Refactor Hash Class (#171)

* refactor: update hash and remove circular imports

* style: format dart code

* Update lib/src/impl_ffi/impl_ffi.digest.dart

Co-authored-by: Jonas Finnemann Jensen <[email protected]>

* Update lib/src/impl_ffi/impl_ffi.digest.dart

Co-authored-by: Jonas Finnemann Jensen <[email protected]>

* fix: add getters for hash and perform cleanup

* Update lib/src/impl_ffi/impl_ffi.digest.dart

Co-authored-by: Jonas Finnemann Jensen <[email protected]>

* Update lib/src/webcrypto/webcrypto.digest.dart

Co-authored-by: Jonas Finnemann Jensen <[email protected]>

* Update lib/src/impl_js/impl_js.digest.dart

Co-authored-by: Jonas Finnemann Jensen <[email protected]>

* fix: add constant implementation for public api

* docs: add documentation for getters in hashimpl

---------

Co-authored-by: Jonas Finnemann Jensen <[email protected]>

Author: HamdaanAliQuatil

lib/src/impl_ffi/impl_ffi.dart

@@ -110,4 +110,16 @@ final class _WebCryptoImpl implements WebCryptoImpl {
 
   @override
   final rsaSsaPkcs1v15PublicKey = const _StaticRsaSsaPkcs1V15PublicKeyImpl();
+
+  @override
+  final sha1 = const _Sha1();
+
+  @override
+  final sha256 = const _Sha256();
+
+  @override
+  final sha384 = const _Sha384();
+
+  @override
+  final sha512 = const _Sha512();
 }

lib/src/impl_ffi/impl_ffi.digest.dart

@@ -14,18 +14,15 @@
 
 part of 'impl_ffi.dart';
 
-abstract class _Hash implements Hash {
-  const _Hash();
+abstract class _HashImpl implements HashImpl {
+  const _HashImpl();
 
-  factory _Hash.fromHash(Hash hash) {
-    if (hash is _Hash) {
+  factory _HashImpl.fromHash(HashImpl hash) {
+    if (hash is _HashImpl) {
       return hash;
     }
-    throw ArgumentError.value(
-      hash,
-      'hash',
-      'Custom implementations of Hash is not supported',
-    );
+    throw AssertionError(
+        'Custom implementations of HashImpl are not supported.');
   }
 
   @protected
@@ -62,39 +59,127 @@ abstract class _Hash implements Hash {
       return out.copy(size);
     });
   }
+
+  /// Algorithm (`alg` for JWK) when this hash algorithm is used in an HMAC.
+  ///
+  /// For SHA-1, it returns 'HS1'.
+  /// For SHA-256, it returns 'HS256'.
+  /// For SHA-384, it returns 'HS384'.
+  /// For SHA-512, it returns 'HS512'.
+  ///
+  /// See canonical registry in:
+  /// https://www.iana.org/assignments/jose/jose.xhtml
+  String get hmacJwkAlg;
+
+  /// Algorithm (`alg` for JWK) when this hash algorithm is used in RSA-OAEP.
+  ///
+  /// For SHA-1, it returns 'RSA-OAEP-1'.
+  /// For SHA-256, it returns 'RSA-OAEP-256'.
+  /// For SHA-384, it returns 'RSA-OAEP-384'.
+  /// For SHA-512, it returns 'RSA-OAEP-512'.
+  ///
+  /// See canonical registry in:
+  /// https://www.iana.org/assignments/jose/jose.xhtml
+  String get rsaOaepJwkAlg;
+
+  /// Algorithm (`alg` for JWK) when this hash algorithm is used in RSA-PSS.
+  ///
+  /// For SHA-1, it returns 'PS1'.
+  /// For SHA-256, it returns 'PS256'.
+  /// For SHA-384, it returns 'PS384'.
+  /// For SHA-512, it returns 'PS512'.
+  ///
+  /// See canonical registry in:
+  /// https://www.iana.org/assignments/jose/jose.xhtml
+  String get rsaPssJwkAlg;
+
+  /// Algorithm (`alg` for JWK) when this hash algorithm is used in RSASSA-PKCS1-v1_5.
+  ///
+  /// For SHA-1, it returns 'RS1'.
+  /// For SHA-256, it returns 'RS256'.
+  /// For SHA-384, it returns 'RS384'.
+  /// For SHA-512, it returns 'RS512'.
+  ///
+  /// See canonical registry in:
+  /// https://www.iana.org/assignments/jose/jose.xhtml
+  String get rsassaPkcs1V15JwkAlg;
 }
 
-class _Sha1 extends _Hash {
+final class _Sha1 extends _HashImpl {
   const _Sha1();
 
+  @override
+  String get hmacJwkAlg => 'HS1';
+
+  @override
+  String get rsaOaepJwkAlg => 'RSA-OAEP-1';
+
+  @override
+  String get rsaPssJwkAlg => 'PS1';
+
+  @override
+  String get rsassaPkcs1V15JwkAlg => 'RS1';
+
   @override
   ffi.Pointer<EVP_MD> Function() get _algorithm => ssl.EVP_sha1;
 }
 
-class _Sha256 extends _Hash {
+final class _Sha256 extends _HashImpl {
   const _Sha256();
 
+  @override
+  String get hmacJwkAlg => 'HS256';
+
+  @override
+  String get rsaOaepJwkAlg => 'RSA-OAEP-256';
+
+  @override
+  String get rsaPssJwkAlg => 'PS256';
+
+  @override
+  String get rsassaPkcs1V15JwkAlg => 'RS256';
+
   @override
   ffi.Pointer<EVP_MD> Function() get _algorithm => ssl.EVP_sha256;
 }
 
-class _Sha384 extends _Hash {
+final class _Sha384 extends _HashImpl {
   const _Sha384();
 
+  @override
+  String get hmacJwkAlg => 'HS384';
+
+  @override
+  String get rsaOaepJwkAlg => 'RSA-OAEP-384';
+
+  @override
+  String get rsaPssJwkAlg => 'PS384';
+
+  @override
+  String get rsassaPkcs1V15JwkAlg => 'RS384';
+
   @override
   ffi.Pointer<EVP_MD> Function() get _algorithm => ssl.EVP_sha384;
 }
 
-class _Sha512 extends _Hash {
+final class _Sha512 extends _HashImpl {
   const _Sha512();
 
+  @override
+  String get hmacJwkAlg => 'HS512';
+
+  @override
+  String get rsaOaepJwkAlg => 'RSA-OAEP-512';
+
+  @override
+  String get rsaPssJwkAlg => 'PS512';
+
+  @override
+  String get rsassaPkcs1V15JwkAlg => 'RS512';
+
   @override
   ffi.Pointer<EVP_MD> Function() get _algorithm => ssl.EVP_sha512;
 }
 
-const Hash sha1 = _Sha1();
-const Hash sha256 = _Sha256();
-const Hash sha384 = _Sha384();
-const Hash sha512 = _Sha512();
 // Note: Before adding new hash implementations, make sure to update all the
-//       places that does if (hash == Hash.shaXXX) ...
+//       places that does if (hash == HashImpl.shaXXX) ...

lib/src/impl_ffi/impl_ffi.ecdsa.dart

@@ -218,12 +218,12 @@ final class _EcdsaPrivateKeyImpl implements EcdsaPrivateKeyImpl {
   }
 
   @override
-  Future<Uint8List> signBytes(List<int> data, Hash hash) =>
+  Future<Uint8List> signBytes(List<int> data, HashImpl hash) =>
       signStream(Stream.value(data), hash);
 
   @override
-  Future<Uint8List> signStream(Stream<List<int>> data, Hash hash) async {
-    final md = _Hash.fromHash(hash)._md;
+  Future<Uint8List> signStream(Stream<List<int>> data, HashImpl hash) async {
+    final md = _HashImpl.fromHash(hash)._md;
     final sig = await _signStream(_key, md, data);
     return _convertEcdsaDerSignatureToWebCryptoSignature(_key, sig);
   }
@@ -268,16 +268,17 @@ final class _EcdsaPublicKeyImpl implements EcdsaPublicKeyImpl {
   }
 
   @override
-  Future<bool> verifyBytes(List<int> signature, List<int> data, Hash hash) =>
+  Future<bool> verifyBytes(
+          List<int> signature, List<int> data, HashImpl hash) =>
       verifyStream(signature, Stream.value(data), hash);
 
   @override
   Future<bool> verifyStream(
     List<int> signature,
     Stream<List<int>> data,
-    Hash hash,
+    HashImpl hash,
   ) async {
-    final md = _Hash.fromHash(hash)._md;
+    final md = _HashImpl.fromHash(hash)._md;
 
     // Convert to DER signature
     final sig = _convertEcdsaWebCryptoSignatureToDerSignature(_key, signature);

lib/src/impl_ffi/impl_ffi.hkdf.dart

@@ -41,14 +41,14 @@ final class _HkdfSecretKeyImpl implements HkdfSecretKeyImpl {
   @override
   Future<Uint8List> deriveBits(
     int length,
-    Hash hash,
+    HashImpl hash,
     List<int> salt,
     List<int> info,
   ) async {
     if (length < 0) {
       throw ArgumentError.value(length, 'length', 'must be positive integer');
     }
-    final md = _Hash.fromHash(hash)._md;
+    final md = _HashImpl.fromHash(hash)._md;
 
     // Mirroring limitations in chromium:
     // https://chromium.googlesource.com/chromium/src/+/43d62c50b705f88c67b14539e91fd8fd017f70c4/components/webcrypto/algorithms/hkdf.cc#74

lib/src/impl_ffi/impl_ffi.hmac.dart

@@ -32,40 +32,23 @@ Uint8List _asUint8ListZeroedToBitLength(List<int> data, [int? lengthInBits]) {
   return buf;
 }
 
-String _hmacJwkAlgFromHash(_Hash hash) {
-  if (hash == Hash.sha1) {
-    return 'HS1';
-  }
-  if (hash == Hash.sha256) {
-    return 'HS256';
-  }
-  if (hash == Hash.sha384) {
-    return 'HS384';
-  }
-  if (hash == Hash.sha512) {
-    return 'HS512';
-  }
-  assert(false); // This should never happen!
-  throw UnsupportedError('hash is not supported');
-}
-
 Future<HmacSecretKeyImpl> hmacSecretKey_importRawKey(
   List<int> keyData,
-  Hash hash, {
+  HashImpl hash, {
   int? length,
 }) async {
   return _HmacSecretKeyImpl(
     _asUint8ListZeroedToBitLength(keyData, length),
-    _Hash.fromHash(hash),
+    _HashImpl.fromHash(hash),
   );
 }
 
 Future<HmacSecretKeyImpl> hmacSecretKey_importJsonWebKey(
   Map<String, dynamic> jwk,
-  Hash hash, {
+  HashImpl hash, {
   int? length,
 }) async {
-  final h = _Hash.fromHash(hash);
+  final h = _HashImpl.fromHash(hash);
   final k = JsonWebKey.fromJson(jwk);
 
   void checkJwk(bool condition, String prop, String message) =>
@@ -74,7 +57,7 @@ Future<HmacSecretKeyImpl> hmacSecretKey_importJsonWebKey(
   checkJwk(k.kty == 'oct', 'kty', 'must be "oct"');
   checkJwk(k.k != null, 'k', 'must be present');
   checkJwk(k.use == null || k.use == 'sig', 'use', 'must be "sig", if present');
-  final expectedAlg = _hmacJwkAlgFromHash(h);
+  final expectedAlg = h.hmacJwkAlg;
   checkJwk(
     k.alg == null || k.alg == expectedAlg,
     'alg',
@@ -87,10 +70,10 @@ Future<HmacSecretKeyImpl> hmacSecretKey_importJsonWebKey(
 }
 
 Future<HmacSecretKeyImpl> hmacSecretKey_generateKey(
-  Hash hash, {
+  HashImpl hash, {
   int? length,
 }) async {
-  final h = _Hash.fromHash(hash);
+  final h = _HashImpl.fromHash(hash);
   length ??= ssl.EVP_MD_size(h._md) * 8;
   final keyData = Uint8List((length / 8).ceil());
   fillRandomBytes(keyData);
@@ -105,26 +88,26 @@ final class _StaticHmacSecretKeyImpl implements StaticHmacSecretKeyImpl {
   const _StaticHmacSecretKeyImpl();
 
   @override
-  Future<HmacSecretKeyImpl> importRawKey(List<int> keyData, Hash hash,
+  Future<HmacSecretKeyImpl> importRawKey(List<int> keyData, HashImpl hash,
       {int? length}) {
     return hmacSecretKey_importRawKey(keyData, hash, length: length);
   }
 
   @override
   Future<HmacSecretKeyImpl> importJsonWebKey(
-      Map<String, dynamic> jwk, Hash hash,
+      Map<String, dynamic> jwk, HashImpl hash,
       {int? length}) {
     return hmacSecretKey_importJsonWebKey(jwk, hash, length: length);
   }
 
   @override
-  Future<HmacSecretKeyImpl> generateKey(Hash hash, {int? length = 32}) {
+  Future<HmacSecretKeyImpl> generateKey(HashImpl hash, {int? length = 32}) {
     return hmacSecretKey_generateKey(hash, length: length);
   }
 }
 
 final class _HmacSecretKeyImpl implements HmacSecretKeyImpl {
-  final _Hash _hash;
+  final _HashImpl _hash;
   final Uint8List _keyData;
 
   _HmacSecretKeyImpl(this._keyData, this._hash);
@@ -186,7 +169,7 @@ final class _HmacSecretKeyImpl implements HmacSecretKeyImpl {
     return JsonWebKey(
       kty: 'oct',
       use: 'sig',
-      alg: _hmacJwkAlgFromHash(_hash),
+      alg: _hash.hmacJwkAlg,
       k: _jwkEncodeBase64UrlNoPadding(_keyData),
     ).toJson();
   }

lib/src/impl_ffi/impl_ffi.pbkdf2.dart

@@ -43,14 +43,14 @@ final class _Pbkdf2SecretKeyImpl implements Pbkdf2SecretKeyImpl {
   @override
   Future<Uint8List> deriveBits(
     int length,
-    Hash hash,
+    HashImpl hash,
     List<int> salt,
     int iterations,
   ) async {
     if (length < 0) {
       throw ArgumentError.value(length, 'length', 'must be positive integer');
     }
-    final md = _Hash.fromHash(hash)._md;
+    final md = _HashImpl.fromHash(hash)._md;
 
     // Mirroring limitations in chromium:
     // https://chromium.googlesource.com/chromium/src/+/43d62c50b705f88c67b14539e91fd8fd017f70c4/components/webcrypto/algorithms/pbkdf2.cc#75