crypto: add SubtleCrypto.supports feature detection in Web Crypto API #57270
Conversation
|
Review requested:
|
nodejs-github-bot
added
crypto
panva
changed the title
panva
force-pushed
the
experimental-subtle-crypto-supports
branch
from
cb66676 to
b639d6e
Compare
|
#57273 will allow the implementation to share validation code with the actual algorithm operations. |
panva
force-pushed
the
experimental-subtle-crypto-supports
branch
4 times, most recently
from
9b2493a to
b46d505
Compare
|
If I am understanding the implementation here correctly, "supports" is based largely on JS-level validation of the input arguments. It would be possible, however, for Node.js to be compiled against a different version of Openssl that does not actually have support for an algorithm that the JS side claims to support, correct? For instance, Ed448 is not supported by Node.js builds using BoringSSL but, unless I'm misunderstanding the implementation here, this might still claim that Ed448 is supported on such builds? Is that accurate or did I miss something? Btw, very happy to see this! |
panva
force-pushed
the
experimental-subtle-crypto-supports
branch
from
b46d505 to
9416371
Compare
|
@jasnell I did think of this. With everything being tied into the "normalize algorithm" routine, all it would take to make the algorithms conditional based on the underlying crypto lib support (both execution as well as their status in the supports API) is doing something similar to what we do for adding experimental algorithms here Therefore if we get the signal from |
panva
force-pushed
the
experimental-subtle-crypto-supports
branch
3 times, most recently
from
81f92eb to
ddc4c47
Compare
panva
force-pushed
the
experimental-subtle-crypto-supports
branch
8 times, most recently
from
f746637 to
ce9da32
Compare
panva
force-pushed
the
experimental-subtle-crypto-supports
branch
from
ce9da32 to
f74d019
Compare
panva
force-pushed
the
experimental-subtle-crypto-supports
branch
2 times, most recently
from
3ab9692 to
b2b84c1
Compare
panva
force-pushed
the
experimental-subtle-crypto-supports
branch
2 times, most recently
from
a8db595 to
cefc73c
Compare
panva
force-pushed
the
experimental-subtle-crypto-supports
branch
from
cefc73c to
1828437
Compare
panva
added
commit-queue-rebase
panva
force-pushed
the
experimental-subtle-crypto-supports
branch
2 times, most recently
from
9ce00de to
efe1d34
Compare
panva
force-pushed
the
experimental-subtle-crypto-supports
branch
2 times, most recently
from
139d485 to
c5e41fc
Compare
panva
removed
the
commit-queue-rebase
| > Stability: 1.0 - Early development. SubleCrypto.supports is an experimental | ||
| > implementation based on [Modern Algorithms in the Web Cryptography API][] | ||
|
|
||
| This example derives a key from a password using Argon2, if available, |
There was a problem hiding this comment.
A bit more introductory text here at the start would be good, otherwise at first glance someone might thing this section is only about Argon2. Something like, The `SubtleCrypto.supports(...)` API provides a way of detecting if a particular algorithm or set of options are supported.
| @@ -923,7 +924,153 @@ class SubtleCrypto { | |||
| constructor() { | |||
| throw new ERR_ILLEGAL_CONSTRUCTOR(); | |||
| } | |||
|
|
|||
| static supports(operation, algorithm, lengthOrAdditionalAlgorithm = null) { | |||
There was a problem hiding this comment.
A comment here that explains the heuristics or points to the spec would be good as a reminder that this is implementing to a spec.
|
Thank you @jasnell, i'll incorporate these comments in a bigger PR for WebCrypto modern algos once https://redirect.github.com/nodejs/node/pull/59259 and https://redirect.github.com/nodejs/node/pull/59284 land |
Implementation of SubtleCrypto.supports.
While today we support all the methods and algorithms of Web Cryptography, this method will become really useful for interop when modern webcrypto algorithms start popping up
cc @twiss
This will remain a draft PR until this work is accepted by WICG as a proposal for the addition of its content to the Web Cryptography.