Migrate webcrypto module to use shared web declarations

Author: whyoleg

build-logic/src/main/kotlin/ckbuild/OptIns.kt

@@ -11,4 +11,5 @@ object OptIns {
 
     const val ExperimentalStdlibApi = "kotlin.ExperimentalStdlibApi"
     const val ExperimentalForeignApi = "kotlinx.cinterop.ExperimentalForeignApi"
+    const val ExperimentalWasmJsInterop = "kotlin.js.ExperimentalWasmJsInterop"
 }

cryptography-providers/tests/src/wasmJsMain/kotlin/TestPlatform.wasmJs.kt

@@ -2,6 +2,8 @@
  * Copyright (c) 2023-2025 Oleg Yukhnevich. Use of this source code is governed by the Apache 2.0 license.
  */
 
+@file:OptIn(kotlin.js.ExperimentalWasmJsInterop::class)
+
 package dev.whyoleg.cryptography.providers.tests
 
 internal actual val currentTestPlatform: TestPlatform = jsPlatform().run {

cryptography-providers/webcrypto/build.gradle.kts

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2023-2024 Oleg Yukhnevich. Use of this source code is governed by the Apache 2.0 license.
+ * Copyright (c) 2023-2025 Oleg Yukhnevich. Use of this source code is governed by the Apache 2.0 license.
  */
 
 import ckbuild.*
@@ -20,6 +20,8 @@ kotlin {
         optIn.addAll(
             OptIns.DelicateCryptographyApi,
             OptIns.CryptographyProviderApi,
+
+            OptIns.ExperimentalWasmJsInterop,
         )
         freeCompilerArgs.add("-Xexpect-actual-classes")
     }

cryptography-providers/webcrypto/src/commonMain/kotlin/internal/Algorithms.kt

@@ -1,55 +1,107 @@
 /*
- * Copyright (c) 2024 Oleg Yukhnevich. Use of this source code is governed by the Apache 2.0 license.
+ * Copyright (c) 2024-2025 Oleg Yukhnevich. Use of this source code is governed by the Apache 2.0 license.
  */
 
 @file:Suppress("FunctionName")
 
 package dev.whyoleg.cryptography.providers.webcrypto.internal
 
-// marker interface
-internal expect interface Algorithm
+import kotlin.js.*
 
-internal expect fun Algorithm(name: String): Algorithm
+internal external interface Algorithm
 
-internal expect fun AesKeyGenerationAlgorithm(name: String, length: Int): Algorithm
+internal fun Algorithm(name: String): Algorithm =
+    js("({ name: name })")
 
-internal expect fun AesCbcCipherAlgorithm(iv: ByteArray): Algorithm
+internal fun AesKeyGenerationAlgorithm(name: String, length: Int): Algorithm =
+    js("({ name: name, length: length })")
 
-internal expect fun AesCtrCipherAlgorithm(counter: ByteArray, length: Int): Algorithm
+internal fun AesCbcCipherAlgorithm(iv: ByteArray): Algorithm =
+    jsAesCbcCipherAlgorithm(iv.toInt8Array())
 
-internal expect fun AesGcmCipherAlgorithm(additionalData: ByteArray?, iv: ByteArray, tagLength: Int): Algorithm
+private fun jsAesCbcCipherAlgorithm(iv: Int8Array): Algorithm =
+    js("({ name: 'AES-CBC', iv: iv })")
 
-internal expect fun HmacKeyAlgorithm(hash: String, length: Int?): Algorithm
+internal fun AesCtrCipherAlgorithm(counter: ByteArray, length: Int): Algorithm =
+    jsAesCtrCipherAlgorithm(counter.toInt8Array(), length)
 
-internal expect fun EcKeyAlgorithm(
-    name: String, //ECDSA | ECDH
-    namedCurve: String, //P-256, P-384, P-521
-): Algorithm
+private fun jsAesCtrCipherAlgorithm(counter: Int8Array, length: Int): Algorithm =
+    js("({ name: 'AES-CTR', counter: counter, length: length })")
 
-internal expect val Algorithm.ecKeyAlgorithmNamedCurve: String
+internal fun AesGcmCipherAlgorithm(additionalData: ByteArray?, iv: ByteArray, tagLength: Int): Algorithm = when (additionalData) {
+    null -> jsAesGcmCipherAlgorithm(iv.toInt8Array(), tagLength)
+    else -> jsAesGcmCipherAlgorithm(iv.toInt8Array(), tagLength, additionalData.toInt8Array())
+}
 
-internal expect fun EcdsaSignatureAlgorithm(hash: String): Algorithm
+private fun jsAesGcmCipherAlgorithm(iv: Int8Array, tagLength: Int): Algorithm =
+    js("({ name: 'AES-GCM', iv: iv, tagLength: tagLength })")
 
-internal expect fun EcdhKeyDeriveAlgorithm(publicKey: CryptoKey): Algorithm
+private fun jsAesGcmCipherAlgorithm(iv: Int8Array, tagLength: Int, additionalData: Int8Array): Algorithm =
+    js("({ name: 'AES-GCM', iv: iv, tagLength: tagLength, additionalData: additionalData })")
 
-internal expect fun Pbkdf2DeriveAlgorithm(hash: String, iterations: Int, salt: ByteArray): Algorithm
+internal fun HmacKeyAlgorithm(hash: String, length: Int?): Algorithm = when (length) {
+    null -> jsHmacKeyAlgorithm(hash)
+    else -> jsHmacKeyAlgorithm(hash, length)
+}
 
-internal expect fun HkdfDeriveAlgorithm(hash: String, salt: ByteArray, info: ByteArray): Algorithm
+private fun jsHmacKeyAlgorithm(hash: String): Algorithm =
+    js("({ name: 'HMAC', hash: hash })")
 
-internal expect fun RsaKeyGenerationAlgorithm(
-    name: String, //RSA-PSS | RSA-OAEP
-    modulusLength: Int,
-    publicExponent: ByteArray,
-    hash: String,
-): Algorithm
+private fun jsHmacKeyAlgorithm(hash: String, length: Int): Algorithm =
+    js("({ name: 'HMAC', hash: hash, length: length })")
 
-internal expect fun RsaKeyImportAlgorithm(
-    name: String, //RSA-PSS | RSA-OAEP
-    hash: String,
-): Algorithm
+internal fun EcKeyAlgorithm(name: String, namedCurve: String): Algorithm =
+    js("({ name: name, namedCurve: namedCurve })")
 
-internal expect fun RsaOaepCipherAlgorithm(label: ByteArray?): Algorithm
+internal val Algorithm.ecKeyAlgorithmNamedCurve: String get() = ecKeyAlgorithmNamedCurve(this)
 
-internal expect fun RsaPssSignatureAlgorithm(saltLength: Int): Algorithm
+@Suppress("UNUSED_PARAMETER")
+private fun ecKeyAlgorithmNamedCurve(algorithm: Algorithm): String = js("algorithm.namedCurve")
 
-internal expect val Algorithm.rsaKeyAlgorithmHashName: String
+internal fun EcdsaSignatureAlgorithm(hash: String): Algorithm =
+    js("({ name: 'ECDSA', hash: hash })")
+
+internal fun EcdhKeyDeriveAlgorithm(publicKey: CryptoKey): Algorithm =
+    js("({ name: 'ECDH', public: publicKey })")
+
+internal fun Pbkdf2DeriveAlgorithm(hash: String, iterations: Int, salt: ByteArray): Algorithm =
+    jsPbkdf2DeriveAlgorithm(hash, iterations, salt.toInt8Array())
+
+private fun jsPbkdf2DeriveAlgorithm(hash: String, iterations: Int, salt: Int8Array): Algorithm =
+    js("({ name: 'PBKDF2', hash: hash, iterations: iterations, salt: salt })")
+
+internal fun HkdfDeriveAlgorithm(hash: String, salt: ByteArray, info: ByteArray): Algorithm =
+    jsHkdfDeriveAlgorithm(hash, salt.toInt8Array(), info.toInt8Array())
+
+private fun jsHkdfDeriveAlgorithm(hash: String, salt: Int8Array, info: Int8Array): Algorithm =
+    js("({ name: 'HKDF', hash: hash, salt: salt, info: info })")
+
+internal fun RsaKeyGenerationAlgorithm(name: String, modulusLength: Int, publicExponent: ByteArray, hash: String): Algorithm {
+    val publicExponent2 = publicExponent.toInt8Array().let { Uint8Array(it.buffer, it.byteOffset, it.length) }
+    return jsRsaKeyGenerationAlgorithm(name, modulusLength, publicExponent2, hash)
+}
+
+private fun jsRsaKeyGenerationAlgorithm(name: String, modulusLength: Int, publicExponent: Uint8Array, hash: String): Algorithm =
+    js("({ name: name, modulusLength: modulusLength, publicExponent: publicExponent, hash: hash })")
+
+internal fun RsaKeyImportAlgorithm(name: String, hash: String): Algorithm =
+    js("({ name: name, hash: hash })")
+
+internal fun RsaOaepCipherAlgorithm(label: ByteArray?): Algorithm = when (label) {
+    null -> jsRsaOaepCipherAlgorithm()
+    else -> jsRsaOaepCipherAlgorithm(label.toInt8Array())
+}
+
+private fun jsRsaOaepCipherAlgorithm(): Algorithm =
+    js("({ name: 'RSA-OAEP' })")
+
+private fun jsRsaOaepCipherAlgorithm(label: Int8Array): Algorithm =
+    js("({ name: 'RSA-OAEP', label: label })")
+
+internal fun RsaPssSignatureAlgorithm(saltLength: Int): Algorithm =
+    js("({ name: 'RSA-PSS', saltLength: saltLength })")
+
+internal val Algorithm.rsaKeyAlgorithmHashName: String get() = rsaKeyAlgorithmHashName(this)
+
+@Suppress("UNUSED_PARAMETER")
+private fun rsaKeyAlgorithmHashName(algorithm: Algorithm): String = js("algorithm.hash.name")

cryptography-providers/webcrypto/src/commonMain/kotlin/internal/Keys.kt

@@ -4,11 +4,16 @@
 
 package dev.whyoleg.cryptography.providers.webcrypto.internal
 
-internal expect interface CryptoKey
+import kotlin.js.*
 
-internal expect interface CryptoKeyPair {
+internal external interface CryptoKey : JsAny
+
+internal external interface CryptoKeyPair : JsAny {
     val privateKey: CryptoKey
     val publicKey: CryptoKey
 }
 
-internal expect val CryptoKey.algorithm: Algorithm
+internal val CryptoKey.algorithm: Algorithm get() = keyAlgorithm(this)
+
+@Suppress("UNUSED_PARAMETER")
+private fun keyAlgorithm(key: CryptoKey): Algorithm = js("key.algorithm")

cryptography-providers/webcrypto/src/wasmJsMain/kotlin/internal/SubtleCrypto.wasmJs.kt renamed to cryptography-providers/webcrypto/src/commonMain/kotlin/internal/SubtleCrypto.kt

@@ -4,7 +4,7 @@
 
 package dev.whyoleg.cryptography.providers.webcrypto.internal
 
-import kotlin.js.Promise
+import kotlin.js.*
 
 internal external interface SubtleCrypto {
     fun digest(algorithmName: String, data: Int8Array): Promise<ArrayBuffer>

cryptography-providers/webcrypto/src/commonMain/kotlin/internal/WebCrypto.kt

@@ -1,31 +1,71 @@
 /*
- * Copyright (c) 2024 Oleg Yukhnevich. Use of this source code is governed by the Apache 2.0 license.
+ * Copyright (c) 2024-2025 Oleg Yukhnevich. Use of this source code is governed by the Apache 2.0 license.
  */
 
 package dev.whyoleg.cryptography.providers.webcrypto.internal
 
-internal expect object WebCrypto {
-    suspend fun digest(algorithmName: String, data: ByteArray): ByteArray
+import kotlin.js.*
+import kotlin.text.decodeToString
+import kotlin.text.encodeToByteArray
 
-    suspend fun encrypt(algorithm: Algorithm, key: CryptoKey, data: ByteArray): ByteArray
-    suspend fun decrypt(algorithm: Algorithm, key: CryptoKey, data: ByteArray): ByteArray
+internal object WebCrypto {
+    private val subtle = getSubtleCrypto()
 
-    suspend fun sign(algorithm: Algorithm, key: CryptoKey, data: ByteArray): ByteArray
-    suspend fun verify(algorithm: Algorithm, key: CryptoKey, signature: ByteArray, data: ByteArray): Boolean
 
-    suspend fun deriveBits(algorithm: Algorithm, baseKey: CryptoKey, length: Int): ByteArray
+    suspend fun digest(algorithmName: String, data: ByteArray): ByteArray {
+        return subtle.digest(algorithmName, data.toInt8Array()).await().toByteArray()
+    }
+
+    suspend fun encrypt(algorithm: Algorithm, key: CryptoKey, data: ByteArray): ByteArray {
+        return subtle.encrypt(algorithm, key, data.toInt8Array()).await().toByteArray()
+    }
+
+    suspend fun decrypt(algorithm: Algorithm, key: CryptoKey, data: ByteArray): ByteArray {
+        return subtle.decrypt(algorithm, key, data.toInt8Array()).await().toByteArray()
+    }
+
+    suspend fun sign(algorithm: Algorithm, key: CryptoKey, data: ByteArray): ByteArray {
+        return subtle.sign(algorithm, key, data.toInt8Array()).await().toByteArray()
+    }
+
+    suspend fun verify(algorithm: Algorithm, key: CryptoKey, signature: ByteArray, data: ByteArray): Boolean {
+        return subtle.verify(algorithm, key, signature.toInt8Array(), data.toInt8Array()).await().toBoolean()
+    }
+
+    suspend fun deriveBits(algorithm: Algorithm, baseKey: CryptoKey, length: Int): ByteArray {
+        return subtle.deriveBits(algorithm, baseKey, length).await().toByteArray()
+    }
 
     suspend fun importKey(
         format: String,
         keyData: ByteArray,
         algorithm: Algorithm,
         extractable: Boolean,
         keyUsages: Array<String>,
-    ): CryptoKey
+    ): CryptoKey {
+        val key = when (format) {
+            "jwk" -> jsonParse(keyData.decodeToString())
+            else  -> keyData.toInt8Array()
+        }
+        return subtle.importKey(format, key, algorithm, extractable, keyUsages.toJsArray()).await()
+    }
 
-    suspend fun exportKey(format: String, key: CryptoKey): ByteArray
+    suspend fun exportKey(format: String, key: CryptoKey): ByteArray {
+        val keyData = subtle.exportKey(format, key).await()
+        return when (format) {
+            "jwk" -> jsonStringify(keyData).encodeToByteArray()
+            else  -> keyData.unsafeCast<ArrayBuffer>().toByteArray()
+        }
+    }
 
-    suspend fun generateKey(algorithm: Algorithm, extractable: Boolean, keyUsages: Array<String>): CryptoKey
+    suspend fun generateKey(algorithm: Algorithm, extractable: Boolean, keyUsages: Array<String>): CryptoKey {
+        return subtle.generateKey(algorithm, extractable, keyUsages.toJsArray()).await()
+    }
 
-    suspend fun generateKeyPair(algorithm: Algorithm, extractable: Boolean, keyUsages: Array<String>): CryptoKeyPair
+    suspend fun generateKeyPair(algorithm: Algorithm, extractable: Boolean, keyUsages: Array<String>): CryptoKeyPair {
+        return subtle.generateKeyPair(algorithm, extractable, keyUsages.toJsArray()).await()
+    }
 }
+
+private fun jsonParse(string: String): JsAny = js("JSON.parse(string)")
+private fun jsonStringify(any: JsAny): String = js("JSON.stringify(any)")

cryptography-providers/webcrypto/src/commonMain/kotlin/internal/interop.kt

@@ -0,0 +1,38 @@
+/*
+ * Copyright (c) 2025 Oleg Yukhnevich. Use of this source code is governed by the Apache 2.0 license.
+ */
+
+package dev.whyoleg.cryptography.providers.webcrypto.internal
+
+import kotlin.js.*
+
+internal external class ArrayBuffer : JsAny
+
+internal external class Int8Array : JsAny {
+    constructor(length: Int)
+    constructor(buffer: ArrayBuffer)
+
+    val length: Int
+    val buffer: ArrayBuffer
+    val byteOffset: Int
+    val byteLength: Int
+    fun subarray(start: Int, end: Int): Int8Array
+}
+
+internal external class Uint8Array : JsAny {
+    constructor(buffer: ArrayBuffer, byteOffset: Int, length: Int)
+}
+
+internal expect fun ByteArray.toInt8Array(): Int8Array
+
+internal expect fun ArrayBuffer.toByteArray(): ByteArray
+
+internal expect fun Int8Array.toByteArray(): ByteArray
+
+internal expect suspend fun <T : JsAny> Promise<T>.await(): T
+
+internal fun Array<String>.toJsArray(): JsArray<JsString> = JsArray<JsString>().also {
+    forEachIndexed { index, value ->
+        it[index] = value.toJsString()
+    }
+}