wip: Increase webcrypto compat

awslabs · Jan 3, 2025 · f6a8dad · f6a8dad
1 parent ec5cca2
commit f6a8dad
Show file tree

Hide file tree

Showing 13 changed files with 728 additions and 545 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/libs/llrt_encoding/src/lib.rs b/libs/llrt_encoding/src/lib.rs
@@ -137,6 +137,10 @@ pub fn bytes_to_b64_string(bytes: &[u8]) -> String {
     base64_simd::STANDARD.encode_to_string(bytes)
 }
 
+pub fn bytes_to_b64_url_safe_string(bytes: &[u8]) -> String {
+    base64_simd::URL_SAFE_NO_PAD.encode_to_string(bytes)
+}
+
 pub fn bytes_from_b64(bytes: &[u8]) -> Result<Vec<u8>, String> {
     base64_simd::forgiving_decode_to_vec(bytes).map_err(|e| e.to_string())
 }

diff --git a/libs/llrt_utils/src/bytes.rs b/libs/llrt_utils/src/bytes.rs
@@ -6,7 +6,7 @@ use rquickjs::{
 
 use crate::error_messages::ERROR_MSG_ARRAY_BUFFER_DETACHED;
 
-#[derive(Clone)]
+#[derive(Clone, PartialEq)]
 pub enum ObjectBytes<'js> {
     U8Array(TypedArray<'js, u8>),
     I8Array(TypedArray<'js, i8>),

diff --git a/modules/llrt_crypto/Cargo.toml b/modules/llrt_crypto/Cargo.toml
@@ -37,6 +37,15 @@ ctr = "0.9"
 rsa = { version = "0.9", features = ["std", "sha2"], default-features = false }
 p256 = { version = "0.13", features = ["ecdh"] }
 p384 = "0.13"
+x25519-dalek = { version = "2", features = [
+  "static_secrets",
+  "zeroize",
+  "getrandom",
+] }
+spki = { version = "0.7", features = ["std"] }
+pkcs8 = { version = "0.10", features = ["std"] }
+der = { version = "0.7", features = ["derive"] }
+const-oid = { version = "0.9", features = ["db"] }
 
 [target.'cfg(target_os = "windows")'.dependencies]
 memchr = "2"

diff --git a/modules/llrt_crypto/src/subtle/crypto_key.rs b/modules/llrt_crypto/src/subtle/crypto_key.rs
@@ -2,27 +2,37 @@
 // SPDX-License-Identifier: Apache-2.0
 use std::rc::Rc;
 
+use llrt_utils::str_enum;
 use rquickjs::{
     class::{Trace, Tracer},
     Ctx, Result, Value,
 };
 
 use super::key_algorithm::KeyAlgorithm;
 
+#[derive(PartialEq)]
+pub enum KeyKind {
+    Secret,
+    Private,
+    Public,
+}
+
+str_enum!(KeyKind,Secret => "secret", Private => "private", Public => "public");
+
 #[rquickjs::class]
 #[derive(rquickjs::JsLifetime)]
 pub struct CryptoKey {
-    type_name: &'static str,
+    pub kind: KeyKind,
     pub extractable: bool,
     pub algorithm: KeyAlgorithm,
     pub name: Box<str>,
-    usages: Vec<String>,
+    pub usages: Vec<String>,
     pub handle: Rc<[u8]>,
 }
 
 impl CryptoKey {
     pub fn new<N, H>(
-        type_name: &'static str,
+        kind: KeyKind,
         name: N,
         extractable: bool,
         algorithm: KeyAlgorithm,
@@ -34,7 +44,7 @@ impl CryptoKey {
         H: Into<Rc<[u8]>>,
     {
         Self {
-            type_name,
+            kind,
             extractable,
             algorithm,
             name: name.into(),
@@ -52,7 +62,7 @@ impl<'js> Trace<'js> for CryptoKey {
 impl CryptoKey {
     #[qjs(get, rename = "type")]
     pub fn get_type(&self) -> &str {
-        self.type_name
+        self.kind.as_str()
     }
 
     #[qjs(get)]
@@ -69,7 +79,7 @@ impl CryptoKey {
 
     #[qjs(get)]
     pub fn usages(&self) -> Vec<String> {
-        self.usages.iter().map(|u| u.to_string()).collect()
+        self.usages.clone()
     }
 }
 

diff --git a/modules/llrt_crypto/src/subtle/derive.rs b/modules/llrt_crypto/src/subtle/derive.rs
@@ -9,6 +9,7 @@ use rquickjs::{Array, ArrayBuffer, Class, Ctx, Exception, Result, Value};
 
 use super::{
     algorithm_not_supported_error,
+    crypto_key::KeyKind,
     derive_algorithm::DeriveAlgorithm,
     key_algorithm::{KeyAlgorithm, KeyAlgorithmMode, KeyAlgorithmWithUsages, KeyDerivation},
 };
@@ -139,7 +140,7 @@ pub async fn subtle_derive_key<'js>(
         key_usages,
     )?;
 
-    let length: u16 = match &derived_key_algorithm {
+    let length = match &derived_key_algorithm {
         KeyAlgorithm::Aes { length } => *length,
         KeyAlgorithm::Hmac { length, .. } => *length,
         KeyAlgorithm::Derive { .. } => 0,
@@ -153,7 +154,7 @@ pub async fn subtle_derive_key<'js>(
     let bytes = derive_bits(&ctx, &algorithm, handle, length as u32)?;
 
     let key = CryptoKey::new(
-        "secret",
+        KeyKind::Secret,
         name,
         extractable,
         derived_key_algorithm,

diff --git a/modules/llrt_crypto/src/subtle/derive_algorithm.rs b/modules/llrt_crypto/src/subtle/derive_algorithm.rs
@@ -27,7 +27,7 @@ impl<'js> FromJs<'js> for DeriveAlgorithm {
             "ECDH" | "X25519" => {
                 let public_key: Class<CryptoKey> = obj.get_required("public", "algorithm")?;
                 let public_key = public_key.borrow();
-                let curve = if let KeyAlgorithm::Ec { curve } = &public_key.algorithm {
+                let curve = if let KeyAlgorithm::Ec { curve, .. } = &public_key.algorithm {
                     curve.clone()
                 } else {
                     return Err(Exception::throw_message(