Open ewalk153 opened 1 week ago
Apologies for the bikeshed here, the spec is a bit hard to navigate, but after investigating a bit more, I believe that what we want is exposing crypto.suble.digest
rather than createHmac
which is not standard yet (that's why it was not in the doc).
Thankfully I think that this doesn't represent a huge change to the current state of your PR, in fact, I think it might make the implementation a bit easier. The only wrinkle to think about is that crypto.subtle.digest
returns a promise, which I believe we can workaround by wrapping the result via: https://docs.rs/rquickjs/latest/rquickjs/struct.Promise.html#method.from_value, without having to actually defer the computation.
The other nice thing is that we can now refer to https://github.com/web-platform-tests/wpt/blob/master/WebCryptoAPI/digest/digest.https.any.js to compliance tests.
Next step: change API signature to:
crypto.subtle.sign({name: "HMAC", hash: "sha-256"}, "my key", "my plaintext")
This aligns with the wintercg spec.
Per convo with @saulecabrera and @jeffcharles
@ewalk153 I've pushed https://github.com/bytecodealliance/javy/pull/696/commits/fa3c661b24c546a6f6af69554eab29da5c8a8a69, see the commit description for details. Additionally, while working on these improvements, I found a bug with our event loop handling code (fixed in https://github.com/bytecodealliance/javy/pull/697), so I'd suggest rebasing once that one lands. I didn't fix all the unit tests in my last commit here, so there's a chance that we'd need to revisit those.
Description of the change
Conforming to the WinterCG crypto Hmac convention, introduce HmacSha256 support. This can be extended to add other crypto functions in the future.
Why am I making this change?
There is a strong need for for function input authentication. HmacSha256 strikes a balance between instruction count and cryptographic safety as a sane starting point.
Checklist
javy-cli
andjavy-core
do not require updating CHANGELOG files.