peculiarventures / node-webcrypto-ossl Goto Github PK
View Code? Open in Web Editor NEWA WebCrypto Polyfill for Node in TypeScript built on OpenSSL.
License: MIT License
node-webcrypto-ossl's People
Stargazers
Watchers
Forkers
kiskovacs mitar seikho ruifortes dashersw hildjj root-core elsehow boldt yuliswe tarcieri tresorit evaluation-alex davidninam michaeljcole jpeisenbarth emuontau afinch7 zkpki sansato sdaliyot iqiuyu-0821 nr23730 bartzjegr romashine lgq2015 navneetkrishnam algv ashikabi bsantare fossprime yishengit simonmika isabella232node-webcrypto-ossl's Issues
Importing SPKI key returns no key usages
importKey("spki", SPKI, alg, true, ['verify'])
returns CryptoKey with empty usages array
include webcrpto test vectors from chrome and/or firefox in tests
Ensure code consistently handles errors
It seems in some cases we are relying on C++ throw semantecs (THROW_OPENSSL ) and in others not.
If so, code would be easier to review and understand if we refactored to be consistent.
Include Firefox test vectors
Implement SHA1 and SHA2
ECDSA P-521 verification fails
Verification fails for secp521r1 CSR:
function base64ToArrayBuffer (str) {
var buffer = new Buffer(str/*.replace(/[\n\r =]+/g, '').replace(/\+/g, '-').replace(/\//g, '_')*/, 'base64');
return new Uint8Array(buffer).buffer;
};
function pemToDer(PEM) {
var bufIdx = PEM.indexOf('\n') + 1;
var base64 = PEM.substring(bufIdx);
return base64ToArrayBuffer(base64.substring(0, base64.indexOf('--')));
};
var csr = pemToDer(`-----BEGIN CERTIFICATE REQUEST-----
MIIB1zCCATgCAQAwYzFhMAkGA1UEBhMCVVMwCQYDVQQIDAJDQTARBgNVBAcMCldh
c2hpbmd0b24wHQYDVQQLDBZQRUNVTElBUiBWRU5UVVJFUyBJTkMuMAoGA1UECgwD
ZGV2MAsGA1UEAwwEVEVTVDCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAdPhEjbc
JT0I2WGn/igE1xuZlx+oqRXd4dqxt9AE4axya8b43ZsH8gka3dPMMmI7tjNrqf/E
jhqkBNjNHj54kyUEARltXtYxQi/Irthb9gl6cK0aM/3SYPLymTAdlT7velcHIZkJ
na5PhPrblJoJrF6JS6mF5LdReFEkibPoh7NTH4kLoDAwLgYJKoZIhvcNAQkOMSEw
HzAdBgNVHQ4EFgQU0lC5Ok37xIxv2+J2V1+4lJHdJMIwCgYIKoZIzj0EAwIDgYwA
MIGIAkIA90+0M4czRKFvhhn/4x6znseqbz8NBKE013ERCkuEuN/ic+jwbNh1d67q
yFUXtr8hc6RFHROlHMp5xsaY4mC1Pt0CQgB2WhoIEypEALtm3TBucnAJiDpGM8E9
w+NfF4V688idnTH1me3dQDVimW23EqKKhRaDhlAhE+hOwnljYTMTpCAmGQ==
-----END CERTIFICATE REQUEST-----`);
var asn1 = org.pkijs.fromBER(csr);
var pkcs10_simpl = new org.pkijs.simpl.PKCS10({schema: asn1.result});
var SPKI = pkcs10_simpl.subjectPublicKeyInfo.toSchema().toBER(false);
var alg = {
name: 'ECDSA',
namedCurve: 'P-521'
};
return crypto.subtle.importKey("spki", SPKI, alg, true, ['verify']).then(function (key) {
var asn1 = org.pkijs.fromBER(pkcs10_simpl.signatureValue.value_block.value_hex);
var signature = org.pkijs.createECDSASignatureFromCMS(asn1.result);
var data = pkcs10_simpl.tbs;
var sigAlg = org.pkijs.getAlgorithmByOID(pkcs10_simpl.signatureAlgorithm.algorithm_id);
return crypto.subtle.verify(sigAlg, key, signature, data).then(function (isvalid) {
// Verification fails
});
});
RSASSA-PSS support
RSAES-PKCS1-v1_5 has some security weaknesses. PSS addresses these, we need RSAES-PKCS1-v1_5 for interop but we should probably use PSS for all stuff we use internally.
As such we should add support for PSS.
Add support for RSA-PSS for XAdES
Exported jwk usages
Currently JWK export supports key_opt parameter which I guess should be key_ops from:
https://tools.ietf.org/html/rfc7517#section-4.3
I can use it to import provided JWK in deriveKey to be consistent with the cryptoKey usages.
importing RSA SPKI returns null
Importing public key from this CSR gives null result
function base64ToArrayBuffer (str) {
var buffer = new Buffer(str/*.replace(/[\n\r =]+/g, '').replace(/\+/g, '-').replace(/\//g, '_')*/, 'base64');
return new Uint8Array(buffer).buffer;
};
function pemToDer(PEM) {
var bufIdx = PEM.indexOf('\n') + 1;
var base64 = PEM.substring(bufIdx);
return base64ToArrayBuffer(base64.substring(0, base64.indexOf('--')));
};
var csr = pemToDer(`-----BEGIN CERTIFICATE REQUEST-----
MIIDXTCCAkUCAQAwgYgxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UE
BwwNU2FuIEZyYW5jaXNjbzEaMBgGA1UECgwRUGVjdWxpYXIgVmVudHVyZXMxFzAV
BgNVBAMMDjIzLjI1My4xMDIuMTIxMR8wHQYJKoZIhvcNAQkBFhB0ZXN0QGV4YW1w
bGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtRdSpVlCkEMO
N7rbTt0BiVChIYK8udWFxS1qUtQbbth76UOIBA8aOteOObSQ/Gi4JfvFA353A/a/
ncew3H4j6ejQRcg1w5xWQEs0hGo3peu7rHnLTmblpLV1Ze0+u6Fwx2XGly1tCLLu
CcrLrKqCHv/SD8VZ6+H6Sa8jDnN03ORcL5ba/qmfy4fpvariyxqVm2JhY5k/Ry4J
gZGCxixdJo1U8TfYolL9mDp6W9endRZoVyrG0mvgsQvn0hjwrb3vpQgUyOnKme9y
xa6TTodXZ6264sajjtjQhy+xPTyt2PFxWAUkgP1ruRr6WB6zDG0GAlUo5EwRKXWs
kRWHhtBxUwIDAQABoIGOMIGLBgkqhkiG9w0BCQ4xfjB8MB0GA1UdDgQWBBQkLotq
2wIyU322I62PNCKLxCfjozAJBgNVHRMEAjAAMAsGA1UdDwQEAwIFoDAVBgNVHREE
DjAMhwQX/WZ5hwR/AAABMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRl
ZCBDZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEACBLRPAkRFe1Uc8+u0xj9
YD1G9tBL5KLcX+qu+0l52qdoXdhfrwtdUuHpFkqsbcW9W9d9u9TZclJcy+b8ow7L
BTSUXDYPKyJ9SRRqd3Pg5eyIs/nizSIoKYhiPf/d0FQFvuevZf7VxHGPBnagfH56
LtDyFuApIPC1ob+Kq4TDfsvWZQRJ9xpAqgAQEXViQ555pwpz+b0+i4tnUDc+8n0N
r1E/FuGp+fo1iyU+ybhFVkJhsSsCa6YyEVuoYaaHYG7PHhZn5dJAfFVySt4OeeEO
iuqL3dEvmyuvQnA2b2BMsi9siiSI7izddzdhl02LsWEpzEoSzDd2uLPeG5YCiFhE
MA==
-----END CERTIFICATE REQUEST-----`);
var asn1 = org.pkijs.fromBER(csr);
var pkcs10_simpl = new org.pkijs.simpl.PKCS10({schema: asn1.result});
var SPKI = pkcs10_simpl.subjectPublicKeyInfo.toSchema().toBER(false);
var alg = {
name: 'RSASSA-PKCS1-v1_5',
modulusLength: 2048,
publicExponent: Uint8Array { '0': 1, '1': 0, '2': 1 },
hash: { name: 'SHA-256' }
};
return crypto.subtle.importKey("spki", SPKI, alg, true, ['verify']).then(function (key) {
console.log('imported key:' , key); // key is null here
});
Support RSA-PSS algorithm
xadesjs has implementation of RSA-PSS algorithm, but node-webcrypto-ossl doesn't have it
Include Chrome test vectors
Support npm install
Make it possible to use npm install https://github.com/PeculiarVentures/node-webcrypto-ossl.git
Improve test structure to use data file or arrays for test vectors
Chome does this, as does https://github.com/openpgpjs/asmcrypto-lite/blob/lite/test we should consider similar structure.
Memory leak
develop branch
Log from Valgrind
==32650== 57 bytes in 1 blocks are possibly lost in loss record 807 of 1,116
==32650== at 0x4C2B0E0: operator new(unsigned long) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==32650== by 0x52FD208: std::string::_Rep::_S_create(unsigned long, unsigned long, std::allocator<char> const&) (in /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19)
==32650== by 0x52FE930: char* std::string::_S_construct<char const*>(char const*, char const*, std::allocator<char> const&, std::forward_iterator_tag) (in /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19)
==32650== by 0x52FE9EC: std::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string(char const*, unsigned long, std::allocator<char> const&) (in /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19)
==32650== by 0x985BB49: v8Buffer_to_String(v8::Local<v8::Object>) (in /home/microshine/tmp/node-webcrypto-ossl/build/Release/nodessl.node)
==32650== by 0x985BC1F: v8Buffer_to_String(v8::Local<v8::Value>) (in /home/microshine/tmp/node-webcrypto-ossl/build/Release/nodessl.node)
==32650== by 0x9865274: WAes::Import(Nan::FunctionCallbackInfo<v8::Value> const&) (in /home/microshine/tmp/node-webcrypto-ossl/build/Release/nodessl.node)
==32650== by 0x9862AE5: Nan::imp::FunctionCallbackWrapper(v8::FunctionCallbackInfo<v8::Value> const&) (in /home/microshine/tmp/node-webcrypto-ossl/build/Release/nodessl.node)
==32650== by 0x86E311: v8::internal::FunctionCallbackArguments::Call(void (*)(v8::FunctionCallbackInfo<v8::Value> const&)) (in /usr/bin/nodejs)
==32650== by 0x898190: ??? (in /usr/bin/nodejs)
==32650== by 0x8985ED: ??? (in /usr/bin/nodejs)
==32650== by 0x15BC5BA060BA: ???
==32650==
==32650== 318 bytes in 6 blocks are possibly lost in loss record 994 of 1,116
==32650== at 0x4C2B0E0: operator new(unsigned long) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==32650== by 0x52FD208: std::string::_Rep::_S_create(unsigned long, unsigned long, std::allocator<char> const&) (in /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19)
==32650== by 0x52FDDCA: std::string::_Rep::_M_clone(std::allocator<char> const&, unsigned long) (in /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19)
==32650== by 0x52FDE63: std::string::reserve(unsigned long) (in /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19)
==32650== by 0x52FE225: std::string::append(unsigned long, char) (in /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19)
==32650== by 0x985AC0C: ScopedAES::generate(int&) (in /home/microshine/tmp/node-webcrypto-ossl/build/Release/nodessl.node)
==32650== by 0x986E9CF: AsyncAesGenerateKey::Execute() (in /home/microshine/tmp/node-webcrypto-ossl/build/Release/nodessl.node)
==32650== by 0xDDE4F0: ??? (in /usr/bin/nodejs)
==32650== by 0xDEC998: ??? (in /usr/bin/nodejs)
==32650== by 0x5A6B181: start_thread (pthread_create.c:312)
==32650== by 0x5D7B47C: clone (clone.S:111)
Unclear how to use it as a dependency
Simply listing:
"dependencies": {
"node-webcrypto-ossl": "https://github.com/PeculiarVentures/node-webcrypto-ossl/tarball/9d7a96e62030499379dde14c9a3143776c12a1d2"
}
Seems to compile the binary, but ts files are not converted to JavaScript, or whatever is needed for
var webcrypto = require('node-webcrypto-ossl');
then to work from the main code.
deriveBits does not seem to be supported
The following code fails:
return crypto.subtle.deriveBits({
name: 'ECDH',
namedCurve: 'P-256',
public: peerPublicKey
}, privateKey, 256);I would especially need deriveBits for ECDH and above curve.
Add list of algorithms and functions supported to readme
It would be useful to have an examples frontpage on
node-webcrypto-ossl's REAMDE.md github frontpage, much like
https://github.com/diafygi/webcrypto-examples has. That way developers
can quickly see what functions are implemented, and how they should
use them.
Unwrapped AES key seems to have wrong algorithm
I'm trying to use js-jose JWE decryption, and it fails to decrypt with unwrapped CEK, because of the wrong algorithm name:
AesKey {
usages: [ 'encrypt', 'decrypt', 'wrapKey', 'unwrapKey' ],
native_: AesKey {},
extractable: true,
algorithm:
{ name: 'RSA-OAEP',
modulusLength: 1024,
publicExponent: Uint8Array { '0': 1, '1': 0, '2': 1 },
hash: { name: 'SHA-1' } },
type: 'secret' }
ECDSA verification fails
function base64ToArrayBuffer (str) {
var buffer = new Buffer(str/*.replace(/[\n\r =]+/g, '').replace(/\+/g, '-').replace(/\//g, '_')*/, 'base64');
return new Uint8Array(buffer).buffer;
};
function pemToDer(PEM) {
var bufIdx = PEM.indexOf('\n') + 1;
var base64 = PEM.substring(bufIdx);
return base64ToArrayBuffer(base64.substring(0, base64.indexOf('--')));
};
var csr = pemToDer(`-----BEGIN CERTIFICATE REQUEST-----
MIIBOjCB4QIBADBPMU0wCQYDVQQGEwJCRTAJBgNVBAgMAkNBMBAGA1UEBwwJTW9v
cnNsZWRlMAoGA1UECwwDQVNEMAoGA1UECgwDYXNkMAsGA1UEAwwEYXNkZjBZMBMG
ByqGSM49AgEGCCqGSM49AwEHA0IABJQKhKR5XXIOwX/yTCMGCe261EwCvgsIM1Ek
r57rPkeaTWzpChyy0UBLf5MWYFE95P+PG0dqUX+2zrYSQcG0IxSgMDAuBgkqhkiG
9w0BCQ4xITAfMB0GA1UdDgQWBBSQ3JECCgGmzQb5CNsco12pCK+KazAKBggqhkjO
PQQDAgNIADBFAiAHS52isjJxdFMZHH6ItZBNyxraXBqoZ2I7SkImoOhiXAIhAPpw
SkPRwXUYWNOx0/+J+i0+utd6Yo2wgkGYfXMes43B
-----END CERTIFICATE REQUEST-----`);
var asn1 = org.pkijs.fromBER(csr);
var pkcs10_simpl = new org.pkijs.simpl.PKCS10({schema: asn1.result});
var SPKI = pkcs10_simpl.subjectPublicKeyInfo.toSchema().toBER(false);
var alg = {
name: 'ECDSA',
namedCurve: 'P-256'
};
return crypto.subtle.importKey("spki", SPKI, alg, true, ['verify']).then(function (key) {
var signature = pkcs10_simpl.signatureValue.value_block.value_hex;
var data = pkcs10_simpl.tbs;
var sigAlg = org.pkijs.getAlgorithmByOID(pkcs10_simpl.signatureAlgorithm.algorithm_id);
return crypto.subtle.verify(sigAlg, key, signature, data).then(function (isvalid) {
// Verification fails
});
});
pkcs10.verify() RSA CSR error
function base64ToArrayBuffer (str) {
var buffer = new Buffer(str/*.replace(/[\n\r =]+/g, '').replace(/\+/g, '-').replace(/\//g, '_')*/, 'base64');
return new Uint8Array(buffer).buffer;
}
function pemToDer(PEM) {
var bufIdx = PEM.indexOf('\n') + 1;
var base64 = PEM.substring(bufIdx);
return base64ToArrayBuffer(base64.substring(0, base64.indexOf('--')));
}
var csr = `-----BEGIN CERTIFICATE REQUEST-----
MIICrjCCAZgCAQAwOzE5MAkGA1UEBhMCUlUwLAYDVQQDDCVTaW1wbGUgdGVzdCAo
0L/RgNC+0YHRgtC+0Lkg0YLQtdGB0YIpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEA9JVM6k2JKT32eQXGJgt23wcz5gCIVqlzJyZvWJb2Fs/A4h4f9R6K
4I0w879uiTG1ZU6SZhw6Brh5kjAfutrOTe3M1w4YfMc476oxUEOFzjyeBGBJ7046
oMQK1Zib26TQ/OjrpFUVP9q9J5CikfX5K39vmRQHjQD9XyBM94+82Nv/uNS+X/xp
Dd+nDarOp9c4UiI9wMLf9/L+Ig+aZtXFcb1vh8ol7Et8qMeumumT/whBGX1MeWSP
G/sJrEa2qkBRuozMKOq6EQKNityG20vvAPZVMPieoFF2O/0K1G2g1lwh1u3UB2tX
eZkbRwj8zKfNyBdcsYf5YpOKeiYrM1MQPwIDAQABoDAwLgYJKoZIhvcNAQkOMSEw
HzAdBgNVHQ4EFgQUfLkDDNcwxtzucM/VBHwxpZJ2iDwwCwYJKoZIhvcNAQELA4IB
AQCJvGEM5CxIxVbV2uaCadNgj45lCcnsnqF7uu93Irh9qSZnjz8Eljr+JQA9ExbW
spbBUTTZnSAoqSRaA5gy4lOK4RSMNb6B3VFOBSflmzG7hCo4p1fKnzEO2Fta4OFl
6941GkAeC2RNcKDRn9fNC9R067xIkF4QtuDg6/3/y8SKtpWj4Jo+8jJV6K2Gvp+8
Zp7t9pwEdeOaAlfU1ZhXjkexhIJYdzveZxuJoClu4CJZRayWAGAIjq8rQuM1XZUF
C5gjKX/YPL0hktggSokfWik9odA2O5Wn1mXtZvuEbPZvdugVA6FWR49rxT5m6aoK
jnipQMiiN1VpSgxLyRrF/rrc
-----END CERTIFICATE REQUEST-----
`;
var asn1 = org.pkijs.fromBER(pemToDer(csr));
var pkcs10_simpl = new org.pkijs.simpl.PKCS10({
schema: asn1.result
});
pkcs10_simpl.verify().then(function (result) {
console.log('result: ', result);
}).catch(function (e) {
// Error: ImportKey: keyData is not a Buffer
});
Same code for ECDSA works fine
node 6.0.0 compile error
In file included from ../src/node/../core/common.h:4:0,
from ../src/node/common.h:4,
from ../src/main.cpp:1:
../../nan/nan.h:602:20: error: variable or field ‘AddGCEpilogueCallback’ declared void
v8::Isolate::GCEpilogueCallback callback
derivedKeyType AES-GCM 128
Still getting error on deriveKey:
[2016-01-14 20:18:47.600] [DEBUG] [default] - [keyDerivator] imported privateCryptoKey EcKey {
usages: [],
_key: KeyPair { handle: Key { type: 408 } },
extractable: true,
algorithm: { namedCurve: 'P-256', name: 'ECDH' },
type: 'private',
namedCurve: 'P-256' }
[2016-01-14 20:18:47.601] [DEBUG] [default] - [keyDerivator] imported publicCryptoKey EcKey {
usages: [],
_key: KeyPair { handle: Key { type: 408 } },
extractable: true,
algorithm: { name: 'ECDH', namedCurve: 'P-256' },
type: 'public',
namedCurve: 'P-256' }
[2016-01-14 20:18:47.607] [ERROR] [default] - [Woodland]: [Error: derivedKeyType: Unknown Algorithm name in use]
ECDSA verify signature
Shows false on the client using subtle.crypto.verify.
private key is imported from JWK to make signature on the server. Then on the client public key is imported from JWK with subtle, then verify shows false for some reason.
Support HMAC algorithm
xadesjs has implementation of HMAC algorithm, but node-webcrypto-ossl doesn't have it
Add support for HMAC for XAdES
ArrayBuffer and Buffer?
Right now we support both ArrayBuffer and Buffer. WebCrypto was defined with ArrayBuffer. If developers use Buffer then the code they write will not be interopable. On the other hand node developers commonly use node:buffer and making them switch to array buffer would make library less useful potentially. We need to consider if we want to keep support for both.
Support RC2 and 3DES-CBC for PKCS12
Unfortunately, it seems that all versions of Windows (even Windows 10) still produces PKCS #12’s using pbeWithSHAAnd3-KeyTripleDES-CBC for “privacy” of keys and privacy of certificates it uses pbeWithSHAAnd40BitRC2-CBC. It then relies on the HMAC scheme for integrity.
For us to support PKCS#12 in a way an interoperable with Windows we will need to support these weak algorithms. They are not specified in WebCrypto (because they are weak) but we can still choose to support them.
Include NIST test vectors
@briansmith has done the work to incorporate NIST test vectors into Ring : https://github.com/briansmith/ring/tree/master/third-party/NIST/SHAVS we should incorporate these.
Exported JWK P-521 import in browser error
Exported JWK ECDSA P-521 gives error while trying to import it with window.crypto.subtle.importKey in browser:
DOMException: The JWK's "x" member defines an octet string of length 65 bytes but should be 66
Other curves P-256 P-384 imported fine
ECDSA P-521 public key JWK
I'm getting "DOMException: The JWK's "x" member defines an octet string of length 65 bytes but should be 66" on JWK import
ECDH derive unknown algorithm error
req.derivedKeyType: { name: 'AES-CTR', length: 256 }
deriveKey throws:
[Error: derivedKeyType: Unknown Algorithm name in use]
Problems with derivedKeyType
[keyDerivator] derived cryptoKey AesKey {
usages: [ 'encrypt', 'decrypt', 'wrapKey', 'unwrapKey' ],
_key: <Buffer 00 ad b6 6c 2e c8 bd 3f 9a 71 0d d6 8b b8 68 5e 1a 1d 31 9e b0 d6 33 c7 f0 90 cf 0b 35 f0 47 b0 79 fe b2 3c 83 f6 c1 61 82 91 5d 80 e9 ca 65 eb 1d f2 ... >,
extractable: true,
algorithm: { name: 'AES-CBC', length: 128 },
type: undefined,
length: 128 }
It shows [Error: Unknown key type undefined] during export
Test and deploy with https://travis-ci.org/
Segmentation fault
Trying to run on Ubuntu 15.04. Installation successfull, mocha tests fails:
begin Init
end Init
Init
✓ Init
Aes
✓ Aes CBC
✓ Aes CBC JWK export/import
✓ Aes GCM
✓ Aes GCM JWK export/import
EC
begin New
begin Key
end Key
begin WKey
end WKey
end New
begin generateEc
begin dispose
end dispose
end generateEc
begin Sign
info : Unwrap Wkey
begin internal
end internal
info : get data from buffer
info : get digest name
begin sign
end sign
info : copy signature to Buffer
info : return value
Segmentation fault
ECDSA P-521 signature verification
ECDSA P-521 signed data verified time to time - sometimes it is true, some times false
Include Netflix test vectors
There may be test vectors in the Netflix suite that would be useful, we should review and see if we see any of value:
https://netflix.github.io/NfWebCrypto/web/test_promise.html https://github.com/Netflix/msl/blob/master/tests/src/test/javascript/msltests.html
support jwk
Safari doesnt support spki or pkcs8, this means in other parts of our projects we will need to use JWK. Also we use document store databases and storing of elements in JSON is useful vs creating them prior to store. As such I think we should support JWK.
Here is an example converting a jwk to pem - https://github.com/vibornoff/webcrypto-shim/blob/master/webcrypto-shim.js#L160
Return usages as-per WebCrypto
Flint++ report
[Error ] aes_def.h:13: Single - argument constructor 'ScopedAES(Handle<std::string> aes)' may inadvertently be used as a type conversion constructor.
[Error ] scoped_ssl.h:33: Single - argument constructor 'ScopedSSL(T* handle)' may inadvertently be used as a type conversion constructor.
Lint Summary: 47 files
Errors: 2 Warnings: 0 Advice: 0
Estimated Lines of Code: 3105
Tested with commit
Add tests for import/export keys
A128CBC-HS256 support
Generated keys constructor name
generateKey(
{
name: 'RSASSA-PKCS1-v1_5',
modulusLength: 2048, //can be 1024, 2048, or 4096
publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
hash: {name: 'SHA-256'}, //can be "SHA-1", "SHA-256", "SHA-384", or "SHA-512"
},
true, //whether the key is extractable (i.e. can be used in exportKey)
['sign', 'verify'] //can be any combination of "sign" and "verify"
)
output:
RsaKey {
usages: [],
native_: Key { type: 6 },
extractable: true,
algorithm:
{ name: 'RSASSA-PKCS1-v1_5',
modulusLength: 2048,
publicExponent: Uint8Array { '0': 1, '1': 0, '2': 1 },
hash: { name: 'SHA-256' } },
type: 'private',
modulusLength: 2048,
publicExponent: Uint8Array { '0': 1, '1': 0, '2': 1 } }
This leads to a problems of CryptoKey identification. In particular, Jose library fails to identify CryptoKey by 'CryptoKey' constructor name. It further blocks the possibility to use unextractable private keys.
look at key handling
Refactor to use shared EVP_ logic
EVP call patterns will be the same accross RSA and ECC, the code can be re-factored to share this logic which will reduce surface area for the code to have defects and make the code easier to review.
Add support for ed25519 and x25519
WebCrypto does not yet specify the use of these but work is already in progress - https://www.w3.org/2012/webcrypto/WebCryptoCurve25519/Curve25519-WebCrypto.html
It looks names may end up as:
ECDH-CURVE25519
SCHNOR-ED25519
ed25519 is specified here - http://ed25519.cr.yp.to/ed25519-20110926.pdf
The WebCrypto spec with the most details on this at this time is here : https://www.w3.org/Bugs/Public/show_bug.cgi?id=25839#c47
It seems today the only way to support would be using "raw" as there is no JWK defiition for it yet.
I would argue until there is, and there is an interopability target we should not implement it.
Useful things
- Nodejs ed25519 implementation - https://github.com/dazoe/ed25519
- BorringSSL ed25519 implementation - https://boringssl.googlesource.com/boringssl/+/4fb0dc4b031df7c9ac9d91fc34536e4e08b35d6a
- OpenSSL bug tracking this - openssl/openssl#487
Use const instead of #define where possible
In C++ const enforces type checking in expressions while the #define constants are just expanded. It would be better to switch most if not all of our #define to const.
Add RSA PSS signature support
PSS is more secure signature scheme we should add support for it.
Support NAN v2.3.3
There are some errors during compilation with the newest version of NAN
npm install error
Error during compilation of native ossl module.
Reason: npm w_key.cpp is different from repo source.
NPM
void WKey::Init(v8::Handle<v8::Object> exports) {
...
// methods
SetPrototypeMethod(tpl, "exportJwk", ExportJwk);
SetPrototypeMethod(tpl, "exportSpki", ExportSpki);
SetPrototypeMethod(tpl, "exportPkcs8", ExportPkcs8);
SetPrototypeMethod(tpl, "sign", Sign);
SetPrototypeMethod(tpl, "verify", Verify);
SetPrototypeMethod(tpl, "RsaOaepEncDec", RsaOaepEncDec);
SetPrototypeMethod(tpl, "EcdhDeriveKey", EcdhDeriveKey);
...
}
GitHub
void WKey::Init(v8::Handle<v8::Object> exports) {
...
// methods
SetPrototypeMethod(tpl, "exportJwk", ExportJwk);
SetPrototypeMethod(tpl, "exportSpki", ExportSpki);
SetPrototypeMethod(tpl, "exportPkcs8", ExportPkcs8);
SetPrototypeMethod(tpl, "sign", Sign);
SetPrototypeMethod(tpl, "verify", Verify);
SetPrototypeMethod(tpl, "RsaOaepEncDec", RsaOaepEncDec);
SetPrototypeMethod(tpl, "EcdhDeriveKey", EcdhDeriveKey);
SetPrototypeMethod(tpl, "modulusLength", ModulusLength);
SetPrototypeMethod(tpl, "publicExponent", PublicExponent);
...
}
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.