crypto: add stub implementations for Web Crypto API Key Encapsulation

Author: panva

doc/api/webcrypto.md

@@ -639,6 +639,35 @@ Allows feature detection in Web Crypto API, which can be used to detect whether
 a given algorithm identifier (including any of its parameters) is supported for
 the given operation.
 
+### `subtle.decapsulateBits(decapsulationAlgorithm, decapsulationKey, ciphertext)`
+
+<!-- YAML
+added: REPLACEME
+-->
+
+> Stability: 1.0 - Early development
+
+* `decapsulationAlgorithm` {string|Algorithm}
+* `decapsulationKey` {CryptoKey}
+* `ciphertext` {ArrayBuffer|TypedArray|DataView|Buffer}
+* Returns: {Promise} Fulfills with {ArrayBuffer} upon success.
+
+### `subtle.decapsulateKey(decapsulationAlgorithm, decapsulationKey, ciphertext, sharedKeyAlgorithm, extractable, usages)`
+
+<!-- YAML
+added: REPLACEME
+-->
+
+> Stability: 1.0 - Early development
+
+* `decapsulationAlgorithm` {string|Algorithm}
+* `decapsulationKey` {CryptoKey}
+* `ciphertext` {ArrayBuffer|TypedArray|DataView|Buffer}
+* `sharedKeyAlgorithm` {string|Algorithm|HmacImportParams|AesDerivedKeyParams}
+* `extractable` {boolean}
+* `usages` {string\[]} See [Key usages][].
+* Returns: {Promise} Fulfills with {CryptoKey} upon success.
+
 ### `subtle.decrypt(algorithm, key, data)`
 
 <!-- YAML
@@ -773,6 +802,33 @@ If `algorithm` is provided as a {string}, it must be one of:
 If `algorithm` is provided as an {Object}, it must have a `name` property
 whose value is one of the above.
 
+### `subtle.encapsulateBits(encapsulationAlgorithm, encapsulationKey)`
+
+<!-- YAML
+added: REPLACEME
+-->
+
+> Stability: 1.0 - Early development
+
+* `encapsulationAlgorithm` {string|Algorithm}
+* `encapsulationKey` {CryptoKey}
+* Returns: {Promise} Fulfills with {EncapsulatedBits} upon success.
+
+### `subtle.encapsulateKey(encapsulationAlgorithm, encapsulationKey, sharedKeyAlgorithm, extractable, usages)`
+
+<!-- YAML
+added: REPLACEME
+-->
+
+> Stability: 1.0 - Early development
+
+* `encapsulationAlgorithm` {string|Algorithm}
+* `encapsulationKey` {CryptoKey}
+* `sharedKeyAlgorithm` {string|Algorithm|HmacImportParams|AesDerivedKeyParams}
+* `extractable` {boolean}
+* `usages` {string\[]} See [Key usages][].
+* Returns: {Promise} Fulfills with {EncapsulatedKey} upon success.
+
 ### `subtle.encrypt(algorithm, key, data)`
 
 <!-- YAML
@@ -1467,6 +1523,50 @@ the message.
 The Node.js Web Crypto API implementation only supports zero-length context
 which is equivalent to not providing context at all.
 
+### Class: `EncapsulatedBits`
+
+<!-- YAML
+added: REPLACEME
+-->
+
+#### `encapsulatedBits.ciphertext`
+
+<!-- YAML
+added: REPLACEME
+-->
+
+* Type: {ArrayBuffer}
+
+#### `encapsulatedBits.sharedKey`
+
+<!-- YAML
+added: REPLACEME
+-->
+
+* Type: {ArrayBuffer}
+
+### Class: `EncapsulatedKey`
+
+<!-- YAML
+added: REPLACEME
+-->
+
+#### `encapsulatedKey.ciphertext`
+
+<!-- YAML
+added: REPLACEME
+-->
+
+* Type: {ArrayBuffer}
+
+#### `encapsulatedKey.sharedKey`
+
+<!-- YAML
+added: REPLACEME
+-->
+
+* Type: {CryptoKey}
+
 ### Class: `HkdfParams`
 
 <!-- YAML

lib/internal/crypto/util.js

@@ -266,6 +266,8 @@ const kSupportedAlgorithms = {
   'unwrapKey': {
     'AES-KW': null,
   },
+  'encapsulate': {},
+  'decapsulate': {},
 };
 
 const experimentalAlgorithms = ObjectEntries({

lib/internal/crypto/webcrypto.js

@@ -933,6 +933,140 @@ async function decrypt(algorithm, key, data) {
   return cipherOrWrap(kWebCryptoCipherDecrypt, algorithm, key, data, 'decrypt');
 }
 
+async function encapsulateBits(encapsulationAlgorithm, encapsulationKey) {
+  emitExperimentalWarning('The encapsulateBits Web Crypto API method');
+  if (this !== subtle) throw new ERR_INVALID_THIS('SubtleCrypto');
+
+  webidl ??= require('internal/crypto/webidl');
+  const prefix = "Failed to execute 'encapsulateBits' on 'SubtleCrypto'";
+  webidl.requiredArguments(arguments.length, 2, { prefix });
+  encapsulationAlgorithm = webidl.converters.AlgorithmIdentifier(encapsulationAlgorithm, {
+    prefix,
+    context: '1st argument',
+  });
+  encapsulationKey = webidl.converters.CryptoKey(encapsulationKey, {
+    prefix,
+    context: '2nd argument',
+  });
+
+  // eslint-disable-next-line no-unused-vars
+  const normalizedEncapsulationAlgorithm = normalizeAlgorithm(encapsulationAlgorithm, 'encapsulate');
+
+  // It is not possible to get here just yet
+  const assert = require('internal/assert');
+  assert.fail('Unreachable code');
+}
+
+async function encapsulateKey(encapsulationAlgorithm, encapsulationKey, sharedKeyAlgorithm, extractable, usages) {
+  emitExperimentalWarning('The encapsulateKey Web Crypto API method');
+  if (this !== subtle) throw new ERR_INVALID_THIS('SubtleCrypto');
+
+  webidl ??= require('internal/crypto/webidl');
+  const prefix = "Failed to execute 'encapsulateKey' on 'SubtleCrypto'";
+  webidl.requiredArguments(arguments.length, 5, { prefix });
+  encapsulationAlgorithm = webidl.converters.AlgorithmIdentifier(encapsulationAlgorithm, {
+    prefix,
+    context: '1st argument',
+  });
+  encapsulationKey = webidl.converters.CryptoKey(encapsulationKey, {
+    prefix,
+    context: '2nd argument',
+  });
+  sharedKeyAlgorithm = webidl.converters.AlgorithmIdentifier(sharedKeyAlgorithm, {
+    prefix,
+    context: '3rd argument',
+  });
+  extractable = webidl.converters.boolean(extractable, {
+    prefix,
+    context: '4th argument',
+  });
+  usages = webidl.converters['sequence<KeyUsage>'](usages, {
+    prefix,
+    context: '5th argument',
+  });
+
+  // eslint-disable-next-line no-unused-vars
+  const normalizedEncapsulationAlgorithm = normalizeAlgorithm(encapsulationAlgorithm, 'encapsulate');
+  // eslint-disable-next-line no-unused-vars
+  const normalizedSharedKeyAlgorithm = normalizeAlgorithm(sharedKeyAlgorithm, 'importKey');
+
+  // It is not possible to get here just yet
+  const assert = require('internal/assert');
+  assert.fail('Unreachable code');
+}
+
+async function decapsulateBits(decapsulationAlgorithm, decapsulationKey, ciphertext) {
+  emitExperimentalWarning('The decapsulateBits Web Crypto API method');
+  if (this !== subtle) throw new ERR_INVALID_THIS('SubtleCrypto');
+
+  webidl ??= require('internal/crypto/webidl');
+  const prefix = "Failed to execute 'decapsulateBits' on 'SubtleCrypto'";
+  webidl.requiredArguments(arguments.length, 3, { prefix });
+  decapsulationAlgorithm = webidl.converters.AlgorithmIdentifier(decapsulationAlgorithm, {
+    prefix,
+    context: '1st argument',
+  });
+  decapsulationKey = webidl.converters.CryptoKey(decapsulationKey, {
+    prefix,
+    context: '2nd argument',
+  });
+  ciphertext = webidl.converters.BufferSource(ciphertext, {
+    prefix,
+    context: '3rd argument',
+  });
+
+  // eslint-disable-next-line no-unused-vars
+  const normalizedDecapsulationAlgorithm = normalizeAlgorithm(decapsulationAlgorithm, 'decapsulate');
+
+  // It is not possible to get here just yet
+  const assert = require('internal/assert');
+  assert.fail('Unreachable code');
+}
+
+async function decapsulateKey(
+  decapsulationAlgorithm, decapsulationKey, ciphertext, sharedKeyAlgorithm, extractable, usages,
+) {
+  emitExperimentalWarning('The decapsulateKey Web Crypto API method');
+  if (this !== subtle) throw new ERR_INVALID_THIS('SubtleCrypto');
+
+  webidl ??= require('internal/crypto/webidl');
+  const prefix = "Failed to execute 'decapsulateKey' on 'SubtleCrypto'";
+  webidl.requiredArguments(arguments.length, 6, { prefix });
+  decapsulationAlgorithm = webidl.converters.AlgorithmIdentifier(decapsulationAlgorithm, {
+    prefix,
+    context: '1st argument',
+  });
+  decapsulationKey = webidl.converters.CryptoKey(decapsulationKey, {
+    prefix,
+    context: '2nd argument',
+  });
+  ciphertext = webidl.converters.BufferSource(ciphertext, {
+    prefix,
+    context: '3rd argument',
+  });
+  sharedKeyAlgorithm = webidl.converters.AlgorithmIdentifier(sharedKeyAlgorithm, {
+    prefix,
+    context: '4th argument',
+  });
+  extractable = webidl.converters.boolean(extractable, {
+    prefix,
+    context: '5th argument',
+  });
+  usages = webidl.converters['sequence<KeyUsage>'](usages, {
+    prefix,
+    context: '6th argument',
+  });
+
+  // eslint-disable-next-line no-unused-vars
+  const normalizedDecapsulationAlgorithm = normalizeAlgorithm(decapsulationAlgorithm, 'decapsulate');
+  // eslint-disable-next-line no-unused-vars
+  const normalizedSharedKeyAlgorithm = normalizeAlgorithm(sharedKeyAlgorithm, 'importKey');
+
+  // It is not possible to get here just yet
+  const assert = require('internal/assert');
+  assert.fail('Unreachable code');
+}
+
 // The SubtleCrypto and Crypto classes are defined as part of the
 // Web Crypto API standard: https://www.w3.org/TR/WebCryptoAPI/
 
@@ -958,18 +1092,22 @@ class SubtleCrypto {
     });
 
     switch (operation) {
-      case 'encrypt':
+      case 'decapsulateBits':
+      case 'decapsulateKey':
       case 'decrypt':
-      case 'sign':
-      case 'verify':
+      case 'deriveBits':
+      case 'deriveKey':
       case 'digest':
+      case 'encapsulateBits':
+      case 'encapsulateKey':
+      case 'encrypt':
+      case 'exportKey':
       case 'generateKey':
-      case 'deriveKey':
-      case 'deriveBits':
       case 'importKey':
-      case 'exportKey':
-      case 'wrapKey':
+      case 'sign':
       case 'unwrapKey':
+      case 'verify':
+      case 'wrapKey':
         break;
       default:
         return false;
@@ -1003,7 +1141,7 @@ class SubtleCrypto {
       if (!check('exportKey', additionalAlgorithm)) {
         return false;
       }
-    } else if (operation === 'unwrapKey') {
+    } else if (operation === 'unwrapKey' || operation === 'encapsulateKey' || operation === 'decapsulateKey') {
       additionalAlgorithm = webidl.converters.AlgorithmIdentifier(lengthOrAdditionalAlgorithm, {
         prefix,
         context: '3rd argument',
@@ -1027,6 +1165,14 @@ class SubtleCrypto {
 }
 
 function check(op, alg, length) {
+  if (op === 'encapsulateBits' || op === 'encapsulateKey') {
+    op = 'encapsulate';
+  }
+
+  if (op === 'decapsulateBits' || op === 'decapsulateKey') {
+    op = 'decapsulate';
+  }
+
   let normalizedAlgorithm;
   try {
     normalizedAlgorithm = normalizeAlgorithm(alg, op);
@@ -1043,16 +1189,18 @@ function check(op, alg, length) {
   }
 
   switch (op) {
-    case 'encrypt':
+    case 'decapsulate':
     case 'decrypt':
-    case 'sign':
-    case 'verify':
     case 'digest':
+    case 'encapsulate':
+    case 'encrypt':
+    case 'exportKey':
     case 'generateKey':
     case 'importKey':
-    case 'exportKey':
-    case 'wrapKey':
+    case 'sign':
     case 'unwrapKey':
+    case 'verify':
+    case 'wrapKey':
       return true;
     case 'deriveBits': {
       if (normalizedAlgorithm.name === 'HKDF') {
@@ -1230,6 +1378,34 @@ ObjectDefineProperties(
       writable: true,
       value: unwrapKey,
     },
+    encapsulateBits: {
+      __proto__: null,
+      enumerable: true,
+      configurable: true,
+      writable: true,
+      value: encapsulateBits,
+    },
+    encapsulateKey: {
+      __proto__: null,
+      enumerable: true,
+      configurable: true,
+      writable: true,
+      value: encapsulateKey,
+    },
+    decapsulateBits: {
+      __proto__: null,
+      enumerable: true,
+      configurable: true,
+      writable: true,
+      value: decapsulateBits,
+    },
+    decapsulateKey: {
+      __proto__: null,
+      enumerable: true,
+      configurable: true,
+      writable: true,
+      value: decapsulateKey,
+    },
   });
 
 module.exports = {