Update to proxy hkdf and pbkdf

Author: nealfennimore

src/aes/aes_cbc.ts

@@ -12,7 +12,7 @@ import {
     Alg,
 } from "./shared.js";
 
-const handler: ProxyHandler<AesCbcCryptoKey> = {
+export const handler: ProxyHandler<AesCbcCryptoKey> = {
     get(target: AesCbcCryptoKey, prop: string) {
         switch (prop) {
             case "self":

src/aes/aes_ctr.ts

@@ -13,7 +13,7 @@ import {
     Alg,
 } from "./shared.js";
 
-const handler: ProxyHandler<AesCtrCryptoKey> = {
+export const handler: ProxyHandler<AesCtrCryptoKey> = {
     get(target: AesCtrCryptoKey, prop: string) {
         switch (prop) {
             case "self":

src/aes/aes_gcm.ts

@@ -11,7 +11,7 @@ import {
     Alg,
 } from "./shared.js";
 
-const handler: ProxyHandler<AesGcmCryptoKey> = {
+export const handler: ProxyHandler<AesGcmCryptoKey> = {
     get(target: AesGcmCryptoKey, prop: string) {
         switch (prop) {
             case "self":

src/aes/aes_kw.ts

@@ -11,7 +11,7 @@ import {
     Alg,
 } from "./shared.js";
 
-const handler: ProxyHandler<AesKwCryptoKey> = {
+export const handler: ProxyHandler<AesKwCryptoKey> = {
     get(target: AesKwCryptoKey, prop: string) {
         switch (prop) {
             case "self":

src/aes/shared.ts

@@ -237,3 +237,9 @@ export interface AesKwProxiedCryptoKey
 
     exportKey: (format: KeyFormat) => Promise<JsonWebKey | ArrayBuffer>;
 }
+
+export type AesProxiedCryptoKeys =
+    | AesCbcProxiedCryptoKey
+    | AesKwProxiedCryptoKey
+    | AesGcmProxiedCryptoKey
+    | AesCtrProxiedCryptoKey;

src/hmac/index.ts

@@ -18,7 +18,7 @@ export interface HmacProxiedCryptoKey
     exportKey: (format: KeyFormat) => Promise<JsonWebKey | ArrayBuffer>;
 }
 
-const handler: ProxyHandler<HmacCryptoKey> = {
+export const handler: ProxyHandler<HmacCryptoKey> = {
     get(target: HmacCryptoKey, prop: string) {
         switch (prop) {
             case "self":

src/kdf/hkdf.ts

@@ -2,6 +2,28 @@
  * Code related to HKDF
  * @module
  */
+import { handler as AesCbcHandler } from "../aes/aes_cbc.js";
+import { handler as AesCtrHandler } from "../aes/aes_ctr.js";
+import { handler as AesGcmHandler } from "../aes/aes_gcm.js";
+import { handler as AesKwHandler } from "../aes/aes_kw.js";
+import {
+    Alg as AesAlg,
+    AesCbcCryptoKey,
+    AesCbcProxiedCryptoKey,
+    AesCtrCryptoKey,
+    AesCtrProxiedCryptoKey,
+    AesGcmCryptoKey,
+    AesGcmProxiedCryptoKey,
+    AesKwCryptoKey,
+    AesKwProxiedCryptoKey,
+    AesProxiedCryptoKeys,
+} from "../aes/shared.js";
+import {
+    Alg as HmacAlg,
+    HmacCryptoKey,
+    HmacProxiedCryptoKey,
+    handler as hmacHandler,
+} from "../hmac/index.js";
 import * as params from "../params.js";
 import * as proxy from "../proxy.js";
 import {
@@ -98,17 +120,47 @@ export const generateKeyMaterial = async (
  *      hmacParams
  * );
  * ```
+ * @example
+ * ```ts
+ * const keyMaterial = await HKDF.generateKeyMaterial(
+ *     "raw",
+ *     await Random.getValues(16)
+ * );
+ * let key = await HKDF.deriveKey(
+ *     {
+ *         hash: "SHA-256",
+ *         salt,
+ *     },
+ *     keyMaterial.self,
+ *     {
+ *         name: "AES-GCM",
+ *         length: 256,
+ *     }
+ * );
+ * ```
+ * @example
+ * ```ts
+ * const key = await keyMaterial.deriveKey(
+ *     {
+ *         hash: "SHA-256",
+ *         salt,
+ *     },
+ *     {
+ *         name: "AES-GCM",
+ *         length: 256,
+ *     }
+ * );
  */
-export const deriveKey = (
+export const deriveKey = async (
     algorithm: Omit<params.EnforcedHkdfParams, "name">,
     baseKey: HkdfKeyMaterial,
     derivedKeyType:
         | params.EnforcedAesKeyGenParams
         | params.EnforcedHmacKeyGenParams,
     extractable?: boolean,
     keyUsages?: KeyUsage[]
-) =>
-    KdfShared.deriveKey(
+): Promise<HmacProxiedCryptoKey | AesProxiedCryptoKeys> => {
+    const derived = await KdfShared.deriveKey(
         {
             ...algorithm,
             name: Alg.Variant.HKDF,
@@ -119,6 +171,32 @@ export const deriveKey = (
         keyUsages
     );
 
+    switch (derivedKeyType.name) {
+        case HmacAlg.Code.HMAC:
+            return proxy.proxifyKey<HmacCryptoKey, HmacProxiedCryptoKey>(
+                hmacHandler
+            )(derived as HmacCryptoKey);
+        case AesAlg.Mode.AES_CBC:
+            return proxy.proxifyKey<AesCbcCryptoKey, AesCbcProxiedCryptoKey>(
+                AesCbcHandler
+            )(derived as AesCbcCryptoKey);
+        case AesAlg.Mode.AES_CTR:
+            return proxy.proxifyKey<AesCtrCryptoKey, AesCtrProxiedCryptoKey>(
+                AesCtrHandler
+            )(derived as AesCtrCryptoKey);
+        case AesAlg.Mode.AES_GCM:
+            return proxy.proxifyKey<AesGcmCryptoKey, AesGcmProxiedCryptoKey>(
+                AesGcmHandler
+            )(derived as AesGcmCryptoKey);
+        case AesAlg.Mode.AES_KW:
+            return proxy.proxifyKey<AesKwCryptoKey, AesKwProxiedCryptoKey>(
+                AesKwHandler
+            )(derived as AesKwCryptoKey);
+    }
+
+    throw new Error("Invalid alg");
+};
+
 /**
  * Derive a number bits with a given key material
  * @example

src/kdf/pbkdf.ts

@@ -2,6 +2,28 @@
  * Code related to PBKDF2
  * @module
  */
+import { handler as AesCbcHandler } from "../aes/aes_cbc.js";
+import { handler as AesCtrHandler } from "../aes/aes_ctr.js";
+import { handler as AesGcmHandler } from "../aes/aes_gcm.js";
+import { handler as AesKwHandler } from "../aes/aes_kw.js";
+import {
+    Alg as AesAlg,
+    AesCbcCryptoKey,
+    AesCbcProxiedCryptoKey,
+    AesCtrCryptoKey,
+    AesCtrProxiedCryptoKey,
+    AesGcmCryptoKey,
+    AesGcmProxiedCryptoKey,
+    AesKwCryptoKey,
+    AesKwProxiedCryptoKey,
+    AesProxiedCryptoKeys,
+} from "../aes/shared.js";
+import {
+    Alg as HmacAlg,
+    HmacCryptoKey,
+    HmacProxiedCryptoKey,
+    handler as hmacHandler,
+} from "../hmac/index.js";
 import * as params from "../params.js";
 import * as proxy from "../proxy.js";
 import { Alg as SHA } from "../sha/shared.js";
@@ -82,39 +104,74 @@ export const generateKeyMaterial = async (
  * @example
  * ```ts
  * const hmacParams: params.EnforcedHmacKeyGenParams = {
- *      name: Authentication.Alg.Code.HMAC,
- *      hash: SHA.Alg.Variant.SHA_512,
- *      length: 512,
+ *     name: Authentication.Alg.Code.HMAC,
+ *     hash: SHA.Alg.Variant.SHA_512,
+ *     length: 512,
  * };
  * let key = await PBKDF2.deriveKey(
- *      { hash: "SHA512" },
- *      keyMaterial,
- *      hmacParams
+ *     { hash: "SHA512" },
+ *     keyMaterial,
+ *     hmacParams
  * );
  * ```
  * @example
  * ```ts
  * const hmacParams: params.EnforcedHmacKeyGenParams = {
- *      name: Authentication.Alg.Code.HMAC,
- *      hash: SHA.Alg.Variant.SHA_512,
- *      length: 512,
+ *     name: Authentication.Alg.Code.HMAC,
+ *     hash: SHA.Alg.Variant.SHA_512,
+ *     length: 512,
  * };
+ * const keyMaterial = await PBKDF2.generateKeyMaterial(
+ *     "raw",
+ *     await Random.getValues(16)
+ * );
  * let key = await keyMaterial.deriveKey(
- *      { hash: "SHA512" },
- *      hmacParams
+ *     { hash: "SHA512" },
+ *     hmacParams
+ * );
+ * ```
+ * @example
+ * ```ts
+ * const keyMaterial = await PBKDF2.generateKeyMaterial(
+ *     "raw",
+ *     await Random.getValues(16)
+ * );
+ * let key = await PBKDF2.deriveKey(
+ *     {
+ *         hash: "SHA-256",
+ *         salt,
+ *     },
+ *     keyMaterial.self,
+ *     {
+ *         name: "AES-GCM",
+ *         length: 256,
+ *     }
+ * );
+ * ```
+ * @example
+ * ```ts
+ * const key = await keyMaterial.deriveKey(
+ *     {
+ *         hash: "SHA-256",
+ *         salt,
+ *     },
+ *     {
+ *         name: "AES-GCM",
+ *         length: 256,
+ *     }
  * );
  * ```
  */
-export const deriveKey = (
+export const deriveKey = async (
     algorithm: Omit<params.EnforcedPbkdf2Params, "name" | "iterations">,
     baseKey: Pbkdf2KeyMaterial,
     derivedKeyType:
         | params.EnforcedAesKeyGenParams
         | params.EnforcedHmacKeyGenParams,
     extractable?: boolean,
     keyUsages?: KeyUsage[]
-) =>
-    KdfShared.deriveKey(
+): Promise<HmacProxiedCryptoKey | AesProxiedCryptoKeys> => {
+    const derived = await KdfShared.deriveKey(
         {
             ...algorithm,
             name: Alg.Variant.PBKDF2,
@@ -128,6 +185,32 @@ export const deriveKey = (
         keyUsages
     );
 
+    switch (derivedKeyType.name) {
+        case HmacAlg.Code.HMAC:
+            return proxy.proxifyKey<HmacCryptoKey, HmacProxiedCryptoKey>(
+                hmacHandler
+            )(derived as HmacCryptoKey);
+        case AesAlg.Mode.AES_CBC:
+            return proxy.proxifyKey<AesCbcCryptoKey, AesCbcProxiedCryptoKey>(
+                AesCbcHandler
+            )(derived as AesCbcCryptoKey);
+        case AesAlg.Mode.AES_CTR:
+            return proxy.proxifyKey<AesCtrCryptoKey, AesCtrProxiedCryptoKey>(
+                AesCtrHandler
+            )(derived as AesCtrCryptoKey);
+        case AesAlg.Mode.AES_GCM:
+            return proxy.proxifyKey<AesGcmCryptoKey, AesGcmProxiedCryptoKey>(
+                AesGcmHandler
+            )(derived as AesGcmCryptoKey);
+        case AesAlg.Mode.AES_KW:
+            return proxy.proxifyKey<AesKwCryptoKey, AesKwProxiedCryptoKey>(
+                AesKwHandler
+            )(derived as AesKwCryptoKey);
+    }
+
+    throw new Error("Invalid alg");
+};
+
 /**
  * Derive a number bits with a given key material
  * @example