feat(ext/crypto): implement AES-KW for wrapKey/unwrapKey (#13286)

author: Sean Michael Wykes <8363933+SeanWykes@users.noreply.github.com> 2022-01-11 01:44:47 -0300
committer: GitHub <noreply@github.com> 2022-01-11 10:14:47 +0530
commit: 91f6c5fc7e6f66f0e963c5cfbec281da4bcfc496 (patch)
tree: 299ec26d38c6be74f5980c4b71877c3e974551e5 /ext/crypto/00_crypto.js
parent: 605b8db8f61fc4c0c71d11cde873af18d87c49bf (diff)
1 files changed, 45 insertions, 14 deletions
diff --git a/ext/crypto/00_crypto.js b/ext/crypto/00_crypto.js
index 880457416..1f49d1849 100644
--- a/ext/crypto/00_crypto.js
+++ b/ext/crypto/00_crypto.js
@@ -145,12 +145,10 @@
       "PBKDF2": null,
     },
     "wrapKey": {
-      // TODO(@littledivy): Enable this once implemented.
-      // "AES-KW": "AesKeyWrapParams",
+      "AES-KW": null,
     },
     "unwrapKey": {
-      // TODO(@littledivy): Enable this once implemented.
-      // "AES-KW": "AesKeyWrapParams",
+      "AES-KW": null,
     },
   };
 
@@ -1271,14 +1269,30 @@
       if (
         supportedAlgorithms["wrapKey"][normalizedAlgorithm.name] !== undefined
       ) {
-        // TODO(@littledivy): Implement this for AES-KW.
-        throw new DOMException(
-          "Not implemented",
-          "NotSupportedError",
-        );
+        const handle = wrappingKey[_handle];
+        const keyData = WeakMapPrototypeGet(KEY_STORE, handle);
+
+        switch (normalizedAlgorithm.name) {
+          case "AES-KW": {
+            const cipherText = await core.opSync("op_crypto_wrap_key", {
+              key: keyData,
+              algorithm: normalizedAlgorithm.name,
+            }, bytes);
+
+            // 4.
+            return cipherText.buffer;
+          }
+          default: {
+            throw new DOMException(
+              "Not implemented",
+              "NotSupportedError",
+            );
+          }
+        }
       } else if (
         supportedAlgorithms["encrypt"][normalizedAlgorithm.name] !== undefined
       ) {
+        // must construct a new key, since keyUsages is ["wrapKey"] and not ["encrypt"]
         return await encrypt(
           normalizedAlgorithm,
           constructKey(
@@ -1391,14 +1405,31 @@
       if (
         supportedAlgorithms["unwrapKey"][normalizedAlgorithm.name] !== undefined
       ) {
-        // TODO(@littledivy): Implement this for AES-KW.
-        throw new DOMException(
-          "Not implemented",
-          "NotSupportedError",
-        );
+        const handle = unwrappingKey[_handle];
+        const keyData = WeakMapPrototypeGet(KEY_STORE, handle);
+
+        switch (normalizedAlgorithm.name) {
+          case "AES-KW": {
+            const plainText = await core.opSync("op_crypto_unwrap_key", {
+              key: keyData,
+              algorithm: normalizedAlgorithm.name,
+            }, wrappedKey);
+
+            // 4.
+            key = plainText.buffer;
+            break;
+          }
+          default: {
+            throw new DOMException(
+              "Not implemented",
+              "NotSupportedError",
+            );
+          }
+        }
       } else if (
         supportedAlgorithms["decrypt"][normalizedAlgorithm.name] !== undefined
       ) {
+        // must construct a new key, since keyUsages is ["unwrapKey"] and not ["decrypt"]
         key = await this.decrypt(
           normalizedAlgorithm,
           constructKey(
author	Sean Michael Wykes <8363933+SeanWykes@users.noreply.github.com>	2022-01-11 01:44:47 -0300
committer	GitHub <noreply@github.com>	2022-01-11 10:14:47 +0530
commit	91f6c5fc7e6f66f0e963c5cfbec281da4bcfc496 (patch)
tree	299ec26d38c6be74f5980c4b71877c3e974551e5 /ext/crypto/00_crypto.js
parent	605b8db8f61fc4c0c71d11cde873af18d87c49bf (diff)