feat: quick-win API additions, OKP JWK support, and native optimizations#912
Merged
feat: quick-win API additions, OKP JWK support, and native optimizations#912
Conversation
Add several missing Node.js crypto API methods identified in the implementation coverage audit: - crypto.hash() oneshot function - subtle.deriveKey with ECDH - Ed25519/Ed448/X25519/X448 JWK export/import (C++ OKP support) - KeyObject.equals() - KeyObject.symmetricKeySize - createDiffieHellmanGroup alias - diffieHellman.verifyError property Add tests for all new features and update coverage docs.
…itrogen Move KeyObject.equals() to native C++ using EVP_PKEY_eq for asymmetric keys and CRYPTO_memcmp for symmetric keys, avoiding export of private key material into JS. Move symmetricKeySize to native via existing KeyObjectData::GetSymmetricKeySize(). Replace verifyError stub with actual DH_check() call. Add default case to OKP JWK export switch. Fix edImportKey parameter type to accept JWK, removing as-unknown cast. Regenerate nitrogen specs (includes std::variant order update).
Contributor
🤖 End-to-End Test Results - AndroidStatus: ✅ Passed 📸 Final Test ScreenshotScreenshot automatically captured from End-to-End tests and will expire in 30 days This comment is automatically updated on each test run. |
Contributor
🤖 End-to-End Test Results - iOSStatus: ✅ Passed 📸 Final Test ScreenshotScreenshot automatically captured from End-to-End tests and will expire in 30 days This comment is automatically updated on each test run. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Implements several quick-win API additions identified during the implementation-coverage audit, plus follow-up improvements from code review that move key operations to native C++.
Changes
New APIs
crypto.hash()— oneshot convenience wrapper around createHash/update/digestsubtle.deriveKeywith ECDH — adds missing ECDH case (delegates to existingecDeriveBits)crypto.createDiffieHellmanGroup— alias forgetDiffieHellmandiffieHellman.verifyError— proper implementation via nativeDH_check()KeyObject.equals()— native comparison usingEVP_PKEY_eq(asymmetric) andCRYPTO_memcmp(symmetric)KeyObject.symmetricKeySize— native accessor viaKeyObjectData::GetSymmetricKeySize()OKP JWK Support (RFC 8037)
OKPtoJWKktyenum (Nitro + TypeScript)Code Quality
equals()andsymmetricKeySizeto native — no longer exports key material into JSverifyErroruses actualDH_check()instead of hardcoded stubas unknown as JWKdouble cast by wideningedImportKeyparameter typedefault: break;to OKP export switchstd::variantorder update)Coverage Docs
Testing
All features have test coverage in the example app:
createDiffieHellmanGroupalias,verifyErrorfor valid paramshash()oneshot with various algorithms and encodingsequals()for secret/public/cross-type,symmetricKeySizefor 16/32/64 byte keysderiveKeywith encrypt/decrypt roundtripCloses #653