1 /**************************************
3 * http://www.w3.org/TR/WebCryptoAPI
6 /**************************************
10 interface RandomSource {
11 ArrayBufferView getRandomValues(ArrayBufferView array);
14 /**************************************
18 typedef (Algorithm or DOMString) AlgorithmIdentifier;
20 dictionary AlgorithmParameters {
23 dictionary Algorithm {
25 AlgorithmParameters params;
28 /**************************************
46 readonly attribute KeyType type;
47 readonly attribute bool extractable;
48 readonly attribute Algorithm algorithm;
49 readonly attribute KeyUsage[] keyUsage;
52 /**************************************
55 interface CryptoOperation : EventTarget {
56 void process(ArrayBufferView buffer);
60 readonly attribute Key? key;
61 readonly attribute Algorithm algorithm;
62 readonly attribute any result;
64 [TreatNonCallableasNull] attribute Function? onabort;
65 [TreatNonCallableAsNull] attribute Function? onerror;
66 [TreatNonCallableAsNull] attribute Function? onprogress;
67 [TreatNonCallableAsNull] attribute Function? oncomplete;
70 /**************************************
73 interface KeyOperation : EventTarget {
74 readonly attribute any result;
76 [TreatNonCallableAsNull] attribute Function? onerror;
77 [TreatNonCallableAsNull] attribute Function? oncomplete;
80 /**************************************
84 // An unformatted sequence of bytes. Intended for secret keys.
86 // The DER encoding of the PrivateKeyInfo structure from RFC 5208.
88 // The DER encoding of the SubjectPublicKeyInfo structure from RFC 5280.
90 // The key is represented as JSON according to the JSON Web Key format.
95 CryptoOperation encrypt(AlgorithmIdentifier algorithm,
97 optional ArrayBufferView? buffer = null);
98 CryptoOperation decrypt(AlgorithmIdentifier algorithm,
100 optional ArrayBufferView? buffer = null);
101 CryptoOperation sign(AlgorithmIdentifier algorithm,
103 optional ArrayBufferView? buffer = null);
104 CryptoOperation verify(AlgorithmIdentifier algorithm,
106 ArrayBufferView signature,
107 optional ArrayBufferView? buffer = null);
108 CryptoOperation digest(AlgorithmIdentifier algorithm,
109 optional ArrayBufferView? buffer = null);
112 KeyOperation generateKey(AlgorithmIdentifier algorithm,
113 bool extractable = false,
114 KeyUsage[] keyUsages = []);
115 KeyOperation deriveKey(AlgorithmIdentifier algorithm,
117 AlgorithmIdentifier? derivedKeyType,
118 bool extractable = false,
119 KeyUsage[] keyUsages = []);
122 KeyOperation importKey(KeyFormat format,
123 ArrayBufferView keyData,
124 AlgorithmIdentifier? algorithm,
125 bool extractable = false,
126 KeyUsage[] keyUsages = []);
127 KeyOperation exportKey(KeyFormat format, Key key);
130 Crypto implements RandomSource;
132 partial interface Window {
133 readonly attribute Crypto crypto;
136 /**************************************
139 interface WorkerCrypto {
142 WorkerCrypto implements RandomSource;
144 partial interface WorkerGlobalScope {
145 readonly attribute WorkerCrypto crypto;
148 /**************************************
151 typedef Uint8Array BigInteger;
154 /**************************************
163 /**************************************
166 dictionary RsaKeyGenParams : AlgorithmParameters {
167 // The length, in bits, of the RSA modulus
168 unsigned long modulusLength;
169 // The RSA public exponent
170 BigInteger publicExponent;
173 /**************************************
176 dictionary RsaSsaParams : AlgorithmParameters {
177 // The hash algorithm to use
178 AlgorithmIdentifier hash;
181 /**************************************
184 dictionary RsaPssParams : AlgorithmParameters {
185 // The hash function to apply to the message
186 AlgorithmIdentifier hash;
187 // The mask generation function
188 AlgorithmIdentifier mgf;
189 // The desired length of the random salt
190 unsigned long saltLength;
193 /**************************************
196 dictionary RsaOaepParams : AlgorithmParameters {
197 // The hash function to apply to the message
198 AlgorithmIdentifier hash;
199 // The mask generation function
200 AlgorithmIdentifier mgf;
201 // The optional label/application data to associate with the message
202 ArrayBufferView? label;
205 /**************************************
208 dictionary EcdsaParams : AlgorithmParameters {
209 // The hash algorithm to use
210 AlgorithmIdentifier hash;
213 // NIST recommended curve P-256, also known as secp256r1.
215 // NIST recommended curve P-384, also known as secp384r1.
217 // NIST recommended curve P-521, also known as secp521r1.
221 /**************************************
224 dictionary EcKeyGenParams : AlgorithmParameters {
226 NamedCurve namedCurve;
229 /**************************************
232 typedef Uint8Array ECPoint;
234 dictionary EcdhKeyDeriveParams : AlgorithmParameters {
235 // The peer's EC public key.
239 /**************************************
242 dictionary AesCtrParams : AlgorithmParameters {
243 // The initial value of the counter block. counter MUST be 16 bytes
244 // (the AES block size). The counter bits are the rightmost length
245 // bits of the counter block. The rest of the counter block is for
246 // the nonce. The counter bits are incremented using the standard
247 // incrementing function specified in NIST SP 800-38A Appendix B.1:
248 // the counter bits are interpreted as a big-endian integer and
249 // incremented by one.
251 // The length, in bits, of the rightmost part of the counter block
252 // that is incremented.
253 [EnforceRange] octet length;
256 /**************************************
259 dictionary AesKeyGenParams : AlgorithmParameters {
260 // The length, in bits, of the key.
261 [EnforceRange] unsigned short length;
264 /**************************************
267 dictionary AesCbcParams : AlgorithmParameters {
268 // The initialization vector. MUST be 16 bytes.
272 /**************************************
275 dictionary AesGcmParams : AlgorithmParameters {
276 // The initialization vector to use. May be up to 2^56 bytes long.
278 // The additional authentication data to include.
279 ArrayBufferView? additionalData;
280 // The desired length of the authentication tag. May be 0 - 128.
281 [EnforceRange] octet? tagLength = 0;
284 /**************************************
287 dictionary HmacParams : AlgorithmParameters {
288 // The inner hash function to use.
289 AlgorithmIdentifier hash;
292 /**************************************
295 dictionary DhKeyGenParams : AlgorithmParameters {
299 BigInteger generator;
302 /**************************************
305 dictionary DhKeyDeriveParams : AlgorithmParameters {
306 // The peer's public value.
310 /**************************************
313 dictionary ConcatParams : AlgorithmParameters {
314 // The digest method to use to derive the keying material.
315 AlgorithmIdentifier hash;
317 // A bit string corresponding to the AlgorithmId field of the OtherInfo parameter.
318 // The AlgorithmId indicates how the derived keying material will be parsed and for which
319 // algorithm(s) the derived secret keying material will be used.
320 ArrayBufferView algorithmId;
322 // A bit string that corresponds to the PartyUInfo field of the OtherInfo parameter.
323 ArrayBufferView partyUInfo;
324 // A bit string that corresponds to the PartyVInfo field of the OtherInfo parameter.
325 ArrayBufferView partyVInfo;
326 // An optional bit string that corresponds to the SuppPubInfo field of the OtherInfo parameter.
327 ArrayBufferView? publicInfo;
328 // An optional bit string that corresponds to the SuppPrivInfo field of the OtherInfo parameter.
329 ArrayBufferView? privateInfo;
332 /**************************************
335 dictionary Pbkdf2Params : AlgorithmParameters {
336 ArrayBufferView salt;
337 [Clamp] unsigned long iterations;
338 AlgorithmIdentifier prf;
339 ArrayBufferView? password;
342 /**************************************
346 var algorithmKeyGen = {
347 name: "RSASSA-PKCS1-v1_5",
351 publicExponent: new Uint8Array([0x01, 0x00, 0x01]), // Equivalent to 65537
355 var algorithmSign = {
356 name: "RSASSA-PKCS1-v1_5",
365 var keyGen = window.crypto.generateKey(algorithmKeyGen,
366 false, // extractable
369 keyGen.oncomplete = function(event) {
370 // Because we are not supplying data to .sign(), a multi-part
371 // CryptoOperation will be returned, which requires us to call .process()
373 var signer = window.crypt.sign(algorithmSign, event.target.result.privateKey);
374 signer.oncomplete = function(event) {
375 console.log("The signature is: " + event.target.result);
377 signer.onerror = function(event) {
378 console.error("Unable to sign");
381 var dataPart1 = convertPlainTextToArrayBufferView("hello,");
382 var dataPart2 = convertPlainTextToArrayBufferView(" world!");
383 // TODO: create example utility function that converts text -> ArrayBufferView
385 signer.process(dataPart1);
386 signer.process(dataPart2);
390 keyGen.onerror = function(event) {
391 console.error("Unable to generate a key.");
396 /**************************************
398 var clearDataArrayBufferView = convertPlainTextToArrayBufferView("Plain Text Data");
399 // TODO: create example utility function that converts text -> ArrayBufferView
401 var aesAlgorithmKeyGen = {
409 var aesAlgorithmEncrypt = {
413 iv: window.crypto.getRandomValues(new Uint8Array(16))
417 // Create a keygenerator to produce a one-time-use AES key to encrypt some data
418 var cryptoKeyGen = window.crypto.generateKey(aesAlgorithmKeyGen,
419 false, // extractable
422 cryptoKeyGen.oncomplete = function(event) {
423 // A new, random AES key has been generated.
424 var aesKey = event.target.result;
426 // Unlike the signing example, which showed multi-part encryption, here we
427 // will perform the entire AES operation in a single call.
428 var aesOp = window.crypto.encrypt(aesAlgorithmEncrypt, aesKey, clearDataArrayBufferView);
429 aesOp.oncomplete = function(event) {
430 // The clearData has been encrypted.
431 var ciphertext = event.target.result; // ArrayBufferView
433 aesOp.onerror = function(event) {
434 console.error("Unable to AES encrypt.");