fix: route raw / raw-secret / raw-public per-algorithm in subtle#1023
Merged
Conversation
Stop unconditionally collapsing raw-secret/raw-public to raw. Each algorithm now validates its own format per Node's matrix: - AES-OCB and ChaCha20-Poly1305 require raw-secret (reject raw) - KMAC128/KMAC256 require raw-secret - Argon2d/i/id require raw-secret - ML-DSA and ML-KEM require raw-public (reject raw) - AES-CTR/CBC/GCM/KW + HMAC + HKDF + PBKDF2 + RSA + EC + Ed/X alias both forms - exportKey enforces the same matrix (raw / raw-secret / raw-public) - deriveKey, encapsulateKey, decapsulateKey now import derived/shared bits as raw-secret so AEAD/KMAC keys are valid downstream
- HMAC dispatcher no longer aliases format; hmacImportKey accepts 'raw' and 'raw-secret' directly and rejects 'raw-public' (matches Node mac.js) - Split importGenericSecretKey into pbkdf2ImportKey + argon2ImportKey; PBKDF2 keeps Node's extractable -> usage -> format ordering, Argon2 gates format first (matches Node webcrypto.js dispatcher) - Replace plain Error throws with lazyDOMException (SyntaxError / NotSupportedError / DataError) per WebCrypto spec - Add tests: HMAC raw-secret round-trip, HMAC raw-public reject, Ed25519/Ed448/X25519/X448 raw-public accept, ECDSA/ECDH raw-public accept Also adds fix-plan tables to /review and a new /address-pr-feedback command, mirroring the spicy/ea workflow.
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Contributor
🤖 End-to-End Test Results - iOSStatus: ✅ Passed 📸 Final Test ScreenshotScreenshot automatically captured from End-to-End tests and will expire in 30 days This comment is automatically updated on each test run. |
Contributor
🤖 End-to-End Test Results - AndroidStatus: ✅ Passed 📸 Final Test ScreenshotScreenshot automatically captured from End-to-End tests and will expire in 30 days This comment is automatically updated on each test run. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
raw-secret/raw-publictorawinsubtle.importKey/exportKey. Each algorithm now validates its own format per Node'saliasKeyFormatmatrix (webcrypto.js:734-742).raw-secretso AEADs (AES-OCB, ChaCha20-Poly1305) and KMAC keys produced fromderiveKey/encapsulateKey/decapsulateKeyare now valid downstream.Errorthrows with spec-correctDOMExceptiontypes (SyntaxError/NotSupportedError/DataError).Format matrix (mirrors Node)
rawraw-secretraw-publicCloses #1002.
Test plan
bun tsc --noEmitclean across both packagesexample/src/tests/subtle/import_export.ts:rawrawfor public-key import/exportraw-secretround-tripraw-secretround-trip; rejectsraw-publicraw-publicround-trip (equivalent toraw)raw-publicround-trip (equivalent toraw)raw-secret