@matter/general 0.16.0-alpha.0-20250810-5c91a95d2 → 0.16.0-alpha.0-20250812-285b75d83

package/src/crypto/StandardCrypto.ts

@@ -14,6 +14,10 @@ import { Ccm } from "./aes/Ccm.js";
 import { Crypto, CRYPTO_SYMMETRIC_KEY_LENGTH, CryptoDsaEncoding } from "./Crypto.js";
 import { CryptoVerifyError, KeyInputError } from "./CryptoError.js";
 import { CurveType, Key, KeyType, PrivateKey, PublicKey } from "./Key.js";
+import { WebCrypto } from "./WebCrypto.js";
+
+// Ensure we don't reference global crypto accidentally
+declare const crypto: never;
 
 const SIGNATURE_ALGORITHM = <EcdsaParams>{
     name: "ECDSA",
@@ -21,6 +25,8 @@ const SIGNATURE_ALGORITHM = <EcdsaParams>{
     hash: { name: "SHA-256" },
 };
 
+const requiredCryptoMethods: Array<keyof WebCrypto> = ["getRandomValues"];
+
 const requiredSubtleMethods: Array<keyof SubtleCrypto> = [
     "digest",
     "deriveBits",
@@ -42,34 +48,32 @@ const requiredSubtleMethods: Array<keyof SubtleCrypto> = [
  */
 export class StandardCrypto extends Crypto {
     implementationName = "JS";
+    #crypto: WebCrypto;
     #subtle: SubtleCrypto;
 
-    constructor(subtle: SubtleCrypto = globalThis.crypto?.subtle) {
-        if (typeof subtle !== "object" || subtle === null) {
-            throw new ImplementationError(
-                "You cannot instantiate StandardCrypto in this runtime because crypto.subtle is not present",
-            );
-        }
+    constructor(crypto: WebCrypto = globalThis.crypto) {
+        const { subtle } = crypto;
 
-        const missingMethods = requiredSubtleMethods.filter(name => typeof subtle[name] !== "function");
-        if (missingMethods.length) {
-            throw new ImplementationError(
-                `SubtleCrypto implementation is missing required method${missingMethods.length === 1 ? "" : "s"} ${describeList("and", ...missingMethods)}`,
-            );
-        }
+        assertInterface("crypto", crypto, requiredCryptoMethods);
+        assertInterface("crypto.subtle", subtle, requiredSubtleMethods);
 
         super();
 
+        this.#crypto = crypto;
         this.#subtle = subtle;
     }
 
+    protected get subtle() {
+        return this.#subtle;
+    }
+
     static provider() {
         return new StandardCrypto();
     }
 
     randomBytes(length: number): Uint8Array {
         const result = new Uint8Array(length);
-        crypto.getRandomValues(result);
+        this.#crypto.getRandomValues(result);
         return result;
     }
 
@@ -91,7 +95,7 @@ export class StandardCrypto extends Crypto {
     }
 
     async createPbkdf2Key(secret: Uint8Array, salt: Uint8Array, iteration: number, keyLength: number) {
-        const key = await this.#importKey("raw", secret, "PBKDF2", false, ["deriveBits"]);
+        const key = await this.importKey("raw", secret, "PBKDF2", false, ["deriveBits"]);
         const bits = await this.#subtle.deriveBits(
             {
                 name: "PBKDF2",
@@ -111,7 +115,7 @@ export class StandardCrypto extends Crypto {
         info: Uint8Array,
         length: number = CRYPTO_SYMMETRIC_KEY_LENGTH,
     ) {
-        const key = await this.#importKey("raw", secret, "HKDF", false, ["deriveBits"]);
+        const key = await this.importKey("raw", secret, "HKDF", false, ["deriveBits"]);
         const bits = await this.#subtle.deriveBits(
             {
                 name: "HKDF",
@@ -126,7 +130,7 @@ export class StandardCrypto extends Crypto {
     }
 
     async signHmac(secret: Uint8Array, data: Uint8Array) {
-        const key = await this.#importKey("raw", secret, { name: "HMAC", hash: "SHA-256" }, false, ["sign"]);
+        const key = await this.importKey("raw", secret, { name: "HMAC", hash: "SHA-256" }, false, ["sign"]);
         return new Uint8Array(await this.#subtle.sign("HMAC", key, data));
     }
 
@@ -147,7 +151,7 @@ export class StandardCrypto extends Crypto {
             key_ops: ["sign"],
         };
 
-        const subtleKey = await this.#importKey("jwk", key, SIGNATURE_ALGORITHM, false, ["sign"]);
+        const subtleKey = await this.importKey("jwk", key, SIGNATURE_ALGORITHM, false, ["sign"]);
 
         const ieeeP1363 = await this.#subtle.sign(SIGNATURE_ALGORITHM, subtleKey, data);
 
@@ -164,7 +168,7 @@ export class StandardCrypto extends Crypto {
     async verifyEcdsa(key: JsonWebKey, data: Uint8Array, signature: Uint8Array, dsaEncoding?: CryptoDsaEncoding) {
         const { crv, kty, x, y } = key;
         key = { crv, kty, x, y };
-        const subtleKey = await this.#importKey("jwk", key, SIGNATURE_ALGORITHM, false, ["verify"]);
+        const subtleKey = await this.importKey("jwk", key, SIGNATURE_ALGORITHM, false, ["verify"]);
 
         if (dsaEncoding === "der") {
             try {
@@ -189,6 +193,19 @@ export class StandardCrypto extends Crypto {
     }
 
     async createKeyPair() {
+        const key = await this.generateJwk();
+
+        // Extract only private and public fields; we do not want key_ops
+        return Key({
+            kty: KeyType.EC,
+            crv: CurveType.p256,
+            d: key.d,
+            x: key.x,
+            y: key.y,
+        }) as PrivateKey;
+    }
+
+    protected async generateJwk() {
         const subtleKey = await this.#subtle.generateKey(
             {
                 // We must specify either ECDH or ECDSA to get an EC key but we may use the key for either (but not for
@@ -203,20 +220,11 @@ export class StandardCrypto extends Crypto {
         );
 
         // Do not export as JWK because we do not want to inherit the algorithm and key_ops
-        const key = await this.#subtle.exportKey("jwk", subtleKey.privateKey);
-
-        // Extract only private and public fields; we do not want key_ops
-        return Key({
-            kty: KeyType.EC,
-            crv: CurveType.p256,
-            d: key.d,
-            x: key.x,
-            y: key.y,
-        }) as PrivateKey;
+        return await this.#subtle.exportKey("jwk", subtleKey.privateKey);
     }
 
     async generateDhSecret(key: PrivateKey, peerKey: PublicKey) {
-        const subtleKey = await this.#importKey(
+        const subtleKey = await this.importKey(
             "jwk",
             key,
             {
@@ -227,7 +235,7 @@ export class StandardCrypto extends Crypto {
             ["deriveBits"],
         );
 
-        const subtlePeerKey = await this.#importKey(
+        const subtlePeerKey = await this.importKey(
             "jwk",
             peerKey,
             {
@@ -250,32 +258,38 @@ export class StandardCrypto extends Crypto {
         return new Uint8Array(secret);
     }
 
-    #importKey(
-        format: "jwk",
-        keyData: JsonWebKey,
+    protected async importKey(
+        format: KeyFormat,
+        keyData: JsonWebKey | BufferSource,
         algorithm: AlgorithmIdentifier | RsaHashedImportParams | EcKeyImportParams | HmacImportParams | AesKeyAlgorithm,
         extractable: boolean,
         keyUsages: ReadonlyArray<KeyUsage>,
-    ): Promise<CryptoKey>;
-    #importKey(
-        format: Exclude<KeyFormat, "jwk">,
-        keyData: BufferSource,
-        algorithm: AlgorithmIdentifier | RsaHashedImportParams | EcKeyImportParams | HmacImportParams | AesKeyAlgorithm,
-        extractable: boolean,
-        keyUsages: KeyUsage[],
-    ): Promise<CryptoKey>;
-
-    async #importKey(...params: unknown[]) {
+    ) {
         try {
-            return await this.#subtle.importKey(...(params as Parameters<SubtleCrypto["importKey"]>));
+            return await this.#subtle.importKey(format as any, keyData as any, algorithm, extractable, keyUsages);
         } catch (cause) {
             throw new KeyInputError("Invalid key", { cause });
         }
     }
 }
 
+function assertInterface<T extends {}>(name: string, object: T, requiredMethods: (keyof T & string)[]) {
+    if (typeof object !== "object" || object === null) {
+        throw new ImplementationError(
+            `The ${name} implementation passed to StandardCrypto is invalid (received ${typeof object})`,
+        );
+    }
+
+    const missingMethods = requiredMethods.filter(name => typeof object[name] !== "function");
+    if (missingMethods.length) {
+        throw new ImplementationError(
+            `The ${name} implementation passed to StandardCrypto is missing required method${missingMethods.length === 1 ? "" : "s"} ${describeList("and", ...missingMethods)}`,
+        );
+    }
+}
+
 // If available, unconditionally add to Environment as it has not been exported yet so there can be no other
 // implementation present
 if ("crypto" in globalThis && globalThis.crypto?.subtle) {
-    Environment.default.set(Crypto, new StandardCrypto(globalThis.crypto.subtle));
+    Environment.default.set(Crypto, new StandardCrypto());
 }

package/src/crypto/WebCrypto.ts

@@ -0,0 +1,11 @@
+/**
+ * @license
+ * Copyright 2022-2025 Matter.js Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+/**
+ * Our "Crypto" interface masks the standard web crypto "Crypto" type provided by typescript.  Make an alias to work
+ * around this.
+ */
+export interface WebCrypto extends Crypto {}

package/src/crypto/index.ts

@@ -11,3 +11,4 @@ export * from "./Key.js";
 export * from "./MockCrypto.js";
 export * from "./Spake2p.js";
 export * from "./StandardCrypto.js";
+export * from "./WebCrypto.js";

package/src/net/RetrySchedule.ts

@@ -40,7 +40,7 @@ export class RetrySchedule {
         while ((timeout === undefined || timeSoFar < timeout) && (maximumCount === undefined || maximumCount > count)) {
             count++;
             const maxJitter = jitterFactor * baseInterval;
-            const jitter = Math.floor((2 * maxJitter * this.#crypto.randomUint32) / Math.pow(2, 32) - maxJitter);
+            const jitter = Math.floor((maxJitter * this.#crypto.randomUint32) / Math.pow(2, 32));
             let interval = baseInterval + jitter;
 
             if (timeout !== undefined && timeSoFar + interval > timeout) {

package/src/util/Bytes.ts

@@ -56,6 +56,18 @@ export namespace Bytes {
         return array1.every((value, index) => array2[index] === value);
     }
 
+    export function of(source: BufferSource) {
+        if (source instanceof Uint8Array) {
+            return source;
+        }
+
+        if (ArrayBuffer.isView(source)) {
+            return new Uint8Array(source.buffer, source.byteLength, source.byteOffset);
+        }
+
+        return new Uint8Array(source);
+    }
+
     export function fromHex(hexString: string) {
         if (hexString.length === 0) return new Uint8Array(0);
         if (hexString.length % 2 !== 0) throw new UnexpectedDataError("Hex string should have an even length.");