1UECgwD
ZGV2MAsGA1UEAwwEVEVTVDCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAdPhEjbc
JT0I2WGn/igE1xuZlx+oqRXd4dqxt9AE4axya8b43ZsH8gka3dPMMmI7tjNrqf/E
jhqkBNjNHj54kyUEARltXtYxQi/Irthb9gl6cK0aM/3SYPLymTAdlT7velcHIZkJ
na5PhPrblJoJrF6JS6mF5LdReFEkibPoh7NTH4kLoDAwLgYJKoZIhvcNAQkOMSEw
HzAdBgNVHQ4EFgQU0lC5Ok37xIxv2+J2V1+4lJHdJMIwCgYIKoZIzj0EAwIDgYwA
MIGIAkIA90+0M4czRKFvhhn/4x6znseqbz8NBKE013ERCkuEuN/ic+jwbNh1d67q
yFUXtr8hc6RFHROlHMp5xsaY4mC1Pt0CQgB2WhoIEypEALtm3TBucnAJiDpGM8E9
w+NfF4V688idnTH1me3dQDVimW23EqKKhRaDhlAhE+hOwnljYTMTpCAmGQ==
-----END CERTIFICATE REQUEST-----`);
var asn1 = org.pkijs.fromBER(csr);
var pkcs10_simpl = new org.pkijs.simpl.PKCS10({schema: asn1.result});
var SPKI = pkcs10_simpl.subjectPublicKeyInfo.toSchema().toBER(false);
var alg = {
name: 'ECDSA',
namedCurve: 'P-521'
};
return crypto.subtle.importKey("spki", SPKI, alg, true, ['verify']).then(function (key) {
var asn1 = org.pkijs.fromBER(pkcs10_simpl.signatureValue.value_block.value_hex);
var signature = org.pkijs.createECDSASignatureFromCMS(asn1.result);
var data = pkcs10_simpl.tbs;
var sigAlg = org.pkijs.getAlgorithmByOID(pkcs10_simpl.signatureAlgorithm.algorithm_id);
return crypto.subtle.verify(sigAlg, key, signature, data).then(function (isvalid) {
// Verification fails
});
});
RSAES-PKCS1-v1_5 has some security weaknesses. PSS addresses these, we need RSAES-PKCS1-v1_5 for interop but we should probably use PSS for all stuff we use internally.
As such we should add support for PSS.
Currently JWK export supports key_opt parameter which I guess should be key_ops from:
https://tools.ietf.org/html/rfc7517#section-4.3
I can use it to import provided JWK in deriveKey to be consistent with the cryptoKey usages.
Importing public key from this CSR gives null result
function base64ToArrayBuffer (str) {
var buffer = new Buffer(str/*.replace(/[\n\r =]+/g, '').replace(/\+/g, '-').replace(/\//g, '_')*/, 'base64');
return new Uint8Array(buffer).buffer;
};
function pemToDer(PEM) {
var bufIdx = PEM.indexOf('\n') + 1;
var base64 = PEM.substring(bufIdx);
return base64ToArrayBuffer(base64.substring(0, base64.indexOf('--')));
};
var csr = pemToDer(`-----BEGIN CERTIFICATE REQUEST-----
MIIDXTCCAkUCAQAwgYgxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UE
BwwNU2FuIEZyYW5jaXNjbzEaMBgGA1UECgwRUGVjdWxpYXIgVmVudHVyZXMxFzAV
BgNVBAMMDjIzLjI1My4xMDIuMTIxMR8wHQYJKoZIhvcNAQkBFhB0ZXN0QGV4YW1w
bGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtRdSpVlCkEMO
N7rbTt0BiVChIYK8udWFxS1qUtQbbth76UOIBA8aOteOObSQ/Gi4JfvFA353A/a/
ncew3H4j6ejQRcg1w5xWQEs0hGo3peu7rHnLTmblpLV1Ze0+u6Fwx2XGly1tCLLu
CcrLrKqCHv/SD8VZ6+H6Sa8jDnN03ORcL5ba/qmfy4fpvariyxqVm2JhY5k/Ry4J
gZGCxixdJo1U8TfYolL9mDp6W9endRZoVyrG0mvgsQvn0hjwrb3vpQgUyOnKme9y
xa6TTodXZ6264sajjtjQhy+xPTyt2PFxWAUkgP1ruRr6WB6zDG0GAlUo5EwRKXWs
kRWHhtBxUwIDAQABoIGOMIGLBgkqhkiG9w0BCQ4xfjB8MB0GA1UdDgQWBBQkLotq
2wIyU322I62PNCKLxCfjozAJBgNVHRMEAjAAMAsGA1UdDwQEAwIFoDAVBgNVHREE
DjAMhwQX/WZ5hwR/AAABMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRl
ZCBDZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEACBLRPAkRFe1Uc8+u0xj9
YD1G9tBL5KLcX+qu+0l52qdoXdhfrwtdUuHpFkqsbcW9W9d9u9TZclJcy+b8ow7L
BTSUXDYPKyJ9SRRqd3Pg5eyIs/nizSIoKYhiPf/d0FQFvuevZf7VxHGPBnagfH56
LtDyFuApIPC1ob+Kq4TDfsvWZQRJ9xpAqgAQEXViQ555pwpz+b0+i4tnUDc+8n0N
r1E/FuGp+fo1iyU+ybhFVkJhsSsCa6YyEVuoYaaHYG7PHhZn5dJAfFVySt4OeeEO
iuqL3dEvmyuvQnA2b2BMsi9siiSI7izddzdhl02LsWEpzEoSzDd2uLPeG5YCiFhE
MA==
-----END CERTIFICATE REQUEST-----`);
var asn1 = org.pkijs.fromBER(csr);
var pkcs10_simpl = new org.pkijs.simpl.PKCS10({schema: asn1.result});
var SPKI = pkcs10_simpl.subjectPublicKeyInfo.toSchema().toBER(false);
var alg = {
name: 'RSASSA-PKCS1-v1_5',
modulusLength: 2048,
publicExponent: Uint8Array { '0': 1, '1': 0, '2': 1 },
hash: { name: 'SHA-256' }
};
return crypto.subtle.importKey("spki", SPKI, alg, true, ['verify']).then(function (key) {
console.log('imported key:' , key); // key is null here
});
xadesjs has implementation of RSA-PSS algorithm, but node-webcrypto-ossl doesn't have it
Make it possible to use npm install https://github.com/PeculiarVentures/node-webcrypto-ossl.git
Chome does this, as does https://github.com/openpgpjs/asmcrypto-lite/blob/lite/test we should consider similar structure.
develop
branch
Log from Valgrind
==32650== 57 bytes in 1 blocks are possibly lost in loss record 807 of 1,116
==32650== at 0x4C2B0E0: operator new(unsigned long) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==32650== by 0x52FD208: std::string::_Rep::_S_create(unsigned long, unsigned long, std::allocator<char> const&) (in /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19)
==32650== by 0x52FE930: char* std::string::_S_construct<char const*>(char const*, char const*, std::allocator<char> const&, std::forward_iterator_tag) (in /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19)
==32650== by 0x52FE9EC: std::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string(char const*, unsigned long, std::allocator<char> const&) (in /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19)
==32650== by 0x985BB49: v8Buffer_to_String(v8::Local<v8::Object>) (in /home/microshine/tmp/node-webcrypto-ossl/build/Release/nodessl.node)
==32650== by 0x985BC1F: v8Buffer_to_String(v8::Local<v8::Value>) (in /home/microshine/tmp/node-webcrypto-ossl/build/Release/nodessl.node)
==32650== by 0x9865274: WAes::Import(Nan::FunctionCallbackInfo<v8::Value> const&) (in /home/microshine/tmp/node-webcrypto-ossl/build/Release/nodessl.node)
==32650== by 0x9862AE5: Nan::imp::FunctionCallbackWrapper(v8::FunctionCallbackInfo<v8::Value> const&) (in /home/microshine/tmp/node-webcrypto-ossl/build/Release/nodessl.node)
==32650== by 0x86E311: v8::internal::FunctionCallbackArguments::Call(void (*)(v8::FunctionCallbackInfo<v8::Value> const&)) (in /usr/bin/nodejs)
==32650== by 0x898190: ??? (in /usr/bin/nodejs)
==32650== by 0x8985ED: ??? (in /usr/bin/nodejs)
==32650== by 0x15BC5BA060BA: ???
==32650==
==32650== 318 bytes in 6 blocks are possibly lost in loss record 994 of 1,116
==32650== at 0x4C2B0E0: operator new(unsigned long) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==32650== by 0x52FD208: std::string::_Rep::_S_create(unsigned long, unsigned long, std::allocator<char> const&) (in /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19)
==32650== by 0x52FDDCA: std::string::_Rep::_M_clone(std::allocator<char> const&, unsigned long) (in /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19)
==32650== by 0x52FDE63: std::string::reserve(unsigned long) (in /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19)
==32650== by 0x52FE225: std::string::append(unsigned long, char) (in /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19)
==32650== by 0x985AC0C: ScopedAES::generate(int&) (in /home/microshine/tmp/node-webcrypto-ossl/build/Release/nodessl.node)
==32650== by 0x986E9CF: AsyncAesGenerateKey::Execute() (in /home/microshine/tmp/node-webcrypto-ossl/build/Release/nodessl.node)
==32650== by 0xDDE4F0: ??? (in /usr/bin/nodejs)
==32650== by 0xDEC998: ??? (in /usr/bin/nodejs)
==32650== by 0x5A6B181: start_thread (pthread_create.c:312)
==32650== by 0x5D7B47C: clone (clone.S:111)
Simply listing:
"dependencies": {
"node-webcrypto-ossl": "https://github.com/PeculiarVentures/node-webcrypto-ossl/tarball/9d7a96e62030499379dde14c9a3143776c12a1d2"
}
Seems to compile the binary, but ts
files are not converted to JavaScript, or whatever is needed for
var webcrypto = require('node-webcrypto-ossl');
then to work from the main code.
The following code fails:
return crypto.subtle.deriveBits({
name: 'ECDH',
namedCurve: 'P-256',
public: peerPublicKey
}, privateKey, 256);
I would especially need deriveBits
for ECDH and above curve.
It would be useful to have an examples frontpage on
node-webcrypto-ossl's REAMDE.md github frontpage, much like
https://github.com/diafygi/webcrypto-examples has. That way developers
can quickly see what functions are implemented, and how they should
use them.
I'm trying to use js-jose JWE decryption, and it fails to decrypt with unwrapped CEK, because of the wrong algorithm name:
AesKey {
usages: [ 'encrypt', 'decrypt', 'wrapKey', 'unwrapKey' ],
native_: AesKey {},
extractable: true,
algorithm:
{ name: 'RSA-OAEP',
modulusLength: 1024,
publicExponent: Uint8Array { '0': 1, '1': 0, '2': 1 },
hash: { name: 'SHA-1' } },
type: 'secret' }
function base64ToArrayBuffer (str) {
var buffer = new Buffer(str/*.replace(/[\n\r =]+/g, '').replace(/\+/g, '-').replace(/\//g, '_')*/, 'base64');
return new Uint8Array(buffer).buffer;
};
function pemToDer(PEM) {
var bufIdx = PEM.indexOf('\n') + 1;
var base64 = PEM.substring(bufIdx);
return base64ToArrayBuffer(base64.substring(0, base64.indexOf('--')));
};
var csr = pemToDer(`-----BEGIN CERTIFICATE REQUEST-----
MIIBOjCB4QIBADBPMU0wCQYDVQQGEwJCRTAJBgNVBAgMAkNBMBAGA1UEBwwJTW9v
cnNsZWRlMAoGA1UECwwDQVNEMAoGA1UECgwDYXNkMAsGA1UEAwwEYXNkZjBZMBMG
ByqGSM49AgEGCCqGSM49AwEHA0IABJQKhKR5XXIOwX/yTCMGCe261EwCvgsIM1Ek
r57rPkeaTWzpChyy0UBLf5MWYFE95P+PG0dqUX+2zrYSQcG0IxSgMDAuBgkqhkiG
9w0BCQ4xITAfMB0GA1UdDgQWBBSQ3JECCgGmzQb5CNsco12pCK+KazAKBggqhkjO
PQQDAgNIADBFAiAHS52isjJxdFMZHH6ItZBNyxraXBqoZ2I7SkImoOhiXAIhAPpw
SkPRwXUYWNOx0/+J+i0+utd6Yo2wgkGYfXMes43B
-----END CERTIFICATE REQUEST-----`);
var asn1 = org.pkijs.fromBER(csr);
var pkcs10_simpl = new org.pkijs.simpl.PKCS10({schema: asn1.result});
var SPKI = pkcs10_simpl.subjectPublicKeyInfo.toSchema().toBER(false);
var alg = {
name: 'ECDSA',
namedCurve: 'P-256'
};
return crypto.subtle.importKey("spki", SPKI, alg, true, ['verify']).then(function (key) {
var signature = pkcs10_simpl.signatureValue.value_block.value_hex;
var data = pkcs10_simpl.tbs;
var sigAlg = org.pkijs.getAlgorithmByOID(pkcs10_simpl.signatureAlgorithm.algorithm_id);
return crypto.subtle.verify(sigAlg, key, signature, data).then(function (isvalid) {
// Verification fails
});
});
function base64ToArrayBuffer (str) {
var buffer = new Buffer(str/*.replace(/[\n\r =]+/g, '').replace(/\+/g, '-').replace(/\//g, '_')*/, 'base64');
return new Uint8Array(buffer).buffer;
}
function pemToDer(PEM) {
var bufIdx = PEM.indexOf('\n') + 1;
var base64 = PEM.substring(bufIdx);
return base64ToArrayBuffer(base64.substring(0, base64.indexOf('--')));
}
var csr = `-----BEGIN CERTIFICATE REQUEST-----
MIICrjCCAZgCAQAwOzE5MAkGA1UEBhMCUlUwLAYDVQQDDCVTaW1wbGUgdGVzdCAo
0L/RgNC+0YHRgtC+0Lkg0YLQtdGB0YIpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEA9JVM6k2JKT32eQXGJgt23wcz5gCIVqlzJyZvWJb2Fs/A4h4f9R6K
4I0w879uiTG1ZU6SZhw6Brh5kjAfutrOTe3M1w4YfMc476oxUEOFzjyeBGBJ7046
oMQK1Zib26TQ/OjrpFUVP9q9J5CikfX5K39vmRQHjQD9XyBM94+82Nv/uNS+X/xp
Dd+nDarOp9c4UiI9wMLf9/L+Ig+aZtXFcb1vh8ol7Et8qMeumumT/whBGX1MeWSP
G/sJrEa2qkBRuozMKOq6EQKNityG20vvAPZVMPieoFF2O/0K1G2g1lwh1u3UB2tX
eZkbRwj8zKfNyBdcsYf5YpOKeiYrM1MQPwIDAQABoDAwLgYJKoZIhvcNAQkOMSEw
HzAdBgNVHQ4EFgQUfLkDDNcwxtzucM/VBHwxpZJ2iDwwCwYJKoZIhvcNAQELA4IB
AQCJvGEM5CxIxVbV2uaCadNgj45lCcnsnqF7uu93Irh9qSZnjz8Eljr+JQA9ExbW
spbBUTTZnSAoqSRaA5gy4lOK4RSMNb6B3VFOBSflmzG7hCo4p1fKnzEO2Fta4OFl
6941GkAeC2RNcKDRn9fNC9R067xIkF4QtuDg6/3/y8SKtpWj4Jo+8jJV6K2Gvp+8
Zp7t9pwEdeOaAlfU1ZhXjkexhIJYdzveZxuJoClu4CJZRayWAGAIjq8rQuM1XZUF
C5gjKX/YPL0hktggSokfWik9odA2O5Wn1mXtZvuEbPZvdugVA6FWR49rxT5m6aoK
jnipQMiiN1VpSgxLyRrF/rrc
-----END CERTIFICATE REQUEST-----
`;
var asn1 = org.pkijs.fromBER(pemToDer(csr));
var pkcs10_simpl = new org.pkijs.simpl.PKCS10({
schema: asn1.result
});
pkcs10_simpl.verify().then(function (result) {
console.log('result: ', result);
}).catch(function (e) {
// Error: ImportKey: keyData is not a Buffer
});
Same code for ECDSA works fine
In file included from ../src/node/../core/common.h:4:0,
from ../src/node/common.h:4,
from ../src/main.cpp:1:
../../nan/nan.h:602:20: error: variable or field ‘AddGCEpilogueCallback’ declared void
v8::Isolate::GCEpilogueCallback callback
Still getting error on deriveKey:
[2016-01-14 20:18:47.600] [DEBUG] [default] - [keyDerivator] imported privateCryptoKey EcKey {
usages: [],
_key: KeyPair { handle: Key { type: 408 } },
extractable: true,
algorithm: { namedCurve: 'P-256', name: 'ECDH' },
type: 'private',
namedCurve: 'P-256' }
[2016-01-14 20:18:47.601] [DEBUG] [default] - [keyDerivator] imported publicCryptoKey EcKey {
usages: [],
_key: KeyPair { handle: Key { type: 408 } },
extractable: true,
algorithm: { name: 'ECDH', namedCurve: 'P-256' },
type: 'public',
namedCurve: 'P-256' }
[2016-01-14 20:18:47.607] [ERROR] [default] - [Woodland]: [Error: derivedKeyType: Unknown Algorithm name in use]
Shows false on the client using subtle.crypto.verify.
private key is imported from JWK to make signature on the server. Then on the client public key is imported from JWK with subtle, then verify shows false for some reason.
xadesjs has implementation of HMAC algorithm, but node-webcrypto-ossl doesn't have it
Right now we support both ArrayBuffer and Buffer. WebCrypto was defined with ArrayBuffer. If developers use Buffer then the code they write will not be interopable. On the other hand node developers commonly use node:buffer and making them switch to array buffer would make library less useful potentially. We need to consider if we want to keep support for both.
Unfortunately, it seems that all versions of Windows (even Windows 10) still produces PKCS #12’s using pbeWithSHAAnd3-KeyTripleDES-CBC for “privacy” of keys and privacy of certificates it uses pbeWithSHAAnd40BitRC2-CBC. It then relies on the HMAC scheme for integrity.
For us to support PKCS#12 in a way an interoperable with Windows we will need to support these weak algorithms. They are not specified in WebCrypto (because they are weak) but we can still choose to support them.
@briansmith has done the work to incorporate NIST test vectors into Ring : https://github.com/briansmith/ring/tree/master/third-party/NIST/SHAVS we should incorporate these.
Exported JWK ECDSA P-521 gives error while trying to import it with window.crypto.subtle.importKey in browser:
DOMException: The JWK's "x" member defines an octet string of length 65 bytes but should be 66
Other curves P-256 P-384 imported fine
I'm getting "DOMException: The JWK's "x" member defines an octet string of length 65 bytes but should be 66" on JWK import
req.derivedKeyType: { name: 'AES-CTR', length: 256 }
deriveKey throws:
[Error: derivedKeyType: Unknown Algorithm name in use]
[keyDerivator] derived cryptoKey AesKey {
usages: [ 'encrypt', 'decrypt', 'wrapKey', 'unwrapKey' ],
_key: <Buffer 00 ad b6 6c 2e c8 bd 3f 9a 71 0d d6 8b b8 68 5e 1a 1d 31 9e b0 d6 33 c7 f0 90 cf 0b 35 f0 47 b0 79 fe b2 3c 83 f6 c1 61 82 91 5d 80 e9 ca 65 eb 1d f2 ... >,
extractable: true,
algorithm: { name: 'AES-CBC', length: 128 },
type: undefined,
length: 128 }
It shows [Error: Unknown key type undefined] during export
Trying to run on Ubuntu 15.04. Installation successfull, mocha tests fails:
begin Init
end Init
Init
✓ Init
Aes
✓ Aes CBC
✓ Aes CBC JWK export/import
✓ Aes GCM
✓ Aes GCM JWK export/import
EC
begin New
begin Key
end Key
begin WKey
end WKey
end New
begin generateEc
begin dispose
end dispose
end generateEc
begin Sign
info : Unwrap Wkey
begin internal
end internal
info : get data from buffer
info : get digest name
begin sign
end sign
info : copy signature to Buffer
info : return value
Segmentation fault
ECDSA P-521 signed data verified time to time - sometimes it is true, some times false
There may be test vectors in the Netflix suite that would be useful, we should review and see if we see any of value:
https://netflix.github.io/NfWebCrypto/web/test_promise.html https://github.com/Netflix/msl/blob/master/tests/src/test/javascript/msltests.html
Safari doesnt support spki or pkcs8, this means in other parts of our projects we will need to use JWK. Also we use document store databases and storing of elements in JSON is useful vs creating them prior to store. As such I think we should support JWK.
Here is an example converting a jwk to pem - https://github.com/vibornoff/webcrypto-shim/blob/master/webcrypto-shim.js#L160
[Error ] aes_def.h:13: Single - argument constructor 'ScopedAES(Handle<std::string> aes)' may inadvertently be used as a type conversion constructor.
[Error ] scoped_ssl.h:33: Single - argument constructor 'ScopedSSL(T* handle)' may inadvertently be used as a type conversion constructor.
Lint Summary: 47 files
Errors: 2 Warnings: 0 Advice: 0
Estimated Lines of Code: 3105
Tested with commit
generateKey(
{
name: 'RSASSA-PKCS1-v1_5',
modulusLength: 2048, //can be 1024, 2048, or 4096
publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
hash: {name: 'SHA-256'}, //can be "SHA-1", "SHA-256", "SHA-384", or "SHA-512"
},
true, //whether the key is extractable (i.e. can be used in exportKey)
['sign', 'verify'] //can be any combination of "sign" and "verify"
)
output:
RsaKey {
usages: [],
native_: Key { type: 6 },
extractable: true,
algorithm:
{ name: 'RSASSA-PKCS1-v1_5',
modulusLength: 2048,
publicExponent: Uint8Array { '0': 1, '1': 0, '2': 1 },
hash: { name: 'SHA-256' } },
type: 'private',
modulusLength: 2048,
publicExponent: Uint8Array { '0': 1, '1': 0, '2': 1 } }
This leads to a problems of CryptoKey identification. In particular, Jose library fails to identify CryptoKey by 'CryptoKey' constructor name. It further blocks the possibility to use unextractable private keys.
EVP call patterns will be the same accross RSA and ECC, the code can be re-factored to share this logic which will reduce surface area for the code to have defects and make the code easier to review.
WebCrypto does not yet specify the use of these but work is already in progress - https://www.w3.org/2012/webcrypto/WebCryptoCurve25519/Curve25519-WebCrypto.html
It looks names may end up as:
ECDH-CURVE25519
SCHNOR-ED25519
ed25519 is specified here - http://ed25519.cr.yp.to/ed25519-20110926.pdf
The WebCrypto spec with the most details on this at this time is here : https://www.w3.org/Bugs/Public/show_bug.cgi?id=25839#c47
It seems today the only way to support would be using "raw" as there is no JWK defiition for it yet.
I would argue until there is, and there is an interopability target we should not implement it.
Useful things
In C++ const enforces type checking in expressions while the #define constants are just expanded. It would be better to switch most if not all of our #define to const.
PSS is more secure signature scheme we should add support for it.
There are some errors during compilation with the newest version of NAN
Error during compilation of native ossl module.
Reason: npm w_key.cpp is different from repo source.
NPM
void WKey::Init(v8::Handle<v8::Object> exports) {
...
// methods
SetPrototypeMethod(tpl, "exportJwk", ExportJwk);
SetPrototypeMethod(tpl, "exportSpki", ExportSpki);
SetPrototypeMethod(tpl, "exportPkcs8", ExportPkcs8);
SetPrototypeMethod(tpl, "sign", Sign);
SetPrototypeMethod(tpl, "verify", Verify);
SetPrototypeMethod(tpl, "RsaOaepEncDec", RsaOaepEncDec);
SetPrototypeMethod(tpl, "EcdhDeriveKey", EcdhDeriveKey);
...
}
GitHub
void WKey::Init(v8::Handle<v8::Object> exports) {
...
// methods
SetPrototypeMethod(tpl, "exportJwk", ExportJwk);
SetPrototypeMethod(tpl, "exportSpki", ExportSpki);
SetPrototypeMethod(tpl, "exportPkcs8", ExportPkcs8);
SetPrototypeMethod(tpl, "sign", Sign);
SetPrototypeMethod(tpl, "verify", Verify);
SetPrototypeMethod(tpl, "RsaOaepEncDec", RsaOaepEncDec);
SetPrototypeMethod(tpl, "EcdhDeriveKey", EcdhDeriveKey);
SetPrototypeMethod(tpl, "modulusLength", ModulusLength);
SetPrototypeMethod(tpl, "publicExponent", PublicExponent);
...
}
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.