|
|
@@ -3820,6 +3820,100 @@ WebIDL::ExceptionOr<Variant<GC::Ref<CryptoKey>, GC::Ref<CryptoKeyPair>>> X448::g
|
|
|
return Variant<GC::Ref<CryptoKey>, GC::Ref<CryptoKeyPair>> { result };
|
|
|
}
|
|
|
|
|
|
+// https://wicg.github.io/webcrypto-secure-curves/#x448-operations
|
|
|
+WebIDL::ExceptionOr<GC::Ref<JS::Object>> X448::export_key(Bindings::KeyFormat format, GC::Ref<CryptoKey> key)
|
|
|
+{
|
|
|
+ // 1. Let key be the CryptoKey to be exported.
|
|
|
+
|
|
|
+ // 2. If the underlying cryptographic key material represented by the [[handle]] internal slot of key cannot be accessed, then throw an OperationError.
|
|
|
+ // Note: In our impl this is always accessible
|
|
|
+ auto const& key_data = key->handle().get<ByteBuffer>();
|
|
|
+
|
|
|
+ // 3. If format is "spki":
|
|
|
+ if (format == Bindings::KeyFormat::Spki) {
|
|
|
+ // 1. If the [[type]] internal slot of key is not "public", then throw an InvalidAccessError.
|
|
|
+ if (key->type() != Bindings::KeyType::Public)
|
|
|
+ return WebIDL::InvalidAccessError::create(m_realm, "Key is not a public key"_string);
|
|
|
+
|
|
|
+ // 2. Let data be an instance of the subjectPublicKeyInfo ASN.1 structure defined in [RFC5280] with the following properties:
|
|
|
+ // * Set the algorithm field to an AlgorithmIdentifier ASN.1 type with the following properties:
|
|
|
+ // * Set the algorithm object identifier to the id-X448 OID defined in [RFC8410].
|
|
|
+ // * Set the subjectPublicKey field to keyData.
|
|
|
+ auto x448_oid = ::Crypto::Certificate::x448_oid;
|
|
|
+ auto data = TRY_OR_THROW_OOM(m_realm->vm(), ::Crypto::PK::wrap_in_subject_public_key_info(key_data, x448_oid));
|
|
|
+
|
|
|
+ // 3. Let result be a new ArrayBuffer associated with the relevant global object of this [HTML], and containing data.
|
|
|
+ return JS::ArrayBuffer::create(m_realm, data);
|
|
|
+ }
|
|
|
+
|
|
|
+ // 3. If format is "pkcs8":
|
|
|
+ if (format == Bindings::KeyFormat::Pkcs8) {
|
|
|
+ // 1. If the [[type]] internal slot of key is not "private", then throw an InvalidAccessError.
|
|
|
+ if (key->type() != Bindings::KeyType::Private)
|
|
|
+ return WebIDL::InvalidAccessError::create(m_realm, "Key is not a private key"_string);
|
|
|
+
|
|
|
+ // 2. Let data be an instance of the privateKeyInfo ASN.1 structure defined in [RFC5208] with the following properties:
|
|
|
+ // * Set the version field to 0.
|
|
|
+ // * Set the privateKeyAlgorithm field to a PrivateKeyAlgorithmIdentifier ASN.1 type with the following properties:
|
|
|
+ // * Set the algorithm object identifier to the id-X448 OID defined in [RFC8410].
|
|
|
+ // * Set the privateKey field to the result of DER-encoding a CurvePrivateKey ASN.1 type, as defined in Section 7 of [RFC8410], that represents the X448 private key represented by the [[handle]] internal slot of key
|
|
|
+ auto x448_oid = ::Crypto::Certificate::x448_oid;
|
|
|
+ auto data = TRY_OR_THROW_OOM(m_realm->vm(), ::Crypto::PK::wrap_in_private_key_info(key_data, x448_oid));
|
|
|
+
|
|
|
+ // 3. Let result be a new ArrayBuffer associated with the relevant global object of this [HTML], and containing data.
|
|
|
+ return JS::ArrayBuffer::create(m_realm, data);
|
|
|
+ }
|
|
|
+
|
|
|
+ // 3. If format is "jwk":
|
|
|
+ if (format == Bindings::KeyFormat::Jwk) {
|
|
|
+ // 1. Let jwk be a new JsonWebKey dictionary.
|
|
|
+ Bindings::JsonWebKey jwk = {};
|
|
|
+
|
|
|
+ // 2. Set the kty attribute of jwk to "OKP".
|
|
|
+ jwk.kty = "OKP"_string;
|
|
|
+
|
|
|
+ // 3. Set the crv attribute of jwk to "X448".
|
|
|
+ jwk.crv = "X448"_string;
|
|
|
+
|
|
|
+ // 4. Set the x attribute of jwk according to the definition in Section 2 of [RFC8037].
|
|
|
+ jwk.x = TRY_OR_THROW_OOM(m_realm->vm(), encode_base64url(key_data));
|
|
|
+
|
|
|
+ // 5. If the [[type]] internal slot of key is "private"
|
|
|
+ if (key->type() == Bindings::KeyType::Private) {
|
|
|
+ // 1. Set the d attribute of jwk according to the definition in Section 2 of [RFC8037].
|
|
|
+ jwk.d = TRY_OR_THROW_OOM(m_realm->vm(), encode_base64url(key_data));
|
|
|
+ }
|
|
|
+
|
|
|
+ // 6. Set the key_ops attribute of jwk to the usages attribute of key.
|
|
|
+ jwk.key_ops = Vector<String> {};
|
|
|
+ jwk.key_ops->ensure_capacity(key->internal_usages().size());
|
|
|
+ for (auto const& usage : key->internal_usages())
|
|
|
+ jwk.key_ops->append(Bindings::idl_enum_to_string(usage));
|
|
|
+
|
|
|
+ // 7. Set the ext attribute of jwk to the [[extractable]] internal slot of key.
|
|
|
+ jwk.ext = key->extractable();
|
|
|
+
|
|
|
+ // 8. Let result be the result of converting jwk to an ECMAScript Object, as defined by [WebIDL].
|
|
|
+ auto result = TRY(jwk.to_object(m_realm));
|
|
|
+ return GC::Ref { *result };
|
|
|
+ }
|
|
|
+
|
|
|
+ // 3. If format is "raw":
|
|
|
+ if (format == Bindings::KeyFormat::Raw) {
|
|
|
+ // 1. If the [[type]] internal slot of key is not "public", then throw an InvalidAccessError.
|
|
|
+ if (key->type() != Bindings::KeyType::Public)
|
|
|
+ return WebIDL::InvalidAccessError::create(m_realm, "Key is not a public key"_string);
|
|
|
+
|
|
|
+ // 2. Let data be an octet string representing the X448 public key represented by the [[handle]] internal slot of key.
|
|
|
+ // 3. Let result be a new ArrayBuffer associated with the relevant global object of this [HTML], and containing data.
|
|
|
+ return JS::ArrayBuffer::create(m_realm, key_data);
|
|
|
+ }
|
|
|
+
|
|
|
+ // 3. Otherwise:
|
|
|
+ // throw a NotSupportedError.
|
|
|
+ return WebIDL::NotSupportedError::create(m_realm, "Invalid key format"_string);
|
|
|
+}
|
|
|
+
|
|
|
static WebIDL::ExceptionOr<ByteBuffer> hmac_calculate_message_digest(JS::Realm& realm, GC::Ptr<KeyAlgorithm> hash, ReadonlyBytes key, ReadonlyBytes message)
|
|
|
{
|
|
|
auto calculate_digest = [&]<typename T>() -> ByteBuffer {
|
Andreas Kling