jdm
commented
4 years ago Hubs relies on the deriveKey, generateKey, importKey, exportKey, encrypt, and decrypt methods.
Open jdm opened 4 years ago
jdm
commented
4 years ago Hubs relies on the deriveKey, generateKey, importKey, exportKey, encrypt, and decrypt methods.
jdm
commented
4 years ago Hubs relies specifically on:
jdm
commented
4 years ago I've started tinkering in https://github.com/jdm/servo/tree/subtle.
jdm
commented
4 years ago ring may be a useful basis for this work. Gecko relies on NSS (eg. https://searchfox.org/mozilla-central/rev/82c04b9cad5b98bdf682bd477f2b1e3071b004ad/dom/crypto/WebCryptoTask.cpp#2727 for the ECDH implementation for deriveKey).
https://docs.rs/ring/0.16.15/ring/agreement/index.html has APIs involving ECDH, the P256 curve. However, it doesn't seem to have AES-CBC support. The RustCrypto group has https://docs.rs/aes/0.4.0/aes/ which looks like it might suit. Given that, we may just want to rely on the elliptic_curve and p256 crates instead of ring.
msub2
commented
1 month ago Here's a more complete overview of the algorithms and what I think pulls in the least amount of additional crates for this:
RSASSA-PKCS1-v1_5 - ring
RSA-PSS - ring
RSA-OAEP - rsa (Is planned in ring but not yet supported)
ECDSA - ring
ECDH - ring
AES-CTR - aes and ctr
AES-CBC - aes and cbc
AES-GCM - ring
AES-KW - aes_kw
HMAC - ring
SHA - ring
HKDF - ring
PBKDF2 - ring
I think it's still worth pulling in ring since it covers so many of the algorithms, unless we want to only use either ring/RustCrypto crates
https://www.w3.org/TR/WebCryptoAPI/#dfn-SubtleCrypto
This is used in the hub.link flow for joining a hubs room on a VR device.