@@ -28,6 +28,7 @@ import {
28
28
IWebCryptoAlgorithmSuite , WebCryptoEncryption , WebCryptoHash , // eslint-disable-line no-unused-vars
29
29
WebCryptoECDHCurve , AlgorithmSuiteTypeWebCrypto // eslint-disable-line no-unused-vars
30
30
} from './algorithm_suites'
31
+ import { needs } from './needs'
31
32
32
33
/* References to https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/algorithms-reference.html
33
34
* These are the composed parameters for each algorithm suite specification for
@@ -41,6 +42,7 @@ const webCryptoAlgAes128GcmIv12Tag16: IWebCryptoAlgorithmSuite = {
41
42
tagLength : 128 ,
42
43
cacheSafe : false
43
44
}
45
+ /* Web browsers do not support 192 bit key lengths at this time. */
44
46
const webCryptoAlgAes192GcmIv12Tag16 : IWebCryptoAlgorithmSuite = {
45
47
id : AlgorithmSuiteIdentifier . ALG_AES192_GCM_IV12_TAG16 ,
46
48
encryption : 'AES-GCM' ,
@@ -67,6 +69,7 @@ const webCryptoAlgAes128GcmIv12Tag16HkdfSha256: IWebCryptoAlgorithmSuite = {
67
69
kdfHash : 'SHA-256' ,
68
70
cacheSafe : true
69
71
}
72
+ /* Web browsers do not support 192 bit key lengths at this time. */
70
73
const webCryptoAlgAes192GcmIv12Tag16HkdfSha256 : IWebCryptoAlgorithmSuite = {
71
74
id : AlgorithmSuiteIdentifier . ALG_AES192_GCM_IV12_TAG16_HKDF_SHA256 ,
72
75
encryption : 'AES-GCM' ,
@@ -99,6 +102,7 @@ const webCryptoAlgAes128GcmIv12Tag16HkdfSha256EcdsaP256: IWebCryptoAlgorithmSuit
99
102
signatureCurve : 'P-256' ,
100
103
signatureHash : 'SHA-256'
101
104
}
105
+ /* Web browsers do not support 192 bit key lengths at this time. */
102
106
const webCryptoAlgAes192GcmIv12Tag16HkdfSha384EcdsaP384 : IWebCryptoAlgorithmSuite = {
103
107
id : AlgorithmSuiteIdentifier . ALG_AES192_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384 ,
104
108
encryption : 'AES-GCM' ,
@@ -137,6 +141,28 @@ const webCryptoAlgorithms: WebCryptoAlgorithms = Object.freeze({
137
141
[ AlgorithmSuiteIdentifier . ALG_AES256_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384 ] : Object . freeze ( webCryptoAlgAes256GcmIv12Tag16HkdfSha384EcdsaP384 )
138
142
} )
139
143
144
+ /* Web browsers do not support 192 bit key lengths at this time.
145
+ * To maintain type compatibility and TypeScript happiness between Algorithm Suites
146
+ * I need to have the same list of AlgorithmSuiteIdentifier.
147
+ * This list is maintained here to make sure that the error message is helpful.
148
+ */
149
+ type WebCryptoAlgorithmSuiteIdentifier = Exclude < Exclude < Exclude < AlgorithmSuiteIdentifier ,
150
+ AlgorithmSuiteIdentifier . ALG_AES192_GCM_IV12_TAG16 > ,
151
+ AlgorithmSuiteIdentifier . ALG_AES192_GCM_IV12_TAG16_HKDF_SHA256 > ,
152
+ AlgorithmSuiteIdentifier . ALG_AES192_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384 >
153
+ type SupportedWebCryptoAlgorithms = Readonly < { [ id in WebCryptoAlgorithmSuiteIdentifier ] : IWebCryptoAlgorithmSuite } >
154
+ const supportedWebCryptoAlgorithms : SupportedWebCryptoAlgorithms = Object . freeze ( {
155
+ [ AlgorithmSuiteIdentifier . ALG_AES128_GCM_IV12_TAG16 ] : Object . freeze ( webCryptoAlgAes128GcmIv12Tag16 ) ,
156
+ // [AlgorithmSuiteIdentifier.ALG_AES192_GCM_IV12_TAG16]: Object.freeze(webCryptoAlgAes192GcmIv12Tag16),
157
+ [ AlgorithmSuiteIdentifier . ALG_AES256_GCM_IV12_TAG16 ] : Object . freeze ( webCryptoAlgAes256GcmIv12Tag16 ) ,
158
+ [ AlgorithmSuiteIdentifier . ALG_AES128_GCM_IV12_TAG16_HKDF_SHA256 ] : Object . freeze ( webCryptoAlgAes128GcmIv12Tag16HkdfSha256 ) ,
159
+ // [AlgorithmSuiteIdentifier.ALG_AES192_GCM_IV12_TAG16_HKDF_SHA256]: Object.freeze(webCryptoAlgAes192GcmIv12Tag16HkdfSha256),
160
+ [ AlgorithmSuiteIdentifier . ALG_AES256_GCM_IV12_TAG16_HKDF_SHA256 ] : Object . freeze ( webCryptoAlgAes256GcmIv12Tag16HkdfSha256 ) ,
161
+ [ AlgorithmSuiteIdentifier . ALG_AES128_GCM_IV12_TAG16_HKDF_SHA256_ECDSA_P256 ] : Object . freeze ( webCryptoAlgAes128GcmIv12Tag16HkdfSha256EcdsaP256 ) ,
162
+ // [AlgorithmSuiteIdentifier.ALG_AES192_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384]: Object.freeze(webCryptoAlgAes192GcmIv12Tag16HkdfSha384EcdsaP384),
163
+ [ AlgorithmSuiteIdentifier . ALG_AES256_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384 ] : Object . freeze ( webCryptoAlgAes256GcmIv12Tag16HkdfSha384EcdsaP384 )
164
+ } )
165
+
140
166
export class WebCryptoAlgorithmSuite extends AlgorithmSuite implements IWebCryptoAlgorithmSuite {
141
167
encryption ! : WebCryptoEncryption
142
168
kdfHash ?: WebCryptoHash
@@ -145,6 +171,11 @@ export class WebCryptoAlgorithmSuite extends AlgorithmSuite implements IWebCrypt
145
171
type : AlgorithmSuiteTypeWebCrypto = 'webCrypto'
146
172
constructor ( id : AlgorithmSuiteIdentifier ) {
147
173
super ( webCryptoAlgorithms [ id ] )
174
+ /* Precondition: Browsers do not support 192 bit keys so the AlgorithmSuiteIdentifier is removed.
175
+ * This is primarily an error in decrypt but this make it clear.
176
+ * The error can manifest deep in the decrypt loop making it hard to debug.
177
+ */
178
+ needs ( supportedWebCryptoAlgorithms . hasOwnProperty ( id ) , '192-bit AES keys are not supported' )
148
179
Object . setPrototypeOf ( this , WebCryptoAlgorithmSuite . prototype )
149
180
Object . freeze ( this )
150
181
}
0 commit comments