From c9d18d881a0ea6df20cfe84b40dfd22dff07d967 Mon Sep 17 00:00:00 2001 From: Joey Bright Date: Tue, 3 Jun 2025 14:22:26 -0700 Subject: [PATCH 01/10] Improvements to importing and exporting public keys - When importing public keys, `Extractable` function parameter no longer required, as public keys can always be extracted. - The `Task` for exporting public keys no longer has the `ExportKeyError` error type and instead has `{}`. This is due to exporting public key always succeeding (they can always be exported). Tests updated to reflect these changes. Ran and confirmed tests still pass with the above changes. --- integration_tests/src/Test/Crypto.gren | 28 ----- src/Crypto.gren | 163 +++++++++++++++---------- 2 files changed, 96 insertions(+), 95 deletions(-) diff --git a/integration_tests/src/Test/Crypto.gren b/integration_tests/src/Test/Crypto.gren index b0cd0c2c..a5d4553a 100644 --- a/integration_tests/src/Test/Crypto.gren +++ b/integration_tests/src/Test/Crypto.gren @@ -307,7 +307,6 @@ rsaOaepKeyTestHelper secureContext { label, encryptionLabel, modulusLength, hash exportedKey { hash = hash } - Crypto.CanBeExtracted secureContext ) (withLabel "Importing a successfully extracted public key") @@ -322,7 +321,6 @@ rsaOaepKeyTestHelper secureContext { label, encryptionLabel, modulusLength, hash exportedKey { hash = shuffleDigestAlgorithm hash } - Crypto.CanBeExtracted secureContext ) (withLabel "Importing a successfully extracted public key with the wrong hash") @@ -346,7 +344,6 @@ rsaOaepKeyTestHelper secureContext { label, encryptionLabel, modulusLength, hash exportedKey { hash = hash } - Crypto.CanBeExtracted secureContext ) (withLabel "Importing a successfully extracted public key") @@ -361,7 +358,6 @@ rsaOaepKeyTestHelper secureContext { label, encryptionLabel, modulusLength, hash exportedKey { hash = shuffleDigestAlgorithm hash } - Crypto.CanBeExtracted secureContext ) (withLabel "Importing a successfully extracted public key with the wrong hash") @@ -1513,7 +1509,6 @@ rsaSsaPkcs1V1_5KeyTestsHelper secureContext label { encryptionLabel, modulusLeng exportedPublicKey { hash = hash } - Crypto.CanBeExtracted secureContext ) "Importing the exported key with the same hash" @@ -1534,7 +1529,6 @@ rsaSsaPkcs1V1_5KeyTestsHelper secureContext label { encryptionLabel, modulusLeng exportedPublicKey { hash = hash } - Crypto.CanBeExtracted secureContext ) "Importing the exported key with the same hash" @@ -1549,7 +1543,6 @@ rsaSsaPkcs1V1_5KeyTestsHelper secureContext label { encryptionLabel, modulusLeng exportedPublicKey { hash = shuffleDigestAlgorithm hash } - Crypto.CanBeExtracted secureContext ) "Importing the exported key with a different hash" @@ -1605,7 +1598,6 @@ rsaSsaPkcs1V1_5KeyTestsHelper secureContext label { encryptionLabel, modulusLeng exportedPublicKey { hash = hash } - Crypto.CanBeExtracted secureContext ) "Importing the exported key with the same hash" @@ -1626,7 +1618,6 @@ rsaSsaPkcs1V1_5KeyTestsHelper secureContext label { encryptionLabel, modulusLeng exportedPublicKey { hash = hash } - Crypto.CanBeExtracted secureContext ) "Importing the exported key with the same hash" @@ -1641,7 +1632,6 @@ rsaSsaPkcs1V1_5KeyTestsHelper secureContext label { encryptionLabel, modulusLeng exportedPublicKey { hash = shuffleDigestAlgorithm hash } - Crypto.CanBeExtracted secureContext ) "Importing the exported key with a different hash" @@ -1811,7 +1801,6 @@ rsaPssTestsHelper secureContext label { modulusLength, hash } = exportedPublicKey { hash = hash } - Crypto.CanBeExtracted secureContext ) "Importing the exported key with the same hash" @@ -1832,7 +1821,6 @@ rsaPssTestsHelper secureContext label { modulusLength, hash } = exportedPublicKey { hash = hash } - Crypto.CanBeExtracted secureContext ) "Importing the exported key with the same hash" @@ -1847,7 +1835,6 @@ rsaPssTestsHelper secureContext label { modulusLength, hash } = exportedPublicKey { hash = shuffleDigestAlgorithm hash } - Crypto.CanBeExtracted secureContext ) "Importing the exported key with a different hash" @@ -1903,7 +1890,6 @@ rsaPssTestsHelper secureContext label { modulusLength, hash } = exportedPublicKey { hash = hash } - Crypto.CanBeExtracted secureContext ) "Importing the exported key with the same hash" @@ -1924,7 +1910,6 @@ rsaPssTestsHelper secureContext label { modulusLength, hash } = exportedPublicKey { hash = hash } - Crypto.CanBeExtracted secureContext ) "Importing the exported key with the same hash" @@ -1939,7 +1924,6 @@ rsaPssTestsHelper secureContext label { modulusLength, hash } = exportedPublicKey { hash = shuffleDigestAlgorithm hash } - Crypto.CanBeExtracted secureContext ) "Importing the exported key with a different hash" @@ -2146,7 +2130,6 @@ ecdsaTestsHelper secureContext label { namedCurve, digestAlgorithm } = (Crypto.importEcdsaPublicKeyFromRaw namedCurve exportedKey - Crypto.CanBeExtracted secureContext ) "Importing the exported key with the same named curve" @@ -2160,7 +2143,6 @@ ecdsaTestsHelper secureContext label { namedCurve, digestAlgorithm } = (Crypto.importEcdsaPublicKeyFromRaw (shuffleNamedCurve namedCurve) exportedKey - Crypto.CanBeExtracted secureContext ) "Importing the exported key with a different named curve" @@ -2181,7 +2163,6 @@ ecdsaTestsHelper secureContext label { namedCurve, digestAlgorithm } = (Crypto.importEcdsaPublicKeyFromSpki namedCurve exportedKey - Crypto.CanBeExtracted secureContext ) "Importing the exported key with the same named curve" @@ -2195,7 +2176,6 @@ ecdsaTestsHelper secureContext label { namedCurve, digestAlgorithm } = (Crypto.importEcdsaPublicKeyFromSpki (shuffleNamedCurve namedCurve) exportedKey - Crypto.CanBeExtracted secureContext ) "Importing the exported key with a different named curve" @@ -2216,7 +2196,6 @@ ecdsaTestsHelper secureContext label { namedCurve, digestAlgorithm } = (Crypto.importEcdsaPublicKeyFromJwk namedCurve exportedKey - Crypto.CanBeExtracted secureContext ) "Importing the exported key with the same named curve" @@ -2230,7 +2209,6 @@ ecdsaTestsHelper secureContext label { namedCurve, digestAlgorithm } = (Crypto.importEcdsaPublicKeyFromJwk (shuffleNamedCurve namedCurve) exportedKey - Crypto.CanBeExtracted secureContext ) "Importing the exported key with a different named curve" @@ -2285,7 +2263,6 @@ ecdsaTestsHelper secureContext label { namedCurve, digestAlgorithm } = (Crypto.importEcdsaPublicKeyFromRaw namedCurve exportedKey - Crypto.CanBeExtracted secureContext ) "Importing the exported key with the same named curve" @@ -2299,7 +2276,6 @@ ecdsaTestsHelper secureContext label { namedCurve, digestAlgorithm } = (Crypto.importEcdsaPublicKeyFromRaw (shuffleNamedCurve namedCurve) exportedKey - Crypto.CanBeExtracted secureContext ) "Importing the exported key with a different named curve" @@ -2320,7 +2296,6 @@ ecdsaTestsHelper secureContext label { namedCurve, digestAlgorithm } = (Crypto.importEcdsaPublicKeyFromSpki namedCurve exportedKey - Crypto.CanBeExtracted secureContext ) "Importing the exported key with the same named curve" @@ -2334,7 +2309,6 @@ ecdsaTestsHelper secureContext label { namedCurve, digestAlgorithm } = (Crypto.importEcdsaPublicKeyFromSpki (shuffleNamedCurve namedCurve) exportedKey - Crypto.CanBeExtracted secureContext ) "Importing the exported key with a different named curve" @@ -2355,7 +2329,6 @@ ecdsaTestsHelper secureContext label { namedCurve, digestAlgorithm } = (Crypto.importEcdsaPublicKeyFromJwk namedCurve exportedKey - Crypto.CanBeExtracted secureContext ) "Importing the exported key with the same named curve" @@ -2369,7 +2342,6 @@ ecdsaTestsHelper secureContext label { namedCurve, digestAlgorithm } = (Crypto.importEcdsaPublicKeyFromJwk (shuffleNamedCurve namedCurve) exportedKey - Crypto.CanBeExtracted secureContext ) "Importing the exported key with a different named curve" diff --git a/src/Crypto.gren b/src/Crypto.gren index 29175df3..5691704f 100644 --- a/src/Crypto.gren +++ b/src/Crypto.gren @@ -851,22 +851,23 @@ generateHmacKey { hash, length, extractable } _context = {-| Errors that can arise when exporting keys. - `KeyNotExportable` happens when trying to export a key that was not made -`Extractable` during creation or import. +`Extractable` during creation or import. This only applies to private keys, +as public keys are always exportable. -} type ExportKeyError = KeyNotExportable {-| -} -exportRsaOaepPublicKeyAsSpki : PublicKey RsaOaepKey RsaKeyParams -> Task ExportKeyError Bytes +exportRsaOaepPublicKeyAsSpki : PublicKey RsaOaepKey RsaKeyParams -> Task {} Bytes exportRsaOaepPublicKeyAsSpki (PublicKey key) = - exportKeyAsSpki key + exportPublicKeyAsSpki key {-| -} -exportRsaOaepPublicKeyAsJwk : PublicKey RsaOaepKey RsaKeyParams -> Task ExportKeyError Json.Encode.Value +exportRsaOaepPublicKeyAsJwk : PublicKey RsaOaepKey RsaKeyParams -> Task {} Json.Encode.Value exportRsaOaepPublicKeyAsJwk (PublicKey key) = - exportKeyAsJwk key + exportPublicKeyAsJwk key {-| -} @@ -882,15 +883,15 @@ exportRsaOaepPrivateKeyAsJwk (PrivateKey key) = {-|-} -exportRsaPssPublicKeyAsSpki : PublicKey RsaPssKey RsaKeyParams -> Task ExportKeyError Bytes +exportRsaPssPublicKeyAsSpki : PublicKey RsaPssKey RsaKeyParams -> Task {} Bytes exportRsaPssPublicKeyAsSpki (PublicKey key)= - exportKeyAsSpki key + exportPublicKeyAsSpki key {-|-} -exportRsaPssPublicKeyAsJwk : PublicKey RsaPssKey RsaKeyParams -> Task ExportKeyError Json.Encode.Value +exportRsaPssPublicKeyAsJwk : PublicKey RsaPssKey RsaKeyParams -> Task {} Json.Encode.Value exportRsaPssPublicKeyAsJwk (PublicKey key) = - exportKeyAsJwk key + exportPublicKeyAsJwk key {-|-} @@ -906,15 +907,15 @@ exportRsaPssPrivateKeyAsJwk (PrivateKey key) = {-|-} -exportRsaSsaPkcs1V1_5PublicKeyAsSpki : PublicKey RsaSsaPkcs1V1_5Key RsaKeyParams -> Task ExportKeyError Bytes +exportRsaSsaPkcs1V1_5PublicKeyAsSpki : PublicKey RsaSsaPkcs1V1_5Key RsaKeyParams -> Task {} Bytes exportRsaSsaPkcs1V1_5PublicKeyAsSpki (PublicKey key) = - exportKeyAsSpki key + exportPublicKeyAsSpki key {-|-} -exportRsaSsaPkcs1V1_5PublicKeyAsJwk : PublicKey RsaSsaPkcs1V1_5Key RsaKeyParams -> Task ExportKeyError Json.Encode.Value +exportRsaSsaPkcs1V1_5PublicKeyAsJwk : PublicKey RsaSsaPkcs1V1_5Key RsaKeyParams -> Task {} Json.Encode.Value exportRsaSsaPkcs1V1_5PublicKeyAsJwk (PublicKey key) = - exportKeyAsJwk key + exportPublicKeyAsJwk key {-|-} @@ -966,21 +967,21 @@ exportAesGcmKeyAsJwk = {-|-} -exportEcdsaPublicKeyAsRaw : PublicKey EcdsaKey EcKeyParams -> Task ExportKeyError Bytes +exportEcdsaPublicKeyAsRaw : PublicKey EcdsaKey EcKeyParams -> Task {} Bytes exportEcdsaPublicKeyAsRaw (PublicKey key) = - exportKeyAsRaw key + exportPublicKeyAsRaw key {-|-} -exportEcdsaPublicKeyAsSpki : PublicKey EcdsaKey EcKeyParams -> Task ExportKeyError Bytes +exportEcdsaPublicKeyAsSpki : PublicKey EcdsaKey EcKeyParams -> Task {} Bytes exportEcdsaPublicKeyAsSpki (PublicKey key) = - exportKeyAsSpki key + exportPublicKeyAsSpki key {-|-} -exportEcdsaPublicKeyAsJwk : PublicKey EcdsaKey EcKeyParams -> Task ExportKeyError Json.Encode.Value +exportEcdsaPublicKeyAsJwk : PublicKey EcdsaKey EcKeyParams -> Task {} Json.Encode.Value exportEcdsaPublicKeyAsJwk (PublicKey key) = - exportKeyAsJwk key + exportPublicKeyAsJwk key {-|-} @@ -996,21 +997,21 @@ exportEcdsaPrivateKeyAsJwk (PrivateKey key)= {-|-} -exportEcdhPublicKeyAsRaw : PublicKey EcdhKey EcKeyParams -> Task ExportKeyError Bytes +exportEcdhPublicKeyAsRaw : PublicKey EcdhKey EcKeyParams -> Task {} Bytes exportEcdhPublicKeyAsRaw (PublicKey key) = - exportKeyAsRaw key + exportPublicKeyAsRaw key {-|-} -exportEcdhPublicKeyAsSpki : PublicKey EcdhKey EcKeyParams -> Task ExportKeyError Bytes +exportEcdhPublicKeyAsSpki : PublicKey EcdhKey EcKeyParams -> Task {} Bytes exportEcdhPublicKeyAsSpki (PublicKey key) = - exportKeyAsSpki key + exportPublicKeyAsSpki key {-|-} -exportEcdhPublicKeyAsJwk : PublicKey EcdhKey EcKeyParams -> Task ExportKeyError Json.Encode.Value +exportEcdhPublicKeyAsJwk : PublicKey EcdhKey EcKeyParams -> Task {} Json.Encode.Value exportEcdhPublicKeyAsJwk (PublicKey key) = - exportKeyAsJwk key + exportPublicKeyAsJwk key {-|-} @@ -1038,33 +1039,61 @@ exportHmacKeyAsJwk = {-|-} -exportKeyHelperV2 : String -> Key a b -> Task ExportKeyError c -exportKeyHelperV2 keyType (Key { key }) = +exportKeyHelper : String -> Key a b -> Task ExportKeyError c +exportKeyHelper keyType (Key { key }) = + Gren.Kernel.Crypto.exportKey keyType key + + +{-| Identical to `exportKeyHelper`, only different in the return type. + +As the function suggests, is used when exporting public keys. These exports cannot +fail because public keys cannot be marked as not exportable. +-} +exportPublicKeyHelper : String -> Key a b -> Task {} c +exportPublicKeyHelper keyType (Key { key }) = Gren.Kernel.Crypto.exportKey keyType key +{-|-} +exportPublicKeyAsRaw : Key a b -> Task {} Bytes +exportPublicKeyAsRaw = + exportPublicKeyHelper "raw" + + {-|-} exportKeyAsRaw : Key a b -> Task ExportKeyError Bytes exportKeyAsRaw = - exportKeyHelperV2 "raw" + exportKeyHelper "raw" {-|-} exportKeyAsPkcs8 : Key a b -> Task ExportKeyError Bytes exportKeyAsPkcs8 = - exportKeyHelperV2 "pkcs8" + exportKeyHelper "pkcs8" + + +{-|-} +exportPublicKeyAsSpki : Key a b -> Task {} Bytes +exportPublicKeyAsSpki = + exportPublicKeyHelper "spki" {-|-} exportKeyAsSpki : Key a b -> Task ExportKeyError Bytes exportKeyAsSpki = - exportKeyHelperV2 "spki" + exportKeyHelper "spki" + + +{-|-} +exportPublicKeyAsJwk : Key a b -> Task {} Json.Encode.Value +exportPublicKeyAsJwk key = + Task.map Gren.Kernel.Json.wrap (exportPublicKeyHelper "jwk" key) {-|-} exportKeyAsJwk : Key a b -> Task ExportKeyError Json.Encode.Value exportKeyAsJwk key = - Task.map Gren.Kernel.Json.wrap (exportKeyHelperV2 "jwk" key) + Task.map Gren.Kernel.Json.wrap (exportKeyHelper "jwk" key) @@ -1093,54 +1122,54 @@ type ImportRsaKeyError {-|-} -importRsaOaepPublicKeyFromJwk : Json.Encode.Value -> ImportRsaKeyParams -> Extractable -> SecureContext -> Task ImportRsaKeyError (PublicKey RsaOaepKey RsaKeyParams) -importRsaOaepPublicKeyFromJwk jwk { hash } extractable _context = +importRsaOaepPublicKeyFromJwk : Json.Encode.Value -> ImportRsaKeyParams -> SecureContext -> Task ImportRsaKeyError (PublicKey RsaOaepKey RsaKeyParams) +importRsaOaepPublicKeyFromJwk jwk { hash } _context = Gren.Kernel.Crypto.importRsaKey "public" "jwk" (Gren.Kernel.Json.unwrap jwk) "RSA-OAEP" (digestAlgorithmToString hash) - (extractableToBool extractable) + True [ "encrypt" ] {-|-} -importRsaOaepPublicKeyFromSpki : Bytes -> ImportRsaKeyParams -> Extractable -> SecureContext -> Task ImportRsaKeyError (PublicKey RsaOaepKey RsaKeyParams) -importRsaOaepPublicKeyFromSpki bytes { hash } extractable _context = +importRsaOaepPublicKeyFromSpki : Bytes -> ImportRsaKeyParams -> SecureContext -> Task ImportRsaKeyError (PublicKey RsaOaepKey RsaKeyParams) +importRsaOaepPublicKeyFromSpki bytes { hash } _context = Gren.Kernel.Crypto.importRsaKey "public" "spki" bytes "RSA-OAEP" (digestAlgorithmToString hash) - (extractableToBool extractable) + True [ "encrypt" ] {-|-} -importRsaPssPublicKeyFromJwk : Json.Encode.Value -> ImportRsaKeyParams -> Extractable -> SecureContext -> Task ImportRsaKeyError (PublicKey RsaPssKey RsaKeyParams) -importRsaPssPublicKeyFromJwk jwk { hash } extractable _context = +importRsaPssPublicKeyFromJwk : Json.Encode.Value -> ImportRsaKeyParams -> SecureContext -> Task ImportRsaKeyError (PublicKey RsaPssKey RsaKeyParams) +importRsaPssPublicKeyFromJwk jwk { hash } _context = Gren.Kernel.Crypto.importRsaKey "public" "jwk" (Gren.Kernel.Json.unwrap jwk) "RSA-PSS" (digestAlgorithmToString hash) - (extractableToBool extractable) + True [ "verify" ] {-|-} -importRsaPssPublicKeyFromSpki : Bytes -> ImportRsaKeyParams -> Extractable -> SecureContext -> Task ImportRsaKeyError (PublicKey RsaPssKey RsaKeyParams) -importRsaPssPublicKeyFromSpki bytes { hash } extractable _context = +importRsaPssPublicKeyFromSpki : Bytes -> ImportRsaKeyParams -> SecureContext -> Task ImportRsaKeyError (PublicKey RsaPssKey RsaKeyParams) +importRsaPssPublicKeyFromSpki bytes { hash } _context = Gren.Kernel.Crypto.importRsaKey "public" "spki" bytes "RSA-PSS" (digestAlgorithmToString hash) - (extractableToBool extractable) + True [ "verify" ] @@ -1197,28 +1226,28 @@ importRsaPssPrivateKeyFromPkcs8 bytes { hash } extractable _context = {-|-} -importRsaSsaPkcs1V1_5PublicKeyFromJwk : Json.Encode.Value -> ImportRsaKeyParams -> Extractable -> SecureContext -> Task ImportRsaKeyError (PublicKey RsaSsaPkcs1V1_5Key RsaKeyParams) -importRsaSsaPkcs1V1_5PublicKeyFromJwk jwk { hash } extractable _context = +importRsaSsaPkcs1V1_5PublicKeyFromJwk : Json.Encode.Value -> ImportRsaKeyParams -> SecureContext -> Task ImportRsaKeyError (PublicKey RsaSsaPkcs1V1_5Key RsaKeyParams) +importRsaSsaPkcs1V1_5PublicKeyFromJwk jwk { hash } _context = Gren.Kernel.Crypto.importRsaKey "public" "jwk" (Gren.Kernel.Json.unwrap jwk) "RSASSA-PKCS1-v1_5" (digestAlgorithmToString hash) - (extractableToBool extractable) + True [ "verify" ] {-|-} -importRsaSsaPkcs1V1_5PublicKeyFromSpki : Bytes -> ImportRsaKeyParams -> Extractable -> SecureContext -> Task ImportRsaKeyError (PublicKey RsaSsaPkcs1V1_5Key RsaKeyParams) -importRsaSsaPkcs1V1_5PublicKeyFromSpki bytes { hash } extractable _context = +importRsaSsaPkcs1V1_5PublicKeyFromSpki : Bytes -> ImportRsaKeyParams -> SecureContext -> Task ImportRsaKeyError (PublicKey RsaSsaPkcs1V1_5Key RsaKeyParams) +importRsaSsaPkcs1V1_5PublicKeyFromSpki bytes { hash } _context = Gren.Kernel.Crypto.importRsaKey "public" "spki" bytes "RSASSA-PKCS1-v1_5" (digestAlgorithmToString hash) - (extractableToBool extractable) + True [ "verify" ] @@ -1337,80 +1366,80 @@ type ImportEcKeyError {-|-} -importEcdsaPublicKeyFromRaw : EcNamedCurve -> Bytes -> Extractable -> SecureContext -> Task ImportEcKeyError (PublicKey EcdsaKey EcKeyParams) -importEcdsaPublicKeyFromRaw namedCurve bytes extractable _context = +importEcdsaPublicKeyFromRaw : EcNamedCurve -> Bytes -> SecureContext -> Task ImportEcKeyError (PublicKey EcdsaKey EcKeyParams) +importEcdsaPublicKeyFromRaw namedCurve bytes _context = Gren.Kernel.Crypto.importEcKey "public" "raw" bytes "ECDSA" (ecNamedCurveToString namedCurve) - (extractableToBool extractable) + True [ "verify" ] {-|-} -importEcdsaPublicKeyFromSpki : EcNamedCurve -> Bytes -> Extractable -> SecureContext -> Task ImportEcKeyError (PublicKey EcdsaKey EcKeyParams) -importEcdsaPublicKeyFromSpki namedCurve bytes extractable _context = +importEcdsaPublicKeyFromSpki : EcNamedCurve -> Bytes -> SecureContext -> Task ImportEcKeyError (PublicKey EcdsaKey EcKeyParams) +importEcdsaPublicKeyFromSpki namedCurve bytes _context = Gren.Kernel.Crypto.importEcKey "public" "spki" bytes "ECDSA" (ecNamedCurveToString namedCurve) - (extractableToBool extractable) + True [ "verify" ] {-|-} -importEcdsaPublicKeyFromJwk : EcNamedCurve -> Json.Encode.Value -> Extractable -> SecureContext -> Task ImportEcKeyError (PublicKey EcdsaKey EcKeyParams) -importEcdsaPublicKeyFromJwk namedCurve jwk extractable _context = +importEcdsaPublicKeyFromJwk : EcNamedCurve -> Json.Encode.Value -> SecureContext -> Task ImportEcKeyError (PublicKey EcdsaKey EcKeyParams) +importEcdsaPublicKeyFromJwk namedCurve jwk _context = Gren.Kernel.Crypto.importEcKey "public" "jwk" (Gren.Kernel.Json.unwrap jwk) "ECDSA" (ecNamedCurveToString namedCurve) - (extractableToBool extractable) + True [ "verify" ] {-|-} -importEcdhPublicKeyFromRaw : EcNamedCurve -> Bytes -> Extractable -> SecureContext -> Task ImportEcKeyError (PublicKey EcdhKey EcKeyParams) -importEcdhPublicKeyFromRaw namedCurve bytes extractable _context = +importEcdhPublicKeyFromRaw : EcNamedCurve -> Bytes -> SecureContext -> Task ImportEcKeyError (PublicKey EcdhKey EcKeyParams) +importEcdhPublicKeyFromRaw namedCurve bytes _context = Gren.Kernel.Crypto.importEcKey "public" "raw" bytes "ECDH" (ecNamedCurveToString namedCurve) - (extractableToBool extractable) + True [] {-|-} -importEcdhPublicKeyFromSpki : EcNamedCurve -> Bytes -> Extractable -> SecureContext -> Task ImportEcKeyError (PublicKey EcdhKey EcKeyParams) -importEcdhPublicKeyFromSpki namedCurve bytes extractable _context = +importEcdhPublicKeyFromSpki : EcNamedCurve -> Bytes -> SecureContext -> Task ImportEcKeyError (PublicKey EcdhKey EcKeyParams) +importEcdhPublicKeyFromSpki namedCurve bytes _context = Gren.Kernel.Crypto.importEcKey "public" "spki" bytes "ECDH" (ecNamedCurveToString namedCurve) - (extractableToBool extractable) + True [] {-|-} -importEcdhPublicKeyFromJwk : EcNamedCurve -> Json.Encode.Value -> Extractable -> SecureContext -> Task ImportEcKeyError (PublicKey EcdhKey EcKeyParams) -importEcdhPublicKeyFromJwk namedCurve jwk extractable _context = +importEcdhPublicKeyFromJwk : EcNamedCurve -> Json.Encode.Value -> SecureContext -> Task ImportEcKeyError (PublicKey EcdhKey EcKeyParams) +importEcdhPublicKeyFromJwk namedCurve jwk _context = Gren.Kernel.Crypto.importEcKey "public" "jwk" (Gren.Kernel.Json.unwrap jwk) "ECDH" (ecNamedCurveToString namedCurve) - (extractableToBool extractable) + True [] From 75adbcc42cf0cb10e378fb7ef48d7bb8b4c7b4ca Mon Sep 17 00:00:00 2001 From: Joey Bright Date: Tue, 3 Jun 2025 14:30:37 -0700 Subject: [PATCH 02/10] Verification functions now return `Task x Bytes` The returned `Bytes` are the `Bytes` that were verified. Allows easier mapping or other actions to be taken with those verified `Bytes`. The error type remains `x` for composability. Ran tests locally and confirmed everything is passing on my machine. --- src/Crypto.gren | 24 ++++++++++++------------ src/Gren/Kernel/Crypto.js | 8 ++++---- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/src/Crypto.gren b/src/Crypto.gren index 5691704f..121360bd 100644 --- a/src/Crypto.gren +++ b/src/Crypto.gren @@ -2077,10 +2077,10 @@ signWithHmac (Key { key }) bytes = {-| Verify that some `Bytes` were signed with the passed `Signature` with the RSA-SSAPKCS1v1.5 algorithm. -This function produces no values. Instead, the `Task` succeeds if the passed -signature is valid and fails otherwise. +The `Task` succeeds with the verified `Bytes` if the passed signature is valid and +fails otherwise. -} -verifyWithRsaSsaPkcs1V1_5 : PublicKey RsaSsaPkcs1V1_5Key RsaKeyParams -> Signature -> Bytes -> Task x a +verifyWithRsaSsaPkcs1V1_5 : PublicKey RsaSsaPkcs1V1_5Key RsaKeyParams -> Signature -> Bytes -> Task x Bytes verifyWithRsaSsaPkcs1V1_5 (PublicKey (Key { key })) signature bytes = Gren.Kernel.Crypto.verifyWithRsaSsaPkcs1V1_5 key @@ -2091,10 +2091,10 @@ verifyWithRsaSsaPkcs1V1_5 (PublicKey (Key { key })) signature bytes = {-| Verify that some `Bytes` were signed with the passed `Signature` with the RSA-PSS algorithm. -This function produces no values. Instead, the `Task` succeeds if the passed -signature is valid and fails otherwise. +The `Task` succeeds with the verified `Bytes` if the passed signature is valid and +fails otherwise. -} -verifyWithRsaPss : RsaPssParams -> PublicKey RsaPssKey RsaKeyParams -> Signature -> Bytes -> Task x a +verifyWithRsaPss : RsaPssParams -> PublicKey RsaPssKey RsaKeyParams -> Signature -> Bytes -> Task x Bytes verifyWithRsaPss { salt } (PublicKey (Key { key })) signature bytes = Gren.Kernel.Crypto.verifyWithRsaPss salt @@ -2106,10 +2106,10 @@ verifyWithRsaPss { salt } (PublicKey (Key { key })) signature bytes = {-| Verify that some `Bytes` were signed with the passed `Signature` with the ECDSA algorithm. -This function produces no values. Instead, the `Task` succeeds if the passed -signature is valid and fails otherwise. +The `Task` succeeds with the verified `Bytes` if the passed signature is valid and +fails otherwise. -} -verifyWithEcdsa : DigestAlgorithm -> PublicKey EcdsaKey EcKeyParams -> Signature -> Bytes -> Task x a +verifyWithEcdsa : DigestAlgorithm -> PublicKey EcdsaKey EcKeyParams -> Signature -> Bytes -> Task x Bytes verifyWithEcdsa hash (PublicKey (Key { key })) signature bytes = Gren.Kernel.Crypto.verifyWithEcdsa (digestAlgorithmToString hash) @@ -2121,10 +2121,10 @@ verifyWithEcdsa hash (PublicKey (Key { key })) signature bytes = {-| Verify that some `Bytes` were signed with the passed `Signature` with the HMAC algorithm. -This function produces no values. Instead, the `Task` succeeds if the passed -signature is valid and fails otherwise. +The `Task` succeeds with the verified `Bytes` if the passed signature is valid and +fails otherwise. -} -verifyWithHmac : Key HmacKey HmacKeyParams -> Signature -> Bytes -> Task x a +verifyWithHmac : Key HmacKey HmacKeyParams -> Signature -> Bytes -> Task x Bytes verifyWithHmac (Key { key }) signature bytes = Gren.Kernel.Crypto.verifyWithHmac key diff --git a/src/Gren/Kernel/Crypto.js b/src/Gren/Kernel/Crypto.js index 7f10578e..d0f9d349 100644 --- a/src/Gren/Kernel/Crypto.js +++ b/src/Gren/Kernel/Crypto.js @@ -678,7 +678,7 @@ var _Crypto_verifyWithRsaSsaPkcs1V1_5 = F3(function (key, signature, bytes) { .verify(algorithm, key, signature, bytes) .then(function (res) { if (res) { - return callback(__Scheduler_succeed()); + return callback(__Scheduler_succeed(bytes)); } return callback(__Scheduler_fail()); }) @@ -698,7 +698,7 @@ var _Crypto_verifyWithRsaPss = F4(function (saltLength, key, signature, bytes) { .verify(algorithm, key, signature, bytes) .then(function (res) { if (res) { - return callback(__Scheduler_succeed()); + return callback(__Scheduler_succeed(bytes)); } return callback(__Scheduler_fail()); }) @@ -718,7 +718,7 @@ var _Crypto_verifyWithEcdsa = F4(function (hash, key, signature, bytes) { .verify(algorithm, key, signature, bytes) .then(function (res) { if (res) { - return callback(__Scheduler_succeed()); + return callback(__Scheduler_succeed(bytes)); } return callback(__Scheduler_fail()); }) @@ -737,7 +737,7 @@ var _Crypto_verifyWithHmac = F3(function (key, signature, bytes) { .verify(algorithm, key, signature, bytes) .then(function (res) { if (res) { - return callback(__Scheduler_succeed()); + return callback(__Scheduler_succeed(bytes)); } return callback(__Scheduler_fail()); }) From afc1c4108f757da0a641d4a86505a22a42e1cb62 Mon Sep 17 00:00:00 2001 From: Joey Bright Date: Wed, 4 Jun 2025 07:29:26 -0700 Subject: [PATCH 03/10] Updated to correct type signature for a failure that produces no values (vs. function not expected to error at all) --- src/Crypto.gren | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/Crypto.gren b/src/Crypto.gren index 121360bd..b89a7867 100644 --- a/src/Crypto.gren +++ b/src/Crypto.gren @@ -2080,7 +2080,7 @@ RSA-SSAPKCS1v1.5 algorithm. The `Task` succeeds with the verified `Bytes` if the passed signature is valid and fails otherwise. -} -verifyWithRsaSsaPkcs1V1_5 : PublicKey RsaSsaPkcs1V1_5Key RsaKeyParams -> Signature -> Bytes -> Task x Bytes +verifyWithRsaSsaPkcs1V1_5 : PublicKey RsaSsaPkcs1V1_5Key RsaKeyParams -> Signature -> Bytes -> Task {} Bytes verifyWithRsaSsaPkcs1V1_5 (PublicKey (Key { key })) signature bytes = Gren.Kernel.Crypto.verifyWithRsaSsaPkcs1V1_5 key @@ -2094,7 +2094,7 @@ RSA-PSS algorithm. The `Task` succeeds with the verified `Bytes` if the passed signature is valid and fails otherwise. -} -verifyWithRsaPss : RsaPssParams -> PublicKey RsaPssKey RsaKeyParams -> Signature -> Bytes -> Task x Bytes +verifyWithRsaPss : RsaPssParams -> PublicKey RsaPssKey RsaKeyParams -> Signature -> Bytes -> Task {} Bytes verifyWithRsaPss { salt } (PublicKey (Key { key })) signature bytes = Gren.Kernel.Crypto.verifyWithRsaPss salt @@ -2109,7 +2109,7 @@ ECDSA algorithm. The `Task` succeeds with the verified `Bytes` if the passed signature is valid and fails otherwise. -} -verifyWithEcdsa : DigestAlgorithm -> PublicKey EcdsaKey EcKeyParams -> Signature -> Bytes -> Task x Bytes +verifyWithEcdsa : DigestAlgorithm -> PublicKey EcdsaKey EcKeyParams -> Signature -> Bytes -> Task {} Bytes verifyWithEcdsa hash (PublicKey (Key { key })) signature bytes = Gren.Kernel.Crypto.verifyWithEcdsa (digestAlgorithmToString hash) @@ -2124,7 +2124,7 @@ HMAC algorithm. The `Task` succeeds with the verified `Bytes` if the passed signature is valid and fails otherwise. -} -verifyWithHmac : Key HmacKey HmacKeyParams -> Signature -> Bytes -> Task x Bytes +verifyWithHmac : Key HmacKey HmacKeyParams -> Signature -> Bytes -> Task {} Bytes verifyWithHmac (Key { key }) signature bytes = Gren.Kernel.Crypto.verifyWithHmac key From 45944323c0f9518ee825a95ecbd14bff713011b2 Mon Sep 17 00:00:00 2001 From: Joey Bright Date: Wed, 4 Jun 2025 07:46:04 -0700 Subject: [PATCH 04/10] Copy edits and improvements --- src/Crypto.gren | 3 +++ src/Gren/Kernel/Crypto.js | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/src/Crypto.gren b/src/Crypto.gren index b89a7867..86f6c20d 100644 --- a/src/Crypto.gren +++ b/src/Crypto.gren @@ -462,6 +462,9 @@ getSecureContext = {-| Denotes if a key can be exported using the `exportKey` or `exportKeyPair` functions. If a key is not marked as exportable when it is created or imported, any attempts to export the key will fail. + +Public keys will always be exportable when generated or imported, regardless of +the `Extractable` value provided when generating the key. -} type Extractable = CanBeExtracted diff --git a/src/Gren/Kernel/Crypto.js b/src/Gren/Kernel/Crypto.js index d0f9d349..21d29bda 100644 --- a/src/Gren/Kernel/Crypto.js +++ b/src/Gren/Kernel/Crypto.js @@ -264,7 +264,7 @@ var _Crypto_generateHmacKey = F5( }, ); -// Exprort key +// Export key var _Crypto_exportKey = F2(function (format, key) { return __Scheduler_binding(function (callback) { From 1ae989cea1514902f708549217df684392c21a1d Mon Sep 17 00:00:00 2001 From: Joey Bright Date: Wed, 4 Jun 2025 07:51:16 -0700 Subject: [PATCH 05/10] Updated kernel function to not return an error as its not expected to fail --- src/Gren/Kernel/Crypto.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Gren/Kernel/Crypto.js b/src/Gren/Kernel/Crypto.js index 21d29bda..c804c3d1 100644 --- a/src/Gren/Kernel/Crypto.js +++ b/src/Gren/Kernel/Crypto.js @@ -202,7 +202,7 @@ var _Crypto_generateAesKey = F4( return callback(__Scheduler_succeed(_Crypto_constructAesKey(key))); }) .catch(function (err) { - return callback(__Scheduler_fail(__Crypto_AesCtrEncryptionError)); + throw "There was an unforseen error that occured when attempting to generate an AES key. This shouldn't happen! Please file a ticket in the `gren-lang/core` Github repo (https://github.com/gren-lang/core)"; }); }); }, From 008894ea07d5f3f01e307dfc6101cb16a1c32ad4 Mon Sep 17 00:00:00 2001 From: Joey Bright Date: Wed, 4 Jun 2025 08:11:32 -0700 Subject: [PATCH 06/10] Removed error type for `encryptWithRsaOaep` function The function is not expected to error and, for that reason, the error type is unnecessary. Shored up testing to make sure it doesn't error in all known cases. New tests pass on my machine. --- integration_tests/src/Test/Crypto.gren | 44 +++++++++++++++++++++++++- src/Crypto.gren | 16 ++-------- src/Gren/Kernel/Crypto.js | 2 +- 3 files changed, 47 insertions(+), 15 deletions(-) diff --git a/integration_tests/src/Test/Crypto.gren b/integration_tests/src/Test/Crypto.gren index a5d4553a..76578ee1 100644 --- a/integration_tests/src/Test/Crypto.gren +++ b/integration_tests/src/Test/Crypto.gren @@ -287,6 +287,48 @@ rsaOaepKeyTests secureContext = , modulusLength = 4096 , hash = Crypto.Sha512 } + , rsaOaepKeyTestHelper + secureContext + { label = "Crypto.Sha256 + 2048 and no label" + , encryptionLabel = Nothing + , modulusLength = 2048 + , hash = Crypto.Sha256 + } + , rsaOaepKeyTestHelper + secureContext + { label = "Crypto.Sha384 + 2048 and no label" + , encryptionLabel = Nothing + , modulusLength = 2048 + , hash = Crypto.Sha384 + } + , rsaOaepKeyTestHelper + secureContext + { label = "Crypto.Sha512 + 2048 and no label" + , encryptionLabel = Nothing + , modulusLength = 2048 + , hash = Crypto.Sha512 + } + , rsaOaepKeyTestHelper + secureContext + { label = "Crypto.Sha256 + 4096 and no label" + , encryptionLabel = Nothing + , modulusLength = 4096 + , hash = Crypto.Sha256 + } + , rsaOaepKeyTestHelper + secureContext + { label = "Crypto.Sha384 + 4096 and no label" + , encryptionLabel = Nothing + , modulusLength = 4096 + , hash = Crypto.Sha384 + } + , rsaOaepKeyTestHelper + secureContext + { label = "Crypto.Sha512 + 4096 and no label" + , encryptionLabel = Nothing + , modulusLength = 4096 + , hash = Crypto.Sha512 + } ] @@ -502,7 +544,7 @@ rsaOaepKeyTestHelper secureContext { label, encryptionLabel, modulusLength, hash publicKey encryptionBytes ) - "Test encrypting a string with an RSA-OAEP public key and no label" + "Test encrypting a string with an RSA-OAEP public key" (\encryptedBytes -> concat [ test "The resulting encrypted bytes do not match the original bytes" diff --git a/src/Crypto.gren b/src/Crypto.gren index 86f6c20d..31f90a05 100644 --- a/src/Crypto.gren +++ b/src/Crypto.gren @@ -5,7 +5,7 @@ module Crypto exposing , getRandomInt32Values, getRandomUInt32Values , randomUuidV4 , RsaOaepParams - , RsaOaepEncryptionError(..), encryptWithRsaOaep + , encryptWithRsaOaep , RsaOaepDecryptionError(..), decryptWithRsaOaep , AesCtrParams , AesCtrEncryptionError(..), encryptWithAesCtr @@ -133,7 +133,7 @@ generate one with the [`generateRsaOaepKeyPair`](#generateRsaOaepKeyPair) functi @docs RsaOaepParams -@docs RsaOaepEncryptionError, encryptWithRsaOaep +@docs encryptWithRsaOaep @docs RsaOaepDecryptionError, decryptWithRsaOaep @@ -1602,20 +1602,10 @@ type alias RsaOaepParams = } -{-| Errors that can happen when encrypting using the [`encryptWithRsaOaep`](#encryptWithRsaOaep) -function. - -This error should only appear if there are problems in kernel code. If you run into it, please -file a ticket! --} -type RsaOaepEncryptionError - = RsaOaepEncryptionError - - {-| Encrypt some `Bytes` with a `PublicKey RsaOaepKey`. You can generate the apporpriate key with the [`generateRsaOaepKeyPair`](#generateRsaOaepKeyPair) function. -} -encryptWithRsaOaep : RsaOaepParams -> PublicKey RsaOaepKey RsaKeyParams -> Bytes -> Task RsaOaepEncryptionError Bytes +encryptWithRsaOaep : RsaOaepParams -> PublicKey RsaOaepKey RsaKeyParams -> Bytes -> Task x Bytes encryptWithRsaOaep { label } (PublicKey (Key { key })) bytes = when label is Nothing -> diff --git a/src/Gren/Kernel/Crypto.js b/src/Gren/Kernel/Crypto.js index c804c3d1..5ee371ff 100644 --- a/src/Gren/Kernel/Crypto.js +++ b/src/Gren/Kernel/Crypto.js @@ -442,7 +442,7 @@ var _Crypto_encryptWithRsaOaep = F3(function (label, key, bytes) { return callback(__Scheduler_succeed(new DataView(res))); }) .catch(function (err) { - return callback(__Scheduler_fail(__Crypto_RsaOaepEncryptionError)); + throw "There was an unforseen error that occured when attempting encrypt some bytes with RSA-OAEP. This shouldn't happen! Please file a ticket in the `gren-lang/core` Github repo (https://github.com/gren-lang/core)"; }); }); }); From c19d8551767aa3f75ee5458828ac2bd2d8d46e95 Mon Sep 17 00:00:00 2001 From: Joey Bright Date: Wed, 4 Jun 2025 08:15:38 -0700 Subject: [PATCH 07/10] Removed error type from `signWithRsaSsaPkcs1V1_5` function The function is not expected to error and, for that reason, the error type is unnecessary. Tests still pass on my machine with the change. --- src/Crypto.gren | 16 +++------------- src/Gren/Kernel/Crypto.js | 2 +- 2 files changed, 4 insertions(+), 14 deletions(-) diff --git a/src/Crypto.gren b/src/Crypto.gren index 31f90a05..55a95b0d 100644 --- a/src/Crypto.gren +++ b/src/Crypto.gren @@ -17,7 +17,7 @@ module Crypto exposing , AesGcmEncryptionError(..), encryptWithAesGcm , AesGcmDecryptionError(..), decryptWithAesGcm , Signature - , RsaSsaPkcs1V1_5SigningError(..), signWithRsaSsaPkcs1V1_5 + , signWithRsaSsaPkcs1V1_5 , verifyWithRsaSsaPkcs1V1_5 , RsaPssParams, RsaPssSigningError(..) , signWithRsaPss, verifyWithRsaPss @@ -186,7 +186,7 @@ Sign and verify some `Bytes` with the RSASSA-PKCS1-v1_5 (Rivest, Shamir, and Adl with Appendix ...) algorithm. These functions require an RSASSA-PKCS1-v1_5 key. You can generate one with the [`generateRsaSsaPkcs1V1_5KeyPair`](#generateRsaSsaPkcs1V1_5KeyPair) function. -@docs RsaSsaPkcs1V1_5SigningError, signWithRsaSsaPkcs1V1_5 +@docs signWithRsaSsaPkcs1V1_5 @docs verifyWithRsaSsaPkcs1V1_5 @@ -1960,21 +1960,11 @@ type alias Signature -- SIGN -{-| Errors that can happen when signing using the -[`signWithRsaSsaPkcs1V1_5`](#signWithRsaSsaPkcs1V1_5) function. - -This error should only appear if there are problems in kernel code. If you run into it, please -file a ticket! --} -type RsaSsaPkcs1V1_5SigningError - = RsaSsaPkcs1V1_5SigningError - - {-| Sign some `Bytes` with the RSA-SSAPKCS1v1.5 algorithm. This produces a `Signature` (which is just some `Bytes`). The `Signature` can be used with the cooresponding verification function to verify that the passed `Bytes` were signed with the passed key. -} -signWithRsaSsaPkcs1V1_5 : PrivateKey RsaSsaPkcs1V1_5Key RsaKeyParams -> Bytes -> Task RsaSsaPkcs1V1_5SigningError Signature +signWithRsaSsaPkcs1V1_5 : PrivateKey RsaSsaPkcs1V1_5Key RsaKeyParams -> Bytes -> Task x Signature signWithRsaSsaPkcs1V1_5 (PrivateKey (Key { key })) bytes = Gren.Kernel.Crypto.signWithRsaSsaPkcs1V1_5 key diff --git a/src/Gren/Kernel/Crypto.js b/src/Gren/Kernel/Crypto.js index 5ee371ff..ebe7b07d 100644 --- a/src/Gren/Kernel/Crypto.js +++ b/src/Gren/Kernel/Crypto.js @@ -612,7 +612,7 @@ var _Crypto_signWithRsaSsaPkcs1V1_5 = F2(function (key, bytes) { return callback(__Scheduler_succeed(new DataView(res))); }) .catch(function (err) { - return callback(__Scheduler_fail(__Crypto_RsaSsaPkcs1V1_5SigningError)); + throw "There was an unforseen error that occured when attempting sign some bytes with RSASSA-PKCS1-v1_5. This shouldn't happen! Please file a ticket in the `gren-lang/core` Github repo (https://github.com/gren-lang/core)"; }); }); }); From c2f284d857ae08dbabef866e736d067805311d08 Mon Sep 17 00:00:00 2001 From: Joey Bright Date: Wed, 4 Jun 2025 08:49:37 -0700 Subject: [PATCH 08/10] Changed argument order for all functions that require `SecureContext` Updated tests - they compile, run, and pass on my machine. --- integration_tests/src/Test/Crypto.gren | 239 ++++++++++++------------- src/Crypto.gren | 164 ++++++++--------- 2 files changed, 201 insertions(+), 202 deletions(-) diff --git a/integration_tests/src/Test/Crypto.gren b/integration_tests/src/Test/Crypto.gren index 76578ee1..47d7da2c 100644 --- a/integration_tests/src/Test/Crypto.gren +++ b/integration_tests/src/Test/Crypto.gren @@ -346,10 +346,10 @@ rsaOaepKeyTestHelper secureContext { label, encryptionLabel, modulusLength, hash concat [ await (Crypto.importRsaOaepPublicKeyFromSpki - exportedKey + secureContext { hash = hash } - secureContext + exportedKey ) (withLabel "Importing a successfully extracted public key") (\importedKey -> @@ -360,10 +360,10 @@ rsaOaepKeyTestHelper secureContext { label, encryptionLabel, modulusLength, hash ) , await (Crypto.importRsaOaepPublicKeyFromSpki - exportedKey + secureContext { hash = shuffleDigestAlgorithm hash } - secureContext + exportedKey ) (withLabel "Importing a successfully extracted public key with the wrong hash") (\importedKey -> @@ -383,10 +383,10 @@ rsaOaepKeyTestHelper secureContext { label, encryptionLabel, modulusLength, hash concat [ await (Crypto.importRsaOaepPublicKeyFromJwk - exportedKey + secureContext { hash = hash } - secureContext + exportedKey ) (withLabel "Importing a successfully extracted public key") (\importedKey -> @@ -397,10 +397,10 @@ rsaOaepKeyTestHelper secureContext { label, encryptionLabel, modulusLength, hash ) , awaitError (Crypto.importRsaOaepPublicKeyFromJwk - exportedKey + secureContext { hash = shuffleDigestAlgorithm hash } - secureContext + exportedKey ) (withLabel "Importing a successfully extracted public key with the wrong hash") (\err -> @@ -415,11 +415,11 @@ rsaOaepKeyTestHelper secureContext { label, encryptionLabel, modulusLength, hash concat [ await (Crypto.generateRsaOaepKeyPair + secureContext { modulusLength = modulusLength , hash = hash , extractable = Crypto.CannotBeExtracted } - secureContext ) (withLabel "Generating a key pair when that is marked as no extractable") (\{ publicKey, privateKey } -> @@ -448,11 +448,11 @@ rsaOaepKeyTestHelper secureContext { label, encryptionLabel, modulusLength, hash ) , await (Crypto.generateRsaOaepKeyPair + secureContext { modulusLength = modulusLength , hash = hash , extractable = Crypto.CanBeExtracted } - secureContext ) (withLabel "Generating a key pair when that is marked as extractable") (\{ publicKey, privateKey } -> @@ -470,11 +470,11 @@ rsaOaepKeyTestHelper secureContext { label, encryptionLabel, modulusLength, hash concat [ await (Crypto.importRsaOaepPrivateKeyFromPkcs8 - exportedKey + secureContext + Crypto.CanBeExtracted { hash = hash } - Crypto.CanBeExtracted - secureContext + exportedKey ) (withLabel "Importing a successfully extracted private key") (\importedKey -> @@ -485,11 +485,11 @@ rsaOaepKeyTestHelper secureContext { label, encryptionLabel, modulusLength, hash ) , await (Crypto.importRsaOaepPrivateKeyFromPkcs8 - exportedKey + secureContext + Crypto.CanBeExtracted { hash = shuffleDigestAlgorithm hash } - Crypto.CanBeExtracted - secureContext + exportedKey ) (withLabel "Importing a successfully extracted private key with the wrong hash") (\importedKey -> @@ -507,11 +507,11 @@ rsaOaepKeyTestHelper secureContext { label, encryptionLabel, modulusLength, hash concat [ await (Crypto.importRsaOaepPrivateKeyFromJwk - exportedKey + secureContext + Crypto.CanBeExtracted { hash = hash } - Crypto.CanBeExtracted - secureContext + exportedKey ) (withLabel "Importing a successfully extracted private key") (\importedKey -> @@ -522,11 +522,11 @@ rsaOaepKeyTestHelper secureContext { label, encryptionLabel, modulusLength, hash ) , awaitError (Crypto.importRsaOaepPrivateKeyFromJwk - exportedKey + secureContext + Crypto.CanBeExtracted { hash = shuffleDigestAlgorithm hash } - Crypto.CanBeExtracted - secureContext + exportedKey ) (withLabel "Importing a successfully extracted private key with the wrong hash") (\err -> @@ -671,10 +671,10 @@ aesCtrTestsHelper secureContext label { aesLength, encryptionLength } = concat [ await (Crypto.generateAesCtrKey + secureContext { length = aesLength , extractable = Crypto.CannotBeExtracted } - secureContext ) (withLabel "Generating a key that is marked as not extractable") (\key -> @@ -701,10 +701,10 @@ aesCtrTestsHelper secureContext label { aesLength, encryptionLength } = ) , await (Crypto.generateAesCtrKey + secureContext { length = aesLength , extractable = Crypto.CanBeExtracted } - secureContext ) (withLabel "Generating a key that is marked as extractable") (\key -> @@ -719,9 +719,9 @@ aesCtrTestsHelper secureContext label { aesLength, encryptionLength } = (\exportedKey -> await (Crypto.importAesCtrKeyFromRaw - exportedKey - Crypto.CanBeExtracted secureContext + Crypto.CanBeExtracted + exportedKey ) "Importing the exported key" (\importedKey -> @@ -737,9 +737,9 @@ aesCtrTestsHelper secureContext label { aesLength, encryptionLength } = (\exportedKey -> await (Crypto.importAesCtrKeyFromJwk - exportedKey - Crypto.CanBeExtracted secureContext + Crypto.CanBeExtracted + exportedKey ) "Importing the exported key" (\importedKey -> @@ -867,10 +867,10 @@ aesCbcTestHelper secureContext label { aesLength } = concat [ await (Crypto.generateAesCbcKey + secureContext { length = aesLength , extractable = Crypto.CannotBeExtracted } - secureContext ) (withLabel "Generating a key that is marked as not extractable") (\key -> @@ -897,10 +897,10 @@ aesCbcTestHelper secureContext label { aesLength } = ) , await (Crypto.generateAesCbcKey + secureContext { length = aesLength , extractable = Crypto.CanBeExtracted } - secureContext ) (withLabel "Generating a key that is marked as extractable") (\key -> @@ -915,9 +915,9 @@ aesCbcTestHelper secureContext label { aesLength } = (\exportedKey -> await (Crypto.importAesCbcKeyFromRaw - exportedKey - Crypto.CanBeExtracted secureContext + Crypto.CanBeExtracted + exportedKey ) "Importing the exported key" (\importedKey -> @@ -933,9 +933,9 @@ aesCbcTestHelper secureContext label { aesLength } = (\exportedKey -> await (Crypto.importAesCbcKeyFromJwk - exportedKey - Crypto.CanBeExtracted secureContext + Crypto.CanBeExtracted + exportedKey ) "Importing the exported key" (\importedKey -> @@ -1209,10 +1209,10 @@ aesGcmTestsHelper secureContext label { aesLength, tagLength } = concat [ await (Crypto.generateAesGcmKey + secureContext { length = aesLength , extractable = Crypto.CannotBeExtracted } - secureContext ) (withLabel "Generating a key that is marked as not extractable") (\key -> @@ -1239,10 +1239,10 @@ aesGcmTestsHelper secureContext label { aesLength, tagLength } = ) , await (Crypto.generateAesGcmKey + secureContext { length = aesLength , extractable = Crypto.CanBeExtracted } - secureContext ) (withLabel "Generating a key that is marked as extractable") (\key -> @@ -1257,9 +1257,9 @@ aesGcmTestsHelper secureContext label { aesLength, tagLength } = (\exportedKey -> await (Crypto.importAesGcmKeyFromRaw - exportedKey - Crypto.CanBeExtracted secureContext + Crypto.CanBeExtracted + exportedKey ) "Importing the exported key" (\importedKey -> @@ -1275,9 +1275,9 @@ aesGcmTestsHelper secureContext label { aesLength, tagLength } = (\exportedKey -> await (Crypto.importAesGcmKeyFromJwk - exportedKey - Crypto.CanBeExtracted secureContext + Crypto.CanBeExtracted + exportedKey ) "Importing the exported key" (\importedKey -> @@ -1533,11 +1533,11 @@ rsaSsaPkcs1V1_5KeyTestsHelper secureContext label { encryptionLabel, modulusLeng concat [ await (Crypto.generateRsaSsaPkcs1V1_5KeyPair + secureContext { modulusLength = modulusLength , hash = hash , extractable = Crypto.CannotBeExtracted } - secureContext ) (withLabel "Generating non-extractable RSA-SSA-PKCS1v1 key pair") (\{ publicKey, privateKey } -> @@ -1547,11 +1547,11 @@ rsaSsaPkcs1V1_5KeyTestsHelper secureContext label { encryptionLabel, modulusLeng "Exporting the generated public key as SPKI" (\exportedPublicKey -> await - (Crypto.importRsaSsaPkcs1V1_5PublicKeyFromSpki - exportedPublicKey + (Crypto.importRsaSsaPkcs1V1_5PublicKeyFromSpki + secureContext { hash = hash } - secureContext + exportedPublicKey ) "Importing the exported key with the same hash" (\importedKey -> @@ -1568,10 +1568,10 @@ rsaSsaPkcs1V1_5KeyTestsHelper secureContext label { encryptionLabel, modulusLeng concat [ await (Crypto.importRsaSsaPkcs1V1_5PublicKeyFromJwk - exportedPublicKey + secureContext { hash = hash } - secureContext + exportedPublicKey ) "Importing the exported key with the same hash" (\importedKey -> @@ -1582,10 +1582,10 @@ rsaSsaPkcs1V1_5KeyTestsHelper secureContext label { encryptionLabel, modulusLeng ) , awaitError (Crypto.importRsaSsaPkcs1V1_5PublicKeyFromJwk - exportedPublicKey + secureContext { hash = shuffleDigestAlgorithm hash } - secureContext + exportedPublicKey ) "Importing the exported key with a different hash" (\err -> @@ -1618,11 +1618,11 @@ rsaSsaPkcs1V1_5KeyTestsHelper secureContext label { encryptionLabel, modulusLeng ) , await (Crypto.generateRsaSsaPkcs1V1_5KeyPair + secureContext { modulusLength = modulusLength , hash = hash , extractable = Crypto.CanBeExtracted } - secureContext ) (withLabel "Generating extractable RSA-SSA-PKCS1v1 key pair") (\{ publicKey, privateKey } -> @@ -1637,10 +1637,10 @@ rsaSsaPkcs1V1_5KeyTestsHelper secureContext label { encryptionLabel, modulusLeng (\exportedPublicKey -> await (Crypto.importRsaSsaPkcs1V1_5PublicKeyFromSpki - exportedPublicKey + secureContext { hash = hash } - secureContext + exportedPublicKey ) "Importing the exported key with the same hash" (\importedKey -> @@ -1657,10 +1657,10 @@ rsaSsaPkcs1V1_5KeyTestsHelper secureContext label { encryptionLabel, modulusLeng concat [ await (Crypto.importRsaSsaPkcs1V1_5PublicKeyFromJwk - exportedPublicKey + secureContext { hash = hash } - secureContext + exportedPublicKey ) "Importing the exported key with the same hash" (\importedKey -> @@ -1671,10 +1671,10 @@ rsaSsaPkcs1V1_5KeyTestsHelper secureContext label { encryptionLabel, modulusLeng ) , awaitError (Crypto.importRsaSsaPkcs1V1_5PublicKeyFromJwk - exportedPublicKey + secureContext { hash = shuffleDigestAlgorithm hash } - secureContext + exportedPublicKey ) "Importing the exported key with a different hash" (\err -> @@ -1691,11 +1691,11 @@ rsaSsaPkcs1V1_5KeyTestsHelper secureContext label { encryptionLabel, modulusLeng (\exportedPrivateKey -> await (Crypto.importRsaSsaPkcs1V1_5PrivateKeyFromPkcs8 - exportedPrivateKey + secureContext + Crypto.CanBeExtracted { hash = hash } - Crypto.CanBeExtracted - secureContext + exportedPrivateKey ) "Importing the exported key with the same hash" (\importedKey -> @@ -1712,11 +1712,11 @@ rsaSsaPkcs1V1_5KeyTestsHelper secureContext label { encryptionLabel, modulusLeng concat [ await (Crypto.importRsaSsaPkcs1V1_5PrivateKeyFromJwk - exportedPrivateKey + secureContext + Crypto.CanBeExtracted { hash = hash } - Crypto.CanBeExtracted - secureContext + exportedPrivateKey ) "Importing the exported key with the same hash" (\importedKey -> @@ -1727,11 +1727,11 @@ rsaSsaPkcs1V1_5KeyTestsHelper secureContext label { encryptionLabel, modulusLeng ) , awaitError (Crypto.importRsaSsaPkcs1V1_5PrivateKeyFromJwk - exportedPrivateKey + secureContext + Crypto.CanBeExtracted { hash = shuffleDigestAlgorithm hash } - Crypto.CanBeExtracted - secureContext + exportedPrivateKey ) "Importing the exported key with a different hash" (\err -> @@ -1825,11 +1825,11 @@ rsaPssTestsHelper secureContext label { modulusLength, hash } = concat [ await (Crypto.generateRsaPssKeyPair + secureContext { modulusLength = modulusLength , hash = hash , extractable = Crypto.CannotBeExtracted } - secureContext ) (withLabel "Generating non-extractable RSA-PSS key pair") (\{ publicKey, privateKey } -> @@ -1840,10 +1840,10 @@ rsaPssTestsHelper secureContext label { modulusLength, hash } = (\exportedPublicKey -> await (Crypto.importRsaPssPublicKeyFromSpki - exportedPublicKey + secureContext { hash = hash } - secureContext + exportedPublicKey ) "Importing the exported key with the same hash" (\importedKey -> @@ -1860,10 +1860,10 @@ rsaPssTestsHelper secureContext label { modulusLength, hash } = concat [ await (Crypto.importRsaPssPublicKeyFromJwk - exportedPublicKey + secureContext { hash = hash } - secureContext + exportedPublicKey ) "Importing the exported key with the same hash" (\importedKey -> @@ -1874,10 +1874,10 @@ rsaPssTestsHelper secureContext label { modulusLength, hash } = ) , awaitError (Crypto.importRsaPssPublicKeyFromJwk - exportedPublicKey + secureContext { hash = shuffleDigestAlgorithm hash } - secureContext + exportedPublicKey ) "Importing the exported key with a different hash" (\err -> @@ -1910,11 +1910,11 @@ rsaPssTestsHelper secureContext label { modulusLength, hash } = ) , await (Crypto.generateRsaPssKeyPair + secureContext { modulusLength = modulusLength , hash = hash , extractable = Crypto.CanBeExtracted - } - secureContext + } ) (withLabel "Generating extractable RSA-PSS key pair") (\{ publicKey, privateKey } -> @@ -1929,10 +1929,10 @@ rsaPssTestsHelper secureContext label { modulusLength, hash } = (\exportedPublicKey -> await (Crypto.importRsaPssPublicKeyFromSpki - exportedPublicKey + secureContext { hash = hash } - secureContext + exportedPublicKey ) "Importing the exported key with the same hash" (\importedKey -> @@ -1949,10 +1949,9 @@ rsaPssTestsHelper secureContext label { modulusLength, hash } = concat [ await (Crypto.importRsaPssPublicKeyFromJwk - exportedPublicKey - { hash = hash - } secureContext + { hash = hash + }exportedPublicKey ) "Importing the exported key with the same hash" (\importedKey -> @@ -1963,10 +1962,10 @@ rsaPssTestsHelper secureContext label { modulusLength, hash } = ) , awaitError (Crypto.importRsaPssPublicKeyFromJwk - exportedPublicKey + secureContext { hash = shuffleDigestAlgorithm hash } - secureContext + exportedPublicKey ) "Importing the exported key with a different hash" (\err -> @@ -1983,11 +1982,11 @@ rsaPssTestsHelper secureContext label { modulusLength, hash } = (\exportedPrivateKey -> await (Crypto.importRsaPssPrivateKeyFromPkcs8 - exportedPrivateKey + secureContext + Crypto.CanBeExtracted { hash = hash } - Crypto.CanBeExtracted - secureContext + exportedPrivateKey ) "Importing the exported key with the same hash" (\importedKey -> @@ -2004,11 +2003,11 @@ rsaPssTestsHelper secureContext label { modulusLength, hash } = concat [ await (Crypto.importRsaPssPrivateKeyFromJwk - exportedPrivateKey + secureContext + Crypto.CanBeExtracted { hash = hash } - Crypto.CanBeExtracted - secureContext + exportedPrivateKey ) "Importing the exported key with the same hash" (\importedKey -> @@ -2019,11 +2018,11 @@ rsaPssTestsHelper secureContext label { modulusLength, hash } = ) , awaitError (Crypto.importRsaPssPrivateKeyFromJwk - exportedPrivateKey + secureContext + Crypto.CanBeExtracted { hash = shuffleDigestAlgorithm hash } - Crypto.CanBeExtracted - secureContext + exportedPrivateKey ) "Importing the exported key with a different hash" (\err -> @@ -2155,10 +2154,10 @@ ecdsaTestsHelper secureContext label { namedCurve, digestAlgorithm } = concat [ await (Crypto.generateEcdsaKeyPair + secureContext { namedCurve = namedCurve , extractable = Crypto.CannotBeExtracted } - secureContext ) (withLabel "Generating a key that cannot be extracted") (\{ publicKey, privateKey } -> @@ -2170,9 +2169,9 @@ ecdsaTestsHelper secureContext label { namedCurve, digestAlgorithm } = concat [ await (Crypto.importEcdsaPublicKeyFromRaw + secureContext namedCurve exportedKey - secureContext ) "Importing the exported key with the same named curve" (\importedKey -> @@ -2183,9 +2182,9 @@ ecdsaTestsHelper secureContext label { namedCurve, digestAlgorithm } = ) , awaitError (Crypto.importEcdsaPublicKeyFromRaw + secureContext (shuffleNamedCurve namedCurve) exportedKey - secureContext ) "Importing the exported key with a different named curve" (\err -> @@ -2203,9 +2202,9 @@ ecdsaTestsHelper secureContext label { namedCurve, digestAlgorithm } = concat [ await (Crypto.importEcdsaPublicKeyFromSpki + secureContext namedCurve exportedKey - secureContext ) "Importing the exported key with the same named curve" (\importedKey -> @@ -2216,9 +2215,9 @@ ecdsaTestsHelper secureContext label { namedCurve, digestAlgorithm } = ) , awaitError (Crypto.importEcdsaPublicKeyFromSpki + secureContext (shuffleNamedCurve namedCurve) exportedKey - secureContext ) "Importing the exported key with a different named curve" (\err -> @@ -2236,9 +2235,9 @@ ecdsaTestsHelper secureContext label { namedCurve, digestAlgorithm } = concat [ await (Crypto.importEcdsaPublicKeyFromJwk + secureContext namedCurve exportedKey - secureContext ) "Importing the exported key with the same named curve" (\importedKey -> @@ -2249,9 +2248,9 @@ ecdsaTestsHelper secureContext label { namedCurve, digestAlgorithm } = ) , awaitError (Crypto.importEcdsaPublicKeyFromJwk + secureContext (shuffleNamedCurve namedCurve) exportedKey - secureContext ) "Importing the exported key with a different named curve" (\err -> @@ -2284,10 +2283,10 @@ ecdsaTestsHelper secureContext label { namedCurve, digestAlgorithm } = ) , await (Crypto.generateEcdsaKeyPair + secureContext { namedCurve = namedCurve , extractable = Crypto.CanBeExtracted } - secureContext ) (withLabel "Generating a key that can be extracted") (\{ publicKey, privateKey } -> @@ -2303,9 +2302,9 @@ ecdsaTestsHelper secureContext label { namedCurve, digestAlgorithm } = concat [ await (Crypto.importEcdsaPublicKeyFromRaw + secureContext namedCurve exportedKey - secureContext ) "Importing the exported key with the same named curve" (\importedKey -> @@ -2316,9 +2315,9 @@ ecdsaTestsHelper secureContext label { namedCurve, digestAlgorithm } = ) , awaitError (Crypto.importEcdsaPublicKeyFromRaw + secureContext (shuffleNamedCurve namedCurve) exportedKey - secureContext ) "Importing the exported key with a different named curve" (\err -> @@ -2336,9 +2335,9 @@ ecdsaTestsHelper secureContext label { namedCurve, digestAlgorithm } = concat [ await (Crypto.importEcdsaPublicKeyFromSpki + secureContext namedCurve exportedKey - secureContext ) "Importing the exported key with the same named curve" (\importedKey -> @@ -2349,9 +2348,9 @@ ecdsaTestsHelper secureContext label { namedCurve, digestAlgorithm } = ) , awaitError (Crypto.importEcdsaPublicKeyFromSpki + secureContext (shuffleNamedCurve namedCurve) exportedKey - secureContext ) "Importing the exported key with a different named curve" (\err -> @@ -2369,9 +2368,9 @@ ecdsaTestsHelper secureContext label { namedCurve, digestAlgorithm } = concat [ await (Crypto.importEcdsaPublicKeyFromJwk + secureContext namedCurve exportedKey - secureContext ) "Importing the exported key with the same named curve" (\importedKey -> @@ -2382,9 +2381,9 @@ ecdsaTestsHelper secureContext label { namedCurve, digestAlgorithm } = ) , awaitError (Crypto.importEcdsaPublicKeyFromJwk + secureContext (shuffleNamedCurve namedCurve) exportedKey - secureContext ) "Importing the exported key with a different named curve" (\err -> @@ -2402,10 +2401,10 @@ ecdsaTestsHelper secureContext label { namedCurve, digestAlgorithm } = concat [ await (Crypto.importEcdsaPrivateKeyFromPkcs8 + secureContext + Crypto.CanBeExtracted namedCurve exportedKey - Crypto.CanBeExtracted - secureContext ) "Importing the exported key with the same named curve" (\importedKey -> @@ -2416,10 +2415,10 @@ ecdsaTestsHelper secureContext label { namedCurve, digestAlgorithm } = ) , awaitError (Crypto.importEcdsaPrivateKeyFromPkcs8 + secureContext + Crypto.CanBeExtracted (shuffleNamedCurve namedCurve) exportedKey - Crypto.CanBeExtracted - secureContext ) "Importing the exported key with a different named curve" (\err -> @@ -2437,10 +2436,10 @@ ecdsaTestsHelper secureContext label { namedCurve, digestAlgorithm } = concat [ await (Crypto.importEcdsaPrivateKeyFromJwk + secureContext + Crypto.CanBeExtracted namedCurve exportedKey - Crypto.CanBeExtracted - secureContext ) "Importing the exported key with the same named curve" (\importedKey -> @@ -2451,10 +2450,10 @@ ecdsaTestsHelper secureContext label { namedCurve, digestAlgorithm } = ) , awaitError (Crypto.importEcdsaPrivateKeyFromJwk + secureContext + Crypto.CanBeExtracted (shuffleNamedCurve namedCurve) exportedKey - Crypto.CanBeExtracted - secureContext ) "Importing the exported key with a different named curve" (\err -> @@ -2553,11 +2552,11 @@ hmacTests secureContext = } , awaitError (Crypto.generateHmacKey + secureContext { length = Just 12 , hash = Crypto.Sha256 , extractable = Crypto.CanBeExtracted } - secureContext ) "Generate an HMAC key with a length of 12" (\err -> @@ -2578,11 +2577,11 @@ generateHmacTestsHelper secureContext label { length, digestAlgorithm } = concat [ await (Crypto.generateHmacKey + secureContext { length = length , hash = digestAlgorithm , extractable = Crypto.CannotBeExtracted } - secureContext ) (withLabel "Generating an HMAC key that cannot be extracted") (\key -> @@ -2609,11 +2608,11 @@ generateHmacTestsHelper secureContext label { length, digestAlgorithm } = ) , await (Crypto.generateHmacKey + secureContext { length = length , hash = digestAlgorithm , extractable = Crypto.CanBeExtracted } - secureContext ) (withLabel "Generating an HMAC key that can be extracted") (\key -> @@ -2628,11 +2627,11 @@ generateHmacTestsHelper secureContext label { length, digestAlgorithm } = (\exportedKey -> await (Crypto.importHmacKeyFromRaw - exportedKey + secureContext + Crypto.CanBeExtracted digestAlgorithm length - Crypto.CanBeExtracted - secureContext + exportedKey ) "Importing the key" (\importedKey -> @@ -2648,11 +2647,11 @@ generateHmacTestsHelper secureContext label { length, digestAlgorithm } = (\exportedKey -> await (Crypto.importHmacKeyFromJwk - exportedKey + secureContext + Crypto.CanBeExtracted digestAlgorithm length - Crypto.CanBeExtracted - secureContext + exportedKey ) "Importing the key" (\importedKey -> diff --git a/src/Crypto.gren b/src/Crypto.gren index 55a95b0d..00d0bb26 100644 --- a/src/Crypto.gren +++ b/src/Crypto.gren @@ -563,8 +563,8 @@ type RsaKeyGenerationError Produces a `KeyPair` that can be used to encrypt data with [`encryptWithRsaOaep`](#encryptWithRsaOaep) and decrypt data with [`decryptWithRsaOaep`](#decryptWithRsaOaep). -} -generateRsaOaepKeyPair : RsaKeyParams -> SecureContext -> Task RsaKeyGenerationError (KeyPair RsaOaepKey RsaKeyParams) -generateRsaOaepKeyPair params _context = +generateRsaOaepKeyPair : SecureContext -> RsaKeyParams -> Task RsaKeyGenerationError (KeyPair RsaOaepKey RsaKeyParams) +generateRsaOaepKeyPair _context params = generateRsaKeyHelper "RSA-OAEP" [ "encrypt", "decrypt" ] @@ -576,8 +576,8 @@ generateRsaOaepKeyPair params _context = Produces a `KeyPair` that can be used to sign data with [`signWithRsaPss`](#signWithRsaPss) and verify data with [`verifyWithRsaPss`](#verifyWithRsaPss). -} -generateRsaPssKeyPair : RsaKeyParams -> SecureContext -> Task RsaKeyGenerationError (KeyPair RsaPssKey RsaKeyParams) -generateRsaPssKeyPair params _context = +generateRsaPssKeyPair : SecureContext -> RsaKeyParams -> Task RsaKeyGenerationError (KeyPair RsaPssKey RsaKeyParams) +generateRsaPssKeyPair _context params = generateRsaKeyHelper "RSA-PSS" [ "sign", "verify" ] @@ -590,8 +590,8 @@ Produces a `KeyPair` that can be used to sign data with [`signWithRsaSsaPkcs1V1_5`](#signWithRsaSsaPkcs1V1_5) and verify data with [`verifyWithRsaSsaPkcs1V1_5`](#verifyWithRsaSsaPkcs1V1_5). -} -generateRsaSsaPkcs1V1_5KeyPair : RsaKeyParams -> SecureContext -> Task RsaKeyGenerationError (KeyPair RsaSsaPkcs1V1_5Key RsaKeyParams) -generateRsaSsaPkcs1V1_5KeyPair params _context = +generateRsaSsaPkcs1V1_5KeyPair : SecureContext -> RsaKeyParams -> Task RsaKeyGenerationError (KeyPair RsaSsaPkcs1V1_5Key RsaKeyParams) +generateRsaSsaPkcs1V1_5KeyPair _context params = generateRsaKeyHelper "RSASSA-PKCS1-v1_5" [ "sign", "verify" ] @@ -672,8 +672,8 @@ type AesLength Produces a `Key` that can be used to encrypt data with [`encryptWithAesCtr`](#encryptWithAesCtr) and decrypt data with [`decryptWithAesCtr`](#decryptWithAesCtr). -} -generateAesCtrKey : AesKeyParams -> SecureContext -> Task x (Key AesCtrKey AesKeyParams) -generateAesCtrKey { length, extractable } _context = +generateAesCtrKey : SecureContext -> AesKeyParams -> Task x (Key AesCtrKey AesKeyParams) +generateAesCtrKey _context { length, extractable } = Gren.Kernel.Crypto.generateAesKey "AES-CTR" (aesLengthToInt length) @@ -686,8 +686,8 @@ generateAesCtrKey { length, extractable } _context = Produces a `Key` that can be used to encrypt data with [`encryptWithAesCbc`](#encryptWithAesCbc) and decrypt data with [`decryptWithAesCbc`](#decryptWithAesCbc). -} -generateAesCbcKey : AesKeyParams -> SecureContext -> Task x (Key AesCbcKey AesKeyParams) -generateAesCbcKey { length, extractable } _context = +generateAesCbcKey : SecureContext -> AesKeyParams -> Task x (Key AesCbcKey AesKeyParams) +generateAesCbcKey _context { length, extractable } = Gren.Kernel.Crypto.generateAesKey "AES-CBC" (aesLengthToInt length) @@ -700,8 +700,8 @@ generateAesCbcKey { length, extractable } _context = Produces a `Key` that can be used to encrypt data with [`encryptWithAesGcm`](#encryptWithAesGcm) and decrypt data with [`decryptWithAesGcm`](#decryptWithAesGcm). -} -generateAesGcmKey : AesKeyParams -> SecureContext -> Task x (Key AesGcmKey AesKeyParams) -generateAesGcmKey { length, extractable } _context = +generateAesGcmKey : SecureContext -> AesKeyParams -> Task x (Key AesGcmKey AesKeyParams) +generateAesGcmKey _context { length, extractable } = Gren.Kernel.Crypto.generateAesKey "AES-GCM" (aesLengthToInt length) @@ -753,8 +753,8 @@ type EcNamedCurve Produces a `KeyPair` that can be used to sign data with [`signWithEcdsa`](#signWithEcdsa) and verify data with [`verifyWithEcdsa`](#verifyWithEcdsa). -} -generateEcdsaKeyPair : EcKeyParams -> SecureContext -> Task x (KeyPair EcdsaKey EcKeyParams) -generateEcdsaKeyPair { namedCurve, extractable } _context = +generateEcdsaKeyPair : SecureContext -> EcKeyParams -> Task x (KeyPair EcdsaKey EcKeyParams) +generateEcdsaKeyPair _context { namedCurve, extractable } = Gren.Kernel.Crypto.generateEcKey "ECDSA" (ecNamedCurveToString namedCurve) @@ -764,8 +764,8 @@ generateEcdsaKeyPair { namedCurve, extractable } _context = {-| Generate a new key using the ECDH algorithm. -} -generateEcdhKeyPair : EcKeyParams -> SecureContext -> Task x (KeyPair EcdhKey EcKeyParams) -generateEcdhKeyPair { namedCurve, extractable } _context = +generateEcdhKeyPair : SecureContext -> EcKeyParams -> Task x (KeyPair EcdhKey EcKeyParams) +generateEcdhKeyPair _context { namedCurve, extractable } = Gren.Kernel.Crypto.generateEcKey "ECDH" (ecNamedCurveToString namedCurve) @@ -819,8 +819,8 @@ type alias HmacKeyParams = Produces a `Key` that can be used to sign data with [`signWithHmac`](#signWithHmac) and verify data with [`verifyWithHmac`](#verifyWithHmac). -} -generateHmacKey : HmacKeyParams -> SecureContext -> Task HmacKeyGenerationError (Key HmacKey HmacKeyParams) -generateHmacKey { hash, length, extractable } _context = +generateHmacKey : SecureContext -> HmacKeyParams -> Task HmacKeyGenerationError (Key HmacKey HmacKeyParams) +generateHmacKey _context { hash, length, extractable } = when length is Just passedLength -> let @@ -1125,8 +1125,8 @@ type ImportRsaKeyError {-|-} -importRsaOaepPublicKeyFromJwk : Json.Encode.Value -> ImportRsaKeyParams -> SecureContext -> Task ImportRsaKeyError (PublicKey RsaOaepKey RsaKeyParams) -importRsaOaepPublicKeyFromJwk jwk { hash } _context = +importRsaOaepPublicKeyFromJwk : SecureContext -> ImportRsaKeyParams -> Json.Encode.Value -> Task ImportRsaKeyError (PublicKey RsaOaepKey RsaKeyParams) +importRsaOaepPublicKeyFromJwk _context { hash } jwk = Gren.Kernel.Crypto.importRsaKey "public" "jwk" @@ -1138,8 +1138,8 @@ importRsaOaepPublicKeyFromJwk jwk { hash } _context = {-|-} -importRsaOaepPublicKeyFromSpki : Bytes -> ImportRsaKeyParams -> SecureContext -> Task ImportRsaKeyError (PublicKey RsaOaepKey RsaKeyParams) -importRsaOaepPublicKeyFromSpki bytes { hash } _context = +importRsaOaepPublicKeyFromSpki : SecureContext -> ImportRsaKeyParams -> Bytes -> Task ImportRsaKeyError (PublicKey RsaOaepKey RsaKeyParams) +importRsaOaepPublicKeyFromSpki _context { hash } bytes = Gren.Kernel.Crypto.importRsaKey "public" "spki" @@ -1151,8 +1151,8 @@ importRsaOaepPublicKeyFromSpki bytes { hash } _context = {-|-} -importRsaPssPublicKeyFromJwk : Json.Encode.Value -> ImportRsaKeyParams -> SecureContext -> Task ImportRsaKeyError (PublicKey RsaPssKey RsaKeyParams) -importRsaPssPublicKeyFromJwk jwk { hash } _context = +importRsaPssPublicKeyFromJwk : SecureContext -> ImportRsaKeyParams -> Json.Encode.Value -> Task ImportRsaKeyError (PublicKey RsaPssKey RsaKeyParams) +importRsaPssPublicKeyFromJwk _context { hash } jwk = Gren.Kernel.Crypto.importRsaKey "public" "jwk" @@ -1164,8 +1164,8 @@ importRsaPssPublicKeyFromJwk jwk { hash } _context = {-|-} -importRsaPssPublicKeyFromSpki : Bytes -> ImportRsaKeyParams -> SecureContext -> Task ImportRsaKeyError (PublicKey RsaPssKey RsaKeyParams) -importRsaPssPublicKeyFromSpki bytes { hash } _context = +importRsaPssPublicKeyFromSpki : SecureContext -> ImportRsaKeyParams -> Bytes -> Task ImportRsaKeyError (PublicKey RsaPssKey RsaKeyParams) +importRsaPssPublicKeyFromSpki _context { hash } bytes = Gren.Kernel.Crypto.importRsaKey "public" "spki" @@ -1177,8 +1177,8 @@ importRsaPssPublicKeyFromSpki bytes { hash } _context = {-|-} -importRsaOaepPrivateKeyFromJwk : Json.Encode.Value -> ImportRsaKeyParams -> Extractable -> SecureContext -> Task ImportRsaKeyError (PrivateKey RsaOaepKey RsaKeyParams) -importRsaOaepPrivateKeyFromJwk jwk { hash } extractable _context = +importRsaOaepPrivateKeyFromJwk : SecureContext -> Extractable -> ImportRsaKeyParams -> Json.Encode.Value -> Task ImportRsaKeyError (PrivateKey RsaOaepKey RsaKeyParams) +importRsaOaepPrivateKeyFromJwk _context extractable { hash } jwk = Gren.Kernel.Crypto.importRsaKey "private" "jwk" @@ -1190,8 +1190,8 @@ importRsaOaepPrivateKeyFromJwk jwk { hash } extractable _context = {-|-} -importRsaOaepPrivateKeyFromPkcs8 : Bytes -> ImportRsaKeyParams -> Extractable -> SecureContext -> Task ImportRsaKeyError (PrivateKey RsaOaepKey RsaKeyParams) -importRsaOaepPrivateKeyFromPkcs8 bytes { hash } extractable _context = +importRsaOaepPrivateKeyFromPkcs8 : SecureContext -> Extractable -> ImportRsaKeyParams -> Bytes -> Task ImportRsaKeyError (PrivateKey RsaOaepKey RsaKeyParams) +importRsaOaepPrivateKeyFromPkcs8 _context extractable { hash } bytes = Gren.Kernel.Crypto.importRsaKey "private" "pkcs8" @@ -1203,8 +1203,8 @@ importRsaOaepPrivateKeyFromPkcs8 bytes { hash } extractable _context = {-|-} -importRsaPssPrivateKeyFromJwk : Json.Encode.Value -> ImportRsaKeyParams -> Extractable -> SecureContext -> Task ImportRsaKeyError (PrivateKey RsaPssKey RsaKeyParams) -importRsaPssPrivateKeyFromJwk jwk { hash } extractable _context = +importRsaPssPrivateKeyFromJwk : SecureContext -> Extractable -> ImportRsaKeyParams -> Json.Encode.Value -> Task ImportRsaKeyError (PrivateKey RsaPssKey RsaKeyParams) +importRsaPssPrivateKeyFromJwk _context extractable { hash } jwk = Gren.Kernel.Crypto.importRsaKey "private" "jwk" @@ -1216,8 +1216,8 @@ importRsaPssPrivateKeyFromJwk jwk { hash } extractable _context = {-|-} -importRsaPssPrivateKeyFromPkcs8 : Bytes -> ImportRsaKeyParams -> Extractable -> SecureContext -> Task ImportRsaKeyError (PrivateKey RsaPssKey RsaKeyParams) -importRsaPssPrivateKeyFromPkcs8 bytes { hash } extractable _context = +importRsaPssPrivateKeyFromPkcs8 : SecureContext -> Extractable -> ImportRsaKeyParams -> Bytes -> Task ImportRsaKeyError (PrivateKey RsaPssKey RsaKeyParams) +importRsaPssPrivateKeyFromPkcs8 _context extractable { hash } bytes = Gren.Kernel.Crypto.importRsaKey "private" "pkcs8" @@ -1229,8 +1229,8 @@ importRsaPssPrivateKeyFromPkcs8 bytes { hash } extractable _context = {-|-} -importRsaSsaPkcs1V1_5PublicKeyFromJwk : Json.Encode.Value -> ImportRsaKeyParams -> SecureContext -> Task ImportRsaKeyError (PublicKey RsaSsaPkcs1V1_5Key RsaKeyParams) -importRsaSsaPkcs1V1_5PublicKeyFromJwk jwk { hash } _context = +importRsaSsaPkcs1V1_5PublicKeyFromJwk : SecureContext -> ImportRsaKeyParams -> Json.Encode.Value -> Task ImportRsaKeyError (PublicKey RsaSsaPkcs1V1_5Key RsaKeyParams) +importRsaSsaPkcs1V1_5PublicKeyFromJwk _context { hash } jwk = Gren.Kernel.Crypto.importRsaKey "public" "jwk" @@ -1242,8 +1242,8 @@ importRsaSsaPkcs1V1_5PublicKeyFromJwk jwk { hash } _context = {-|-} -importRsaSsaPkcs1V1_5PublicKeyFromSpki : Bytes -> ImportRsaKeyParams -> SecureContext -> Task ImportRsaKeyError (PublicKey RsaSsaPkcs1V1_5Key RsaKeyParams) -importRsaSsaPkcs1V1_5PublicKeyFromSpki bytes { hash } _context = +importRsaSsaPkcs1V1_5PublicKeyFromSpki : SecureContext -> ImportRsaKeyParams -> Bytes -> Task ImportRsaKeyError (PublicKey RsaSsaPkcs1V1_5Key RsaKeyParams) +importRsaSsaPkcs1V1_5PublicKeyFromSpki _context { hash } bytes = Gren.Kernel.Crypto.importRsaKey "public" "spki" @@ -1255,8 +1255,8 @@ importRsaSsaPkcs1V1_5PublicKeyFromSpki bytes { hash } _context = {-|-} -importRsaSsaPkcs1V1_5PrivateKeyFromJwk : Json.Encode.Value -> ImportRsaKeyParams -> Extractable -> SecureContext -> Task ImportRsaKeyError (PrivateKey RsaSsaPkcs1V1_5Key RsaKeyParams) -importRsaSsaPkcs1V1_5PrivateKeyFromJwk jwk { hash } extractable _context = +importRsaSsaPkcs1V1_5PrivateKeyFromJwk : SecureContext -> Extractable -> ImportRsaKeyParams -> Json.Encode.Value -> Task ImportRsaKeyError (PrivateKey RsaSsaPkcs1V1_5Key RsaKeyParams) +importRsaSsaPkcs1V1_5PrivateKeyFromJwk _context extractable { hash } jwk = Gren.Kernel.Crypto.importRsaKey "private" "jwk" @@ -1268,8 +1268,8 @@ importRsaSsaPkcs1V1_5PrivateKeyFromJwk jwk { hash } extractable _context = {-|-} -importRsaSsaPkcs1V1_5PrivateKeyFromPkcs8 : Bytes -> ImportRsaKeyParams -> Extractable -> SecureContext -> Task ImportRsaKeyError (PrivateKey RsaSsaPkcs1V1_5Key RsaKeyParams) -importRsaSsaPkcs1V1_5PrivateKeyFromPkcs8 bytes { hash } extractable _context = +importRsaSsaPkcs1V1_5PrivateKeyFromPkcs8 : SecureContext -> Extractable -> ImportRsaKeyParams -> Bytes -> Task ImportRsaKeyError (PrivateKey RsaSsaPkcs1V1_5Key RsaKeyParams) +importRsaSsaPkcs1V1_5PrivateKeyFromPkcs8 _context extractable { hash } bytes = Gren.Kernel.Crypto.importRsaKey "private" "pkcs8" @@ -1291,8 +1291,8 @@ type ImportAesKeyError {-|-} -importAesCtrKeyFromRaw : Bytes -> Extractable -> SecureContext -> Task ImportAesKeyError (Key AesCtrKey AesKeyParams) -importAesCtrKeyFromRaw bytes extractable _context = +importAesCtrKeyFromRaw : SecureContext -> Extractable -> Bytes -> Task ImportAesKeyError (Key AesCtrKey AesKeyParams) +importAesCtrKeyFromRaw _context extractable bytes = Gren.Kernel.Crypto.importAesKey "raw" bytes @@ -1302,8 +1302,8 @@ importAesCtrKeyFromRaw bytes extractable _context = {-|-} -importAesCtrKeyFromJwk : Json.Encode.Value -> Extractable -> SecureContext -> Task ImportAesKeyError (Key AesCtrKey AesKeyParams) -importAesCtrKeyFromJwk jwk extractable _context = +importAesCtrKeyFromJwk : SecureContext -> Extractable -> Json.Encode.Value -> Task ImportAesKeyError (Key AesCtrKey AesKeyParams) +importAesCtrKeyFromJwk _context extractable jwk = Gren.Kernel.Crypto.importAesKey "jwk" (Gren.Kernel.Json.unwrap jwk) @@ -1313,8 +1313,8 @@ importAesCtrKeyFromJwk jwk extractable _context = {-|-} -importAesCbcKeyFromRaw : Bytes -> Extractable -> SecureContext -> Task ImportAesKeyError (Key AesCbcKey AesKeyParams) -importAesCbcKeyFromRaw bytes extractable _context = +importAesCbcKeyFromRaw : SecureContext -> Extractable -> Bytes -> Task ImportAesKeyError (Key AesCbcKey AesKeyParams) +importAesCbcKeyFromRaw _context extractable bytes = Gren.Kernel.Crypto.importAesKey "raw" bytes @@ -1324,8 +1324,8 @@ importAesCbcKeyFromRaw bytes extractable _context = {-|-} -importAesCbcKeyFromJwk : Json.Encode.Value -> Extractable -> SecureContext -> Task ImportAesKeyError (Key AesCbcKey AesKeyParams) -importAesCbcKeyFromJwk jwk extractable _context = +importAesCbcKeyFromJwk : SecureContext -> Extractable -> Json.Encode.Value -> Task ImportAesKeyError (Key AesCbcKey AesKeyParams) +importAesCbcKeyFromJwk _context extractable jwk = Gren.Kernel.Crypto.importAesKey "jwk" (Gren.Kernel.Json.unwrap jwk) @@ -1335,8 +1335,8 @@ importAesCbcKeyFromJwk jwk extractable _context = {-|-} -importAesGcmKeyFromRaw : Bytes -> Extractable -> SecureContext -> Task ImportAesKeyError (Key AesGcmKey AesKeyParams) -importAesGcmKeyFromRaw bytes extractable _context = +importAesGcmKeyFromRaw : SecureContext -> Extractable -> Bytes -> Task ImportAesKeyError (Key AesGcmKey AesKeyParams) +importAesGcmKeyFromRaw _context extractable bytes = Gren.Kernel.Crypto.importAesKey "raw" bytes @@ -1346,8 +1346,8 @@ importAesGcmKeyFromRaw bytes extractable _context = {-|-} -importAesGcmKeyFromJwk : Json.Encode.Value -> Extractable -> SecureContext -> Task ImportAesKeyError (Key AesGcmKey AesKeyParams) -importAesGcmKeyFromJwk jwk extractable _context = +importAesGcmKeyFromJwk : SecureContext -> Extractable -> Json.Encode.Value -> Task ImportAesKeyError (Key AesGcmKey AesKeyParams) +importAesGcmKeyFromJwk _context extractable jwk = Gren.Kernel.Crypto.importAesKey "jwk" (Gren.Kernel.Json.unwrap jwk) @@ -1369,8 +1369,8 @@ type ImportEcKeyError {-|-} -importEcdsaPublicKeyFromRaw : EcNamedCurve -> Bytes -> SecureContext -> Task ImportEcKeyError (PublicKey EcdsaKey EcKeyParams) -importEcdsaPublicKeyFromRaw namedCurve bytes _context = +importEcdsaPublicKeyFromRaw : SecureContext -> EcNamedCurve -> Bytes -> Task ImportEcKeyError (PublicKey EcdsaKey EcKeyParams) +importEcdsaPublicKeyFromRaw _context namedCurve bytes = Gren.Kernel.Crypto.importEcKey "public" "raw" @@ -1382,8 +1382,8 @@ importEcdsaPublicKeyFromRaw namedCurve bytes _context = {-|-} -importEcdsaPublicKeyFromSpki : EcNamedCurve -> Bytes -> SecureContext -> Task ImportEcKeyError (PublicKey EcdsaKey EcKeyParams) -importEcdsaPublicKeyFromSpki namedCurve bytes _context = +importEcdsaPublicKeyFromSpki : SecureContext -> EcNamedCurve -> Bytes -> Task ImportEcKeyError (PublicKey EcdsaKey EcKeyParams) +importEcdsaPublicKeyFromSpki _context namedCurve bytes = Gren.Kernel.Crypto.importEcKey "public" "spki" @@ -1395,8 +1395,8 @@ importEcdsaPublicKeyFromSpki namedCurve bytes _context = {-|-} -importEcdsaPublicKeyFromJwk : EcNamedCurve -> Json.Encode.Value -> SecureContext -> Task ImportEcKeyError (PublicKey EcdsaKey EcKeyParams) -importEcdsaPublicKeyFromJwk namedCurve jwk _context = +importEcdsaPublicKeyFromJwk : SecureContext -> EcNamedCurve -> Json.Encode.Value -> Task ImportEcKeyError (PublicKey EcdsaKey EcKeyParams) +importEcdsaPublicKeyFromJwk _context namedCurve jwk = Gren.Kernel.Crypto.importEcKey "public" "jwk" @@ -1408,8 +1408,8 @@ importEcdsaPublicKeyFromJwk namedCurve jwk _context = {-|-} -importEcdhPublicKeyFromRaw : EcNamedCurve -> Bytes -> SecureContext -> Task ImportEcKeyError (PublicKey EcdhKey EcKeyParams) -importEcdhPublicKeyFromRaw namedCurve bytes _context = +importEcdhPublicKeyFromRaw : SecureContext -> EcNamedCurve -> Bytes -> Task ImportEcKeyError (PublicKey EcdhKey EcKeyParams) +importEcdhPublicKeyFromRaw _context namedCurve bytes = Gren.Kernel.Crypto.importEcKey "public" "raw" @@ -1421,8 +1421,8 @@ importEcdhPublicKeyFromRaw namedCurve bytes _context = {-|-} -importEcdhPublicKeyFromSpki : EcNamedCurve -> Bytes -> SecureContext -> Task ImportEcKeyError (PublicKey EcdhKey EcKeyParams) -importEcdhPublicKeyFromSpki namedCurve bytes _context = +importEcdhPublicKeyFromSpki : SecureContext -> EcNamedCurve -> Bytes -> Task ImportEcKeyError (PublicKey EcdhKey EcKeyParams) +importEcdhPublicKeyFromSpki _context namedCurve bytes = Gren.Kernel.Crypto.importEcKey "public" "spki" @@ -1434,8 +1434,8 @@ importEcdhPublicKeyFromSpki namedCurve bytes _context = {-|-} -importEcdhPublicKeyFromJwk : EcNamedCurve -> Json.Encode.Value -> SecureContext -> Task ImportEcKeyError (PublicKey EcdhKey EcKeyParams) -importEcdhPublicKeyFromJwk namedCurve jwk _context = +importEcdhPublicKeyFromJwk : SecureContext -> EcNamedCurve -> Json.Encode.Value -> Task ImportEcKeyError (PublicKey EcdhKey EcKeyParams) +importEcdhPublicKeyFromJwk _context namedCurve jwk = Gren.Kernel.Crypto.importEcKey "public" "jwk" @@ -1447,8 +1447,8 @@ importEcdhPublicKeyFromJwk namedCurve jwk _context = {-|-} -importEcdsaPrivateKeyFromPkcs8 : EcNamedCurve -> Bytes -> Extractable -> SecureContext -> Task ImportEcKeyError (PrivateKey EcdsaKey EcKeyParams) -importEcdsaPrivateKeyFromPkcs8 namedCurve bytes extractable _context = +importEcdsaPrivateKeyFromPkcs8 : SecureContext -> Extractable -> EcNamedCurve -> Bytes -> Task ImportEcKeyError (PrivateKey EcdsaKey EcKeyParams) +importEcdsaPrivateKeyFromPkcs8 _context extractable namedCurve bytes = Gren.Kernel.Crypto.importEcKey "private" "pkcs8" @@ -1460,8 +1460,8 @@ importEcdsaPrivateKeyFromPkcs8 namedCurve bytes extractable _context = {-|-} -importEcdsaPrivateKeyFromSpki : EcNamedCurve -> Bytes -> Extractable -> SecureContext -> Task ImportEcKeyError (PrivateKey EcdsaKey EcKeyParams) -importEcdsaPrivateKeyFromSpki namedCurve bytes extractable _context = +importEcdsaPrivateKeyFromSpki : SecureContext -> Extractable -> EcNamedCurve -> Bytes -> Task ImportEcKeyError (PrivateKey EcdsaKey EcKeyParams) +importEcdsaPrivateKeyFromSpki _context extractable namedCurve bytes = Gren.Kernel.Crypto.importEcKey "private" "spki" @@ -1473,8 +1473,8 @@ importEcdsaPrivateKeyFromSpki namedCurve bytes extractable _context = {-|-} -importEcdsaPrivateKeyFromJwk : EcNamedCurve -> Json.Encode.Value -> Extractable -> SecureContext -> Task ImportEcKeyError (PrivateKey EcdsaKey EcKeyParams) -importEcdsaPrivateKeyFromJwk namedCurve jwk extractable _context = +importEcdsaPrivateKeyFromJwk : SecureContext -> Extractable -> EcNamedCurve -> Json.Encode.Value -> Task ImportEcKeyError (PrivateKey EcdsaKey EcKeyParams) +importEcdsaPrivateKeyFromJwk _context extractable namedCurve jwk = Gren.Kernel.Crypto.importEcKey "private" "jwk" @@ -1486,8 +1486,8 @@ importEcdsaPrivateKeyFromJwk namedCurve jwk extractable _context = {-|-} -importEcdhPrivateKeyFromPkcs8 : EcNamedCurve -> Bytes -> Extractable -> SecureContext -> Task ImportEcKeyError (PrivateKey EcdhKey EcKeyParams) -importEcdhPrivateKeyFromPkcs8 namedCurve bytes extractable _context = +importEcdhPrivateKeyFromPkcs8 : SecureContext -> Extractable -> EcNamedCurve -> Bytes -> Task ImportEcKeyError (PrivateKey EcdhKey EcKeyParams) +importEcdhPrivateKeyFromPkcs8 _context extractable namedCurve bytes = Gren.Kernel.Crypto.importEcKey "private" "pkcs8" @@ -1499,8 +1499,8 @@ importEcdhPrivateKeyFromPkcs8 namedCurve bytes extractable _context = {-|-} -importEcdhPrivateKeyFromSpki : EcNamedCurve -> Bytes -> Extractable -> SecureContext -> Task ImportEcKeyError (PrivateKey EcdhKey EcKeyParams) -importEcdhPrivateKeyFromSpki namedCurve bytes extractable _context = +importEcdhPrivateKeyFromSpki : SecureContext -> Extractable -> EcNamedCurve -> Bytes -> Task ImportEcKeyError (PrivateKey EcdhKey EcKeyParams) +importEcdhPrivateKeyFromSpki _context extractable namedCurve bytes = Gren.Kernel.Crypto.importEcKey "private" "spki" @@ -1512,8 +1512,8 @@ importEcdhPrivateKeyFromSpki namedCurve bytes extractable _context = {-|-} -importEcdhPrivateKeyFromJwk : EcNamedCurve -> Json.Encode.Value -> Extractable -> SecureContext -> Task ImportEcKeyError (PrivateKey EcdhKey EcKeyParams) -importEcdhPrivateKeyFromJwk namedCurve jwk extractable _context = +importEcdhPrivateKeyFromJwk : SecureContext -> Extractable -> EcNamedCurve -> Json.Encode.Value -> Task ImportEcKeyError (PrivateKey EcdhKey EcKeyParams) +importEcdhPrivateKeyFromJwk _context extractable namedCurve jwk = Gren.Kernel.Crypto.importEcKey "private" "jwk" @@ -1540,8 +1540,8 @@ type ImportHmacKeyError {-|-} -importHmacKeyFromJwk : Json.Encode.Value -> DigestAlgorithm -> Maybe Int -> Extractable -> SecureContext -> Task ImportHmacKeyError (Key HmacKey HmacKeyParams) -importHmacKeyFromJwk jwk hash passedLength extractable _context = +importHmacKeyFromJwk : SecureContext -> Extractable -> DigestAlgorithm -> Maybe Int -> Json.Encode.Value -> Task ImportHmacKeyError (Key HmacKey HmacKeyParams) +importHmacKeyFromJwk _context extractable hash passedLength jwk = when passedLength is Just length -> Gren.Kernel.Crypto.importHmacKey @@ -1565,8 +1565,8 @@ importHmacKeyFromJwk jwk hash passedLength extractable _context = {-|-} -importHmacKeyFromRaw : Bytes -> DigestAlgorithm -> Maybe Int -> Extractable -> SecureContext -> Task ImportHmacKeyError (Key HmacKey HmacKeyParams) -importHmacKeyFromRaw bytes hash passedLength extractable _context = +importHmacKeyFromRaw : SecureContext -> Extractable -> DigestAlgorithm -> Maybe Int -> Bytes -> Task ImportHmacKeyError (Key HmacKey HmacKeyParams) +importHmacKeyFromRaw _context extractable hash passedLength bytes = when passedLength is Just length -> Gren.Kernel.Crypto.importHmacKey From 1713f3c1cad3f75192075f1e39c9394994df898d Mon Sep 17 00:00:00 2001 From: Joey Bright Date: Wed, 4 Jun 2025 12:11:48 -0700 Subject: [PATCH 09/10] Improved test for verification functions Now that verification functions, when successfully run, return the verified bytes, checking if those bytes are the same as the bytes originally passed to the function. --- integration_tests/src/Test/Crypto.gren | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/integration_tests/src/Test/Crypto.gren b/integration_tests/src/Test/Crypto.gren index 47d7da2c..622732d9 100644 --- a/integration_tests/src/Test/Crypto.gren +++ b/integration_tests/src/Test/Crypto.gren @@ -1750,10 +1750,10 @@ rsaSsaPkcs1V1_5KeyTestsHelper secureContext label { encryptionLabel, modulusLeng [ await (Crypto.verifyWithRsaSsaPkcs1V1_5 publicKey signature bytesToSign) "Verifying signed bytes" - (\_ -> - test "Succeeds when bytes that are being verified were the same as what was signed" + (\verifiedBytes -> + test "The verified bytes are the same as the bytes passed to verify function" (\_ -> - Expect.pass + Expect.equal verifiedBytes bytesToSign ) ) , awaitError @@ -2041,10 +2041,10 @@ rsaPssTestsHelper secureContext label { modulusLength, hash } = [ await (Crypto.verifyWithRsaPss { salt = digestAlgorithmMaxSalt hash } publicKey signature bytesToSign) "Verifying signed bytes" - (\_ -> - test "Succeeds when bytes that are being verified were the same as what was signed" + (\verifiedBytes -> + test "The verified bytes are the same as the bytes passed to verification function" (\_ -> - Expect.pass + Expect.equal verifiedBytes bytesToSign ) ) , awaitError @@ -2472,10 +2472,10 @@ ecdsaTestsHelper secureContext label { namedCurve, digestAlgorithm } = [ await (Crypto.verifyWithEcdsa digestAlgorithm publicKey signature bytesToSign) "Verifying signed bytes" - (\_ -> - test "Succeeds when bytes that are being verified were the same as what was signed" + (\verifiedBytes -> + test "The verified bytes are the same as the signed bytes" (\_ -> - Expect.pass + Expect.equal verifiedBytes bytesToSign ) ) , awaitError @@ -2669,10 +2669,10 @@ generateHmacTestsHelper secureContext label { length, digestAlgorithm } = [ await (Crypto.verifyWithHmac key signature bytesToSign) "Verifying bytes" - (\_ -> - test "Verifying bytes with the right signature succeeds" + (\verifiedBytes -> + test "The verified bytes equal the bytes passed for verification" (\_ -> - Expect.pass + Expect.equal verifiedBytes bytesToSign ) ) , awaitError From 215ab8582b5fa017e1fbc696e94ca7f0b8322081 Mon Sep 17 00:00:00 2001 From: Joey Bright Date: Wed, 4 Jun 2025 12:20:34 -0700 Subject: [PATCH 10/10] Removed unused function for exporting private keys to SPKI format --- src/Crypto.gren | 6 ------ 1 file changed, 6 deletions(-) diff --git a/src/Crypto.gren b/src/Crypto.gren index 00d0bb26..415db1a9 100644 --- a/src/Crypto.gren +++ b/src/Crypto.gren @@ -1081,12 +1081,6 @@ exportPublicKeyAsSpki = exportPublicKeyHelper "spki" -{-|-} -exportKeyAsSpki : Key a b -> Task ExportKeyError Bytes -exportKeyAsSpki = - exportKeyHelper "spki" - - {-|-} exportPublicKeyAsJwk : Key a b -> Task {} Json.Encode.Value exportPublicKeyAsJwk key =