crypto: add CFRG curves to Web Crypto API #42507
Conversation
|
Review requested: |
nodejs-github-bot
added
lib / src
panva
added
crypto
|
Marking as
never-stale
|
panva
added
never-stale
|
Since the entire
webcrypto
module is
experimental
|
Ah, the usual Web Crypto dilemma... There is not much point in implementing Web Crypto except compatibility across runtimes, yet the set of compatible features is extremely small. I don't see much point in landing this before WICG/proposals#46 is resolved and other runtimes consider implementing it. |
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
That seems like a pretty strong point towards removing the other |
I don't see much point in having them That doesn't mean I am in favor of removing them, I just personally don't think they are relevant. |
panva
force-pushed
the
webcrypto-secure-curves
branch
2 times, most recently
from
9489e11
to
2830bbb
Compare
|
@panva @jasnell I'm trying to make sense of the node-specific extensions. Much of it surprises me. For example, should this really work? await crypto.webcrypto.subtle.generateKey({
name: 'NODE-ED25519', // signature algorithm
namedCurve: 'NODE-X25519' // key exchange algorithm ???
}, true, ['sign']) |
It should not. We fixed a number of these for importKey but did not notice for generateKey. The implementation in this PR does not have these issues since it does not piggyback on the ECDSA/ECDH algorithms. |
|
Agreed. That's a bug that should get fixed. |
This comment was marked as outdated.
This comment was marked as outdated.
|
Thank you, I wish CI would cooperate... |
panva
added
the
commit-queue
nodejs-github-bot
removed
the
commit-queue
|
Landed in 7e5da97 |
PR-URL: nodejs#42507 Reviewed-By: Tobias Nießen <tniessen@tnie.de>
PR-URL: #42507 Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Notable changes: * crypto: * remove Node.js-specific webcrypto extensions (Filip Skokan) #43310 * add CFRG curves to Web Crypto API (Filip Skokan) #42507 * report: * add more heap infos in process report (theanarkh) #43116 * src: * add --openssl-shared-config option (Daniel Bevenius) #43124 * add OpenSSL config appname (Daniel Bevenius) #43124 * add initial shadow realm support (Chengzhong Wu) #42869
Notable changes: * crypto: * remove Node.js-specific webcrypto extensions (Filip Skokan) nodejs#43310 * add CFRG curves to Web Crypto API (Filip Skokan) nodejs#42507 * report: * add more heap infos in process report (theanarkh) nodejs#43116 * src: * add --openssl-shared-config option (Daniel Bevenius) nodejs#43124 * add OpenSSL config appname (Daniel Bevenius) nodejs#43124 * add initial shadow realm support (Chengzhong Wu) nodejs#42869 PR-URL: nodejs#43385
PR-URL: #42507 Reviewed-By: Tobias Nießen <tniessen@tnie.de>
PR-URL: #42507 Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Notable changes: * crypto: * remove Node.js-specific webcrypto extensions (Filip Skokan) #43310 * add CFRG curves to Web Crypto API (Filip Skokan) #42507 * dns: * accept `'IPv4'` and `'IPv6'` for `family` (Antoine du Hamel) #43054 * report: * add more heap infos in process report (theanarkh) #43116 PR-URL: #43385
Notable changes: * crypto: * remove Node.js-specific webcrypto extensions (Filip Skokan) #43310 * add CFRG curves to Web Crypto API (Filip Skokan) #42507 * dns: * accept `'IPv4'` and `'IPv6'` for `family` (Antoine du Hamel) #43054 * report: * add more heap infos in process report (theanarkh) #43116 PR-URL: #43385
Notable changes: * crypto: * remove Node.js-specific webcrypto extensions (Filip Skokan) #43310 * add CFRG curves to Web Crypto API (Filip Skokan) #42507 * dns: * accept `'IPv4'` and `'IPv6'` for `family` (Antoine du Hamel) #43054 * report: * add more heap infos in process report (theanarkh) #43116 PR-URL: #43385
PR-URL: nodejs/node#42507 Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Notable changes: * crypto: * remove Node.js-specific webcrypto extensions (Filip Skokan) nodejs/node#43310 * add CFRG curves to Web Crypto API (Filip Skokan) nodejs/node#42507 * dns: * accept `'IPv4'` and `'IPv6'` for `family` (Antoine du Hamel) nodejs/node#43054 * report: * add more heap infos in process report (theanarkh) nodejs/node#43116 PR-URL: nodejs/node#43385
PR-URL: #42507 Reviewed-By: Tobias Nießen <tniessen@tnie.de>
As per https://wicg.github.io/webcrypto-secure-curves and WICG/proposals#46
This
contextalgorithm property which it only accepts as a zero-length value, otherwise throws "not implemented" due to lack of this option in the underlying C++ implementation.AlgorithmIdentifier"class". This means that other than the otherNODE-*extensions the only "classes" documented follow the defined WebCryptoAPI dictionaries.