Fixes#20198
The Web Crypto implementation has been artificially limiting `ECDSA` to
only the “recommended” curve/hash pairs (`P‑256/SHA‑256` and
`P‑384/SHA‑384`). The underlying `ring` APIs enforced those pairs, so
any attempt to verify signatures produced with different digests (e.g.
`P‑384` with `SHA‑256`) failed with a “Not implemented” error.
This PR rewires the ECDSA sign/verify path to use RustCrypto’s `ecdsa`
crate instead of `ring`, computes digests separately, and uses the
prehash signing/verifying API so that any `sha1`, `sha256`, `sha384` or
`sha512` can be used with either curve. The JS `SubtleCrypto` bindings
were updated to drop the hard coded checks, and a new unit test
exercises `P‑384 + SHA‑256` to ensure non‑matching combos now round
trip.
---------
Signed-off-by: Gene Parmesan Thomas <201852096+gopoto@users.noreply.github.com>
Signed-off-by: gopoto <201852096+gopoto@users.noreply.github.com>
Co-authored-by: Divy Srivastava <dj.srivastava23@gmail.com>
This commits moves all `.d.ts` files from `ext/*` to `cli/tsc/dts`.
Due to TSC snapshot removal, `cargo publish` is now erroring out,
unable to find the declaration files. These files were moved to
"cli/tsc/dts", because it's much easier than keeping them in
extension directories, while still providing them compressed
or uncompressed depending on the build type.
Part 1 of a potential 3 part series. Ref #13449
The current implementation passes key material back and forth RustCrypto
group of crates and ring. ring does not implement p521 yet.
This PR adds support for P521 named curve in `generateKey` and
`importKey` where we use RustCrypto. Other parts should be moved over to
the RustGroup group of crates for consistency.
`opAsync` requires a lookup by name on each async call. This is a
mechanical translation of all opAsync calls to ensureFastOps.
The `opAsync` API on Deno.core will be removed at a later time.
This commit refactors how we access "core", "internals" and
"primordials" objects coming from `deno_core`, in our internal JavaScript code.
Instead of capturing them from "globalThis.__bootstrap" namespace, we
import them from recently added "ext:core/mod.js" file.
Fixes#19568
Values are not coerced to the desired type during deserialisation. This
makes serde_v8 stricter.
---------
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
Fixes a bug I noticed when deriving a key based from `ECDH`. Similar
issue is also mentioned in #14693, where they derive a key using
`PBKDF2`
- In the WebCrypto API, `deriveKey()` is equivalent to `deriveBits()`
followed by `importKey()`
- But, `deriveKey()` requires just `deriveKey` in the `usages` of the
`baseKey` parameter. The `deriveBits` usage is not required to be
allowed. This is the uniform behaviour in Node, Chrome and Firefox.
- The impl currently has userland-accessible `SubtleCrypto.deriveKey()`
and `SubtleCrypto.deriveBits()`, as well as an internal `deriveBits()`
(this is the one that accesses the ffi).
- Also, `SubtleCrypto.deriveKey()` checks if `deriveKey` is an allowed
usage and `SubtleCrypto.deriveBits()` checks if `deriveBits` is an
allowed usage, as required.
- However, the impl currently calls the userland accessible
`SubtleCrypto.deriveBits()` in `SubtleCrypto.deriveKey()`, leading to an
error being thrown if the `deriveBits` usage isn't present.
- Fixed this by making it call the internal `deriveBits()`
instead.
This now allows circular imports across extensions.
Instead of load + eval of all ESM files in declaration order, all files
are only loaded. Eval is done recursively by V8, only evaluating
files that are listed in `Extension::esm_entry_point` fields.
---------
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
This should produce a little less garbage and using an object here
wasn't really required.
---------
Co-authored-by: Aapo Alasuutari <aapo.alasuutari@gmail.com>
Co-authored-by: Leo Kettmeir <crowlkats@toaxl.com>
This commit renames "deno_core::InternalModuleLoader" to
"ExtModuleLoader" and changes the specifiers used by the
modules loaded from this loader to "ext:".
"internal:" scheme was really ambiguous and it's more characters than
"ext:", which should result in slightly smaller snapshot size.
Closes https://github.com/denoland/deno/issues/18020
This PR refactors all internal js files (except core) to be written as
ES modules.
`__bootstrap`has been mostly replaced with static imports in form in
`internal:[path to file from repo root]`.
To specify if files are ESM, an `esm` method has been added to
`Extension`, similar to the `js` method.
A new ModuleLoader called `InternalModuleLoader` has been added to
enable the loading of internal specifiers, which is used in all
situations except when a snapshot is only loaded, and not a new one is
created from it.
---------
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
Bump the rsa crate to 0.7.0
The API for the `rsa` crate has changed significantly, but I have
verified that tests continue to pass throughout this update.
