12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057205820592060206120622063206420652066206720682069207020712072207320742075207620772078207920802081208220832084208520862087208820892090209120922093209420952096209720982099210021012102210321042105210621072108210921102111211221132114211521162117211821192120212121222123212421252126212721282129213021312132213321342135213621372138213921402141214221432144214521462147214821492150215121522153215421552156215721582159216021612162216321642165216621672168216921702171217221732174217521762177217821792180218121822183218421852186218721882189219021912192219321942195219621972198219922002201220222032204220522062207220822092210221122122213221422152216221722182219222022212222222322242225222622272228222922302231223222332234223522362237223822392240224122422243224422452246224722482249225022512252225322542255225622572258225922602261226222632264226522662267226822692270227122722273227422752276227722782279228022812282228322842285228622872288228922902291229222932294229522962297229822992300230123022303230423052306230723082309231023112312231323142315231623172318231923202321232223232324232523262327232823292330233123322333233423352336233723382339234023412342234323442345234623472348234923502351235223532354235523562357235823592360236123622363236423652366236723682369237023712372237323742375237623772378237923802381238223832384238523862387238823892390239123922393239423952396239723982399240024012402240324042405240624072408240924102411241224132414241524162417241824192420242124222423242424252426242724282429243024312432243324342435243624372438243924402441244224432444244524462447244824492450245124522453245424552456245724582459246024612462246324642465246624672468246924702471247224732474247524762477247824792480248124822483248424852486248724882489249024912492249324942495249624972498249925002501250225032504250525062507250825092510251125122513251425152516251725182519252025212522252325242525252625272528252925302531253225332534253525362537253825392540254125422543254425452546254725482549255025512552255325542555255625572558255925602561256225632564256525662567256825692570257125722573257425752576257725782579258025812582258325842585258625872588258925902591259225932594259525962597259825992600260126022603260426052606260726082609261026112612261326142615261626172618261926202621262226232624262526262627262826292630263126322633263426352636263726382639264026412642264326442645264626472648264926502651265226532654265526562657265826592660266126622663266426652666266726682669267026712672267326742675267626772678267926802681268226832684268526862687268826892690269126922693269426952696269726982699270027012702270327042705270627072708270927102711271227132714271527162717271827192720272127222723272427252726272727282729273027312732273327342735273627372738273927402741274227432744274527462747274827492750275127522753275427552756275727582759276027612762276327642765276627672768276927702771277227732774277527762777277827792780278127822783278427852786278727882789279027912792279327942795279627972798279928002801280228032804280528062807280828092810281128122813281428152816281728182819282028212822282328242825282628272828282928302831283228332834283528362837283828392840284128422843284428452846284728482849285028512852285328542855285628572858285928602861286228632864286528662867286828692870287128722873287428752876287728782879288028812882288328842885288628872888288928902891289228932894289528962897289828992900290129022903290429052906290729082909291029112912291329142915291629172918291929202921292229232924292529262927292829292930293129322933293429352936293729382939294029412942294329442945294629472948294929502951295229532954295529562957295829592960296129622963296429652966296729682969297029712972297329742975297629772978297929802981298229832984298529862987298829892990299129922993299429952996299729982999300030013002300330043005300630073008300930103011301230133014301530163017301830193020302130223023302430253026302730283029303030313032303330343035303630373038303930403041304230433044304530463047304830493050305130523053305430553056305730583059306030613062306330643065306630673068306930703071307230733074307530763077307830793080308130823083308430853086308730883089309030913092309330943095309630973098309931003101310231033104310531063107310831093110311131123113311431153116311731183119312031213122312331243125312631273128312931303131313231333134313531363137313831393140314131423143314431453146314731483149315031513152315331543155315631573158315931603161316231633164316531663167316831693170317131723173317431753176317731783179318031813182318331843185318631873188318931903191319231933194319531963197319831993200320132023203320432053206320732083209321032113212321332143215321632173218321932203221322232233224322532263227322832293230323132323233323432353236323732383239324032413242324332443245324632473248324932503251325232533254325532563257325832593260326132623263326432653266326732683269327032713272327332743275327632773278327932803281328232833284328532863287328832893290329132923293329432953296329732983299330033013302330333043305330633073308330933103311331233133314331533163317331833193320332133223323332433253326332733283329333033313332333333343335333633373338333933403341334233433344334533463347334833493350335133523353335433553356335733583359336033613362336333643365336633673368336933703371337233733374337533763377337833793380338133823383338433853386338733883389339033913392339333943395339633973398339934003401340234033404340534063407340834093410341134123413341434153416341734183419342034213422342334243425342634273428342934303431343234333434343534363437343834393440344134423443344434453446344734483449345034513452345334543455345634573458345934603461346234633464346534663467346834693470347134723473347434753476347734783479348034813482348334843485348634873488348934903491349234933494349534963497349834993500350135023503350435053506350735083509351035113512351335143515351635173518351935203521352235233524352535263527352835293530353135323533353435353536353735383539354035413542354335443545354635473548354935503551355235533554355535563557355835593560356135623563356435653566356735683569357035713572357335743575357635773578357935803581358235833584358535863587358835893590359135923593359435953596359735983599360036013602360336043605360636073608360936103611361236133614361536163617361836193620362136223623362436253626362736283629363036313632363336343635363636373638363936403641364236433644364536463647364836493650365136523653365436553656365736583659366036613662366336643665366636673668366936703671367236733674367536763677367836793680368136823683368436853686368736883689369036913692369336943695369636973698369937003701370237033704370537063707370837093710371137123713371437153716371737183719372037213722372337243725372637273728372937303731373237333734373537363737373837393740374137423743374437453746374737483749375037513752375337543755375637573758375937603761376237633764376537663767376837693770377137723773377437753776377737783779378037813782378337843785378637873788378937903791379237933794379537963797379837993800380138023803380438053806380738083809381038113812381338143815381638173818381938203821382238233824382538263827382838293830383138323833383438353836383738383839384038413842384338443845384638473848384938503851385238533854385538563857385838593860386138623863386438653866386738683869387038713872387338743875387638773878387938803881388238833884388538863887388838893890389138923893389438953896389738983899390039013902390339043905390639073908390939103911391239133914391539163917391839193920392139223923392439253926392739283929393039313932393339343935393639373938393939403941394239433944394539463947394839493950395139523953395439553956395739583959396039613962396339643965396639673968396939703971397239733974397539763977397839793980398139823983398439853986398739883989399039913992399339943995399639973998399940004001400240034004400540064007400840094010401140124013401440154016401740184019402040214022402340244025402640274028402940304031403240334034403540364037403840394040404140424043404440454046404740484049405040514052405340544055405640574058405940604061406240634064406540664067406840694070407140724073407440754076407740784079408040814082408340844085408640874088408940904091409240934094409540964097409840994100410141024103410441054106410741084109411041114112411341144115411641174118411941204121412241234124412541264127412841294130413141324133413441354136413741384139414041414142414341444145414641474148414941504151415241534154415541564157415841594160416141624163416441654166416741684169417041714172417341744175417641774178417941804181418241834184418541864187418841894190419141924193419441954196419741984199420042014202420342044205420642074208420942104211421242134214421542164217421842194220422142224223422442254226422742284229423042314232423342344235423642374238423942404241424242434244424542464247424842494250425142524253425442554256425742584259426042614262426342644265426642674268426942704271427242734274427542764277427842794280428142824283428442854286428742884289429042914292429342944295429642974298429943004301430243034304430543064307430843094310431143124313431443154316431743184319432043214322432343244325432643274328432943304331433243334334433543364337433843394340434143424343434443454346434743484349435043514352435343544355435643574358435943604361436243634364436543664367436843694370437143724373437443754376437743784379438043814382438343844385438643874388438943904391439243934394439543964397439843994400440144024403440444054406440744084409441044114412441344144415441644174418441944204421442244234424442544264427442844294430443144324433443444354436443744384439444044414442444344444445444644474448444944504451445244534454445544564457445844594460446144624463446444654466446744684469447044714472447344744475447644774478447944804481448244834484448544864487448844894490449144924493449444954496449744984499450045014502450345044505450645074508450945104511451245134514451545164517451845194520452145224523452445254526452745284529453045314532453345344535453645374538453945404541454245434544454545464547454845494550455145524553455445554556455745584559456045614562456345644565456645674568456945704571457245734574457545764577457845794580458145824583458445854586458745884589459045914592459345944595459645974598459946004601460246034604460546064607460846094610461146124613461446154616461746184619462046214622462346244625462646274628462946304631463246334634463546364637463846394640464146424643464446454646464746484649465046514652465346544655465646574658465946604661466246634664466546664667466846694670467146724673467446754676467746784679468046814682468346844685468646874688468946904691469246934694469546964697469846994700470147024703470447054706470747084709471047114712471347144715471647174718471947204721472247234724472547264727472847294730473147324733473447354736473747384739474047414742474347444745474647474748474947504751475247534754475547564757475847594760476147624763476447654766476747684769477047714772477347744775477647774778477947804781478247834784478547864787478847894790479147924793479447954796479747984799480048014802480348044805480648074808480948104811481248134814481548164817481848194820482148224823482448254826482748284829483048314832483348344835483648374838483948404841484248434844484548464847484848494850485148524853485448554856485748584859486048614862486348644865486648674868486948704871487248734874487548764877487848794880488148824883488448854886488748884889489048914892489348944895489648974898489949004901490249034904490549064907490849094910491149124913491449154916491749184919492049214922492349244925492649274928492949304931493249334934493549364937493849394940494149424943494449454946494749484949495049514952495349544955495649574958495949604961496249634964496549664967496849694970497149724973497449754976497749784979498049814982498349844985498649874988498949904991499249934994499549964997499849995000500150025003500450055006500750085009501050115012501350145015501650175018501950205021502250235024502550265027502850295030503150325033503450355036503750385039504050415042504350445045504650475048504950505051505250535054505550565057505850595060506150625063506450655066506750685069507050715072507350745075507650775078507950805081508250835084508550865087508850895090509150925093509450955096509750985099510051015102510351045105510651075108510951105111511251135114511551165117511851195120512151225123512451255126512751285129513051315132513351345135513651375138513951405141514251435144514551465147514851495150515151525153515451555156515751585159516051615162516351645165516651675168516951705171517251735174517551765177517851795180518151825183518451855186518751885189519051915192519351945195519651975198519952005201520252035204520552065207520852095210521152125213521452155216521752185219522052215222522352245225522652275228522952305231523252335234523552365237523852395240524152425243524452455246524752485249525052515252525352545255525652575258525952605261526252635264526552665267526852695270527152725273527452755276527752785279528052815282528352845285528652875288528952905291529252935294529552965297529852995300530153025303530453055306530753085309531053115312531353145315531653175318531953205321532253235324532553265327532853295330533153325333533453355336533753385339534053415342534353445345534653475348534953505351535253535354535553565357535853595360536153625363536453655366536753685369537053715372537353745375537653775378537953805381538253835384538553865387538853895390539153925393539453955396539753985399540054015402540354045405540654075408540954105411541254135414541554165417541854195420542154225423542454255426542754285429543054315432543354345435543654375438543954405441544254435444544554465447544854495450545154525453545454555456545754585459546054615462546354645465546654675468546954705471547254735474547554765477547854795480548154825483548454855486548754885489549054915492549354945495549654975498549955005501550255035504550555065507550855095510551155125513551455155516551755185519552055215522552355245525552655275528552955305531553255335534553555365537553855395540554155425543554455455546554755485549555055515552555355545555555655575558555955605561556255635564556555665567556855695570557155725573557455755576557755785579558055815582558355845585558655875588558955905591559255935594559555965597559855995600560156025603560456055606560756085609561056115612561356145615561656175618561956205621562256235624562556265627562856295630563156325633563456355636563756385639564056415642564356445645564656475648564956505651565256535654565556565657565856595660566156625663566456655666566756685669567056715672567356745675567656775678567956805681568256835684568556865687568856895690569156925693569456955696569756985699570057015702570357045705570657075708570957105711571257135714571557165717571857195720572157225723572457255726572757285729573057315732573357345735573657375738573957405741574257435744574557465747574857495750575157525753575457555756575757585759576057615762576357645765576657675768576957705771577257735774577557765777577857795780578157825783578457855786578757885789579057915792579357945795579657975798579958005801580258035804580558065807580858095810581158125813581458155816581758185819582058215822582358245825582658275828582958305831583258335834583558365837583858395840584158425843584458455846584758485849585058515852585358545855585658575858585958605861586258635864586558665867586858695870587158725873587458755876587758785879588058815882588358845885588658875888588958905891589258935894589558965897589858995900590159025903590459055906590759085909591059115912591359145915591659175918591959205921592259235924592559265927592859295930593159325933593459355936593759385939594059415942594359445945594659475948594959505951595259535954595559565957595859595960596159625963596459655966596759685969597059715972597359745975597659775978597959805981598259835984598559865987598859895990599159925993599459955996599759985999600060016002600360046005600660076008600960106011601260136014601560166017601860196020602160226023602460256026602760286029603060316032603360346035603660376038603960406041604260436044604560466047604860496050605160526053605460556056605760586059606060616062606360646065606660676068606960706071607260736074607560766077607860796080608160826083608460856086608760886089609060916092609360946095609660976098609961006101610261036104610561066107610861096110611161126113611461156116611761186119612061216122612361246125612661276128612961306131613261336134613561366137613861396140614161426143614461456146614761486149615061516152615361546155615661576158615961606161 |
- /*
- * Copyright (c) 2024, Andrew Kaster <akaster@serenityos.org>
- * Copyright (c) 2024, stelar7 <dudedbz@gmail.com>
- * Copyright (c) 2024, Jelle Raaijmakers <jelle@ladybird.org>
- * Copyright (c) 2024, Andreas Kling <andreas@ladybird.org>
- * Copyright (c) 2024, Altomani Gianluca <altomanigianluca@gmail.com>
- *
- * SPDX-License-Identifier: BSD-2-Clause
- */
- #include <AK/Base64.h>
- #include <AK/HashTable.h>
- #include <AK/QuickSort.h>
- #include <LibCrypto/ASN1/ASN1.h>
- #include <LibCrypto/ASN1/Constants.h>
- #include <LibCrypto/ASN1/DER.h>
- #include <LibCrypto/Authentication/HMAC.h>
- #include <LibCrypto/Certificate/Certificate.h>
- #include <LibCrypto/Cipher/AES.h>
- #include <LibCrypto/Curves/Ed25519.h>
- #include <LibCrypto/Curves/SECPxxxr1.h>
- #include <LibCrypto/Curves/X25519.h>
- #include <LibCrypto/Curves/X448.h>
- #include <LibCrypto/Hash/HKDF.h>
- #include <LibCrypto/Hash/HashManager.h>
- #include <LibCrypto/Hash/MGF.h>
- #include <LibCrypto/Hash/PBKDF2.h>
- #include <LibCrypto/Hash/SHA1.h>
- #include <LibCrypto/Hash/SHA2.h>
- #include <LibCrypto/PK/RSA.h>
- #include <LibCrypto/Padding/OAEP.h>
- #include <LibJS/Runtime/Array.h>
- #include <LibJS/Runtime/ArrayBuffer.h>
- #include <LibJS/Runtime/DataView.h>
- #include <LibJS/Runtime/TypedArray.h>
- #include <LibWeb/Crypto/CryptoAlgorithms.h>
- #include <LibWeb/Crypto/KeyAlgorithms.h>
- #include <LibWeb/Crypto/SubtleCrypto.h>
- #include <LibWeb/WebIDL/AbstractOperations.h>
- namespace Web::Crypto {
- static JS::ThrowCompletionOr<HashAlgorithmIdentifier> hash_algorithm_identifier_from_value(JS::VM& vm, JS::Value hash_value)
- {
- if (hash_value.is_string()) {
- auto hash_string = TRY(hash_value.to_string(vm));
- return HashAlgorithmIdentifier { hash_string };
- }
- auto hash_object = TRY(hash_value.to_object(vm));
- return HashAlgorithmIdentifier { hash_object };
- }
- // https://w3c.github.io/webcrypto/#concept-usage-intersection
- static Vector<Bindings::KeyUsage> usage_intersection(ReadonlySpan<Bindings::KeyUsage> a, ReadonlySpan<Bindings::KeyUsage> b)
- {
- Vector<Bindings::KeyUsage> result;
- for (auto const& usage : a) {
- if (b.contains_slow(usage))
- result.append(usage);
- }
- quick_sort(result);
- return result;
- }
- // Out of line to ensure this class has a key function
- AlgorithmMethods::~AlgorithmMethods() = default;
- // https://w3c.github.io/webcrypto/#big-integer
- static ::Crypto::UnsignedBigInteger big_integer_from_api_big_integer(GC::Ptr<JS::Uint8Array> const& big_integer)
- {
- // The BigInteger typedef is a Uint8Array that holds an arbitrary magnitude unsigned integer
- // **in big-endian order**. Values read from the API SHALL have minimal typed array length
- // (that is, at most 7 leading zero bits, except the value 0 which shall have length 8 bits).
- // The API SHALL accept values with any number of leading zero bits, including the empty array, which represents zero.
- auto const& buffer = big_integer->viewed_array_buffer()->buffer();
- ::Crypto::UnsignedBigInteger result(0);
- if (buffer.size() > 0) {
- if constexpr (AK::HostIsLittleEndian) {
- // We need to reverse the buffer to get it into little-endian order
- Vector<u8, 32> reversed_buffer;
- reversed_buffer.resize(buffer.size());
- for (size_t i = 0; i < buffer.size(); ++i) {
- reversed_buffer[buffer.size() - i - 1] = buffer[i];
- }
- return ::Crypto::UnsignedBigInteger::import_data(reversed_buffer.data(), reversed_buffer.size());
- } else {
- return ::Crypto::UnsignedBigInteger::import_data(buffer.data(), buffer.size());
- }
- }
- return ::Crypto::UnsignedBigInteger(0);
- }
- // https://www.rfc-editor.org/rfc/rfc7518#section-2
- ErrorOr<String> base64_url_uint_encode(::Crypto::UnsignedBigInteger integer)
- {
- // The representation of a positive or zero integer value as the
- // base64url encoding of the value's unsigned big-endian
- // representation as an octet sequence. The octet sequence MUST
- // utilize the minimum number of octets needed to represent the
- // value. Zero is represented as BASE64URL(single zero-valued
- // octet), which is "AA".
- auto bytes = TRY(ByteBuffer::create_uninitialized(integer.trimmed_byte_length()));
- bool const remove_leading_zeroes = true;
- auto data_size = integer.export_data(bytes.span(), remove_leading_zeroes);
- auto data_slice_be = bytes.bytes().slice(bytes.size() - data_size, data_size);
- String encoded;
- if constexpr (AK::HostIsLittleEndian) {
- // We need to encode the integer's big endian representation as a base64 string
- Vector<u8, 32> data_slice_cpu;
- data_slice_cpu.ensure_capacity(data_size);
- for (size_t i = 0; i < data_size; ++i) {
- data_slice_cpu.append(data_slice_be[data_size - i - 1]);
- }
- encoded = TRY(encode_base64url(data_slice_cpu));
- } else {
- encoded = TRY(encode_base64url(data_slice_be));
- }
- // FIXME: create a version of encode_base64url that omits padding bytes
- if (auto first_padding_byte = encoded.find_byte_offset('='); first_padding_byte.has_value())
- return encoded.substring_from_byte_offset(0, first_padding_byte.value());
- return encoded;
- }
- WebIDL::ExceptionOr<ByteBuffer> base64_url_bytes_decode(JS::Realm& realm, String const& base64_url_string)
- {
- auto& vm = realm.vm();
- // FIXME: Create a version of decode_base64url that ignores padding inconsistencies
- auto padded_string = base64_url_string;
- if (padded_string.byte_count() % 4 != 0) {
- padded_string = TRY_OR_THROW_OOM(vm, String::formatted("{}{}", padded_string, TRY_OR_THROW_OOM(vm, String::repeated('=', 4 - (padded_string.byte_count() % 4)))));
- }
- auto base64_bytes_or_error = decode_base64url(padded_string);
- if (base64_bytes_or_error.is_error()) {
- if (base64_bytes_or_error.error().code() == ENOMEM)
- return vm.throw_completion<JS::InternalError>(vm.error_message(::JS::VM::ErrorMessage::OutOfMemory));
- return WebIDL::DataError::create(realm, MUST(String::formatted("base64 decode: {}", base64_bytes_or_error.release_error())));
- }
- return base64_bytes_or_error.release_value();
- }
- WebIDL::ExceptionOr<::Crypto::UnsignedBigInteger> base64_url_uint_decode(JS::Realm& realm, String const& base64_url_string)
- {
- auto base64_bytes_be = TRY(base64_url_bytes_decode(realm, base64_url_string));
- if constexpr (AK::HostIsLittleEndian) {
- // We need to swap the integer's big-endian representation to little endian in order to import it
- Vector<u8, 32> base64_bytes_cpu;
- base64_bytes_cpu.ensure_capacity(base64_bytes_be.size());
- for (size_t i = 0; i < base64_bytes_be.size(); ++i) {
- base64_bytes_cpu.append(base64_bytes_be[base64_bytes_be.size() - i - 1]);
- }
- return ::Crypto::UnsignedBigInteger::import_data(base64_bytes_cpu.data(), base64_bytes_cpu.size());
- } else {
- return ::Crypto::UnsignedBigInteger::import_data(base64_bytes_be.data(), base64_bytes_be.size());
- }
- }
- // https://w3c.github.io/webcrypto/#concept-parse-an-asn1-structure
- template<typename Structure>
- static WebIDL::ExceptionOr<Structure> parse_an_ASN1_structure(JS::Realm& realm, ReadonlyBytes data, bool exact_data = true)
- {
- // 1. Let data be a sequence of bytes to be parsed.
- // 2. Let structure be the ASN.1 structure to be parsed.
- // 3. Let exactData be an optional boolean value. If it is not supplied, let it be initialized to true.
- // 4. Parse data according to the Distinguished Encoding Rules of [X690], using structure as the ASN.1 structure to be decoded.
- ::Crypto::ASN1::Decoder decoder(data);
- Structure structure;
- if constexpr (IsSame<Structure, ::Crypto::Certificate::SubjectPublicKey>) {
- auto maybe_subject_public_key = ::Crypto::Certificate::parse_subject_public_key_info(decoder);
- if (maybe_subject_public_key.is_error())
- return WebIDL::DataError::create(realm, MUST(String::formatted("Error parsing subjectPublicKeyInfo: {}", maybe_subject_public_key.release_error())));
- structure = maybe_subject_public_key.release_value();
- } else if constexpr (IsSame<Structure, ::Crypto::Certificate::PrivateKey>) {
- auto maybe_private_key = ::Crypto::Certificate::parse_private_key_info(decoder);
- if (maybe_private_key.is_error())
- return WebIDL::DataError::create(realm, MUST(String::formatted("Error parsing privateKeyInfo: {}", maybe_private_key.release_error())));
- structure = maybe_private_key.release_value();
- } else if constexpr (IsSame<Structure, StringView>) {
- auto read_result = decoder.read<StringView>(::Crypto::ASN1::Class::Universal, ::Crypto::ASN1::Kind::OctetString);
- if (read_result.is_error())
- return WebIDL::DataError::create(realm, MUST(String::formatted("Read of kind OctetString failed: {}", read_result.error())));
- structure = read_result.release_value();
- } else {
- static_assert(DependentFalse<Structure>, "Don't know how to parse ASN.1 structure type");
- }
- // 5. If exactData was specified, and all of the bytes of data were not consumed during the parsing phase, then throw a DataError.
- if (exact_data && !decoder.eof())
- return WebIDL::DataError::create(realm, "Not all bytes were consumed during the parsing phase"_string);
- // 6. Return the parsed ASN.1 structure.
- return structure;
- }
- // https://w3c.github.io/webcrypto/#concept-parse-a-spki
- static WebIDL::ExceptionOr<::Crypto::Certificate::SubjectPublicKey> parse_a_subject_public_key_info(JS::Realm& realm, ReadonlyBytes bytes)
- {
- // When this specification says to parse a subjectPublicKeyInfo, the user agent must parse an ASN.1 structure,
- // with data set to the sequence of bytes to be parsed, structure as the ASN.1 structure of subjectPublicKeyInfo,
- // as specified in [RFC5280], and exactData set to true.
- return parse_an_ASN1_structure<::Crypto::Certificate::SubjectPublicKey>(realm, bytes, true);
- }
- // https://w3c.github.io/webcrypto/#concept-parse-a-privateKeyInfo
- static WebIDL::ExceptionOr<::Crypto::Certificate::PrivateKey> parse_a_private_key_info(JS::Realm& realm, ReadonlyBytes bytes)
- {
- // When this specification says to parse a PrivateKeyInfo, the user agent must parse an ASN.1 structure
- // with data set to the sequence of bytes to be parsed, structure as the ASN.1 structure of PrivateKeyInfo,
- // as specified in [RFC5208], and exactData set to true.
- return parse_an_ASN1_structure<::Crypto::Certificate::PrivateKey>(realm, bytes, true);
- }
- static WebIDL::ExceptionOr<::Crypto::PK::RSAPrivateKey<>> parse_jwk_rsa_private_key(JS::Realm& realm, Bindings::JsonWebKey const& jwk)
- {
- auto n = TRY(base64_url_uint_decode(realm, *jwk.n));
- auto d = TRY(base64_url_uint_decode(realm, *jwk.d));
- auto e = TRY(base64_url_uint_decode(realm, *jwk.e));
- // We know that if any of the extra parameters are provided, all of them must be
- if (!jwk.p.has_value())
- return ::Crypto::PK::RSAPrivateKey<>(move(n), move(d), move(e), 0, 0);
- auto p = TRY(base64_url_uint_decode(realm, *jwk.p));
- auto q = TRY(base64_url_uint_decode(realm, *jwk.q));
- auto dp = TRY(base64_url_uint_decode(realm, *jwk.dp));
- auto dq = TRY(base64_url_uint_decode(realm, *jwk.dq));
- auto qi = TRY(base64_url_uint_decode(realm, *jwk.qi));
- return ::Crypto::PK::RSAPrivateKey<>(move(n), move(d), move(e), move(p), move(q), move(dp), move(dq), move(qi));
- }
- static WebIDL::ExceptionOr<::Crypto::PK::RSAPublicKey<>> parse_jwk_rsa_public_key(JS::Realm& realm, Bindings::JsonWebKey const& jwk)
- {
- auto e = TRY(base64_url_uint_decode(realm, *jwk.e));
- auto n = TRY(base64_url_uint_decode(realm, *jwk.n));
- return ::Crypto::PK::RSAPublicKey<>(move(n), move(e));
- }
- static WebIDL::ExceptionOr<ByteBuffer> parse_jwk_symmetric_key(JS::Realm& realm, Bindings::JsonWebKey const& jwk)
- {
- if (!jwk.k.has_value()) {
- return WebIDL::DataError::create(realm, "JWK has no 'k' field"_string);
- }
- return base64_url_bytes_decode(realm, *jwk.k);
- }
- // https://www.rfc-editor.org/rfc/rfc7517#section-4.3
- static WebIDL::ExceptionOr<void> validate_jwk_key_ops(JS::Realm& realm, Bindings::JsonWebKey const& jwk, Vector<Bindings::KeyUsage> const& usages)
- {
- // Use of the "key_ops" member is OPTIONAL, unless the application requires its presence.
- if (!jwk.key_ops.has_value())
- return {};
- auto key_operations = *jwk.key_ops;
- // Duplicate key operation values MUST NOT be present in the array
- HashTable<String> seen_operations;
- for (auto const& key_operation : key_operations) {
- if (seen_operations.set(key_operation) != HashSetResult::InsertedNewEntry)
- return WebIDL::DataError::create(realm, MUST(String::formatted("Duplicate key operation: {}", key_operation)));
- }
- // Multiple unrelated key operations SHOULD NOT be specified for a key because of the potential
- // vulnerabilities associated with using the same key with multiple algorithms. Thus, the
- // combinations "sign" with "verify", "encrypt" with "decrypt", and "wrapKey" with "unwrapKey"
- // are permitted, but other combinations SHOULD NOT be used.
- auto is_used_for_signing = seen_operations.contains("sign"sv) || seen_operations.contains("verify"sv);
- auto is_used_for_encryption = seen_operations.contains("encrypt"sv) || seen_operations.contains("decrypt"sv);
- auto is_used_for_wrapping = seen_operations.contains("wrapKey"sv) || seen_operations.contains("unwrapKey"sv);
- auto number_of_operation_types = is_used_for_signing + is_used_for_encryption + is_used_for_wrapping;
- if (number_of_operation_types > 1)
- return WebIDL::DataError::create(realm, "Multiple unrelated key operations are specified"_string);
- // The "use" and "key_ops" JWK members SHOULD NOT be used together; however, if both are used,
- // the information they convey MUST be consistent. Applications should specify which of these
- // members they use, if either is to be used by the application.
- if (jwk.use.has_value()) {
- for (auto const& key_operation : key_operations) {
- if (key_operation == "deriveKey"sv || key_operation == "deriveBits"sv)
- continue;
- if (jwk.use == "sig"sv && key_operation != "sign"sv && key_operation != "verify"sv)
- return WebIDL::DataError::create(realm, "use=sig but key_ops does not contain 'sign' or 'verify'"_string);
- if (jwk.use == "enc"sv && (key_operation == "sign"sv || key_operation == "verify"sv))
- return WebIDL::DataError::create(realm, "use=enc but key_ops contains 'sign' or 'verify'"_string);
- }
- }
- // NOTE: This validation happens in multiple places in the spec, so it is here for convenience.
- for (auto const& usage : usages) {
- if (!seen_operations.contains(Bindings::idl_enum_to_string(usage)))
- return WebIDL::DataError::create(realm, MUST(String::formatted("Missing key_ops usage: {}", Bindings::idl_enum_to_string(usage))));
- }
- return {};
- }
- static WebIDL::ExceptionOr<ByteBuffer> generate_random_key(JS::VM& vm, u16 const size_in_bits)
- {
- auto key_buffer = TRY_OR_THROW_OOM(vm, ByteBuffer::create_uninitialized(size_in_bits / 8));
- // FIXME: Use a cryptographically secure random generator
- fill_with_random(key_buffer);
- return key_buffer;
- }
- AlgorithmParams::~AlgorithmParams() = default;
- JS::ThrowCompletionOr<NonnullOwnPtr<AlgorithmParams>> AlgorithmParams::from_value(JS::VM&, JS::Value)
- {
- return adopt_own(*new AlgorithmParams {});
- }
- AesCbcParams::~AesCbcParams() = default;
- JS::ThrowCompletionOr<NonnullOwnPtr<AlgorithmParams>> AesCbcParams::from_value(JS::VM& vm, JS::Value value)
- {
- auto& object = value.as_object();
- auto iv_value = TRY(object.get("iv"));
- if (!iv_value.is_object() || !(is<JS::TypedArrayBase>(iv_value.as_object()) || is<JS::ArrayBuffer>(iv_value.as_object()) || is<JS::DataView>(iv_value.as_object())))
- return vm.throw_completion<JS::TypeError>(JS::ErrorType::NotAnObjectOfType, "BufferSource");
- auto iv = TRY_OR_THROW_OOM(vm, WebIDL::get_buffer_source_copy(iv_value.as_object()));
- return adopt_own<AlgorithmParams>(*new AesCbcParams { iv });
- }
- AesCtrParams::~AesCtrParams() = default;
- JS::ThrowCompletionOr<NonnullOwnPtr<AlgorithmParams>> AesCtrParams::from_value(JS::VM& vm, JS::Value value)
- {
- auto& object = value.as_object();
- auto iv_value = TRY(object.get("counter"));
- if (!iv_value.is_object() || !(is<JS::TypedArrayBase>(iv_value.as_object()) || is<JS::ArrayBuffer>(iv_value.as_object()) || is<JS::DataView>(iv_value.as_object())))
- return vm.throw_completion<JS::TypeError>(JS::ErrorType::NotAnObjectOfType, "BufferSource");
- auto iv = TRY_OR_THROW_OOM(vm, WebIDL::get_buffer_source_copy(iv_value.as_object()));
- auto length_value = TRY(object.get("length"));
- auto length = TRY(length_value.to_u8(vm));
- return adopt_own<AlgorithmParams>(*new AesCtrParams { iv, length });
- }
- AesGcmParams::~AesGcmParams() = default;
- JS::ThrowCompletionOr<NonnullOwnPtr<AlgorithmParams>> AesGcmParams::from_value(JS::VM& vm, JS::Value value)
- {
- auto& object = value.as_object();
- auto iv_value = TRY(object.get("iv"));
- if (!iv_value.is_object() || !(is<JS::TypedArrayBase>(iv_value.as_object()) || is<JS::ArrayBuffer>(iv_value.as_object()) || is<JS::DataView>(iv_value.as_object())))
- return vm.throw_completion<JS::TypeError>(JS::ErrorType::NotAnObjectOfType, "BufferSource");
- auto iv = TRY_OR_THROW_OOM(vm, WebIDL::get_buffer_source_copy(iv_value.as_object()));
- auto maybe_additional_data = Optional<ByteBuffer> {};
- if (MUST(object.has_property("additionalData"))) {
- auto additional_data_value = TRY(object.get("additionalData"));
- if (!additional_data_value.is_object() || !(is<JS::TypedArrayBase>(additional_data_value.as_object()) || is<JS::ArrayBuffer>(additional_data_value.as_object()) || is<JS::DataView>(additional_data_value.as_object())))
- return vm.throw_completion<JS::TypeError>(JS::ErrorType::NotAnObjectOfType, "BufferSource");
- maybe_additional_data = TRY_OR_THROW_OOM(vm, WebIDL::get_buffer_source_copy(additional_data_value.as_object()));
- }
- auto maybe_tag_length = Optional<u8> {};
- if (MUST(object.has_property("tagLength"))) {
- auto tag_length_value = TRY(object.get("tagLength"));
- maybe_tag_length = TRY(tag_length_value.to_u8(vm));
- }
- return adopt_own<AlgorithmParams>(*new AesGcmParams { iv, maybe_additional_data, maybe_tag_length });
- }
- HKDFParams::~HKDFParams() = default;
- JS::ThrowCompletionOr<NonnullOwnPtr<AlgorithmParams>> HKDFParams::from_value(JS::VM& vm, JS::Value value)
- {
- auto& object = value.as_object();
- auto hash_value = TRY(object.get("hash"));
- auto hash = TRY(hash_algorithm_identifier_from_value(vm, hash_value));
- auto salt_value = TRY(object.get("salt"));
- if (!salt_value.is_object() || !(is<JS::TypedArrayBase>(salt_value.as_object()) || is<JS::ArrayBuffer>(salt_value.as_object()) || is<JS::DataView>(salt_value.as_object())))
- return vm.throw_completion<JS::TypeError>(JS::ErrorType::NotAnObjectOfType, "BufferSource");
- auto salt = TRY_OR_THROW_OOM(vm, WebIDL::get_buffer_source_copy(salt_value.as_object()));
- auto info_value = TRY(object.get("info"));
- if (!info_value.is_object() || !(is<JS::TypedArrayBase>(info_value.as_object()) || is<JS::ArrayBuffer>(info_value.as_object()) || is<JS::DataView>(info_value.as_object())))
- return vm.throw_completion<JS::TypeError>(JS::ErrorType::NotAnObjectOfType, "BufferSource");
- auto info = TRY_OR_THROW_OOM(vm, WebIDL::get_buffer_source_copy(info_value.as_object()));
- return adopt_own<AlgorithmParams>(*new HKDFParams { hash, salt, info });
- }
- PBKDF2Params::~PBKDF2Params() = default;
- JS::ThrowCompletionOr<NonnullOwnPtr<AlgorithmParams>> PBKDF2Params::from_value(JS::VM& vm, JS::Value value)
- {
- auto& object = value.as_object();
- auto salt_value = TRY(object.get("salt"));
- if (!salt_value.is_object() || !(is<JS::TypedArrayBase>(salt_value.as_object()) || is<JS::ArrayBuffer>(salt_value.as_object()) || is<JS::DataView>(salt_value.as_object())))
- return vm.throw_completion<JS::TypeError>(JS::ErrorType::NotAnObjectOfType, "BufferSource");
- auto salt = TRY_OR_THROW_OOM(vm, WebIDL::get_buffer_source_copy(salt_value.as_object()));
- auto iterations_value = TRY(object.get("iterations"));
- auto iterations = TRY(iterations_value.to_u32(vm));
- auto hash_value = TRY(object.get("hash"));
- auto hash = TRY(hash_algorithm_identifier_from_value(vm, hash_value));
- return adopt_own<AlgorithmParams>(*new PBKDF2Params { salt, iterations, hash });
- }
- RsaKeyGenParams::~RsaKeyGenParams() = default;
- JS::ThrowCompletionOr<NonnullOwnPtr<AlgorithmParams>> RsaKeyGenParams::from_value(JS::VM& vm, JS::Value value)
- {
- auto& object = value.as_object();
- auto modulus_length_value = TRY(object.get("modulusLength"));
- auto modulus_length = TRY(modulus_length_value.to_u32(vm));
- auto public_exponent_value = TRY(object.get("publicExponent"));
- GC::Ptr<JS::Uint8Array> public_exponent;
- if (!public_exponent_value.is_object() || !is<JS::Uint8Array>(public_exponent_value.as_object()))
- return vm.throw_completion<JS::TypeError>(JS::ErrorType::NotAnObjectOfType, "Uint8Array");
- public_exponent = static_cast<JS::Uint8Array&>(public_exponent_value.as_object());
- return adopt_own<AlgorithmParams>(*new RsaKeyGenParams { modulus_length, big_integer_from_api_big_integer(public_exponent) });
- }
- RsaHashedKeyGenParams::~RsaHashedKeyGenParams() = default;
- JS::ThrowCompletionOr<NonnullOwnPtr<AlgorithmParams>> RsaHashedKeyGenParams::from_value(JS::VM& vm, JS::Value value)
- {
- auto& object = value.as_object();
- auto modulus_length_value = TRY(object.get("modulusLength"));
- auto modulus_length = TRY(modulus_length_value.to_u32(vm));
- auto public_exponent_value = TRY(object.get("publicExponent"));
- GC::Ptr<JS::Uint8Array> public_exponent;
- if (!public_exponent_value.is_object() || !is<JS::Uint8Array>(public_exponent_value.as_object()))
- return vm.throw_completion<JS::TypeError>(JS::ErrorType::NotAnObjectOfType, "Uint8Array");
- public_exponent = static_cast<JS::Uint8Array&>(public_exponent_value.as_object());
- auto hash_value = TRY(object.get("hash"));
- auto hash = TRY(hash_algorithm_identifier_from_value(vm, hash_value));
- return adopt_own<AlgorithmParams>(*new RsaHashedKeyGenParams { modulus_length, big_integer_from_api_big_integer(public_exponent), hash });
- }
- RsaHashedImportParams::~RsaHashedImportParams() = default;
- JS::ThrowCompletionOr<NonnullOwnPtr<AlgorithmParams>> RsaHashedImportParams::from_value(JS::VM& vm, JS::Value value)
- {
- auto& object = value.as_object();
- auto hash_value = TRY(object.get("hash"));
- auto hash = TRY(hash_algorithm_identifier_from_value(vm, hash_value));
- return adopt_own<AlgorithmParams>(*new RsaHashedImportParams { hash });
- }
- RsaOaepParams::~RsaOaepParams() = default;
- JS::ThrowCompletionOr<NonnullOwnPtr<AlgorithmParams>> RsaOaepParams::from_value(JS::VM& vm, JS::Value value)
- {
- auto& object = value.as_object();
- auto label_value = TRY(object.get("label"));
- ByteBuffer label;
- if (!label_value.is_nullish()) {
- if (!label_value.is_object() || !(is<JS::TypedArrayBase>(label_value.as_object()) || is<JS::ArrayBuffer>(label_value.as_object()) || is<JS::DataView>(label_value.as_object())))
- return vm.throw_completion<JS::TypeError>(JS::ErrorType::NotAnObjectOfType, "BufferSource");
- label = TRY_OR_THROW_OOM(vm, WebIDL::get_buffer_source_copy(label_value.as_object()));
- }
- return adopt_own<AlgorithmParams>(*new RsaOaepParams { move(label) });
- }
- EcdsaParams::~EcdsaParams() = default;
- JS::ThrowCompletionOr<NonnullOwnPtr<AlgorithmParams>> EcdsaParams::from_value(JS::VM& vm, JS::Value value)
- {
- auto& object = value.as_object();
- auto hash_value = TRY(object.get("hash"));
- auto hash = TRY(hash_algorithm_identifier_from_value(vm, hash_value));
- return adopt_own<AlgorithmParams>(*new EcdsaParams { hash });
- }
- EcKeyGenParams::~EcKeyGenParams() = default;
- JS::ThrowCompletionOr<NonnullOwnPtr<AlgorithmParams>> EcKeyGenParams::from_value(JS::VM& vm, JS::Value value)
- {
- auto& object = value.as_object();
- auto curve_value = TRY(object.get("namedCurve"));
- auto curve = TRY(curve_value.to_string(vm));
- return adopt_own<AlgorithmParams>(*new EcKeyGenParams { curve });
- }
- AesKeyGenParams::~AesKeyGenParams() = default;
- JS::ThrowCompletionOr<NonnullOwnPtr<AlgorithmParams>> AesKeyGenParams::from_value(JS::VM& vm, JS::Value value)
- {
- auto& object = value.as_object();
- auto length_value = TRY(object.get("length"));
- auto length = TRY(length_value.to_u16(vm));
- return adopt_own<AlgorithmParams>(*new AesKeyGenParams { length });
- }
- AesDerivedKeyParams::~AesDerivedKeyParams() = default;
- JS::ThrowCompletionOr<NonnullOwnPtr<AlgorithmParams>> AesDerivedKeyParams::from_value(JS::VM& vm, JS::Value value)
- {
- auto& object = value.as_object();
- auto length_value = TRY(object.get("length"));
- auto length = TRY(length_value.to_u16(vm));
- return adopt_own<AlgorithmParams>(*new AesDerivedKeyParams { length });
- }
- EcdhKeyDeriveParams::~EcdhKeyDeriveParams() = default;
- JS::ThrowCompletionOr<NonnullOwnPtr<AlgorithmParams>> EcdhKeyDeriveParams::from_value(JS::VM& vm, JS::Value value)
- {
- auto& object = value.as_object();
- auto key_value = TRY(object.get("public"));
- auto key_object = TRY(key_value.to_object(vm));
- if (!is<CryptoKey>(*key_object)) {
- return vm.throw_completion<JS::TypeError>(JS::ErrorType::NotAnObjectOfType, "CryptoKey");
- }
- auto& key = verify_cast<CryptoKey>(*key_object);
- return adopt_own<AlgorithmParams>(*new EcdhKeyDeriveParams { key });
- }
- EcKeyImportParams::~EcKeyImportParams() = default;
- JS::ThrowCompletionOr<NonnullOwnPtr<AlgorithmParams>> EcKeyImportParams::from_value(JS::VM& vm, JS::Value value)
- {
- auto& object = value.as_object();
- auto named_curve_value = TRY(object.get("namedCurve"));
- auto named_curve = TRY(named_curve_value.to_string(vm));
- return adopt_own<AlgorithmParams>(*new EcKeyImportParams { named_curve });
- }
- HmacImportParams::~HmacImportParams() = default;
- JS::ThrowCompletionOr<NonnullOwnPtr<AlgorithmParams>> HmacImportParams::from_value(JS::VM& vm, JS::Value value)
- {
- auto& object = value.as_object();
- auto hash_value = TRY(object.get("hash"));
- auto hash = TRY(hash_algorithm_identifier_from_value(vm, hash_value));
- auto maybe_length = Optional<WebIDL::UnsignedLong> {};
- if (MUST(object.has_property("length"))) {
- auto length_value = TRY(object.get("length"));
- maybe_length = TRY(length_value.to_u32(vm));
- }
- return adopt_own<AlgorithmParams>(*new HmacImportParams { hash, maybe_length });
- }
- HmacKeyGenParams::~HmacKeyGenParams() = default;
- JS::ThrowCompletionOr<NonnullOwnPtr<AlgorithmParams>> HmacKeyGenParams::from_value(JS::VM& vm, JS::Value value)
- {
- auto& object = value.as_object();
- auto hash_value = TRY(object.get("hash"));
- auto hash = TRY(hash_algorithm_identifier_from_value(vm, hash_value));
- auto maybe_length = Optional<WebIDL::UnsignedLong> {};
- if (MUST(object.has_property("length"))) {
- auto length_value = TRY(object.get("length"));
- maybe_length = TRY(length_value.to_u32(vm));
- }
- return adopt_own<AlgorithmParams>(*new HmacKeyGenParams { hash, maybe_length });
- }
- // https://w3c.github.io/webcrypto/#rsa-oaep-operations
- WebIDL::ExceptionOr<GC::Ref<JS::ArrayBuffer>> RSAOAEP::encrypt(AlgorithmParams const& params, GC::Ref<CryptoKey> key, ByteBuffer const& plaintext)
- {
- auto& realm = *m_realm;
- auto& vm = realm.vm();
- auto const& normalized_algorithm = static_cast<RsaOaepParams const&>(params);
- // 1. If the [[type]] internal slot of key is not "public", then throw an InvalidAccessError.
- if (key->type() != Bindings::KeyType::Public)
- return WebIDL::InvalidAccessError::create(realm, "Key is not a public key"_string);
- // 2. Let label be the contents of the label member of normalizedAlgorithm or the empty octet string if the label member of normalizedAlgorithm is not present.
- auto const& label = normalized_algorithm.label;
- auto const& handle = key->handle();
- auto public_key = handle.get<::Crypto::PK::RSAPublicKey<>>();
- auto hash = TRY(verify_cast<RsaHashedKeyAlgorithm>(*key->algorithm()).hash().name(vm));
- // 3. Perform the encryption operation defined in Section 7.1 of [RFC3447] with the key represented by key as the recipient's RSA public key,
- // the contents of plaintext as the message to be encrypted, M and label as the label, L, and with the hash function specified by the hash attribute
- // of the [[algorithm]] internal slot of key as the Hash option and MGF1 (defined in Section B.2.1 of [RFC3447]) as the MGF option.
- auto error_message = MUST(String::formatted("Invalid hash function '{}'", hash));
- ErrorOr<ByteBuffer> maybe_padding = Error::from_string_view(error_message.bytes_as_string_view());
- if (hash == "SHA-1") {
- maybe_padding = ::Crypto::Padding::OAEP::eme_encode<::Crypto::Hash::SHA1, ::Crypto::Hash::MGF>(plaintext, label, public_key.length());
- } else if (hash == "SHA-256") {
- maybe_padding = ::Crypto::Padding::OAEP::eme_encode<::Crypto::Hash::SHA256, ::Crypto::Hash::MGF>(plaintext, label, public_key.length());
- } else if (hash == "SHA-384") {
- maybe_padding = ::Crypto::Padding::OAEP::eme_encode<::Crypto::Hash::SHA384, ::Crypto::Hash::MGF>(plaintext, label, public_key.length());
- } else if (hash == "SHA-512") {
- maybe_padding = ::Crypto::Padding::OAEP::eme_encode<::Crypto::Hash::SHA512, ::Crypto::Hash::MGF>(plaintext, label, public_key.length());
- }
- // 4. If performing the operation results in an error, then throw an OperationError.
- if (maybe_padding.is_error()) {
- auto error_message = MUST(String::from_utf8(maybe_padding.error().string_literal()));
- return WebIDL::OperationError::create(realm, error_message);
- }
- auto padding = maybe_padding.release_value();
- // 5. Let ciphertext be the value C that results from performing the operation.
- auto ciphertext = TRY_OR_THROW_OOM(vm, ByteBuffer::create_uninitialized(public_key.length()));
- auto ciphertext_bytes = ciphertext.bytes();
- auto rsa = ::Crypto::PK::RSA { public_key };
- rsa.encrypt(padding, ciphertext_bytes);
- // 6. Return the result of creating an ArrayBuffer containing ciphertext.
- return JS::ArrayBuffer::create(realm, move(ciphertext));
- }
- // https://w3c.github.io/webcrypto/#rsa-oaep-operations
- WebIDL::ExceptionOr<GC::Ref<JS::ArrayBuffer>> RSAOAEP::decrypt(AlgorithmParams const& params, GC::Ref<CryptoKey> key, AK::ByteBuffer const& ciphertext)
- {
- auto& realm = *m_realm;
- auto& vm = realm.vm();
- auto const& normalized_algorithm = static_cast<RsaOaepParams const&>(params);
- // 1. If the [[type]] internal slot of key is not "private", then throw an InvalidAccessError.
- if (key->type() != Bindings::KeyType::Private)
- return WebIDL::InvalidAccessError::create(realm, "Key is not a private key"_string);
- // 2. Let label be the contents of the label member of normalizedAlgorithm or the empty octet string if the label member of normalizedAlgorithm is not present.
- auto const& label = normalized_algorithm.label;
- auto const& handle = key->handle();
- auto private_key = handle.get<::Crypto::PK::RSAPrivateKey<>>();
- auto hash = TRY(verify_cast<RsaHashedKeyAlgorithm>(*key->algorithm()).hash().name(vm));
- // 3. Perform the decryption operation defined in Section 7.1 of [RFC3447] with the key represented by key as the recipient's RSA private key,
- // the contents of ciphertext as the ciphertext to be decrypted, C, and label as the label, L, and with the hash function specified by the hash attribute
- // of the [[algorithm]] internal slot of key as the Hash option and MGF1 (defined in Section B.2.1 of [RFC3447]) as the MGF option.
- auto rsa = ::Crypto::PK::RSA { private_key };
- u32 private_key_length = private_key.length();
- auto padding = TRY_OR_THROW_OOM(vm, ByteBuffer::create_uninitialized(private_key_length));
- auto padding_bytes = padding.bytes();
- rsa.decrypt(ciphertext, padding_bytes);
- auto error_message = MUST(String::formatted("Invalid hash function '{}'", hash));
- ErrorOr<ByteBuffer> maybe_plaintext = Error::from_string_view(error_message.bytes_as_string_view());
- if (hash == "SHA-1") {
- maybe_plaintext = ::Crypto::Padding::OAEP::eme_decode<::Crypto::Hash::SHA1, ::Crypto::Hash::MGF>(padding, label, private_key_length);
- } else if (hash == "SHA-256") {
- maybe_plaintext = ::Crypto::Padding::OAEP::eme_decode<::Crypto::Hash::SHA256, ::Crypto::Hash::MGF>(padding, label, private_key_length);
- } else if (hash == "SHA-384") {
- maybe_plaintext = ::Crypto::Padding::OAEP::eme_decode<::Crypto::Hash::SHA384, ::Crypto::Hash::MGF>(padding, label, private_key_length);
- } else if (hash == "SHA-512") {
- maybe_plaintext = ::Crypto::Padding::OAEP::eme_decode<::Crypto::Hash::SHA512, ::Crypto::Hash::MGF>(padding, label, private_key_length);
- }
- // 4. If performing the operation results in an error, then throw an OperationError.
- if (maybe_plaintext.is_error()) {
- auto error_message = MUST(String::from_utf8(maybe_plaintext.error().string_literal()));
- return WebIDL::OperationError::create(realm, error_message);
- }
- // 5. Let plaintext the value M that results from performing the operation.
- auto plaintext = maybe_plaintext.release_value();
- // 6. Return the result of creating an ArrayBuffer containing plaintext.
- return JS::ArrayBuffer::create(realm, move(plaintext));
- }
- // https://w3c.github.io/webcrypto/#rsa-oaep-operations
- WebIDL::ExceptionOr<Variant<GC::Ref<CryptoKey>, GC::Ref<CryptoKeyPair>>> RSAOAEP::generate_key(AlgorithmParams const& params, bool extractable, Vector<Bindings::KeyUsage> const& key_usages)
- {
- // 1. If usages contains an entry which is not "encrypt", "decrypt", "wrapKey" or "unwrapKey", then throw a SyntaxError.
- for (auto const& usage : key_usages) {
- if (usage != Bindings::KeyUsage::Encrypt && usage != Bindings::KeyUsage::Decrypt && usage != Bindings::KeyUsage::Wrapkey && usage != Bindings::KeyUsage::Unwrapkey) {
- return WebIDL::SyntaxError::create(m_realm, MUST(String::formatted("Invalid key usage '{}'", idl_enum_to_string(usage))));
- }
- }
- // 2. Generate an RSA key pair, as defined in [RFC3447], with RSA modulus length equal to the modulusLength member of normalizedAlgorithm
- // and RSA public exponent equal to the publicExponent member of normalizedAlgorithm.
- // 3. If performing the operation results in an error, then throw an OperationError.
- auto const& normalized_algorithm = static_cast<RsaHashedKeyGenParams const&>(params);
- auto key_pair = ::Crypto::PK::RSA::generate_key_pair(normalized_algorithm.modulus_length, normalized_algorithm.public_exponent);
- // 4. Let algorithm be a new RsaHashedKeyAlgorithm object.
- auto algorithm = RsaHashedKeyAlgorithm::create(m_realm);
- // 5. Set the name attribute of algorithm to "RSA-OAEP".
- algorithm->set_name("RSA-OAEP"_string);
- // 6. Set the modulusLength attribute of algorithm to equal the modulusLength member of normalizedAlgorithm.
- algorithm->set_modulus_length(normalized_algorithm.modulus_length);
- // 7. Set the publicExponent attribute of algorithm to equal the publicExponent member of normalizedAlgorithm.
- TRY(algorithm->set_public_exponent(normalized_algorithm.public_exponent));
- // 8. Set the hash attribute of algorithm to equal the hash member of normalizedAlgorithm.
- algorithm->set_hash(normalized_algorithm.hash);
- // 9. Let publicKey be a new CryptoKey representing the public key of the generated key pair.
- auto public_key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { key_pair.public_key });
- // 10. Set the [[type]] internal slot of publicKey to "public"
- public_key->set_type(Bindings::KeyType::Public);
- // 11. Set the [[algorithm]] internal slot of publicKey to algorithm.
- public_key->set_algorithm(algorithm);
- // 12. Set the [[extractable]] internal slot of publicKey to true.
- public_key->set_extractable(true);
- // 13. Set the [[usages]] internal slot of publicKey to be the usage intersection of usages and [ "encrypt", "wrapKey" ].
- public_key->set_usages(usage_intersection(key_usages, { { Bindings::KeyUsage::Encrypt, Bindings::KeyUsage::Wrapkey } }));
- // 14. Let privateKey be a new CryptoKey representing the private key of the generated key pair.
- auto private_key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { key_pair.private_key });
- // 15. Set the [[type]] internal slot of privateKey to "private"
- private_key->set_type(Bindings::KeyType::Private);
- // 16. Set the [[algorithm]] internal slot of privateKey to algorithm.
- private_key->set_algorithm(algorithm);
- // 17. Set the [[extractable]] internal slot of privateKey to extractable.
- private_key->set_extractable(extractable);
- // 18. Set the [[usages]] internal slot of privateKey to be the usage intersection of usages and [ "decrypt", "unwrapKey" ].
- private_key->set_usages(usage_intersection(key_usages, { { Bindings::KeyUsage::Decrypt, Bindings::KeyUsage::Unwrapkey } }));
- // 19. Let result be a new CryptoKeyPair dictionary.
- // 20. Set the publicKey attribute of result to be publicKey.
- // 21. Set the privateKey attribute of result to be privateKey.
- // 22. Return the result of converting result to an ECMAScript Object, as defined by [WebIDL].
- return Variant<GC::Ref<CryptoKey>, GC::Ref<CryptoKeyPair>> { CryptoKeyPair::create(m_realm, public_key, private_key) };
- }
- // https://w3c.github.io/webcrypto/#rsa-oaep-operations
- WebIDL::ExceptionOr<GC::Ref<CryptoKey>> RSAOAEP::import_key(Web::Crypto::AlgorithmParams const& params, Bindings::KeyFormat key_format, CryptoKey::InternalKeyData key_data, bool extractable, Vector<Bindings::KeyUsage> const& usages)
- {
- auto& realm = *m_realm;
- // 1. Let keyData be the key data to be imported.
- GC::Ptr<CryptoKey> key = nullptr;
- auto const& normalized_algorithm = static_cast<RsaHashedImportParams const&>(params);
- // 2. -> If format is "spki":
- if (key_format == Bindings::KeyFormat::Spki) {
- // 1. If usages contains an entry which is not "encrypt" or "wrapKey", then throw a SyntaxError.
- for (auto const& usage : usages) {
- if (usage != Bindings::KeyUsage::Encrypt && usage != Bindings::KeyUsage::Wrapkey) {
- return WebIDL::SyntaxError::create(m_realm, MUST(String::formatted("Invalid key usage '{}'", idl_enum_to_string(usage))));
- }
- }
- VERIFY(key_data.has<ByteBuffer>());
- // 2. Let spki be the result of running the parse a subjectPublicKeyInfo algorithm over keyData.
- // 3. If an error occurred while parsing, then throw a DataError.
- auto spki = TRY(parse_a_subject_public_key_info(m_realm, key_data.get<ByteBuffer>()));
- // 4. If the algorithm object identifier field of the algorithm AlgorithmIdentifier field of spki
- // is not equal to the rsaEncryption object identifier defined in [RFC3447], then throw a DataError.
- if (spki.algorithm.identifier != ::Crypto::ASN1::rsa_encryption_oid)
- return WebIDL::DataError::create(m_realm, "Algorithm object identifier is not the rsaEncryption object identifier"_string);
- // 5. Let publicKey be the result of performing the parse an ASN.1 structure algorithm,
- // with data as the subjectPublicKeyInfo field of spki, structure as the RSAPublicKey structure
- // specified in Section A.1.1 of [RFC3447], and exactData set to true.
- // NOTE: We already did this in parse_a_subject_public_key_info
- auto& public_key = spki.rsa;
- // 6. If an error occurred while parsing, or it can be determined that publicKey is not
- // a valid public key according to [RFC3447], then throw a DataError.
- // FIXME: Validate the public key
- // 7. Let key be a new CryptoKey that represents the RSA public key identified by publicKey.
- key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { public_key });
- // 8. Set the [[type]] internal slot of key to "public"
- key->set_type(Bindings::KeyType::Public);
- }
- // -> If format is "pkcs8":
- else if (key_format == Bindings::KeyFormat::Pkcs8) {
- // 1. If usages contains an entry which is not "decrypt" or "unwrapKey", then throw a SyntaxError.
- for (auto const& usage : usages) {
- if (usage != Bindings::KeyUsage::Decrypt && usage != Bindings::KeyUsage::Unwrapkey) {
- return WebIDL::SyntaxError::create(m_realm, MUST(String::formatted("Invalid key usage '{}'", idl_enum_to_string(usage))));
- }
- }
- VERIFY(key_data.has<ByteBuffer>());
- // 2. Let privateKeyInfo be the result of running the parse a privateKeyInfo algorithm over keyData.
- // 3. If an error occurred while parsing, then throw a DataError.
- auto private_key_info = TRY(parse_a_private_key_info(m_realm, key_data.get<ByteBuffer>()));
- // 4. If the algorithm object identifier field of the privateKeyAlgorithm PrivateKeyAlgorithm field of privateKeyInfo
- // is not equal to the rsaEncryption object identifier defined in [RFC3447], then throw a DataError.
- if (private_key_info.algorithm.identifier != ::Crypto::ASN1::rsa_encryption_oid)
- return WebIDL::DataError::create(m_realm, "Algorithm object identifier is not the rsaEncryption object identifier"_string);
- // 5. Let rsaPrivateKey be the result of performing the parse an ASN.1 structure algorithm,
- // with data as the privateKey field of privateKeyInfo, structure as the RSAPrivateKey structure
- // specified in Section A.1.2 of [RFC3447], and exactData set to true.
- // NOTE: We already did this in parse_a_private_key_info
- auto& rsa_private_key = private_key_info.rsa;
- // 6. If an error occurred while parsing, or if rsaPrivateKey is not
- // a valid RSA private key according to [RFC3447], then throw a DataError.
- // FIXME: Validate the private key
- // 7. Let key be a new CryptoKey that represents the RSA private key identified by rsaPrivateKey.
- key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { rsa_private_key });
- // 8. Set the [[type]] internal slot of key to "private"
- key->set_type(Bindings::KeyType::Private);
- }
- // -> If format is "jwk":
- else if (key_format == Bindings::KeyFormat::Jwk) {
- // 1. -> If keyData is a JsonWebKey dictionary:
- // Let jwk equal keyData.
- // -> Otherwise:
- // Throw a DataError.
- if (!key_data.has<Bindings::JsonWebKey>())
- return WebIDL::DataError::create(m_realm, "keyData is not a JsonWebKey dictionary"_string);
- auto& jwk = key_data.get<Bindings::JsonWebKey>();
- // 2. If the d field of jwk is present and usages contains an entry which is not "decrypt" or "unwrapKey", then throw a SyntaxError.
- if (jwk.d.has_value()) {
- for (auto const& usage : usages) {
- if (usage != Bindings::KeyUsage::Decrypt && usage != Bindings::KeyUsage::Unwrapkey) {
- return WebIDL::SyntaxError::create(m_realm, MUST(String::formatted("Invalid key usage '{}'", Bindings::idl_enum_to_string(usage))));
- }
- }
- }
- // 3. If the d field of jwk is not present and usages contains an entry which is not "encrypt" or "wrapKey", then throw a SyntaxError.
- if (!jwk.d.has_value()) {
- for (auto const& usage : usages) {
- if (usage != Bindings::KeyUsage::Encrypt && usage != Bindings::KeyUsage::Wrapkey) {
- return WebIDL::SyntaxError::create(m_realm, MUST(String::formatted("Invalid key usage '{}'", Bindings::idl_enum_to_string(usage))));
- }
- }
- }
- // 4. If the kty field of jwk is not a case-sensitive string match to "RSA", then throw a DataError.
- if (jwk.kty != "RSA"_string)
- return WebIDL::DataError::create(m_realm, "Invalid key type"_string);
- // 5. If usages is non-empty and the use field of jwk is present and is not a case-sensitive string match to "enc", then throw a DataError.
- if (!usages.is_empty() && jwk.use.has_value() && *jwk.use != "enc"_string)
- return WebIDL::DataError::create(m_realm, "Invalid use field"_string);
- // 6. If the key_ops field of jwk is present, and is invalid according to the requirements of JSON Web Key [JWK]
- // or does not contain all of the specified usages values, then throw a DataError.
- TRY(validate_jwk_key_ops(realm, jwk, usages));
- // 7. If the ext field of jwk is present and has the value false and extractable is true, then throw a DataError.
- if (jwk.ext.has_value() && !*jwk.ext && extractable)
- return WebIDL::DataError::create(m_realm, "Invalid ext field"_string);
- Optional<String> hash = {};
- // 8. -> If the alg field of jwk is not present:
- if (!jwk.alg.has_value()) {
- // Let hash be undefined.
- }
- // -> If the alg field of jwk is equal to "RSA-OAEP":
- else if (jwk.alg == "RSA-OAEP"sv) {
- // Let hash be the string "SHA-1".
- hash = "SHA-1"_string;
- }
- // -> If the alg field of jwk is equal to "RSA-OAEP-256":
- else if (jwk.alg == "RSA-OAEP-256"sv) {
- // Let hash be the string "SHA-256".
- hash = "SHA-256"_string;
- }
- // -> If the alg field of jwk is equal to "RSA-OAEP-384":
- else if (jwk.alg == "RSA-OAEP-384"sv) {
- // Let hash be the string "SHA-384".
- hash = "SHA-384"_string;
- }
- // -> If the alg field of jwk is equal to "RSA-OAEP-512":
- else if (jwk.alg == "RSA-OAEP-512"sv) {
- // Let hash be the string "SHA-512".
- hash = "SHA-512"_string;
- }
- // -> Otherwise:
- else {
- // FIXME: Support 'other applicable specifications'
- // 1. Perform any key import steps defined by other applicable specifications, passing format, jwk and obtaining hash.
- // 2. If an error occurred or there are no applicable specifications, throw a DataError.
- return WebIDL::DataError::create(m_realm, "Invalid alg field"_string);
- }
- // 9. If hash is not undefined:
- if (hash.has_value()) {
- // 1. Let normalizedHash be the result of normalize an algorithm with alg set to hash and op set to digest.
- auto normalized_hash = TRY(normalize_an_algorithm(m_realm, AlgorithmIdentifier { *hash }, "digest"_string));
- // 2. If normalizedHash is not equal to the hash member of normalizedAlgorithm, throw a DataError.
- if (normalized_hash.parameter->name != TRY(normalized_algorithm.hash.name(realm.vm())))
- return WebIDL::DataError::create(m_realm, "Invalid hash"_string);
- }
- // 10. -> If the d field of jwk is present:
- if (jwk.d.has_value()) {
- // 1. If jwk does not meet the requirements of Section 6.3.2 of JSON Web Algorithms [JWA], then throw a DataError.
- bool meets_requirements = jwk.e.has_value() && jwk.n.has_value() && jwk.d.has_value();
- if (jwk.p.has_value() || jwk.q.has_value() || jwk.dp.has_value() || jwk.dq.has_value() || jwk.qi.has_value())
- meets_requirements |= jwk.p.has_value() && jwk.q.has_value() && jwk.dp.has_value() && jwk.dq.has_value() && jwk.qi.has_value();
- if (jwk.oth.has_value()) {
- // FIXME: We don't support > 2 primes in RSA keys
- meets_requirements = false;
- }
- if (!meets_requirements)
- return WebIDL::DataError::create(m_realm, "Invalid JWK private key"_string);
- // FIXME: Spec error, it should say 'the RSA private key identified by interpreting jwk according to section 6.3.2'
- // 2. Let privateKey represent the RSA public key identified by interpreting jwk according to Section 6.3.1 of JSON Web Algorithms [JWA].
- auto private_key = TRY(parse_jwk_rsa_private_key(realm, jwk));
- // FIXME: Spec error, it should say 'not to be a valid RSA private key'
- // 3. If privateKey can be determined to not be a valid RSA public key according to [RFC3447], then throw a DataError.
- // FIXME: Validate the private key
- // 4. Let key be a new CryptoKey representing privateKey.
- key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { private_key });
- // 5. Set the [[type]] internal slot of key to "private"
- key->set_type(Bindings::KeyType::Private);
- }
- // -> Otherwise:
- else {
- // 1. If jwk does not meet the requirements of Section 6.3.1 of JSON Web Algorithms [JWA], then throw a DataError.
- if (!jwk.e.has_value() || !jwk.n.has_value())
- return WebIDL::DataError::create(m_realm, "Invalid JWK public key"_string);
- // 2. Let publicKey represent the RSA public key identified by interpreting jwk according to Section 6.3.1 of JSON Web Algorithms [JWA].
- auto public_key = TRY(parse_jwk_rsa_public_key(realm, jwk));
- // 3. If publicKey can be determined to not be a valid RSA public key according to [RFC3447], then throw a DataError.
- // FIXME: Validate the public key
- // 4. Let key be a new CryptoKey representing publicKey.
- key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { public_key });
- // 5. Set the [[type]] internal slot of key to "public"
- key->set_type(Bindings::KeyType::Public);
- }
- }
- // -> Otherwise: throw a NotSupportedError.
- else {
- return WebIDL::NotSupportedError::create(m_realm, "Unsupported key format"_string);
- }
- // 3. Let algorithm be a new RsaHashedKeyAlgorithm.
- auto algorithm = RsaHashedKeyAlgorithm::create(m_realm);
- // 4. Set the name attribute of algorithm to "RSA-OAEP"
- algorithm->set_name("RSA-OAEP"_string);
- // 5. Set the modulusLength attribute of algorithm to the length, in bits, of the RSA public modulus.
- // 6. Set the publicExponent attribute of algorithm to the BigInteger representation of the RSA public exponent.
- TRY(key->handle().visit(
- [&](::Crypto::PK::RSAPublicKey<> const& public_key) -> WebIDL::ExceptionOr<void> {
- algorithm->set_modulus_length(public_key.modulus().trimmed_byte_length() * 8);
- TRY(algorithm->set_public_exponent(public_key.public_exponent()));
- return {};
- },
- [&](::Crypto::PK::RSAPrivateKey<> const& private_key) -> WebIDL::ExceptionOr<void> {
- algorithm->set_modulus_length(private_key.modulus().trimmed_byte_length() * 8);
- TRY(algorithm->set_public_exponent(private_key.public_exponent()));
- return {};
- },
- [](auto) -> WebIDL::ExceptionOr<void> { VERIFY_NOT_REACHED(); }));
- // 7. Set the hash attribute of algorithm to the hash member of normalizedAlgorithm.
- algorithm->set_hash(normalized_algorithm.hash);
- // 8. Set the [[algorithm]] internal slot of key to algorithm
- key->set_algorithm(algorithm);
- // 9. Return key.
- return GC::Ref { *key };
- }
- // https://w3c.github.io/webcrypto/#rsa-oaep-operations
- WebIDL::ExceptionOr<GC::Ref<JS::Object>> RSAOAEP::export_key(Bindings::KeyFormat format, GC::Ref<CryptoKey> key)
- {
- auto& realm = *m_realm;
- auto& vm = realm.vm();
- // 1. Let key be the key to be exported.
- // 2. If the underlying cryptographic key material represented by the [[handle]] internal slot of key cannot be accessed, then throw an OperationError.
- // Note: In our impl this is always accessible
- auto const& handle = key->handle();
- GC::Ptr<JS::Object> result = nullptr;
- // 3. If format is "spki"
- if (format == Bindings::KeyFormat::Spki) {
- // 1. If the [[type]] internal slot of key is not "public", then throw an InvalidAccessError.
- if (key->type() != Bindings::KeyType::Public)
- return WebIDL::InvalidAccessError::create(realm, "Key is not public"_string);
- // 2. Let data be an instance of the subjectPublicKeyInfo ASN.1 structure defined in [RFC5280] with the following properties:
- // - Set the algorithm field to an AlgorithmIdentifier ASN.1 type with the following properties:
- // - Set the algorithm field to the OID rsaEncryption defined in [RFC3447].
- // - Set the params field to the ASN.1 type NULL.
- // - Set the subjectPublicKey field to the result of DER-encoding an RSAPublicKey ASN.1 type, as defined in [RFC3447], Appendix A.1.1,
- // that represents the RSA public key represented by the [[handle]] internal slot of key
- auto maybe_data = handle.visit(
- [&](::Crypto::PK::RSAPublicKey<> const& public_key) -> ErrorOr<ByteBuffer> {
- return TRY(::Crypto::PK::wrap_in_subject_public_key_info(public_key, ::Crypto::ASN1::rsa_encryption_oid, nullptr));
- },
- [](auto) -> ErrorOr<ByteBuffer> {
- VERIFY_NOT_REACHED();
- });
- // FIXME: clang-format butchers the visit if we do the TRY inline
- auto data = TRY_OR_THROW_OOM(vm, maybe_data);
- // 3. Let result be the result of creating an ArrayBuffer containing data.
- result = JS::ArrayBuffer::create(realm, data);
- }
- // If format is "pkcs8"
- else if (format == Bindings::KeyFormat::Pkcs8) {
- // 1. If the [[type]] internal slot of key is not "private", then throw an InvalidAccessError.
- if (key->type() != Bindings::KeyType::Private)
- return WebIDL::InvalidAccessError::create(realm, "Key is not private"_string);
- // 2. Let data be the result of encoding a privateKeyInfo structure with the following properties:
- // - Set the version field to 0.
- // - Set the privateKeyAlgorithm field to an PrivateKeyAlgorithmIdentifier ASN.1 type with the following properties:
- // - - Set the algorithm field to the OID rsaEncryption defined in [RFC3447].
- // - - Set the params field to the ASN.1 type NULL.
- // - Set the privateKey field to the result of DER-encoding an RSAPrivateKey ASN.1 type, as defined in [RFC3447], Appendix A.1.2,
- // that represents the RSA private key represented by the [[handle]] internal slot of key
- auto maybe_data = handle.visit(
- [&](::Crypto::PK::RSAPrivateKey<> const& private_key) -> ErrorOr<ByteBuffer> {
- return TRY(::Crypto::PK::wrap_in_private_key_info(private_key, ::Crypto::ASN1::rsa_encryption_oid, nullptr));
- },
- [](auto) -> ErrorOr<ByteBuffer> {
- VERIFY_NOT_REACHED();
- });
- // FIXME: clang-format butchers the visit if we do the TRY inline
- auto data = TRY_OR_THROW_OOM(vm, maybe_data);
- // 3. Let result be the result of creating an ArrayBuffer containing data.
- result = JS::ArrayBuffer::create(realm, data);
- }
- // If format is "jwk"
- else if (format == Bindings::KeyFormat::Jwk) {
- // 1. Let jwk be a new JsonWebKey dictionary.
- Bindings::JsonWebKey jwk = {};
- // 2. Set the kty attribute of jwk to the string "RSA".
- jwk.kty = "RSA"_string;
- // 4. Let hash be the name attribute of the hash attribute of the [[algorithm]] internal slot of key.
- auto hash = TRY(verify_cast<RsaHashedKeyAlgorithm>(*key->algorithm()).hash().name(vm));
- // 4. If hash is "SHA-1":
- // - Set the alg attribute of jwk to the string "RSA-OAEP".
- if (hash == "SHA-1"sv) {
- jwk.alg = "RSA-OAEP"_string;
- }
- // If hash is "SHA-256":
- // - Set the alg attribute of jwk to the string "RSA-OAEP-256".
- else if (hash == "SHA-256"sv) {
- jwk.alg = "RSA-OAEP-256"_string;
- }
- // If hash is "SHA-384":
- // - Set the alg attribute of jwk to the string "RSA-OAEP-384".
- else if (hash == "SHA-384"sv) {
- jwk.alg = "RSA-OAEP-384"_string;
- }
- // If hash is "SHA-512":
- // - Set the alg attribute of jwk to the string "RSA-OAEP-512".
- else if (hash == "SHA-512"sv) {
- jwk.alg = "RSA-OAEP-512"_string;
- } else {
- // FIXME: Support 'other applicable specifications'
- // - Perform any key export steps defined by other applicable specifications,
- // passing format and the hash attribute of the [[algorithm]] internal slot of key and obtaining alg.
- // - Set the alg attribute of jwk to alg.
- return WebIDL::NotSupportedError::create(realm, TRY_OR_THROW_OOM(vm, String::formatted("Unsupported hash algorithm '{}'", hash)));
- }
- // 10. Set the attributes n and e of jwk according to the corresponding definitions in JSON Web Algorithms [JWA], Section 6.3.1.
- auto maybe_error = handle.visit(
- [&](::Crypto::PK::RSAPublicKey<> const& public_key) -> ErrorOr<void> {
- jwk.n = TRY(base64_url_uint_encode(public_key.modulus()));
- jwk.e = TRY(base64_url_uint_encode(public_key.public_exponent()));
- return {};
- },
- [&](::Crypto::PK::RSAPrivateKey<> const& private_key) -> ErrorOr<void> {
- jwk.n = TRY(base64_url_uint_encode(private_key.modulus()));
- jwk.e = TRY(base64_url_uint_encode(private_key.public_exponent()));
- // 11. If the [[type]] internal slot of key is "private":
- // 1. Set the attributes named d, p, q, dp, dq, and qi of jwk according to the corresponding definitions in JSON Web Algorithms [JWA], Section 6.3.2.
- jwk.d = TRY(base64_url_uint_encode(private_key.private_exponent()));
- jwk.p = TRY(base64_url_uint_encode(private_key.prime1()));
- jwk.q = TRY(base64_url_uint_encode(private_key.prime2()));
- jwk.dp = TRY(base64_url_uint_encode(private_key.exponent1()));
- jwk.dq = TRY(base64_url_uint_encode(private_key.exponent2()));
- jwk.qi = TRY(base64_url_uint_encode(private_key.coefficient()));
- // 12. If the underlying RSA private key represented by the [[handle]] internal slot of key is represented by more than two primes,
- // set the attribute named oth of jwk according to the corresponding definition in JSON Web Algorithms [JWA], Section 6.3.2.7
- // FIXME: We don't support more than 2 primes on RSA keys
- return {};
- },
- [](auto) -> ErrorOr<void> {
- VERIFY_NOT_REACHED();
- });
- // FIXME: clang-format butchers the visit if we do the TRY inline
- TRY_OR_THROW_OOM(vm, maybe_error);
- // 13. Set the key_ops attribute of jwk to the usages attribute of key.
- jwk.key_ops = Vector<String> {};
- jwk.key_ops->ensure_capacity(key->internal_usages().size());
- for (auto const& usage : key->internal_usages()) {
- jwk.key_ops->append(Bindings::idl_enum_to_string(usage));
- }
- // 14. Set the ext attribute of jwk to the [[extractable]] internal slot of key.
- jwk.ext = key->extractable();
- // 15. Let result be the result of converting jwk to an ECMAScript Object, as defined by [WebIDL].
- result = TRY(jwk.to_object(realm));
- }
- // Otherwise throw a NotSupportedError.
- else {
- return WebIDL::NotSupportedError::create(realm, TRY_OR_THROW_OOM(vm, String::formatted("Exporting to format {} is not supported", Bindings::idl_enum_to_string(format))));
- }
- // 8. Return result
- return GC::Ref { *result };
- }
- // https://w3c.github.io/webcrypto/#aes-cbc-operations
- WebIDL::ExceptionOr<GC::Ref<JS::ArrayBuffer>> AesCbc::encrypt(AlgorithmParams const& params, GC::Ref<CryptoKey> key, ByteBuffer const& plaintext)
- {
- auto const& normalized_algorithm = static_cast<AesCbcParams const&>(params);
- // 1. If the iv member of normalizedAlgorithm does not have length 16 bytes, then throw an OperationError.
- if (normalized_algorithm.iv.size() != 16)
- return WebIDL::OperationError::create(m_realm, "IV to AES-CBC must be exactly 16 bytes"_string);
- // 2. Let paddedPlaintext be the result of adding padding octets to the contents of plaintext according to the procedure defined in Section 10.3 of [RFC2315], step 2, with a value of k of 16.
- // Note: This is identical to RFC 5652 Cryptographic Message Syntax (CMS).
- // We do this during encryption, which avoid reallocating a potentially-large buffer.
- auto mode = ::Crypto::Cipher::PaddingMode::CMS;
- // 3. Let ciphertext be the result of performing the CBC Encryption operation described in Section 6.2 of [NIST-SP800-38A] using AES as the block cipher, the contents of the iv member of normalizedAlgorithm as the IV input parameter and paddedPlaintext as the input plaintext.
- auto key_bytes = key->handle().get<ByteBuffer>();
- auto key_bits = key_bytes.size() * 8;
- ::Crypto::Cipher::AESCipher::CBCMode cipher(key_bytes, key_bits, ::Crypto::Cipher::Intent::Encryption, mode);
- auto iv = normalized_algorithm.iv;
- auto ciphertext = TRY_OR_THROW_OOM(m_realm->vm(), cipher.create_aligned_buffer(plaintext.size() + 1));
- auto ciphertext_view = ciphertext.bytes();
- cipher.encrypt(plaintext, ciphertext_view, iv);
- ciphertext.trim(ciphertext_view.size(), false);
- // 4. Return the result of creating an ArrayBuffer containing ciphertext.
- return JS::ArrayBuffer::create(m_realm, move(ciphertext));
- }
- WebIDL::ExceptionOr<GC::Ref<JS::ArrayBuffer>> AesCbc::decrypt(AlgorithmParams const& params, GC::Ref<CryptoKey> key, ByteBuffer const& ciphertext)
- {
- auto const& normalized_algorithm = static_cast<AesCbcParams const&>(params);
- // 1. If the iv member of normalizedAlgorithm does not have length 16 bytes, then throw an OperationError.
- if (normalized_algorithm.iv.size() != 16)
- return WebIDL::OperationError::create(m_realm, "IV to AES-CBC must be exactly 16 bytes"_string);
- // Spec bug? TODO: https://github.com/w3c/webcrypto/issues/381
- // If ciphertext does not have a length that is a multiple of 16 bytes, then throw an OperationError. (Note that a zero-length ciphertext will result in an OperationError in all cases.)
- if (ciphertext.size() % 16 != 0)
- return WebIDL::OperationError::create(m_realm, "Ciphertext length must be a multiple of 16 bytes"_string);
- // 2. Let paddedPlaintext be the result of performing the CBC Decryption operation described in Section 6.2 of [NIST-SP800-38A] using AES as the block cipher, the contents of the iv member of normalizedAlgorithm as the IV input parameter and the contents of ciphertext as the input ciphertext.
- auto mode = ::Crypto::Cipher::PaddingMode::CMS;
- auto key_bytes = key->handle().get<ByteBuffer>();
- auto key_bits = key_bytes.size() * 8;
- ::Crypto::Cipher::AESCipher::CBCMode cipher(key_bytes, key_bits, ::Crypto::Cipher::Intent::Decryption, mode);
- auto iv = normalized_algorithm.iv;
- auto plaintext = TRY_OR_THROW_OOM(m_realm->vm(), cipher.create_aligned_buffer(ciphertext.size()));
- auto plaintext_view = plaintext.bytes();
- cipher.decrypt(ciphertext, plaintext_view, iv);
- plaintext.trim(plaintext_view.size(), false);
- // 3. Let p be the value of the last octet of paddedPlaintext.
- // 4. If p is zero or greater than 16, or if any of the last p octets of paddedPlaintext have a value which is not p, then throw an OperationError.
- // 5. Let plaintext be the result of removing p octets from the end of paddedPlaintext.
- // Note that LibCrypto already does the padding removal for us.
- // In the case that any issues arise (e.g. inconsistent padding), the padding is instead not trimmed.
- // This is *ONLY* meaningful for the specific case of PaddingMode::CMS, as this is the only padding mode that always appends a block.
- if (plaintext.size() == ciphertext.size()) {
- // Padding was not removed for an unknown reason. Apply Step 4:
- return WebIDL::OperationError::create(m_realm, "Inconsistent padding"_string);
- }
- // 6. Return the result of creating an ArrayBuffer containing plaintext.
- return JS::ArrayBuffer::create(m_realm, move(plaintext));
- }
- // https://w3c.github.io/webcrypto/#aes-cbc-operations
- WebIDL::ExceptionOr<GC::Ref<CryptoKey>> AesCbc::import_key(AlgorithmParams const&, Bindings::KeyFormat format, CryptoKey::InternalKeyData key_data, bool extractable, Vector<Bindings::KeyUsage> const& key_usages)
- {
- // 1. If usages contains an entry which is not one of "encrypt", "decrypt", "wrapKey" or "unwrapKey", then throw a SyntaxError.
- for (auto& usage : key_usages) {
- if (usage != Bindings::KeyUsage::Encrypt && usage != Bindings::KeyUsage::Decrypt && usage != Bindings::KeyUsage::Wrapkey && usage != Bindings::KeyUsage::Unwrapkey) {
- return WebIDL::SyntaxError::create(m_realm, MUST(String::formatted("Invalid key usage '{}'", idl_enum_to_string(usage))));
- }
- }
- // 2.
- ByteBuffer data;
- if (format == Bindings::KeyFormat::Raw) {
- // -> If format is "raw":
- // 1. Let data be the octet string contained in keyData.
- // 2. If the length in bits of data is not 128, 192 or 256 then throw a DataError.
- data = key_data.get<ByteBuffer>();
- auto length_in_bits = data.size() * 8;
- if (length_in_bits != 128 && length_in_bits != 192 && length_in_bits != 256) {
- return WebIDL::DataError::create(m_realm, MUST(String::formatted("Invalid key length '{}' bits (must be either 128, 192, or 256 bits)", length_in_bits)));
- }
- } else if (format == Bindings::KeyFormat::Jwk) {
- // -> If format is "jwk":
- // 1. -> If keyData is a JsonWebKey dictionary:
- // Let jwk equal keyData.
- // -> Otherwise:
- // Throw a DataError.
- if (!key_data.has<Bindings::JsonWebKey>())
- return WebIDL::DataError::create(m_realm, "keyData is not a JsonWebKey dictionary"_string);
- auto& jwk = key_data.get<Bindings::JsonWebKey>();
- // 2. If the kty field of jwk is not "oct", then throw a DataError.
- if (jwk.kty != "oct"_string)
- return WebIDL::DataError::create(m_realm, "Invalid key type"_string);
- // 3. If jwk does not meet the requirements of Section 6.4 of JSON Web Algorithms [JWA], then throw a DataError.
- // Specifically, those requirements are:
- // - ".k" is a valid bas64url encoded octet stream, which we do by just parsing it, in step 4.
- // - ".alg" is checked only in step 5.
- // 4. Let data be the octet string obtained by decoding the k field of jwk.
- data = TRY(parse_jwk_symmetric_key(m_realm, jwk));
- // 5. -> If data has length 128 bits:
- // If the alg field of jwk is present, and is not "A128CBC", then throw a DataError.
- // -> If data has length 192 bits:
- // If the alg field of jwk is present, and is not "A192CBC", then throw a DataError.
- // -> If data has length 256 bits:
- // If the alg field of jwk is present, and is not "A256CBC", then throw a DataError.
- // -> Otherwise:
- // throw a DataError.
- auto data_bits = data.size() * 8;
- auto const& alg = jwk.alg;
- if (data_bits == 128) {
- if (alg.has_value() && alg != "A128CBC") {
- return WebIDL::DataError::create(m_realm, "Contradictory key size: key has 128 bits, but alg specifies non-128-bit algorithm"_string);
- }
- } else if (data_bits == 192) {
- if (alg.has_value() && alg != "A192CBC") {
- return WebIDL::DataError::create(m_realm, "Contradictory key size: key has 192 bits, but alg specifies non-192-bit algorithm"_string);
- }
- } else if (data_bits == 256) {
- if (alg.has_value() && alg != "A256CBC") {
- return WebIDL::DataError::create(m_realm, "Contradictory key size: key has 256 bits, but alg specifies non-256-bit algorithm"_string);
- }
- } else {
- return WebIDL::DataError::create(m_realm, MUST(String::formatted("Invalid key size: {} bits", data_bits)));
- }
- // 6. If usages is non-empty and the use field of jwk is present and is not "enc", then throw a DataError.
- if (!key_usages.is_empty() && jwk.use.has_value() && *jwk.use != "enc"_string)
- return WebIDL::DataError::create(m_realm, "Invalid use field"_string);
- // 7. If the key_ops field of jwk is present, and is invalid according to the
- // requirements of JSON Web Key [JWK] or does not contain all of the specified usages
- // values, then throw a DataError.
- TRY(validate_jwk_key_ops(m_realm, jwk, key_usages));
- // 8. If the ext field of jwk is present and has the value false and extractable is true, then throw a DataError.
- if (jwk.ext.has_value() && !*jwk.ext && extractable)
- return WebIDL::DataError::create(m_realm, "Invalid ext field"_string);
- } else {
- // Otherwise:
- // throw a NotSupportedError
- return WebIDL::NotSupportedError::create(m_realm, "Only raw and jwk formats are supported"_string);
- }
- // 3. Let key be a new CryptoKey object representing an AES key with value data.
- auto data_bits = data.size() * 8;
- auto key = CryptoKey::create(m_realm, move(data));
- // 4. Set the [[type]] internal slot of key to "secret".
- key->set_type(Bindings::KeyType::Secret);
- // 5. Let algorithm be a new AesKeyAlgorithm.
- auto algorithm = AesKeyAlgorithm::create(m_realm);
- // 6. Set the name attribute of algorithm to "AES-CBC".
- algorithm->set_name("AES-CBC"_string);
- // 7. Set the length attribute of algorithm to the length, in bits, of data.
- algorithm->set_length(data_bits);
- // 8. Set the [[algorithm]] internal slot of key to algorithm.
- key->set_algorithm(algorithm);
- // 9. Return key.
- return key;
- }
- WebIDL::ExceptionOr<Variant<GC::Ref<CryptoKey>, GC::Ref<CryptoKeyPair>>> AesCbc::generate_key(AlgorithmParams const& params, bool extractable, Vector<Bindings::KeyUsage> const& key_usages)
- {
- // 1. If usages contains any entry which is not one of "encrypt", "decrypt", "wrapKey" or "unwrapKey", then throw a SyntaxError.
- for (auto const& usage : key_usages) {
- if (usage != Bindings::KeyUsage::Encrypt && usage != Bindings::KeyUsage::Decrypt && usage != Bindings::KeyUsage::Wrapkey && usage != Bindings::KeyUsage::Unwrapkey) {
- return WebIDL::SyntaxError::create(m_realm, MUST(String::formatted("Invalid key usage '{}'", idl_enum_to_string(usage))));
- }
- }
- auto const& normalized_algorithm = static_cast<AesKeyGenParams const&>(params);
- // 2. If the length member of normalizedAlgorithm is not equal to one of 128, 192 or 256, then throw an OperationError.
- auto const bits = normalized_algorithm.length;
- if (bits != 128 && bits != 192 && bits != 256) {
- return WebIDL::OperationError::create(m_realm, MUST(String::formatted("Cannot create AES-CBC key with unusual amount of {} bits", bits)));
- }
- // 3. Generate an AES key of length equal to the length member of normalizedAlgorithm.
- auto key_buffer = TRY(generate_random_key(m_realm->vm(), bits));
- // 4. If the key generation step fails, then throw an OperationError.
- // Note: Cannot happen in our implementation; and if we OOM, then allocating the Exception is probably going to crash anyway.
- // 5. Let key be a new CryptoKey object representing the generated AES key.
- auto key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { key_buffer });
- // 6. Let algorithm be a new AesKeyAlgorithm.
- auto algorithm = AesKeyAlgorithm::create(m_realm);
- // 7. Set the name attribute of algorithm to "AES-CBC".
- algorithm->set_name("AES-CBC"_string);
- // 8. Set the length attribute of algorithm to equal the length member of normalizedAlgorithm.
- algorithm->set_length(bits);
- // 9. Set the [[type]] internal slot of key to "secret".
- key->set_type(Bindings::KeyType::Secret);
- // 10. Set the [[algorithm]] internal slot of key to algorithm.
- key->set_algorithm(algorithm);
- // 11. Set the [[extractable]] internal slot of key to be extractable.
- key->set_extractable(extractable);
- // 12. Set the [[usages]] internal slot of key to be usages.
- key->set_usages(key_usages);
- // 13. Return key.
- return { key };
- }
- WebIDL::ExceptionOr<GC::Ref<JS::Object>> AesCbc::export_key(Bindings::KeyFormat format, GC::Ref<CryptoKey> key)
- {
- // 1. If the underlying cryptographic key material represented by the [[handle]] internal slot of key cannot be accessed, then throw an OperationError.
- // Note: In our impl this is always accessible
- auto const& handle = key->handle();
- GC::Ptr<JS::Object> result = nullptr;
- // 2. -> If format is "raw":
- if (format == Bindings::KeyFormat::Raw) {
- // 1. Let data be the raw octets of the key represented by [[handle]] internal slot of key.
- auto data = handle.get<ByteBuffer>();
- // 2. Let result be the result of creating an ArrayBuffer containing data.
- result = JS::ArrayBuffer::create(m_realm, data);
- }
- // -> If format is "jwk":
- else if (format == Bindings::KeyFormat::Jwk) {
- // 1. Let jwk be a new JsonWebKey dictionary.
- Bindings::JsonWebKey jwk = {};
- // 2. Set the kty attribute of jwk to the string "oct".
- jwk.kty = "oct"_string;
- // 3. Set the k attribute of jwk to be a string containing the raw octets of the key represented by [[handle]] internal slot of key, encoded according to Section 6.4 of JSON Web Algorithms [JWA].
- auto const& key_bytes = handle.get<ByteBuffer>();
- jwk.k = TRY_OR_THROW_OOM(m_realm->vm(), encode_base64url(key_bytes, AK::OmitPadding::Yes));
- // 4. -> If the length attribute of key is 128:
- // Set the alg attribute of jwk to the string "A128CBC".
- // -> If the length attribute of key is 192:
- // Set the alg attribute of jwk to the string "A192CBC".
- // -> If the length attribute of key is 256:
- // Set the alg attribute of jwk to the string "A256CBC".
- auto key_bits = key_bytes.size() * 8;
- if (key_bits == 128) {
- jwk.alg = "A128CBC"_string;
- } else if (key_bits == 192) {
- jwk.alg = "A192CBC"_string;
- } else if (key_bits == 256) {
- jwk.alg = "A256CBC"_string;
- } else {
- return WebIDL::OperationError::create(m_realm, "unclear key size"_string);
- }
- // 5. Set the key_ops attribute of jwk to equal the usages attribute of key.
- jwk.key_ops = Vector<String> {};
- jwk.key_ops->ensure_capacity(key->internal_usages().size());
- for (auto const& usage : key->internal_usages()) {
- jwk.key_ops->append(Bindings::idl_enum_to_string(usage));
- }
- // 6. Set the ext attribute of jwk to equal the [[extractable]] internal slot of key.
- jwk.ext = key->extractable();
- // 7. Let result be the result of converting jwk to an ECMAScript Object, as defined by [WebIDL].
- result = TRY(jwk.to_object(m_realm));
- }
- // -> Otherwise:
- else {
- // throw a NotSupportedError.
- return WebIDL::NotSupportedError::create(m_realm, "Cannot export to unsupported format"_string);
- }
- // 3. Return result.
- return GC::Ref { *result };
- }
- WebIDL::ExceptionOr<JS::Value> AesCbc::get_key_length(AlgorithmParams const& params)
- {
- // 1. If the length member of normalizedDerivedKeyAlgorithm is not 128, 192 or 256, then throw an OperationError.
- auto const& normalized_algorithm = static_cast<AesDerivedKeyParams const&>(params);
- auto length = normalized_algorithm.length;
- if (length != 128 && length != 192 && length != 256)
- return WebIDL::OperationError::create(m_realm, "Invalid key length"_string);
- // 2. Return the length member of normalizedDerivedKeyAlgorithm.
- return JS::Value(length);
- }
- WebIDL::ExceptionOr<GC::Ref<CryptoKey>> AesCtr::import_key(AlgorithmParams const&, Bindings::KeyFormat format, CryptoKey::InternalKeyData key_data, bool extractable, Vector<Bindings::KeyUsage> const& key_usages)
- {
- // 1. If usages contains an entry which is not one of "encrypt", "decrypt", "wrapKey" or "unwrapKey", then throw a SyntaxError.
- for (auto& usage : key_usages) {
- if (usage != Bindings::KeyUsage::Encrypt && usage != Bindings::KeyUsage::Decrypt && usage != Bindings::KeyUsage::Wrapkey && usage != Bindings::KeyUsage::Unwrapkey) {
- return WebIDL::SyntaxError::create(m_realm, MUST(String::formatted("Invalid key usage '{}'", idl_enum_to_string(usage))));
- }
- }
- ByteBuffer data;
- // 2. If format is "raw":
- if (format == Bindings::KeyFormat::Raw) {
- // 1. Let data be the octet string contained in keyData.
- data = key_data.get<ByteBuffer>();
- // 2. If the length in bits of data is not 128, 192 or 256 then throw a DataError.
- auto length_in_bits = data.size() * 8;
- if (length_in_bits != 128 && length_in_bits != 192 && length_in_bits != 256) {
- return WebIDL::DataError::create(m_realm, MUST(String::formatted("Invalid key length '{}' bits (must be either 128, 192, or 256 bits)", length_in_bits)));
- }
- }
- // 2. If format is "jwk":
- else if (format == Bindings::KeyFormat::Jwk) {
- // 1. -> If keyData is a JsonWebKey dictionary:
- // Let jwk equal keyData.
- // -> Otherwise:
- // Throw a DataError.
- if (!key_data.has<Bindings::JsonWebKey>())
- return WebIDL::DataError::create(m_realm, "keyData is not a JsonWebKey dictionary"_string);
- auto& jwk = key_data.get<Bindings::JsonWebKey>();
- // 2. If the kty field of jwk is not "oct", then throw a DataError.
- if (jwk.kty != "oct"_string)
- return WebIDL::DataError::create(m_realm, "Invalid key type"_string);
- // 3. If jwk does not meet the requirements of Section 6.4 of JSON Web Algorithms [JWA], then throw a DataError.
- // Specifically, those requirements are:
- // * the member "k" is used to represent a symmetric key (or another key whose value is a single octet sequence).
- // * An "alg" member SHOULD also be present to identify the algorithm intended to be used with the key,
- // unless the application uses another means or convention to determine the algorithm used.
- if (!jwk.k.has_value())
- return WebIDL::DataError::create(m_realm, "Missing 'k' field"_string);
- if (!jwk.alg.has_value())
- return WebIDL::DataError::create(m_realm, "Missing 'alg' field"_string);
- // 4. Let data be the octet string obtained by decoding the k field of jwk.
- data = TRY(parse_jwk_symmetric_key(m_realm, jwk));
- // 5. -> If data has length 128 bits:
- // If the alg field of jwk is present, and is not "A128CTR", then throw a DataError.
- // -> If data has length 192 bits:
- // If the alg field of jwk is present, and is not "A192CTR", then throw a DataError.
- // -> If data has length 256 bits:
- // If the alg field of jwk is present, and is not "A256CTR", then throw a DataError.
- // -> Otherwise:
- // throw a DataError.
- auto data_bits = data.size() * 8;
- auto const& alg = jwk.alg;
- if (data_bits == 128 && alg != "A128CTR") {
- return WebIDL::DataError::create(m_realm, "Contradictory key size: key has 128 bits, but alg specifies non-128-bit algorithm"_string);
- } else if (data_bits == 192 && alg != "A192CTR") {
- return WebIDL::DataError::create(m_realm, "Contradictory key size: key has 192 bits, but alg specifies non-192-bit algorithm"_string);
- } else if (data_bits == 256 && alg != "A256CTR") {
- return WebIDL::DataError::create(m_realm, "Contradictory key size: key has 256 bits, but alg specifies non-256-bit algorithm"_string);
- } else {
- return WebIDL::DataError::create(m_realm, MUST(String::formatted("Invalid key size: {} bits", data_bits)));
- }
- // 6. If usages is non-empty and the use field of jwk is present and is not "enc", then throw a DataError.
- if (!key_usages.is_empty() && jwk.use.has_value() && *jwk.use != "enc"_string)
- return WebIDL::DataError::create(m_realm, "Invalid use field"_string);
- // 7. If the key_ops field of jwk is present, and is invalid according to the requirements of JSON Web Key [JWK]
- // or does not contain all of the specified usages values, then throw a DataError.
- TRY(validate_jwk_key_ops(m_realm, jwk, key_usages));
- // 8. If the ext field of jwk is present and has the value false and extractable is true, then throw a DataError.
- if (jwk.ext.has_value() && !*jwk.ext && extractable)
- return WebIDL::DataError::create(m_realm, "Invalid ext field"_string);
- }
- // 2. Otherwise:
- else {
- // 1. throw a NotSupportedError.
- return WebIDL::NotSupportedError::create(m_realm, "Only raw and jwk formats are supported"_string);
- }
- auto data_bits = data.size() * 8;
- // 3. Let key be a new CryptoKey object representing an AES key with value data.
- auto key = CryptoKey::create(m_realm, move(data));
- // 4. Set the [[type]] internal slot of key to "secret".
- key->set_type(Bindings::KeyType::Secret);
- // 5. Let algorithm be a new AesKeyAlgorithm.
- auto algorithm = AesKeyAlgorithm::create(m_realm);
- // 6. Set the name attribute of algorithm to "AES-CTR".
- algorithm->set_name("AES-CTR"_string);
- // 7. Set the length attribute of algorithm to the length, in bits, of data.
- algorithm->set_length(data_bits);
- // 8. Set the [[algorithm]] internal slot of key to algorithm.
- key->set_algorithm(algorithm);
- // 9. Return key.
- return key;
- }
- WebIDL::ExceptionOr<GC::Ref<JS::Object>> AesCtr::export_key(Bindings::KeyFormat format, GC::Ref<CryptoKey> key)
- {
- // 1. If the underlying cryptographic key material represented by the [[handle]] internal slot of key cannot be accessed, then throw an OperationError.
- // Note: In our impl this is always accessible
- GC::Ptr<JS::Object> result = nullptr;
- // 2. If format is "raw":
- if (format == Bindings::KeyFormat::Raw) {
- // 1. Let data be the raw octets of the key represented by [[handle]] internal slot of key.
- auto data = key->handle().get<ByteBuffer>();
- // 2. Let result be the result of creating an ArrayBuffer containing data.
- result = JS::ArrayBuffer::create(m_realm, data);
- }
- // 2. If format is "jwk":
- else if (format == Bindings::KeyFormat::Jwk) {
- // 1. Let jwk be a new JsonWebKey dictionary.
- Bindings::JsonWebKey jwk = {};
- // 2. Set the kty attribute of jwk to the string "oct".
- jwk.kty = "oct"_string;
- // 3. Set the k attribute of jwk to be a string containing the raw octets of the key represented by [[handle]] internal slot of key,
- // encoded according to Section 6.4 of JSON Web Algorithms [JWA].
- auto const& key_bytes = key->handle().get<ByteBuffer>();
- jwk.k = TRY_OR_THROW_OOM(m_realm->vm(), encode_base64url(key_bytes, AK::OmitPadding::Yes));
- // 4. -> If the length attribute of key is 128:
- // Set the alg attribute of jwk to the string "A128CTR".
- // -> If the length attribute of key is 192:
- // Set the alg attribute of jwk to the string "A192CTR".
- // -> If the length attribute of key is 256:
- // Set the alg attribute of jwk to the string "A256CTR".
- auto key_bits = key_bytes.size() * 8;
- if (key_bits == 128) {
- jwk.alg = "A128CTR"_string;
- } else if (key_bits == 192) {
- jwk.alg = "A192CTR"_string;
- } else if (key_bits == 256) {
- jwk.alg = "A256CTR"_string;
- }
- // 5. Set the key_ops attribute of jwk to the usages attribute of key.
- jwk.key_ops = Vector<String> {};
- jwk.key_ops->ensure_capacity(key->internal_usages().size());
- for (auto const& usage : key->internal_usages()) {
- jwk.key_ops->append(Bindings::idl_enum_to_string(usage));
- }
- // 6. Set the ext attribute of jwk to equal the [[extractable]] internal slot of key.
- jwk.ext = key->extractable();
- // 7. Let result be the result of converting jwk to an ECMAScript Object, as defined by [WebIDL].
- result = TRY(jwk.to_object(m_realm));
- }
- // 2. Otherwise:
- else {
- // 1. throw a NotSupportedError.
- return WebIDL::NotSupportedError::create(m_realm, "Cannot export to unsupported format"_string);
- }
- // 3. Return result.
- return GC::Ref { *result };
- }
- WebIDL::ExceptionOr<JS::Value> AesCtr::get_key_length(AlgorithmParams const& params)
- {
- // 1. If the length member of normalizedDerivedKeyAlgorithm is not 128, 192 or 256, then throw a OperationError.
- auto const& normalized_algorithm = static_cast<AesDerivedKeyParams const&>(params);
- auto length = normalized_algorithm.length;
- if (length != 128 && length != 192 && length != 256)
- return WebIDL::OperationError::create(m_realm, "Invalid key length"_string);
- // 2. Return the length member of normalizedDerivedKeyAlgorithm.
- return JS::Value(length);
- }
- WebIDL::ExceptionOr<Variant<GC::Ref<CryptoKey>, GC::Ref<CryptoKeyPair>>> AesCtr::generate_key(AlgorithmParams const& params, bool extractable, Vector<Bindings::KeyUsage> const& key_usages)
- {
- // 1. If usages contains any entry which is not one of "encrypt", "decrypt", "wrapKey" or "unwrapKey", then throw a SyntaxError.
- for (auto const& usage : key_usages) {
- if (usage != Bindings::KeyUsage::Encrypt && usage != Bindings::KeyUsage::Decrypt && usage != Bindings::KeyUsage::Wrapkey && usage != Bindings::KeyUsage::Unwrapkey) {
- return WebIDL::SyntaxError::create(m_realm, MUST(String::formatted("Invalid key usage '{}'", idl_enum_to_string(usage))));
- }
- }
- // 2. If the length member of normalizedAlgorithm is not equal to one of 128, 192 or 256, then throw an OperationError.
- auto const& normalized_algorithm = static_cast<AesKeyGenParams const&>(params);
- auto const bits = normalized_algorithm.length;
- if (bits != 128 && bits != 192 && bits != 256) {
- return WebIDL::OperationError::create(m_realm, MUST(String::formatted("Cannot create AES-CTR key with unusual amount of {} bits", bits)));
- }
- // 3. Generate an AES key of length equal to the length member of normalizedAlgorithm.
- // 4. If the key generation step fails, then throw an OperationError.
- auto key_buffer = TRY(generate_random_key(m_realm->vm(), bits));
- // 5. Let key be a new CryptoKey object representing the generated AES key.
- auto key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { key_buffer });
- // 6. Let algorithm be a new AesKeyAlgorithm.
- auto algorithm = AesKeyAlgorithm::create(m_realm);
- // 7. Set the name attribute of algorithm to "AES-CTR".
- algorithm->set_name("AES-CTR"_string);
- // 8. Set the length attribute of algorithm to equal the length member of normalizedAlgorithm.
- algorithm->set_length(bits);
- // 9. Set the [[type]] internal slot of key to "secret".
- key->set_type(Bindings::KeyType::Secret);
- // 10. Set the [[algorithm]] internal slot of key to algorithm.
- key->set_algorithm(algorithm);
- // 11. Set the [[extractable]] internal slot of key to be extractable.
- key->set_extractable(extractable);
- // 12. Set the [[usages]] internal slot of key to be usages.
- key->set_usages(key_usages);
- // 13. Return key.
- return { key };
- }
- WebIDL::ExceptionOr<GC::Ref<JS::ArrayBuffer>> AesCtr::encrypt(AlgorithmParams const& params, GC::Ref<CryptoKey> key, ByteBuffer const& plaintext)
- {
- // 1. If the counter member of normalizedAlgorithm does not have length 16 bytes, then throw an OperationError.
- auto const& normalized_algorithm = static_cast<AesCtrParams const&>(params);
- auto const& counter = normalized_algorithm.counter;
- if (counter.size() != 16)
- return WebIDL::OperationError::create(m_realm, "Invalid counter length"_string);
- // 2. If the length member of normalizedAlgorithm is zero or is greater than 128, then throw an OperationError.
- auto const& length = normalized_algorithm.length;
- if (length == 0 || length > 128)
- return WebIDL::OperationError::create(m_realm, "Invalid length"_string);
- // 3. Let ciphertext be the result of performing the CTR Encryption operation described in Section 6.5 of [NIST-SP800-38A] using
- // AES as the block cipher,
- // the contents of the counter member of normalizedAlgorithm as the initial value of the counter block,
- // the length member of normalizedAlgorithm as the input parameter m to the standard counter block incrementing function defined in Appendix B.1 of [NIST-SP800-38A]
- // and the contents of plaintext as the input plaintext.
- auto& aes_algorithm = static_cast<AesKeyAlgorithm const&>(*key->algorithm());
- auto key_length = aes_algorithm.length();
- auto key_bytes = key->handle().get<ByteBuffer>();
- ::Crypto::Cipher::AESCipher::CTRMode cipher(key_bytes, key_length, ::Crypto::Cipher::Intent::Encryption);
- ByteBuffer ciphertext = TRY_OR_THROW_OOM(m_realm->vm(), ByteBuffer::create_zeroed(plaintext.size()));
- Bytes ciphertext_span = ciphertext.bytes();
- cipher.encrypt(plaintext, ciphertext_span, counter);
- // 4. Return the result of creating an ArrayBuffer containing plaintext.
- return JS::ArrayBuffer::create(m_realm, ciphertext);
- }
- WebIDL::ExceptionOr<GC::Ref<JS::ArrayBuffer>> AesCtr::decrypt(AlgorithmParams const& params, GC::Ref<CryptoKey> key, ByteBuffer const& ciphertext)
- {
- // 1. If the counter member of normalizedAlgorithm does not have length 16 bytes, then throw an OperationError.
- auto const& normalized_algorithm = static_cast<AesCtrParams const&>(params);
- auto const& counter = normalized_algorithm.counter;
- if (counter.size() != 16)
- return WebIDL::OperationError::create(m_realm, "Invalid counter length"_string);
- // 2. If the length member of normalizedAlgorithm is zero or is greater than 128, then throw an OperationError.
- auto const& length = normalized_algorithm.length;
- if (length == 0 || length > 128)
- return WebIDL::OperationError::create(m_realm, "Invalid length"_string);
- // 3. Let plaintext be the result of performing the CTR Decryption operation described in Section 6.5 of [NIST-SP800-38A] using
- // AES as the block cipher,
- // the contents of the counter member of normalizedAlgorithm as the initial value of the counter block,
- // the length member of normalizedAlgorithm as the input parameter m to the standard counter block incrementing function defined in Appendix B.1 of [NIST-SP800-38A]
- // and the contents of ciphertext as the input ciphertext.
- auto& aes_algorithm = static_cast<AesKeyAlgorithm const&>(*key->algorithm());
- auto key_length = aes_algorithm.length();
- auto key_bytes = key->handle().get<ByteBuffer>();
- ::Crypto::Cipher::AESCipher::CTRMode cipher(key_bytes, key_length, ::Crypto::Cipher::Intent::Decryption);
- ByteBuffer plaintext = TRY_OR_THROW_OOM(m_realm->vm(), ByteBuffer::create_zeroed(ciphertext.size()));
- Bytes plaintext_span = plaintext.bytes();
- cipher.decrypt(ciphertext, plaintext_span, counter);
- // 4. Return the result of creating an ArrayBuffer containing plaintext.
- return JS::ArrayBuffer::create(m_realm, plaintext);
- }
- WebIDL::ExceptionOr<JS::Value> AesGcm::get_key_length(AlgorithmParams const& params)
- {
- // 1. If the length member of normalizedDerivedKeyAlgorithm is not 128, 192 or 256, then throw a OperationError.
- auto const& normalized_algorithm = static_cast<AesDerivedKeyParams const&>(params);
- auto length = normalized_algorithm.length;
- if (length != 128 && length != 192 && length != 256)
- return WebIDL::OperationError::create(m_realm, "Invalid key length"_string);
- // 2. Return the length member of normalizedDerivedKeyAlgorithm.
- return JS::Value(length);
- }
- WebIDL::ExceptionOr<GC::Ref<CryptoKey>> AesGcm::import_key(AlgorithmParams const&, Bindings::KeyFormat format, CryptoKey::InternalKeyData key_data, bool extractable, Vector<Bindings::KeyUsage> const& key_usages)
- {
- // 1. If usages contains an entry which is not one of "encrypt", "decrypt", "wrapKey" or "unwrapKey", then throw a SyntaxError.
- for (auto& usage : key_usages) {
- if (usage != Bindings::KeyUsage::Encrypt && usage != Bindings::KeyUsage::Decrypt && usage != Bindings::KeyUsage::Wrapkey && usage != Bindings::KeyUsage::Unwrapkey) {
- return WebIDL::SyntaxError::create(m_realm, MUST(String::formatted("Invalid key usage '{}'", idl_enum_to_string(usage))));
- }
- }
- ByteBuffer data;
- // 2. If format is "raw":
- if (format == Bindings::KeyFormat::Raw) {
- // 1. Let data be the octet string contained in keyData.
- data = key_data.get<ByteBuffer>();
- // 2. If the length in bits of data is not 128, 192 or 256 then throw a DataError.
- auto length_in_bits = data.size() * 8;
- if (length_in_bits != 128 && length_in_bits != 192 && length_in_bits != 256) {
- return WebIDL::DataError::create(m_realm, MUST(String::formatted("Invalid key length '{}' bits (must be either 128, 192, or 256 bits)", length_in_bits)));
- }
- }
- // 2. If format is "jwk":
- else if (format == Bindings::KeyFormat::Jwk) {
- // 1. -> If keyData is a JsonWebKey dictionary:
- // Let jwk equal keyData.
- // -> Otherwise:
- // Throw a DataError.
- if (!key_data.has<Bindings::JsonWebKey>())
- return WebIDL::DataError::create(m_realm, "keyData is not a JsonWebKey dictionary"_string);
- auto& jwk = key_data.get<Bindings::JsonWebKey>();
- // 2. If the kty field of jwk is not "oct", then throw a DataError.
- if (jwk.kty != "oct"_string)
- return WebIDL::DataError::create(m_realm, "Invalid key type"_string);
- // 3. If jwk does not meet the requirements of Section 6.4 of JSON Web Algorithms [JWA], then throw a DataError.
- // Specifically, those requirements are:
- // * the member "k" is used to represent a symmetric key (or another key whose value is a single octet sequence).
- // * An "alg" member SHOULD also be present to identify the algorithm intended to be used with the key,
- // unless the application uses another means or convention to determine the algorithm used.
- if (!jwk.k.has_value())
- return WebIDL::DataError::create(m_realm, "Missing 'k' field"_string);
- if (!jwk.alg.has_value())
- return WebIDL::DataError::create(m_realm, "Missing 'alg' field"_string);
- // 4. Let data be the octet string obtained by decoding the k field of jwk.
- data = TRY(parse_jwk_symmetric_key(m_realm, jwk));
- // 5. -> If data has length 128 bits:
- // If the alg field of jwk is present, and is not "A128GCM", then throw a DataError.
- // -> If data has length 192 bits:
- // If the alg field of jwk is present, and is not "A192GCM", then throw a DataError.
- // -> If data has length 256 bits:
- // If the alg field of jwk is present, and is not "A256GCM", then throw a DataError.
- // -> Otherwise:
- // throw a DataError.
- auto data_bits = data.size() * 8;
- auto const& alg = jwk.alg;
- if (data_bits == 128 && alg != "A128GCM") {
- return WebIDL::DataError::create(m_realm, "Contradictory key size: key has 128 bits, but alg specifies non-128-bit algorithm"_string);
- } else if (data_bits == 192 && alg != "A192GCM") {
- return WebIDL::DataError::create(m_realm, "Contradictory key size: key has 192 bits, but alg specifies non-192-bit algorithm"_string);
- } else if (data_bits == 256 && alg != "A256GCM") {
- return WebIDL::DataError::create(m_realm, "Contradictory key size: key has 256 bits, but alg specifies non-256-bit algorithm"_string);
- } else {
- return WebIDL::DataError::create(m_realm, MUST(String::formatted("Invalid key size: {} bits", data_bits)));
- }
- // 6. If usages is non-empty and the use field of jwk is present and is not "enc", then throw a DataError.
- if (!key_usages.is_empty() && jwk.use.has_value() && *jwk.use != "enc"_string)
- return WebIDL::DataError::create(m_realm, "Invalid use field"_string);
- // 7. If the key_ops field of jwk is present, and is invalid according to the requirements of JSON Web Key [JWK]
- // or does not contain all of the specified usages values, then throw a DataError.
- TRY(validate_jwk_key_ops(m_realm, jwk, key_usages));
- // 8. If the ext field of jwk is present and has the value false and extractable is true, then throw a DataError.
- if (jwk.ext.has_value() && !*jwk.ext && extractable)
- return WebIDL::DataError::create(m_realm, "Invalid ext field"_string);
- }
- // 2. Otherwise:
- else {
- // 1. throw a NotSupportedError.
- return WebIDL::NotSupportedError::create(m_realm, "Only raw and jwk formats are supported"_string);
- }
- auto data_bits = data.size() * 8;
- // 3. Let key be a new CryptoKey object representing an AES key with value data.
- auto key = CryptoKey::create(m_realm, move(data));
- // 4. Set the [[type]] internal slot of key to "secret".
- key->set_type(Bindings::KeyType::Secret);
- // 5. Let algorithm be a new AesKeyAlgorithm.
- auto algorithm = AesKeyAlgorithm::create(m_realm);
- // 6. Set the name attribute of algorithm to "AES-GCM".
- algorithm->set_name("AES-GCM"_string);
- // 7. Set the length attribute of algorithm to the length, in bits, of data.
- algorithm->set_length(data_bits);
- // 8. Set the [[algorithm]] internal slot of key to algorithm.
- key->set_algorithm(algorithm);
- // 9. Return key.
- return key;
- }
- WebIDL::ExceptionOr<GC::Ref<JS::Object>> AesGcm::export_key(Bindings::KeyFormat format, GC::Ref<CryptoKey> key)
- {
- // 1. If the underlying cryptographic key material represented by the [[handle]] internal slot of key cannot be accessed, then throw an OperationError.
- // Note: In our impl this is always accessible
- GC::Ptr<JS::Object> result = nullptr;
- // 2. If format is "raw":
- if (format == Bindings::KeyFormat::Raw) {
- // 1. Let data be the raw octets of the key represented by [[handle]] internal slot of key.
- auto data = key->handle().get<ByteBuffer>();
- // 2. Let result be the result of creating an ArrayBuffer containing data.
- result = JS::ArrayBuffer::create(m_realm, data);
- }
- // 2. If format is "jwk":
- else if (format == Bindings::KeyFormat::Jwk) {
- // 1. Let jwk be a new JsonWebKey dictionary.
- Bindings::JsonWebKey jwk = {};
- // 2. Set the kty attribute of jwk to the string "oct".
- jwk.kty = "oct"_string;
- // 3. Set the k attribute of jwk to be a string containing the raw octets of the key represented by [[handle]] internal slot of key,
- // encoded according to Section 6.4 of JSON Web Algorithms [JWA].
- auto const& key_bytes = key->handle().get<ByteBuffer>();
- jwk.k = TRY_OR_THROW_OOM(m_realm->vm(), encode_base64url(key_bytes, AK::OmitPadding::Yes));
- // 4. -> If the length attribute of key is 128:
- // Set the alg attribute of jwk to the string "A128GCM".
- // -> If the length attribute of key is 192:
- // Set the alg attribute of jwk to the string "A192GCM".
- // -> If the length attribute of key is 256:
- // Set the alg attribute of jwk to the string "A256GCM".
- auto key_bits = key_bytes.size() * 8;
- if (key_bits == 128) {
- jwk.alg = "A128GCM"_string;
- } else if (key_bits == 192) {
- jwk.alg = "A192GCM"_string;
- } else if (key_bits == 256) {
- jwk.alg = "A256GCM"_string;
- }
- // 5. Set the key_ops attribute of jwk to the usages attribute of key.
- jwk.key_ops = Vector<String> {};
- jwk.key_ops->ensure_capacity(key->internal_usages().size());
- for (auto const& usage : key->internal_usages()) {
- jwk.key_ops->append(Bindings::idl_enum_to_string(usage));
- }
- // 6. Set the ext attribute of jwk to equal the [[extractable]] internal slot of key.
- jwk.ext = key->extractable();
- // 7. Let result be the result of converting jwk to an ECMAScript Object, as defined by [WebIDL].
- result = TRY(jwk.to_object(m_realm));
- }
- // 2. Otherwise:
- else {
- // 1. throw a NotSupportedError.
- return WebIDL::NotSupportedError::create(m_realm, "Cannot export to unsupported format"_string);
- }
- // 3. Return result.
- return GC::Ref { *result };
- }
- WebIDL::ExceptionOr<GC::Ref<JS::ArrayBuffer>> AesGcm::encrypt(AlgorithmParams const& params, GC::Ref<CryptoKey> key, ByteBuffer const& plaintext)
- {
- auto const& normalized_algorithm = static_cast<AesGcmParams const&>(params);
- // FIXME: 1. If plaintext has a length greater than 2^39 - 256 bytes, then throw an OperationError.
- // FIXME: 2. If the iv member of normalizedAlgorithm has a length greater than 2^64 - 1 bytes, then throw an OperationError.
- // FIXME: 3. If the additionalData member of normalizedAlgorithm is present and has a length greater than 2^64 - 1 bytes, then throw an OperationError.
- // 4. If the tagLength member of normalizedAlgorithm is not present: Let tagLength be 128.
- auto tag_length = 0;
- auto to_compare_against = Vector<int> { 32, 64, 96, 104, 112, 120, 128 };
- if (!normalized_algorithm.tag_length.has_value())
- tag_length = 128;
- // If the tagLength member of normalizedAlgorithm is one of 32, 64, 96, 104, 112, 120 or 128: Let tagLength be equal to the tagLength member of normalizedAlgorithm
- else if (to_compare_against.contains_slow(normalized_algorithm.tag_length.value()))
- tag_length = normalized_algorithm.tag_length.value();
- // Otherwise: throw an OperationError.
- else
- return WebIDL::OperationError::create(m_realm, "Invalid tag length"_string);
- // 5. Let additionalData be the contents of the additionalData member of normalizedAlgorithm if present or the empty octet string otherwise.
- auto additional_data = normalized_algorithm.additional_data.value_or(ByteBuffer {});
- // 6. Let C and T be the outputs that result from performing the Authenticated Encryption Function described in Section 7.1 of [NIST-SP800-38D] using
- // AES as the block cipher,
- // the contents of the iv member of normalizedAlgorithm as the IV input parameter,
- // the contents of additionalData as the A input parameter,
- // tagLength as the t pre-requisite
- // and the contents of plaintext as the input plaintext.
- auto& aes_algorithm = static_cast<AesKeyAlgorithm const&>(*key->algorithm());
- auto key_length = aes_algorithm.length();
- auto key_bytes = key->handle().get<ByteBuffer>();
- ::Crypto::Cipher::AESCipher::GCMMode cipher(key_bytes, key_length, ::Crypto::Cipher::Intent::Encryption);
- ByteBuffer ciphertext = TRY_OR_THROW_OOM(m_realm->vm(), ByteBuffer::create_zeroed(plaintext.size()));
- ByteBuffer tag = TRY_OR_THROW_OOM(m_realm->vm(), ByteBuffer::create_zeroed(tag_length / 8));
- [[maybe_unused]] Bytes ciphertext_span = ciphertext.bytes();
- [[maybe_unused]] Bytes tag_span = tag.bytes();
- // FIXME: cipher.encrypt(plaintext, ciphertext_span, normalized_algorithm.iv, additional_data, tag_span);
- return WebIDL::NotSupportedError::create(m_realm, "AES GCM encryption not yet implemented"_string);
- // 7. Let ciphertext be equal to C | T, where '|' denotes concatenation.
- // TRY_OR_THROW_OOM(m_realm->vm(), ciphertext.try_append(tag));
- // 8. Return the result of creating an ArrayBuffer containing ciphertext.
- // return JS::ArrayBuffer::create(m_realm, ciphertext);
- }
- WebIDL::ExceptionOr<GC::Ref<JS::ArrayBuffer>> AesGcm::decrypt(AlgorithmParams const& params, GC::Ref<CryptoKey> key, ByteBuffer const& ciphertext)
- {
- auto const& normalized_algorithm = static_cast<AesGcmParams const&>(params);
- // 1. If the tagLength member of normalizedAlgorithm is not present: Let tagLength be 128.
- u32 tag_length = 0;
- auto to_compare_against = Vector<u32> { 32, 64, 96, 104, 112, 120, 128 };
- if (!normalized_algorithm.tag_length.has_value())
- tag_length = 128;
- // If the tagLength member of normalizedAlgorithm is one of 32, 64, 96, 104, 112, 120 or 128: Let tagLength be equal to the tagLength member of normalizedAlgorithm
- else if (to_compare_against.contains_slow(normalized_algorithm.tag_length.value()))
- tag_length = normalized_algorithm.tag_length.value();
- // Otherwise: throw an OperationError.
- else
- return WebIDL::OperationError::create(m_realm, "Invalid tag length"_string);
- // 2. If ciphertext has a length less than tagLength bits, then throw an OperationError.
- if (ciphertext.size() < tag_length / 8)
- return WebIDL::OperationError::create(m_realm, "Invalid ciphertext length"_string);
- // FIXME: 3. If the iv member of normalizedAlgorithm has a length greater than 2^64 - 1 bytes, then throw an OperationError.
- // FIXME: 4. If the additionalData member of normalizedAlgorithm is present and has a length greater than 2^64 - 1 bytes, then throw an OperationError.
- // 5. Let tag be the last tagLength bits of ciphertext.
- auto tag_bits = tag_length / 8;
- auto tag = TRY_OR_THROW_OOM(m_realm->vm(), ciphertext.slice(ciphertext.size() - tag_bits, tag_bits));
- // 6. Let actualCiphertext be the result of removing the last tagLength bits from ciphertext.
- auto actual_ciphertext = TRY_OR_THROW_OOM(m_realm->vm(), ciphertext.slice(0, ciphertext.size() - tag_bits));
- // 7. Let additionalData be the contents of the additionalData member of normalizedAlgorithm if present or the empty octet string otherwise.
- auto additional_data = normalized_algorithm.additional_data.value_or(ByteBuffer {});
- // 8. Perform the Authenticated Decryption Function described in Section 7.2 of [NIST-SP800-38D] using
- // AES as the block cipher,
- // the contents of the iv member of normalizedAlgorithm as the IV input parameter,
- // the contents of additionalData as the A input parameter,
- // tagLength as the t pre-requisite,
- // the contents of actualCiphertext as the input ciphertext, C
- // and the contents of tag as the authentication tag, T.
- auto& aes_algorithm = static_cast<AesKeyAlgorithm const&>(*key->algorithm());
- auto key_length = aes_algorithm.length();
- auto key_bytes = key->handle().get<ByteBuffer>();
- ::Crypto::Cipher::AESCipher::GCMMode cipher(key_bytes, key_length, ::Crypto::Cipher::Intent::Decryption);
- ByteBuffer plaintext = TRY_OR_THROW_OOM(m_realm->vm(), ByteBuffer::create_zeroed(actual_ciphertext.size()));
- [[maybe_unused]] Bytes plaintext_span = plaintext.bytes();
- [[maybe_unused]] Bytes actual_ciphertext_span = actual_ciphertext.bytes();
- [[maybe_unused]] Bytes tag_span = tag.bytes();
- // FIXME: auto result = cipher.decrypt(ciphertext, plaintext_span, normalized_algorithm.iv, additional_data, tag_span);
- return WebIDL::NotSupportedError::create(m_realm, "AES GCM decryption not yet implemented"_string);
- // If the result of the algorithm is the indication of inauthenticity, "FAIL": throw an OperationError
- // if (result == ::Crypto::VerificationConsistency::Inconsistent)
- // return WebIDL::OperationError::create(m_realm, "Decryption failed"_string);
- // Otherwise: Let plaintext be the output P of the Authenticated Decryption Function.
- // 9. Return the result of creating an ArrayBuffer containing plaintext.
- // return JS::ArrayBuffer::create(m_realm, plaintext);
- }
- WebIDL::ExceptionOr<Variant<GC::Ref<CryptoKey>, GC::Ref<CryptoKeyPair>>> AesGcm::generate_key(AlgorithmParams const& params, bool extractable, Vector<Bindings::KeyUsage> const& key_usages)
- {
- // 1. If usages contains any entry which is not one of "encrypt", "decrypt", "wrapKey" or "unwrapKey", then throw a SyntaxError.
- for (auto const& usage : key_usages) {
- if (usage != Bindings::KeyUsage::Encrypt && usage != Bindings::KeyUsage::Decrypt && usage != Bindings::KeyUsage::Wrapkey && usage != Bindings::KeyUsage::Unwrapkey) {
- return WebIDL::SyntaxError::create(m_realm, MUST(String::formatted("Invalid key usage '{}'", idl_enum_to_string(usage))));
- }
- }
- // 2. If the length member of normalizedAlgorithm is not equal to one of 128, 192 or 256, then throw an OperationError.
- auto const& normalized_algorithm = static_cast<AesKeyGenParams const&>(params);
- auto const bits = normalized_algorithm.length;
- if (bits != 128 && bits != 192 && bits != 256) {
- return WebIDL::OperationError::create(m_realm, MUST(String::formatted("Cannot create AES-GCM key with unusual amount of {} bits", bits)));
- }
- // 3. Generate an AES key of length equal to the length member of normalizedAlgorithm.
- // 4. If the key generation step fails, then throw an OperationError.
- auto key_buffer = TRY(generate_random_key(m_realm->vm(), bits));
- // 5. Let key be a new CryptoKey object representing the generated AES key.
- auto key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { key_buffer });
- // 6. Let algorithm be a new AesKeyAlgorithm.
- auto algorithm = AesKeyAlgorithm::create(m_realm);
- // 7. Set the name attribute of algorithm to "AES-GCM".
- algorithm->set_name("AES-GCM"_string);
- // 8. Set the length attribute of algorithm to equal the length member of normalizedAlgorithm.
- algorithm->set_length(bits);
- // 9. Set the [[type]] internal slot of key to "secret".
- key->set_type(Bindings::KeyType::Secret);
- // 10. Set the [[algorithm]] internal slot of key to algorithm.
- key->set_algorithm(algorithm);
- // 11. Set the [[extractable]] internal slot of key to be extractable.
- key->set_extractable(extractable);
- // 12. Set the [[usages]] internal slot of key to be usages.
- key->set_usages(key_usages);
- // 13. Return key.
- return { key };
- }
- // https://w3c.github.io/webcrypto/#hkdf-operations
- WebIDL::ExceptionOr<GC::Ref<CryptoKey>> HKDF::import_key(AlgorithmParams const&, Bindings::KeyFormat format, CryptoKey::InternalKeyData key_data, bool extractable, Vector<Bindings::KeyUsage> const& key_usages)
- {
- // 1. Let keyData be the key data to be imported.
- // 2. If format is "raw":
- // (… see below …)
- // Otherwise:
- // throw a NotSupportedError.
- if (format != Bindings::KeyFormat::Raw) {
- return WebIDL::NotSupportedError::create(m_realm, "Only raw format is supported"_string);
- }
- // 1. If usages contains a value that is not "deriveKey" or "deriveBits", then throw a SyntaxError.
- for (auto& usage : key_usages) {
- if (usage != Bindings::KeyUsage::Derivekey && usage != Bindings::KeyUsage::Derivebits) {
- return WebIDL::SyntaxError::create(m_realm, MUST(String::formatted("Invalid key usage '{}'", idl_enum_to_string(usage))));
- }
- }
- // 2. If extractable is not false, then throw a SyntaxError.
- if (extractable)
- return WebIDL::SyntaxError::create(m_realm, "extractable must be false"_string);
- // 3. Let key be a new CryptoKey representing the key data provided in keyData.
- auto key = CryptoKey::create(m_realm, move(key_data));
- // 4. Set the [[type]] internal slot of key to "secret".
- key->set_type(Bindings::KeyType::Secret);
- // 5. Let algorithm be a new KeyAlgorithm object.
- auto algorithm = KeyAlgorithm::create(m_realm);
- // 6. Set the name attribute of algorithm to "HKDF".
- algorithm->set_name("HKDF"_string);
- // 7. Set the [[algorithm]] internal slot of key to algorithm.
- key->set_algorithm(algorithm);
- // 8. Return key.
- return key;
- }
- WebIDL::ExceptionOr<GC::Ref<JS::ArrayBuffer>> SHA::digest(AlgorithmParams const& algorithm, ByteBuffer const& data)
- {
- auto& algorithm_name = algorithm.name;
- ::Crypto::Hash::HashKind hash_kind;
- if (algorithm_name == "SHA-1") {
- hash_kind = ::Crypto::Hash::HashKind::SHA1;
- } else if (algorithm_name == "SHA-256") {
- hash_kind = ::Crypto::Hash::HashKind::SHA256;
- } else if (algorithm_name == "SHA-384") {
- hash_kind = ::Crypto::Hash::HashKind::SHA384;
- } else if (algorithm_name == "SHA-512") {
- hash_kind = ::Crypto::Hash::HashKind::SHA512;
- } else {
- return WebIDL::NotSupportedError::create(m_realm, MUST(String::formatted("Invalid hash function '{}'", algorithm_name)));
- }
- ::Crypto::Hash::Manager hash { hash_kind };
- hash.update(data);
- auto digest = hash.digest();
- auto result_buffer = ByteBuffer::copy(digest.immutable_data(), hash.digest_size());
- if (result_buffer.is_error())
- return WebIDL::OperationError::create(m_realm, "Failed to create result buffer"_string);
- return JS::ArrayBuffer::create(m_realm, result_buffer.release_value());
- }
- // https://w3c.github.io/webcrypto/#ecdsa-operations
- WebIDL::ExceptionOr<Variant<GC::Ref<CryptoKey>, GC::Ref<CryptoKeyPair>>> ECDSA::generate_key(AlgorithmParams const& params, bool extractable, Vector<Bindings::KeyUsage> const& key_usages)
- {
- // 1. If usages contains a value which is not one of "sign" or "verify", then throw a SyntaxError.
- for (auto const& usage : key_usages) {
- if (usage != Bindings::KeyUsage::Sign && usage != Bindings::KeyUsage::Verify) {
- return WebIDL::SyntaxError::create(m_realm, MUST(String::formatted("Invalid key usage '{}'", idl_enum_to_string(usage))));
- }
- }
- auto const& normalized_algorithm = static_cast<EcKeyGenParams const&>(params);
- // 2. If the namedCurve member of normalizedAlgorithm is "P-256", "P-384" or "P-521":
- // Generate an Elliptic Curve key pair, as defined in [RFC6090]
- // with domain parameters for the curve identified by the namedCurve member of normalizedAlgorithm.
- Variant<Empty, ::Crypto::Curves::SECP256r1, ::Crypto::Curves::SECP384r1, ::Crypto::Curves::SECP521r1> curve;
- if (normalized_algorithm.named_curve.is_one_of("P-256"sv, "P-384"sv, "P-521"sv)) {
- if (normalized_algorithm.named_curve == "P-256")
- curve = ::Crypto::Curves::SECP256r1 {};
- else if (normalized_algorithm.named_curve == "P-384")
- curve = ::Crypto::Curves::SECP384r1 {};
- else if (normalized_algorithm.named_curve == "P-521")
- curve = ::Crypto::Curves::SECP521r1 {};
- else
- VERIFY_NOT_REACHED();
- } else {
- // If the namedCurve member of normalizedAlgorithm is a value specified in an applicable specification:
- // Perform the ECDSA generation steps specified in that specification,
- // passing in normalizedAlgorithm and resulting in an elliptic curve key pair.
- // Otherwise: throw a NotSupportedError
- return WebIDL::NotSupportedError::create(m_realm, "Only 'P-256', 'P-384' and 'P-521' is supported"_string);
- }
- // NOTE: Spec jumps to 6 here for some reason
- // 6. If performing the key generation operation results in an error, then throw an OperationError.
- auto maybe_private_key_data = curve.visit(
- [](Empty const&) -> ErrorOr<::Crypto::UnsignedBigInteger> { return Error::from_string_literal("noop error"); },
- [](auto instance) { return instance.generate_private_key_scalar(); });
- if (maybe_private_key_data.is_error())
- return WebIDL::OperationError::create(m_realm, "Failed to create valid crypto instance"_string);
- auto private_key_data = maybe_private_key_data.release_value();
- auto maybe_public_key_data = curve.visit(
- [](Empty const&) -> ErrorOr<::Crypto::Curves::SECPxxxr1Point> { return Error::from_string_literal("noop error"); },
- [&](auto instance) { return instance.generate_public_key_point(private_key_data); });
- if (maybe_public_key_data.is_error())
- return WebIDL::OperationError::create(m_realm, "Failed to create valid crypto instance"_string);
- auto public_key_data = maybe_public_key_data.release_value();
- auto ec_public_key = ::Crypto::PK::ECPublicKey<> { public_key_data };
- // 7. Let algorithm be a new EcKeyAlgorithm object.
- auto algorithm = EcKeyAlgorithm::create(m_realm);
- // 8. Set the name attribute of algorithm to "ECDSA".
- algorithm->set_name("ECDSA"_string);
- // 9. Set the namedCurve attribute of algorithm to equal the namedCurve member of normalizedAlgorithm.
- algorithm->set_named_curve(normalized_algorithm.named_curve);
- // 10. Let publicKey be a new CryptoKey representing the public key of the generated key pair.
- auto public_key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { ec_public_key });
- // 11. Set the [[type]] internal slot of publicKey to "public"
- public_key->set_type(Bindings::KeyType::Public);
- // 12. Set the [[algorithm]] internal slot of publicKey to algorithm.
- public_key->set_algorithm(algorithm);
- // 13. Set the [[extractable]] internal slot of publicKey to true.
- public_key->set_extractable(true);
- // 14. Set the [[usages]] internal slot of publicKey to be the usage intersection of usages and [ "verify" ].
- public_key->set_usages(usage_intersection(key_usages, { { Bindings::KeyUsage::Verify } }));
- // 15. Let privateKey be a new CryptoKey representing the private key of the generated key pair.
- auto ec_private_key = ::Crypto::PK::ECPrivateKey<> { private_key_data, public_key_data.size, {}, ec_public_key };
- auto private_key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { ec_private_key });
- // 16. Set the [[type]] internal slot of privateKey to "private"
- private_key->set_type(Bindings::KeyType::Private);
- // 17. Set the [[algorithm]] internal slot of privateKey to algorithm.
- private_key->set_algorithm(algorithm);
- // 18. Set the [[extractable]] internal slot of privateKey to extractable.
- private_key->set_extractable(extractable);
- // 19. Set the [[usages]] internal slot of privateKey to be the usage intersection of usages and [ "sign" ].
- private_key->set_usages(usage_intersection(key_usages, { { Bindings::KeyUsage::Sign } }));
- // 20. Let result be a new CryptoKeyPair dictionary.
- // 21. Set the publicKey attribute of result to be publicKey.
- // 22. Set the privateKey attribute of result to be privateKey.
- // 23. Return the result of converting result to an ECMAScript Object, as defined by [WebIDL].
- return Variant<GC::Ref<CryptoKey>, GC::Ref<CryptoKeyPair>> { CryptoKeyPair::create(m_realm, public_key, private_key) };
- }
- // https://w3c.github.io/webcrypto/#ecdsa-operations
- WebIDL::ExceptionOr<GC::Ref<JS::ArrayBuffer>> ECDSA::sign(AlgorithmParams const& params, GC::Ref<CryptoKey> key, ByteBuffer const& message)
- {
- auto& realm = *m_realm;
- auto& vm = realm.vm();
- auto const& normalized_algorithm = static_cast<EcdsaParams const&>(params);
- // 1. If the [[type]] internal slot of key is not "private", then throw an InvalidAccessError.
- if (key->type() != Bindings::KeyType::Private)
- return WebIDL::InvalidAccessError::create(realm, "Key is not a private key"_string);
- // 2. Let hashAlgorithm be the hash member of normalizedAlgorithm.
- auto const& hash_algorithm = TRY(normalized_algorithm.hash.name(vm));
- // 3. Let M be the result of performing the digest operation specified by hashAlgorithm using message.
- ::Crypto::Hash::HashKind hash_kind;
- if (hash_algorithm == "SHA-1") {
- hash_kind = ::Crypto::Hash::HashKind::SHA1;
- } else if (hash_algorithm == "SHA-256") {
- hash_kind = ::Crypto::Hash::HashKind::SHA256;
- } else if (hash_algorithm == "SHA-384") {
- hash_kind = ::Crypto::Hash::HashKind::SHA384;
- } else if (hash_algorithm == "SHA-512") {
- hash_kind = ::Crypto::Hash::HashKind::SHA512;
- } else {
- return WebIDL::NotSupportedError::create(m_realm, MUST(String::formatted("Invalid hash function '{}'", hash_algorithm)));
- }
- ::Crypto::Hash::Manager hash { hash_kind };
- hash.update(message);
- auto digest = hash.digest();
- auto M = TRY_OR_THROW_OOM(vm, ByteBuffer::copy(digest.immutable_data(), hash.digest_size()));
- // 4. Let d be the ECDSA private key associated with key.
- auto d = key->handle().get<::Crypto::PK::ECPrivateKey<>>();
- // FIXME: 5. Let params be the EC domain parameters associated with key.
- auto const& internal_algorithm = static_cast<EcKeyAlgorithm const&>(*key->algorithm());
- auto const& named_curve = internal_algorithm.named_curve();
- ByteBuffer result;
- // 6. If the namedCurve attribute of the [[algorithm]] internal slot of key is "P-256", "P-384" or "P-521":
- if (named_curve.is_one_of("P-256"sv, "P-384"sv, "P-521"sv)) {
- size_t coord_size;
- Variant<Empty, ::Crypto::Curves::SECP256r1, ::Crypto::Curves::SECP384r1, ::Crypto::Curves::SECP521r1> curve;
- if (named_curve == "P-256") {
- coord_size = 256 / 8;
- curve = ::Crypto::Curves::SECP256r1 {};
- } else if (named_curve == "P-384") {
- coord_size = 384 / 8;
- curve = ::Crypto::Curves::SECP384r1 {};
- } else if (named_curve == "P-521") {
- coord_size = ceil_div(521, 8);
- curve = ::Crypto::Curves::SECP521r1 {};
- } else {
- VERIFY_NOT_REACHED();
- }
- // 1. Perform the ECDSA signing process, as specified in [RFC6090], Section 5.4, with M as the message,
- // using params as the EC domain parameters, and with d as the private key.
- // 2. Let r and s be the pair of integers resulting from performing the ECDSA signing process.
- auto maybe_signature = curve.visit(
- [](Empty const&) -> ErrorOr<::Crypto::Curves::SECPxxxr1Signature> { return Error::from_string_literal("Failed to create valid crypto instance"); },
- [&](auto instance) { return instance.sign_scalar(M, d.d()); });
- if (maybe_signature.is_error()) {
- auto error_message = MUST(String::from_utf8(maybe_signature.error().string_literal()));
- return WebIDL::OperationError::create(m_realm, error_message);
- }
- auto signature = maybe_signature.release_value();
- // 3. Let result be an empty byte sequence.
- result = TRY_OR_THROW_OOM(vm, ByteBuffer::create_zeroed(coord_size * 2));
- // 4. Let n be the smallest integer such that n * 8 is greater than the logarithm to base 2 of the order of the base point of the elliptic curve identified by params.
- // 5. Convert r to an octet string of length n and append this sequence of bytes to result.
- VERIFY(signature.r.byte_length() <= coord_size);
- (void)signature.r.export_data(result.span());
- // 6. Convert s to an octet string of length n and append this sequence of bytes to result.
- VERIFY(signature.s.byte_length() <= coord_size);
- (void)signature.s.export_data(result.span().slice(coord_size));
- } else {
- // FIXME: Otherwise, the namedCurve attribute of the [[algorithm]] internal slot of key is a value specified in an applicable specification:
- // FIXME: Perform the ECDSA signature steps specified in that specification, passing in M, params and d and resulting in result.
- }
- // NOTE: The spec jumps to 9 here for some reason
- // 9. Return the result of creating an ArrayBuffer containing result.
- return JS::ArrayBuffer::create(m_realm, result);
- }
- // https://w3c.github.io/webcrypto/#ecdsa-operations
- WebIDL::ExceptionOr<JS::Value> ECDSA::verify(AlgorithmParams const& params, GC::Ref<CryptoKey> key, ByteBuffer const& signature, ByteBuffer const& message)
- {
- auto& realm = *m_realm;
- auto const& normalized_algorithm = static_cast<EcdsaParams const&>(params);
- // 1. If the [[type]] internal slot of key is not "public", then throw an InvalidAccessError.
- if (key->type() != Bindings::KeyType::Public)
- return WebIDL::InvalidAccessError::create(realm, "Key is not a public key"_string);
- // 2. Let hashAlgorithm be the hash member of normalizedAlgorithm.
- [[maybe_unused]] auto const& hash_algorithm = TRY(normalized_algorithm.hash.name(realm.vm()));
- // 3. Let M be the result of performing the digest operation specified by hashAlgorithm using message.
- ::Crypto::Hash::HashKind hash_kind;
- if (hash_algorithm == "SHA-1") {
- hash_kind = ::Crypto::Hash::HashKind::SHA1;
- } else if (hash_algorithm == "SHA-256") {
- hash_kind = ::Crypto::Hash::HashKind::SHA256;
- } else if (hash_algorithm == "SHA-384") {
- hash_kind = ::Crypto::Hash::HashKind::SHA384;
- } else if (hash_algorithm == "SHA-512") {
- hash_kind = ::Crypto::Hash::HashKind::SHA512;
- } else {
- return WebIDL::NotSupportedError::create(m_realm, MUST(String::formatted("Invalid hash function '{}'", hash_algorithm)));
- }
- ::Crypto::Hash::Manager hash { hash_kind };
- hash.update(message);
- auto digest = hash.digest();
- auto M = TRY_OR_THROW_OOM(realm.vm(), ByteBuffer::copy(digest.immutable_data(), hash.digest_size()));
- // 4. Let Q be the ECDSA public key associated with key.
- auto Q = key->handle().get<::Crypto::PK::ECPublicKey<>>();
- // FIXME: 5. Let params be the EC domain parameters associated with key.
- // 6. If the namedCurve attribute of the [[algorithm]] internal slot of key is "P-256", "P-384" or "P-521":
- auto const& internal_algorithm = static_cast<EcKeyAlgorithm const&>(*key->algorithm());
- auto const& named_curve = internal_algorithm.named_curve();
- auto result = false;
- Variant<Empty, ::Crypto::Curves::SECP256r1, ::Crypto::Curves::SECP384r1, ::Crypto::Curves::SECP521r1> curve;
- if (named_curve.is_one_of("P-256"sv, "P-384"sv, "P-521"sv)) {
- if (named_curve == "P-256")
- curve = ::Crypto::Curves::SECP256r1 {};
- else if (named_curve == "P-384")
- curve = ::Crypto::Curves::SECP384r1 {};
- else if (named_curve == "P-521")
- curve = ::Crypto::Curves::SECP521r1 {};
- else
- VERIFY_NOT_REACHED();
- // Perform the ECDSA verifying process, as specified in [RFC6090], Section 5.3,
- // with M as the received message, signature as the received signature
- // and using params as the EC domain parameters, and Q as the public key.
- auto half_size = signature.size() / 2;
- auto r = ::Crypto::UnsignedBigInteger::import_data(signature.data(), half_size);
- auto s = ::Crypto::UnsignedBigInteger::import_data(signature.data() + half_size, half_size);
- auto maybe_result = curve.visit(
- [](Empty const&) -> ErrorOr<bool> { return Error::from_string_literal("Failed to create valid crypto instance"); },
- [&](auto instance) { return instance.verify_point(M, Q.to_secpxxxr1_point(), ::Crypto::Curves::SECPxxxr1Signature { r, s }); });
- if (maybe_result.is_error()) {
- auto error_message = MUST(String::from_utf8(maybe_result.error().string_literal()));
- return WebIDL::OperationError::create(m_realm, error_message);
- }
- result = maybe_result.release_value();
- } else {
- // FIXME: Otherwise, the namedCurve attribute of the [[algorithm]] internal slot of key is a value specified in an applicable specification:
- // FIXME: Perform the ECDSA verification steps specified in that specification passing in M, signature, params and Q and resulting in an indication of whether or not the purported signature is valid.
- }
- // 9. Let result be a boolean with the value true if the signature is valid and the value false otherwise.
- // 10. Return result.
- return JS::Value(result);
- }
- // https://w3c.github.io/webcrypto/#ecdsa-operations
- WebIDL::ExceptionOr<GC::Ref<CryptoKey>> ECDSA::import_key(AlgorithmParams const& params, Bindings::KeyFormat key_format, CryptoKey::InternalKeyData key_data, bool extractable, Vector<Bindings::KeyUsage> const& usages)
- {
- // NOTE: This is a parameter to the function
- // 1. Let keyData be the key data to be imported.
- auto const& normalized_algorithm = static_cast<EcKeyImportParams const&>(params);
- GC::Ptr<CryptoKey> key = nullptr;
- // 2. If format is "spki":
- if (key_format == Bindings::KeyFormat::Spki) {
- // 1. If usages contains a value which is not "verify" then throw a SyntaxError.
- for (auto const& usage : usages) {
- if (usage != Bindings::KeyUsage::Verify) {
- return WebIDL::SyntaxError::create(m_realm, MUST(String::formatted("Invalid key usage '{}'", idl_enum_to_string(usage))));
- }
- }
- // 2. Let spki be the result of running the parse a subjectPublicKeyInfo algorithm over keyData.
- // 3. If an error occurred while parsing, then throw a DataError.
- auto spki = TRY(parse_a_subject_public_key_info(m_realm, key_data.get<ByteBuffer>()));
- // 4. If the algorithm object identifier field of the algorithm AlgorithmIdentifier field of spki
- // is not equal to the id-ecPublicKey object identifier defined in [RFC5480], then throw a DataError.
- if (spki.algorithm.identifier != ::Crypto::ASN1::ec_public_key_encryption_oid)
- return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
- // 5. If the parameters field of the algorithm AlgorithmIdentifier field of spki is absent, then throw a DataError.
- if (!spki.algorithm.ec_parameters.has_value())
- return WebIDL::DataError::create(m_realm, "Invalid algorithm parameters"_string);
- // 6. Let params be the parameters field of the algorithm AlgorithmIdentifier field of spki.
- auto ec_params = spki.algorithm.ec_parameters;
- // 7. If params is not an instance of the ECParameters ASN.1 type defined in [RFC5480] that specifies a namedCurve, then throw a DataError.
- // 8. Let namedCurve be a string whose initial value is undefined.
- String named_curve;
- // 9. If params is equivalent to the secp256r1 object identifier defined in [RFC5480]:
- if (ec_params == ::Crypto::ASN1::secp256r1_oid) {
- // Set namedCurve to "P-256".
- named_curve = "P-256"_string;
- }
- // If params is equivalent to the secp384r1 object identifier defined in [RFC5480]:
- else if (ec_params == ::Crypto::ASN1::secp384r1_oid) {
- // Set namedCurve to "P-384".
- named_curve = "P-384"_string;
- }
- // If params is equivalent to the secp521r1 object identifier defined in [RFC5480]:
- else if (ec_params == ::Crypto::ASN1::secp521r1_oid) {
- // Set namedCurve to "P-521".
- named_curve = "P-521"_string;
- }
- // 10. If namedCurve is not undefined
- if (!named_curve.is_empty()) {
- // 1. Let publicKey be the Elliptic Curve public key identified by performing
- // the conversion steps defined in Section 2.3.4 of [SEC1] to the subjectPublicKey field of spki.
- // The uncompressed point format MUST be supported.
- auto public_key = spki.ec;
- // 2. If the implementation does not support the compressed point format and a compressed point is provided, throw a DataError.
- // 3. If a decode error occurs or an identity point is found, throw a DataError.
- // 4. Let key be a new CryptoKey that represents publicKey.
- // NOTE: We already did this in parse_a_subject_public_key_info
- key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { public_key });
- } else {
- // Otherwise:
- // 1. Perform any key import steps defined by other applicable specifications, passing format, spki and obtaining namedCurve and key.
- // TODO: support 'applicable specifications'
- // 2. If an error occurred or there are no applicable specifications, throw a DataError.
- return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
- }
- // 11. If namedCurve is defined, and not equal to the namedCurve member of normalizedAlgorithm, throw a DataError.
- if (!named_curve.is_empty() && named_curve != normalized_algorithm.named_curve)
- return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
- // TODO: 12. If the public key value is not a valid point on the Elliptic Curve identified
- // by the namedCurve member of normalizedAlgorithm throw a DataError.
- // 13. Set the [[type]] internal slot of key to "public"
- key->set_type(Bindings::KeyType::Public);
- // 14. Let algorithm be a new EcKeyAlgorithm.
- auto algorithm = EcKeyAlgorithm::create(m_realm);
- // 15. Set the name attribute of algorithm to "ECDSA".
- algorithm->set_name("ECDSA"_string);
- // 16. Set the namedCurve attribute of algorithm to namedCurve.
- algorithm->set_named_curve(named_curve);
- // 17. Set the [[algorithm]] internal slot of key to algorithm.
- key->set_algorithm(algorithm);
- }
- // 2. If format is "pkcs8":
- else if (key_format == Bindings::KeyFormat::Pkcs8) {
- // 1. If usages contains a value which is not "sign" then throw a SyntaxError.
- for (auto const& usage : usages) {
- if (usage != Bindings::KeyUsage::Sign) {
- return WebIDL::SyntaxError::create(m_realm, MUST(String::formatted("Invalid key usage '{}'", idl_enum_to_string(usage))));
- }
- }
- // 2. Let privateKeyInfo be the result of running the parse a privateKeyInfo algorithm over keyData.
- // 3. If an error occurred while parsing, then throw a DataError.
- auto private_key_info = TRY(parse_a_private_key_info(m_realm, key_data.get<ByteBuffer>()));
- // 4. If the algorithm object identifier field of the privateKeyAlgorithm PrivateKeyAlgorithm field of privateKeyInfo
- // is not equal to the id-ecPublicKey object identifier defined in [RFC5480], then throw a DataError.
- if (private_key_info.algorithm.identifier != ::Crypto::ASN1::ec_public_key_encryption_oid)
- return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
- // 5. If the parameters field of the privateKeyAlgorithm PrivateKeyAlgorithmIdentifier field
- // of privateKeyInfo is not present, then throw a DataError.
- if (!private_key_info.algorithm.ec_parameters.has_value())
- return WebIDL::DataError::create(m_realm, "Invalid algorithm parameters"_string);
- // 6. Let params be the parameters field of the privateKeyAlgorithm PrivateKeyAlgorithmIdentifier field of privateKeyInfo.
- auto ec_params = private_key_info.algorithm.ec_parameters;
- // 7. If params is not an instance of the ECParameters ASN.1 type defined in [RFC5480] that specifies a namedCurve, then throw a DataError.
- // 8. Let namedCurve be a string whose initial value is undefined.
- String named_curve;
- // 9. If params is equivalent to the secp256r1 object identifier defined in [RFC5480]:
- if (ec_params == ::Crypto::ASN1::secp256r1_oid) {
- // Set namedCurve to "P-256".
- named_curve = "P-256"_string;
- }
- // If params is equivalent to the secp384r1 object identifier defined in [RFC5480]:
- else if (ec_params == ::Crypto::ASN1::secp384r1_oid) {
- // Set namedCurve to "P-384".
- named_curve = "P-384"_string;
- }
- // If params is equivalent to the secp521r1 object identifier defined in [RFC5480]:
- else if (ec_params == ::Crypto::ASN1::secp521r1_oid) {
- // Set namedCurve to "P-521".
- named_curve = "P-521"_string;
- }
- // 10. If namedCurve is not undefined
- if (!named_curve.is_empty()) {
- // 1. Let ecPrivateKey be the result of performing the parse an ASN.1 structure algorithm,
- // with data as the privateKey field of privateKeyInfo, structure as the ASN.1 ECPrivateKey
- // structure specified in Section 3 of [RFC5915], and exactData set to true.
- // NOTE: We already did this in parse_a_private_key_info
- // 2. If an error occurred while parsing, then throw a DataError.
- auto& ec_private_key = private_key_info.ec;
- // 3. If the parameters field of ecPrivateKey is present, and is not an instance
- // of the namedCurve ASN.1 type defined in [RFC5480], or does not contain
- // the same object identifier as the parameters field of the privateKeyAlgorithm
- // PrivateKeyAlgorithmIdentifier field of privateKeyInfo, throw a DataError.
- if (ec_private_key.parameters().has_value() && *ec_private_key.parameters() != ec_params.value_or({}))
- return WebIDL::DataError::create(m_realm, "Invalid algorithm parameters"_string);
- // 4. Let key be a new CryptoKey that represents the Elliptic Curve private key identified
- // by performing the conversion steps defined in Section 3 of [RFC5915] using ecPrivateKey.
- key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { ec_private_key });
- } else {
- // Otherwise:
- // 1. Perform any key import steps defined by other applicable specifications, passing format, spki and obtaining namedCurve and key.
- // TODO: support 'applicable specifications'
- // 2. If an error occurred or there are no applicable specifications, throw a DataError.
- return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
- }
- // 11. If namedCurve is defined, and not equal to the namedCurve member of normalizedAlgorithm, throw a DataError.
- if (!named_curve.is_empty() && named_curve != normalized_algorithm.named_curve)
- return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
- // TODO: 12. If the key value is not a valid point on the Elliptic Curve identified
- // by the namedCurve member of normalizedAlgorithm throw a DataError.
- // 13. Set the [[type]] internal slot of key to "private".
- key->set_type(Bindings::KeyType::Private);
- // 14. Let algorithm be a new EcKeyAlgorithm.
- auto algorithm = EcKeyAlgorithm::create(m_realm);
- // 15. Set the name attribute of algorithm to "ECDSA".
- algorithm->set_name("ECDSA"_string);
- // 16. Set the namedCurve attribute of algorithm to namedCurve.
- algorithm->set_named_curve(named_curve);
- // 17. Set the [[algorithm]] internal slot of key to algorithm.
- key->set_algorithm(algorithm);
- }
- // 2. If format is "jwk":
- else if (key_format == Bindings::KeyFormat::Jwk) {
- // 1. If keyData is a JsonWebKey dictionary: Let jwk equal keyData.
- // Otherwise: Throw a DataError.
- if (!key_data.has<Bindings::JsonWebKey>())
- return WebIDL::DataError::create(m_realm, "keyData is not a JsonWebKey dictionary"_string);
- auto& jwk = key_data.get<Bindings::JsonWebKey>();
- // 2. If the d field is present and usages contains a value which is not "sign", or,
- // if the d field is not present and usages contains a value which is not "verify" then throw a SyntaxError.
- if (jwk.d.has_value()) {
- for (auto const& usage : usages) {
- if (usage != Bindings::KeyUsage::Sign) {
- return WebIDL::SyntaxError::create(m_realm, MUST(String::formatted("Invalid key usage '{}'", idl_enum_to_string(usage))));
- }
- }
- } else {
- for (auto const& usage : usages) {
- if (usage != Bindings::KeyUsage::Verify) {
- return WebIDL::SyntaxError::create(m_realm, MUST(String::formatted("Invalid key usage '{}'", idl_enum_to_string(usage))));
- }
- }
- }
- // 3. If the kty field of jwk is not "EC", then throw a DataError.
- if (jwk.kty != "EC"sv)
- return WebIDL::DataError::create(m_realm, "Invalid key type"_string);
- // 4. If usages is non-empty and the use field of jwk is present and is not "sig", then throw a DataError.
- if (!usages.is_empty() && jwk.use.has_value() && *jwk.use != "sig"sv)
- return WebIDL::DataError::create(m_realm, "Invalid key use"_string);
- // 5. If the key_ops field of jwk is present, and is invalid according to the requirements of JSON Web Key [JWK],
- // or it does not contain all of the specified usages values, then throw a DataError.
- TRY(validate_jwk_key_ops(m_realm, jwk, usages));
- // 6. If the ext field of jwk is present and has the value false and extractable is true, then throw a DataError.
- if (jwk.ext.has_value() && !*jwk.ext && extractable)
- return WebIDL::DataError::create(m_realm, "Invalid extractable"_string);
- // 7. Let namedCurve be a string whose value is equal to the crv field of jwk.
- // NOTE: The spec does not say what to do if crv is missing.
- if (!jwk.crv.has_value())
- return WebIDL::DataError::create(m_realm, "Invalid key crv"_string);
- auto named_curve = *jwk.crv;
- // 8. If namedCurve is not equal to the namedCurve member of normalizedAlgorithm, throw a DataError.
- if (named_curve != normalized_algorithm.named_curve)
- return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
- // 9. If namedCurve is "P-256", "P-384" or "P-521":
- if (named_curve.is_one_of("P-256"sv, "P-384"sv, "P-521"sv)) {
- // 1. Let algNamedCurve be a string whose initial value is undefined.
- String alg_named_curve;
- // 2. If the alg field is not present:
- // Let algNamedCurve be undefined.
- if (jwk.alg.has_value()) {
- // If the alg field is equal to the string "ES256":
- if (*jwk.alg == "ES256")
- // Let algNamedCurve be the string "P-256".
- alg_named_curve = "P-256"_string;
- // If the alg field is equal to the string "ES384":
- else if (*jwk.alg == "ES384")
- // Let algNamedCurve be the string "P-384".
- alg_named_curve = "P-384"_string;
- // If the alg field is equal to the string "ES512":
- else if (*jwk.alg == "ES512")
- // Let algNamedCurve be the string "P-521".
- alg_named_curve = "P-521"_string;
- // otherwise:
- else
- // throw a DataError.
- return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
- }
- // 3. If algNamedCurve is defined, and is not equal to namedCurve, throw a DataError.
- if (!alg_named_curve.is_empty() && alg_named_curve != named_curve)
- return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
- size_t coord_size;
- if (named_curve == "P-256"sv)
- coord_size = 256 / 8;
- else if (named_curve == "P-384"sv)
- coord_size = 384 / 8;
- else if (named_curve == "P-521"sv)
- coord_size = ceil_div(521, 8);
- else
- VERIFY_NOT_REACHED();
- // NOTE: according to Section 6.2.1 and 6.2.2 of JSON Web Algorithms [JWA], x and y are always required
- if (!jwk.x.has_value() || !jwk.y.has_value())
- return WebIDL::DataError::create(m_realm, "Invalid key"_string);
- auto maybe_x_bytes = decode_base64url(jwk.x.value());
- if (maybe_x_bytes.is_error()) {
- return WebIDL::DataError::create(m_realm, "Failed to decode base64"_string);
- }
- auto x_bytes = maybe_x_bytes.release_value();
- if (x_bytes.size() != coord_size)
- return WebIDL::DataError::create(m_realm, "Invalid key size"_string);
- auto maybe_y_bytes = decode_base64url(jwk.y.value());
- if (maybe_y_bytes.is_error()) {
- return WebIDL::DataError::create(m_realm, "Failed to decode base64"_string);
- }
- auto y_bytes = maybe_y_bytes.release_value();
- if (y_bytes.size() != coord_size)
- return WebIDL::DataError::create(m_realm, "Invalid key size"_string);
- auto public_key = ::Crypto::PK::ECPublicKey<> {
- ::Crypto::UnsignedBigInteger::import_data(x_bytes),
- ::Crypto::UnsignedBigInteger::import_data(y_bytes),
- coord_size,
- };
- // If the d field is present:
- if (jwk.d.has_value()) {
- // 1. If jwk does not meet the requirements of Section 6.2.2 of JSON Web Algorithms [JWA], then throw a DataError.
- auto maybe_d_bytes = decode_base64url(jwk.d.value());
- if (maybe_d_bytes.is_error()) {
- return WebIDL::DataError::create(m_realm, "Failed to decode base64"_string);
- }
- auto d_bytes = maybe_d_bytes.release_value();
- if (d_bytes.size() != coord_size)
- return WebIDL::DataError::create(m_realm, "Invalid key size"_string);
- // 2. Let key be a new CryptoKey object that represents the Elliptic Curve private key identified
- // by interpreting jwk according to Section 6.2.2 of JSON Web Algorithms [JWA].
- auto private_key = ::Crypto::PK::ECPrivateKey<> {
- ::Crypto::UnsignedBigInteger::import_data(d_bytes),
- coord_size,
- {},
- public_key,
- };
- key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { private_key });
- // 3. Set the [[type]] internal slot of Key to "private".
- key->set_type(Bindings::KeyType::Private);
- } else {
- // Otherwise:
- // 1. If jwk does not meet the requirements of Section 6.2.1 of JSON Web Algorithms [JWA], then throw a DataError.
- // 2. Let key be a new CryptoKey object that represents the Elliptic Curve public key identified by interpreting
- // jwk according to Section 6.2.1 of JSON Web Algorithms [JWA].
- key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { public_key });
- // 3. Set the [[type]] internal slot of Key to "public".
- key->set_type(Bindings::KeyType::Public);
- }
- } else {
- // 1. Perform any key import steps defined by other applicable specifications, passing format, jwk and obtaining key.
- // TODO: support 'applicable specifications'
- // 2. If an error occurred or there are no applicable specifications, throw a DataError.
- return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
- }
- // TODO: 10. If the key value is not a valid point on the Elliptic Curve identified
- // by the namedCurve member of normalizedAlgorithm throw a DataError.
- // 11. Let algorithm be a new instance of an EcKeyAlgorithm object.
- auto algorithm = EcKeyAlgorithm::create(m_realm);
- // 12. Set the name attribute of algorithm to "ECDSA".
- algorithm->set_name("ECDSA"_string);
- // 13. Set the namedCurve attribute of algorithm to namedCurve.
- algorithm->set_named_curve(named_curve);
- // 14. Set the [[algorithm]] internal slot of key to algorithm.
- key->set_algorithm(algorithm);
- }
- // 2. If format is "raw":
- else if (key_format == Bindings::KeyFormat::Raw) {
- // 1. If the namedCurve member of normalizedAlgorithm is not a named curve, then throw a DataError.
- if (!normalized_algorithm.named_curve.is_one_of("P-256"sv, "P-384"sv, "P-521"sv))
- return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
- // 2. If usages contains a value which is not "verify" then throw a SyntaxError.
- for (auto const& usage : usages) {
- if (usage != Bindings::KeyUsage::Verify) {
- return WebIDL::SyntaxError::create(m_realm, MUST(String::formatted("Invalid key usage '{}'", idl_enum_to_string(usage))));
- }
- }
- // 3. If namedCurve is "P-256", "P-384" or "P-521":
- if (normalized_algorithm.named_curve.is_one_of("P-256"sv, "P-384"sv, "P-521"sv)) {
- auto key_bytes = key_data.get<ByteBuffer>();
- // 1. Let Q be the Elliptic Curve public key on the curve identified by the namedCurve
- // member of normalizedAlgorithm identified by performing the conversion steps
- // defined in Section 2.3.4 of [SEC1] to keyData.
- // The uncompressed point format MUST be supported.
- // 2. If the implementation does not support the compressed point format and a compressed point is provided, throw a DataError.
- // 3. If a decode error occurs or an identity point is found, throw a DataError.
- auto maybe_public_key = ::Crypto::PK::EC::parse_ec_key(key_bytes, false, {});
- if (maybe_public_key.is_error())
- return WebIDL::DataError::create(m_realm, "Failed to parse key"_string);
- // 4. Let key be a new CryptoKey that represents Q.
- key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { maybe_public_key.release_value().public_key });
- } else {
- // Otherwise:
- // 1. Perform any key import steps defined by other applicable specifications, passing format, keyData and obtaining key.
- // TODO: support 'applicable specifications'
- // 2. If an error occured or there are no applicable specifications, throw a DataError.
- return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
- }
- // 4. Let algorithm be a new EcKeyAlgorithm object.
- auto algorithm = EcKeyAlgorithm::create(m_realm);
- // 5. Set the name attribute of algorithm to "ECDSA".
- algorithm->set_name("ECDSA"_string);
- // 6. Set the namedCurve attribute of algorithm to equal the namedCurve member of normalizedAlgorithm.
- algorithm->set_named_curve(normalized_algorithm.named_curve);
- // 7. Set the [[type]] internal slot of key to "public"
- key->set_type(Bindings::KeyType::Public);
- // 8. Set the [[algorithm]] internal slot of key to algorithm.
- key->set_algorithm(algorithm);
- }
- // Otherwise:
- else {
- // throw a NotSupportedError.
- return WebIDL::NotSupportedError::create(m_realm, "Invalid key format"_string);
- }
- // 3. Return key
- return GC::Ref { *key };
- }
- // https://w3c.github.io/webcrypto/#ecdsa-operations
- WebIDL::ExceptionOr<GC::Ref<JS::Object>> ECDSA::export_key(Bindings::KeyFormat format, GC::Ref<CryptoKey> key)
- {
- // NOTE: This is a parameter to the function
- // 1. Let key be the CryptoKey to be exported.
- // 2. If the underlying cryptographic key material represented by the [[handle]] internal slot of key cannot be accessed, then throw an OperationError.
- // Note: In our impl this is always accessible
- auto const& handle = key->handle();
- GC::Ptr<JS::Object> result = nullptr;
- // 3. If format is "spki":
- if (format == Bindings::KeyFormat::Spki) {
- // 1. If the [[type]] internal slot of key is not "public", then throw an InvalidAccessError.
- if (key->type() != Bindings::KeyType::Public)
- return WebIDL::InvalidAccessError::create(m_realm, "Key is not a public key"_string);
- ByteBuffer data;
- // 2. Let data be an instance of the subjectPublicKeyInfo ASN.1 structure defined in [RFC5280] with the following properties:
- // Set the algorithm field to the OID id-ecPublicKey defined in [RFC5480].
- // Set the parameters field to an instance of the ECParameters ASN.1 type defined in [RFC5480] as follows:
- // Set the subjectPublicKey field to keyData
- // If the namedCurve attribute of the [[algorithm]] internal slot of key is "P-256", "P-384" or "P-521":
- auto& algorithm = static_cast<EcKeyAlgorithm const&>(*key->algorithm());
- if (algorithm.named_curve().is_one_of("P-256"sv, "P-384"sv, "P-521"sv)) {
- // Let keyData be the octet string that represents the Elliptic Curve public key represented by the [[handle]] internal slot
- // of key according to the encoding rules specified in Section 2.3.3 of [SEC1] and using the uncompressed form.
- // If the namedCurve attribute of the [[algorithm]] internal slot of key is "P-256":
- // Set parameters to the namedCurve choice with value equal to the object identifier secp256r1 defined in [RFC5480]
- // If the namedCurve attribute of the [[algorithm]] internal slot of key is "P-384":
- // Set parameters to the namedCurve choice with value equal to the object identifier secp384r1 defined in [RFC5480]
- // If the namedCurve attribute of the [[algorithm]] internal slot of key is "P-521":
- // Set parameters to the namedCurve choice with value equal to the object identifier secp521r1 defined in [RFC5480]
- // NOTE: everything above happens in wrap_in_subject_public_key_info
- auto maybe_data = handle.visit(
- [&](::Crypto::PK::ECPublicKey<> const& public_key) -> ErrorOr<ByteBuffer> {
- auto public_key_bytes = TRY(public_key.to_uncompressed());
- Span<int const> ec_params;
- if (algorithm.named_curve() == "P-256"sv)
- ec_params = ::Crypto::ASN1::secp256r1_oid;
- else if (algorithm.named_curve() == "P-384"sv)
- ec_params = ::Crypto::ASN1::secp384r1_oid;
- else if (algorithm.named_curve() == "P-521"sv)
- ec_params = ::Crypto::ASN1::secp521r1_oid;
- else
- VERIFY_NOT_REACHED();
- return TRY(::Crypto::PK::wrap_in_subject_public_key_info(public_key_bytes, ::Crypto::ASN1::ec_public_key_encryption_oid, ec_params));
- },
- [](auto) -> ErrorOr<ByteBuffer> {
- VERIFY_NOT_REACHED();
- });
- if (maybe_data.is_error()) {
- return WebIDL::DataError::create(m_realm, "Failed to encode public key"_string);
- }
- data = maybe_data.release_value();
- } else {
- // Otherwise:
- // 1. Perform any key export steps defined by other applicable specifications, passing format and the namedCurve attribute
- // of the [[algorithm]] internal slot of key and obtaining namedCurveOid and keyData.
- // TODO: support 'applicable specifications'
- // 2. Set parameters to the namedCurve choice with value equal to the object identifier namedCurveOid.
- return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
- }
- // NOTE: Spec does not say anything about this.
- result = JS::ArrayBuffer::create(m_realm, data);
- }
- // 3. If format is "pkcs8":
- else if (format == Bindings::KeyFormat::Pkcs8) {
- // 1. If the [[type]] internal slot of key is not "private", then throw an InvalidAccessError.
- if (key->type() != Bindings::KeyType::Private)
- return WebIDL::InvalidAccessError::create(m_realm, "Key is not a private key"_string);
- ByteBuffer data;
- // 2. Let data be an instance of the privateKeyInfo ASN.1 structure defined in [RFC5280] with the following properties:
- // Set the version field to 0.
- // Set the privateKeyAlgorithm field to an PrivateKeyAlgorithmIdentifier ASN.1 type with the following properties:
- // Set the algorithm field to the OID id-ecPublicKey defined in [RFC5480].
- // Set the privateKey field to keyData.
- // Set the parameters field to an instance of the ECParameters ASN.1 type defined in [RFC5480] as follows:
- // If the namedCurve attribute of the [[algorithm]] internal slot of key is "P-256", "P-384" or "P-521":
- auto& algorithm = static_cast<EcKeyAlgorithm const&>(*key->algorithm());
- if (algorithm.named_curve().is_one_of("P-256"sv, "P-384"sv, "P-521"sv)) {
- // Let keyData be the result of DER-encoding an instance of the ECPrivateKey structure defined
- // in Section 3 of [RFC5915] for the Elliptic Curve private key represented by the [[handle]] internal slot
- // of key and that conforms to the following:
- // The parameters field is present, and is equivalent to the parameters field of the privateKeyAlgorithm field
- // of this PrivateKeyInfo ASN.1 structure.
- // The publicKey field is present and represents the Elliptic Curve public key associated with the Elliptic Curve
- // private key represented by the [[handle]] internal slot of key.
- // If the namedCurve attribute of the [[algorithm]] internal slot of key is "P-256":
- // Set parameters to the namedCurve choice with value equal to the object identifier secp256r1 defined in [RFC5480]
- // If the namedCurve attribute of the [[algorithm]] internal slot of key is "P-384":
- // Set parameters to the namedCurve choice with value equal to the object identifier secp384r1 defined in [RFC5480]
- // If the namedCurve attribute of the [[algorithm]] internal slot of key is "P-521":
- // Set parameters to the namedCurve choice with value equal to the object identifier secp521r1 defined in [RFC5480]
- // NOTE: everything above happens in wrap_in_private_key_info
- auto maybe_data = handle.visit(
- [&](::Crypto::PK::ECPrivateKey<> const& private_key) -> ErrorOr<ByteBuffer> {
- Span<int const> ec_params;
- if (algorithm.named_curve() == "P-256"sv)
- ec_params = ::Crypto::ASN1::secp256r1_oid;
- else if (algorithm.named_curve() == "P-384"sv)
- ec_params = ::Crypto::ASN1::secp384r1_oid;
- else if (algorithm.named_curve() == "P-521"sv)
- ec_params = ::Crypto::ASN1::secp521r1_oid;
- else
- VERIFY_NOT_REACHED();
- return TRY(::Crypto::PK::wrap_in_private_key_info(private_key, ::Crypto::ASN1::ec_public_key_encryption_oid, ec_params));
- },
- [](auto) -> ErrorOr<ByteBuffer> {
- VERIFY_NOT_REACHED();
- });
- if (maybe_data.is_error())
- return WebIDL::DataError::create(m_realm, "Failed to encode private key"_string);
- data = maybe_data.release_value();
- } else {
- // Otherwise:
- // 1. Perform any key export steps defined by other applicable specifications, passing format and the namedCurve attribute
- // of the [[algorithm]] internal slot of key and obtaining namedCurveOid and keyData.
- // TODO: support 'applicable specifications'
- // 2. Set parameters to the namedCurve choice with value equal to the object identifier namedCurveOid.
- return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
- }
- // 3. Let result be the result of creating an ArrayBuffer containing data.
- result = JS::ArrayBuffer::create(m_realm, data);
- }
- // 3. If format is "jwt":
- else if (format == Bindings::KeyFormat::Jwk) {
- // 1. Let jwk be a new JsonWebKey dictionary.
- Bindings::JsonWebKey jwk = {};
- // 2. Set the kty attribute of jwk to "EC".
- jwk.kty = "EC"_string;
- // 3. If the namedCurve attribute of the [[algorithm]] internal slot of key is "P-256", "P-384" or "P-521":
- auto& algorithm = static_cast<EcKeyAlgorithm const&>(*key->algorithm());
- if (algorithm.named_curve().is_one_of("P-256"sv, "P-384"sv, "P-521"sv)) {
- // 1. If the namedCurve attribute of the [[algorithm]] internal slot of key is "P-256":
- if (algorithm.named_curve() == "P-256"sv) {
- // Set the crv attribute of jwk to "P-256"
- jwk.crv = "P-256"_string;
- }
- // If the namedCurve attribute of the [[algorithm]] internal slot of key is "P-384":
- else if (algorithm.named_curve() == "P-384"sv) {
- // Set the crv attribute of jwk to "P-384"
- jwk.crv = "P-384"_string;
- }
- // If the namedCurve attribute of the [[algorithm]] internal slot of key is "P-521":
- else if (algorithm.named_curve() == "P-521"sv) {
- // Set the crv attribute of jwk to "P-521"
- jwk.crv = "P-521"_string;
- }
- auto maybe_error = handle.visit(
- [&](::Crypto::PK::ECPublicKey<> const& public_key) -> ErrorOr<void> {
- // 2. Set the x attribute of jwk according to the definition in Section 6.2.1.2 of JSON Web Algorithms [JWA].
- auto x_bytes = TRY(public_key.x_bytes());
- jwk.x = TRY(encode_base64url(x_bytes, AK::OmitPadding::Yes));
- // 3. Set the y attribute of jwk according to the definition in Section 6.2.1.3 of JSON Web Algorithms [JWA].
- auto y_bytes = TRY(public_key.y_bytes());
- jwk.y = TRY(encode_base64url(y_bytes, AK::OmitPadding::Yes));
- return {};
- },
- [&](::Crypto::PK::ECPrivateKey<> const& private_key) -> ErrorOr<void> {
- Variant<Empty, ::Crypto::Curves::SECP256r1, ::Crypto::Curves::SECP384r1, ::Crypto::Curves::SECP521r1> curve;
- if (algorithm.named_curve() == "P-256"sv)
- curve = ::Crypto::Curves::SECP256r1 {};
- else if (algorithm.named_curve() == "P-384"sv)
- curve = ::Crypto::Curves::SECP384r1 {};
- else if (algorithm.named_curve() == "P-521"sv)
- curve = ::Crypto::Curves::SECP521r1 {};
- else
- VERIFY_NOT_REACHED();
- auto maybe_public_key = curve.visit(
- [](Empty const&) -> ErrorOr<::Crypto::Curves::SECPxxxr1Point> { return Error::from_string_literal("noop error"); },
- [&](auto instance) { return instance.generate_public_key_point(private_key.d()); });
- auto public_key = TRY(maybe_public_key);
- auto x_bytes = TRY(public_key.x_bytes());
- auto y_bytes = TRY(public_key.y_bytes());
- // 2. Set the x attribute of jwk according to the definition in Section 6.2.1.2 of JSON Web Algorithms [JWA].
- jwk.x = TRY(encode_base64url(x_bytes, AK::OmitPadding::Yes));
- // 3. Set the y attribute of jwk according to the definition in Section 6.2.1.3 of JSON Web Algorithms [JWA].
- jwk.y = TRY(encode_base64url(y_bytes, AK::OmitPadding::Yes));
- return {};
- },
- [](auto) -> ErrorOr<void> {
- VERIFY_NOT_REACHED();
- });
- if (maybe_error.is_error())
- return WebIDL::DataError::create(m_realm, "Failed to encode public key"_string);
- // 4. If the [[type]] internal slot of key is "private"
- if (key->type() == Bindings::KeyType::Private) {
- auto maybe_error = handle.visit(
- [&](::Crypto::PK::ECPrivateKey<> const& private_key) -> ErrorOr<void> {
- // Set the d attribute of jwk according to the definition in Section 6.2.2.1 of JSON Web Algorithms [JWA].
- auto d_bytes = TRY(private_key.d_bytes());
- jwk.d = TRY(encode_base64url(d_bytes, AK::OmitPadding::Yes));
- return {};
- },
- [](auto) -> ErrorOr<void> {
- VERIFY_NOT_REACHED();
- });
- if (maybe_error.is_error())
- return WebIDL::DataError::create(m_realm, "Failed to encode private key"_string);
- }
- } else {
- // 1. Perform any key export steps defined by other applicable specifications,
- // passing format and the namedCurve attribute of the [[algorithm]] internal slot
- // of key and obtaining namedCurve and a new value of jwk.
- // TODO: support 'applicable specifications'
- // 2. Set the crv attribute of jwk to namedCurve.
- jwk.crv = algorithm.named_curve();
- }
- // 4. Set the key_ops attribute of jwk to the usages attribute of key.
- jwk.key_ops = Vector<String> {};
- jwk.key_ops->ensure_capacity(key->internal_usages().size());
- for (auto const& usage : key->internal_usages())
- jwk.key_ops->append(idl_enum_to_string(usage));
- // 5. Set the ext attribute of jwk to the [[extractable]] internal slot of key.
- jwk.ext = key->extractable();
- // 6. Let result be the result of converting jwk to an ECMAScript Object, as defined by [WebIDL].
- result = TRY(jwk.to_object(m_realm));
- }
- // 3. If format is "raw":
- else if (format == Bindings::KeyFormat::Raw) {
- // 1. If the [[type]] internal slot of key is not "public", then throw an InvalidAccessError.
- if (key->type() != Bindings::KeyType::Public)
- return WebIDL::InvalidAccessError::create(m_realm, "Key is not a public key"_string);
- ByteBuffer data;
- // 2. If the namedCurve attribute of the [[algorithm]] internal slot of key is "P-256", "P-384" or "P-521":
- auto& algorithm = static_cast<EcKeyAlgorithm const&>(*key->algorithm());
- if (algorithm.named_curve().is_one_of("P-256"sv, "P-384"sv, "P-521"sv)) {
- // Let data be an octet string representing the Elliptic Curve point Q represented by [[handle]] internal slot
- // of key according to [SEC1] 2.3.3 using the uncompressed format.
- auto maybe_data = handle.visit(
- [](::Crypto::PK::ECPublicKey<> const& public_key) -> ErrorOr<ByteBuffer> {
- return public_key.to_uncompressed();
- },
- [](auto) -> ErrorOr<ByteBuffer> {
- VERIFY_NOT_REACHED();
- });
- if (maybe_data.is_error())
- return WebIDL::DataError::create(m_realm, "Failed to encode public key"_string);
- data = maybe_data.release_value();
- } else {
- // Perform any key export steps defined by other applicable specifications, passing format and
- // the namedCurve attribute of the [[algorithm]] internal slot of key and obtaining namedCurve and data.
- // TODO: support 'applicable specifications'
- return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
- }
- // 3. Let result be the result of creating an ArrayBuffer containing data.
- result = JS::ArrayBuffer::create(m_realm, move(data));
- }
- // Otherwise:
- else {
- // throw a NotSupportedError.
- return WebIDL::NotSupportedError::create(m_realm, "Invalid key format"_string);
- }
- // 4. Return result.
- return GC::Ref { *result };
- }
- // https://w3c.github.io/webcrypto/#ecdh-operations
- WebIDL::ExceptionOr<Variant<GC::Ref<CryptoKey>, GC::Ref<CryptoKeyPair>>> ECDH::generate_key(AlgorithmParams const& params, bool extractable, Vector<Bindings::KeyUsage> const& key_usages)
- {
- // 1. If usages contains an entry which is not "deriveKey" or "deriveBits" then throw a SyntaxError.
- for (auto const& usage : key_usages) {
- if (usage != Bindings::KeyUsage::Derivekey && usage != Bindings::KeyUsage::Derivebits) {
- return WebIDL::SyntaxError::create(m_realm, MUST(String::formatted("Invalid key usage '{}'", idl_enum_to_string(usage))));
- }
- }
- auto const& normalized_algorithm = static_cast<EcKeyGenParams const&>(params);
- // 2. If the namedCurve member of normalizedAlgorithm is "P-256", "P-384" or "P-521":
- // Generate an Elliptic Curve key pair, as defined in [RFC6090]
- // with domain parameters for the curve identified by the namedCurve member of normalizedAlgorithm.
- Variant<Empty, ::Crypto::Curves::SECP256r1, ::Crypto::Curves::SECP384r1, ::Crypto::Curves::SECP521r1> curve;
- if (normalized_algorithm.named_curve.is_one_of("P-256"sv, "P-384"sv, "P-521"sv)) {
- if (normalized_algorithm.named_curve == "P-256")
- curve = ::Crypto::Curves::SECP256r1 {};
- else if (normalized_algorithm.named_curve == "P-384")
- curve = ::Crypto::Curves::SECP384r1 {};
- else if (normalized_algorithm.named_curve == "P-521")
- curve = ::Crypto::Curves::SECP521r1 {};
- else
- VERIFY_NOT_REACHED();
- } else {
- // If the namedCurve member of normalizedAlgorithm is a value specified in an applicable specification
- // that specifies the use of that value with ECDH:
- // Perform the ECDH generation steps specified in that specification,
- // passing in normalizedAlgorithm and resulting in an elliptic curve key pair.
- // Otherwise: throw a NotSupportedError
- return WebIDL::NotSupportedError::create(m_realm, "Only 'P-256', 'P-384' and 'P-521' is supported"_string);
- }
- // 3. If performing the operation results in an error, then throw a OperationError.
- auto maybe_private_key_data = curve.visit(
- [](Empty const&) -> ErrorOr<::Crypto::UnsignedBigInteger> { return Error::from_string_literal("noop error"); },
- [](auto instance) { return instance.generate_private_key_scalar(); });
- if (maybe_private_key_data.is_error())
- return WebIDL::OperationError::create(m_realm, "Failed to create valid crypto instance"_string);
- auto private_key_data = maybe_private_key_data.release_value();
- auto maybe_public_key_data = curve.visit(
- [](Empty const&) -> ErrorOr<::Crypto::Curves::SECPxxxr1Point> { return Error::from_string_literal("noop error"); },
- [&](auto instance) { return instance.generate_public_key_point(private_key_data); });
- if (maybe_public_key_data.is_error())
- return WebIDL::OperationError::create(m_realm, "Failed to create valid crypto instance"_string);
- auto public_key_data = maybe_public_key_data.release_value();
- auto ec_public_key = ::Crypto::PK::ECPublicKey<> { public_key_data };
- // 4. Let algorithm be a new EcKeyAlgorithm object.
- auto algorithm = EcKeyAlgorithm::create(m_realm);
- // 5. Set the name attribute of algorithm to "ECDH".
- algorithm->set_name("ECDH"_string);
- // 6. Set the namedCurve attribute of algorithm to equal the namedCurve member of normalizedAlgorithm.
- algorithm->set_named_curve(normalized_algorithm.named_curve);
- // 7. Let publicKey be a new CryptoKey representing the public key of the generated key pair.
- auto public_key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { ec_public_key });
- // 8. Set the [[type]] internal slot of publicKey to "public"
- public_key->set_type(Bindings::KeyType::Public);
- // 9. Set the [[algorithm]] internal slot of publicKey to algorithm.
- public_key->set_algorithm(algorithm);
- // 10. Set the [[extractable]] internal slot of publicKey to true.
- public_key->set_extractable(true);
- // 11. Set the [[usages]] internal slot of publicKey to be the empty list.
- public_key->set_usages({});
- // 12. Let privateKey be a new CryptoKey representing the private key of the generated key pair.
- auto ec_private_key = ::Crypto::PK::ECPrivateKey<> { private_key_data, public_key_data.size, {}, ec_public_key };
- auto private_key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { ec_private_key });
- // 13. Set the [[type]] internal slot of privateKey to "private"
- private_key->set_type(Bindings::KeyType::Private);
- // 14. Set the [[algorithm]] internal slot of privateKey to algorithm.
- private_key->set_algorithm(algorithm);
- // 15. Set the [[extractable]] internal slot of privateKey to extractable.
- private_key->set_extractable(extractable);
- // 16. Set the [[usages]] internal slot of privateKey to be the usage intersection of usages and [ "deriveKey", "deriveBits" ].
- private_key->set_usages(usage_intersection(key_usages, { { Bindings::KeyUsage::Derivekey, Bindings::KeyUsage::Derivebits } }));
- // 17. Let result be a new CryptoKeyPair dictionary.
- // 18. Set the publicKey attribute of result to be publicKey.
- // 19. Set the privateKey attribute of result to be privateKey.
- // 20. Return the result of converting result to an ECMAScript Object, as defined by [WebIDL].
- return Variant<GC::Ref<CryptoKey>, GC::Ref<CryptoKeyPair>> { CryptoKeyPair::create(m_realm, public_key, private_key) };
- }
- // https://w3c.github.io/webcrypto/#ecdh-operations
- WebIDL::ExceptionOr<GC::Ref<JS::ArrayBuffer>> ECDH::derive_bits(AlgorithmParams const& params, GC::Ref<CryptoKey> key, Optional<u32> length_optional)
- {
- auto& realm = *m_realm;
- auto const& normalized_algorithm = static_cast<EcdhKeyDeriveParams const&>(params);
- // 1. If the [[type]] internal slot of key is not "private", then throw an InvalidAccessError.
- if (key->type() != Bindings::KeyType::Private)
- return WebIDL::InvalidAccessError::create(realm, "Key is not a private key"_string);
- // 2. Let publicKey be the public member of normalizedAlgorithm.
- auto& public_key = normalized_algorithm.public_key;
- // 3. If the [[type]] internal slot of publicKey is not "public", then throw an InvalidAccessError.
- if (public_key->type() != Bindings::KeyType::Public)
- return WebIDL::InvalidAccessError::create(realm, "Public key is not a public key"_string);
- // 4. If the name attribute of the [[algorithm]] internal slot of publicKey is not equal to
- // the name property of the [[algorithm]] internal slot of key, then throw an InvalidAccessError.
- auto& internal_algorithm = static_cast<EcKeyAlgorithm const&>(*key->algorithm());
- auto& public_internal_algorithm = static_cast<EcKeyAlgorithm const&>(*public_key->algorithm());
- if (internal_algorithm.name() != public_internal_algorithm.name()) {
- return WebIDL::InvalidAccessError::create(realm, "Algorithm mismatch"_string);
- }
- // 5. If the namedCurve attribute of the [[algorithm]] internal slot of publicKey is not equal to
- // the namedCurve property of the [[algorithm]] internal slot of key, then throw an InvalidAccessError.
- if (internal_algorithm.named_curve() != public_internal_algorithm.named_curve())
- return WebIDL::InvalidAccessError::create(realm, "Curve mismatch"_string);
- ByteBuffer secret;
- // 6. If the namedCurve property of the [[algorithm]] internal slot of key is "P-256", "P-384" or "P-521":
- // 7. If performing the operation results in an error, then throw a OperationError.
- if (internal_algorithm.named_curve().is_one_of("P-256"sv, "P-384"sv, "P-521"sv)) {
- // 1. Perform the ECDH primitive specified in [RFC6090] Section 4
- // with key as the EC private key d and the EC public key represented
- // by the [[handle]] internal slot of publicKey as the EC public key.
- // 2. Let secret be the result of applying the field element to octet string conversion
- // defined in Section 6.2 of [RFC6090] to the output of the ECDH primitive.
- auto private_key_data = key->handle().get<::Crypto::PK::ECPrivateKey<>>();
- auto public_key_data = public_key->handle().get<::Crypto::PK::ECPublicKey<>>();
- Variant<Empty, ::Crypto::Curves::SECP256r1, ::Crypto::Curves::SECP384r1, ::Crypto::Curves::SECP521r1> curve;
- if (internal_algorithm.named_curve() == "P-256"sv)
- curve = ::Crypto::Curves::SECP256r1 {};
- else if (internal_algorithm.named_curve() == "P-384"sv)
- curve = ::Crypto::Curves::SECP384r1 {};
- else if (internal_algorithm.named_curve() == "P-521"sv)
- curve = ::Crypto::Curves::SECP521r1 {};
- else
- VERIFY_NOT_REACHED();
- auto maybe_secret = curve.visit(
- [](Empty const&) -> ErrorOr<::Crypto::Curves::SECPxxxr1Point> { return Error::from_string_literal("noop error"); },
- [&private_key_data, &public_key_data](auto instance) { return instance.compute_coordinate_point(private_key_data.d(), public_key_data.to_secpxxxr1_point()); });
- if (maybe_secret.is_error()) {
- auto message = TRY_OR_THROW_OOM(realm.vm(), String::formatted("Failed to compute secret: {}", maybe_secret.error()));
- return WebIDL::OperationError::create(realm, message);
- }
- auto maybe_secret_data = maybe_secret.release_value().to_uncompressed();
- if (maybe_secret_data.is_error())
- return WebIDL::OperationError::create(realm, "Failed to convert secret"_string);
- // NOTE: Remove the prefix from the uncompressed point
- auto secret_data = maybe_secret_data.release_value();
- VERIFY(secret_data[0] == 0x04);
- secret = TRY_OR_THROW_OOM(realm.vm(), secret_data.slice(1, secret_data.size() - 1));
- } else {
- // If the namedCurve property of the [[algorithm]] internal slot of key is a value specified
- // in an applicable specification that specifies the use of that value with ECDH:
- // Perform the ECDH derivation steps specified in that specification,
- // passing in key and publicKey and resulting in secret.
- // TODO: support 'applicable specification'
- return WebIDL::NotSupportedError::create(realm, "Only 'P-256', 'P-384' and 'P-521' is supported"_string);
- }
- // 8. If length is null: Return secret
- if (!length_optional.has_value()) {
- auto result = TRY_OR_THROW_OOM(realm.vm(), ByteBuffer::copy(secret));
- return JS::ArrayBuffer::create(realm, move(secret));
- }
- // Otherwise: If the length of secret in bits is less than length: throw an OperationError.
- auto length = length_optional.value();
- if (secret.size() * 8 < length)
- return WebIDL::OperationError::create(realm, "Secret is too short"_string);
- // Otherwise: Return an octet string containing the first length bits of secret.
- auto slice = TRY_OR_THROW_OOM(realm.vm(), secret.slice(0, length / 8));
- return JS::ArrayBuffer::create(realm, move(slice));
- }
- // https://w3c.github.io/webcrypto/#ecdh-operations
- WebIDL::ExceptionOr<GC::Ref<CryptoKey>> ECDH::import_key(AlgorithmParams const& params, Bindings::KeyFormat key_format, CryptoKey::InternalKeyData key_data, bool extractable, Vector<Bindings::KeyUsage> const& usages)
- {
- // NOTE: This is a parameter to the function
- // 1. Let keyData be the key data to be imported.
- auto const& normalized_algorithm = static_cast<EcKeyImportParams const&>(params);
- GC::Ptr<CryptoKey> key = nullptr;
- // 2. If format is "spki":
- if (key_format == Bindings::KeyFormat::Spki) {
- // 1. If usages is not empty then throw a SyntaxError.
- if (!usages.is_empty())
- return WebIDL::SyntaxError::create(m_realm, "Usages must be empty"_string);
- // 2. Let spki be the result of running the parse a subjectPublicKeyInfo algorithm over keyData.
- // 3. If an error occurred while parsing, then throw a DataError.
- auto spki = TRY(parse_a_subject_public_key_info(m_realm, key_data.get<ByteBuffer>()));
- // 4. If the algorithm object identifier field of the algorithm AlgorithmIdentifier field of spki
- // is not equal to the id-ecPublicKey object identifier defined in [RFC5480], then throw a DataError.
- if (spki.algorithm.identifier != ::Crypto::ASN1::ec_public_key_encryption_oid)
- return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
- // 5. If the parameters field of the algorithm AlgorithmIdentifier field of spki is absent, then throw a DataError.
- if (!spki.algorithm.ec_parameters.has_value())
- return WebIDL::DataError::create(m_realm, "Invalid algorithm parameters"_string);
- // 6. Let params be the parameters field of the algorithm AlgorithmIdentifier field of spki.
- auto ec_params = spki.algorithm.ec_parameters;
- // 7. If params is not an instance of the ECParameters ASN.1 type defined in [RFC5480] that specifies a namedCurve, then throw a DataError.
- // 8. Let namedCurve be a string whose initial value is undefined.
- String named_curve;
- // 9. If params is equivalent to the secp256r1 object identifier defined in [RFC5480]:
- if (ec_params == ::Crypto::ASN1::secp256r1_oid) {
- // Set namedCurve to "P-256".
- named_curve = "P-256"_string;
- }
- // If params is equivalent to the secp384r1 object identifier defined in [RFC5480]:
- else if (ec_params == ::Crypto::ASN1::secp384r1_oid) {
- // Set namedCurve to "P-384".
- named_curve = "P-384"_string;
- }
- // If params is equivalent to the secp521r1 object identifier defined in [RFC5480]:
- else if (ec_params == ::Crypto::ASN1::secp521r1_oid) {
- // Set namedCurve to "P-521".
- named_curve = "P-521"_string;
- }
- // 10. If namedCurve is not undefined
- if (!named_curve.is_empty()) {
- // 1. Let publicKey be the Elliptic Curve public key identified by performing
- // the conversion steps defined in Section 2.3.4 of [SEC1] to the subjectPublicKey field of spki.
- // The uncompressed point format MUST be supported.
- auto public_key = spki.ec;
- // 2. If the implementation does not support the compressed point format and a compressed point is provided, throw a DataError.
- // 3. If a decode error occurs or an identity point is found, throw a DataError.
- // 4. Let key be a new CryptoKey that represents publicKey.
- // NOTE: We already did this in parse_a_subject_public_key_info
- key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { public_key });
- } else {
- // Otherwise:
- // 1. Perform any key import steps defined by other applicable specifications, passing format, spki and obtaining namedCurve and key.
- // TODO: support 'applicable specifications'
- // 2. If an error occurred or there are no applicable specifications, throw a DataError.
- return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
- }
- // 11. If namedCurve is defined, and not equal to the namedCurve member of normalizedAlgorithm, throw a DataError.
- if (!named_curve.is_empty() && named_curve != normalized_algorithm.named_curve)
- return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
- // TODO: 12. If the key value is not a valid point on the Elliptic Curve identified
- // by the namedCurve member of normalizedAlgorithm throw a DataError.
- // 13. Set the [[type]] internal slot of key to "public"
- key->set_type(Bindings::KeyType::Public);
- // 14. Let algorithm be a new EcKeyAlgorithm.
- auto algorithm = EcKeyAlgorithm::create(m_realm);
- // 15. Set the name attribute of algorithm to "ECDH".
- algorithm->set_name("ECDH"_string);
- // 16. Set the namedCurve attribute of algorithm to namedCurve.
- algorithm->set_named_curve(named_curve);
- // 17. Set the [[algorithm]] internal slot of key to algorithm.
- key->set_algorithm(algorithm);
- }
- // 2. If format is "pkcs8":
- else if (key_format == Bindings::KeyFormat::Pkcs8) {
- // 1. If usages contains an entry which is not "deriveKey" or "deriveBits" then throw a SyntaxError.
- for (auto const& usage : usages) {
- if (usage != Bindings::KeyUsage::Derivekey && usage != Bindings::KeyUsage::Derivebits) {
- return WebIDL::SyntaxError::create(m_realm, MUST(String::formatted("Invalid key usage '{}'", idl_enum_to_string(usage))));
- }
- }
- // 2. Let privateKeyInfo be the result of running the parse a privateKeyInfo algorithm over keyData.
- // 3. If an error occurred while parsing, then throw a DataError.
- auto private_key_info = TRY(parse_a_private_key_info(m_realm, key_data.get<ByteBuffer>()));
- // 4. If the algorithm object identifier field of the privateKeyAlgorithm PrivateKeyAlgorithm field of privateKeyInfo
- // is not equal to the id-ecPublicKey object identifier defined in [RFC5480], then throw a DataError.
- if (private_key_info.algorithm.identifier != ::Crypto::ASN1::ec_public_key_encryption_oid)
- return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
- // 5. If the parameters field of the privateKeyAlgorithm PrivateKeyAlgorithmIdentifier field
- // of privateKeyInfo is not present, then throw a DataError.
- if (!private_key_info.algorithm.ec_parameters.has_value())
- return WebIDL::DataError::create(m_realm, "Invalid algorithm parameters"_string);
- // 6. Let params be the parameters field of the privateKeyAlgorithm PrivateKeyAlgorithmIdentifier field of privateKeyInfo.
- auto ec_params = private_key_info.algorithm.ec_parameters;
- // 7. If params is not an instance of the ECParameters ASN.1 type defined in [RFC5480] that specifies a namedCurve, then throw a DataError.
- // 8. Let namedCurve be a string whose initial value is undefined.
- String named_curve;
- // 9. If params is equivalent to the secp256r1 object identifier defined in [RFC5480]:
- if (ec_params == ::Crypto::ASN1::secp256r1_oid) {
- // Set namedCurve to "P-256".
- named_curve = "P-256"_string;
- }
- // If params is equivalent to the secp384r1 object identifier defined in [RFC5480]:
- else if (ec_params == ::Crypto::ASN1::secp384r1_oid) {
- // Set namedCurve to "P-384".
- named_curve = "P-384"_string;
- }
- // If params is equivalent to the secp521r1 object identifier defined in [RFC5480]:
- else if (ec_params == ::Crypto::ASN1::secp521r1_oid) {
- // Set namedCurve to "P-521".
- named_curve = "P-521"_string;
- }
- // 10. If namedCurve is not undefined
- if (!named_curve.is_empty()) {
- // 1. Let ecPrivateKey be the result of performing the parse an ASN.1 structure algorithm,
- // with data as the privateKey field of privateKeyInfo, structure as the ASN.1 ECPrivateKey
- // structure specified in Section 3 of [RFC5915], and exactData set to true.
- // NOTE: We already did this in parse_a_private_key_info
- // 2. If an error occurred while parsing, then throw a DataError.
- auto& ec_private_key = private_key_info.ec;
- // 3. If the parameters field of ecPrivateKey is present, and is not an instance
- // of the namedCurve ASN.1 type defined in [RFC5480], or does not contain
- // the same object identifier as the parameters field of the privateKeyAlgorithm
- // PrivateKeyAlgorithmIdentifier field of privateKeyInfo, throw a DataError.
- if (ec_private_key.parameters().has_value() && *ec_private_key.parameters() != ec_params.value_or({}))
- return WebIDL::DataError::create(m_realm, "Invalid algorithm parameters"_string);
- // 4. Let key be a new CryptoKey that represents the Elliptic Curve private key identified
- // by performing the conversion steps defined in Section 3 of [RFC5915] using ecPrivateKey.
- key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { ec_private_key });
- } else {
- // Otherwise:
- // 1. Perform any key import steps defined by other applicable specifications, passing format, spki and obtaining namedCurve and key.
- // TODO: support 'applicable specifications'
- // 2. If an error occurred or there are no applicable specifications, throw a DataError.
- return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
- }
- // 11. If namedCurve is defined, and not equal to the namedCurve member of normalizedAlgorithm, throw a DataError.
- if (!named_curve.is_empty() && named_curve != normalized_algorithm.named_curve)
- return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
- // TODO: 12. If the key value is not a valid point on the Elliptic Curve identified
- // by the namedCurve member of normalizedAlgorithm throw a DataError.
- // 13. Set the [[type]] internal slot of key to "private".
- key->set_type(Bindings::KeyType::Private);
- // 14. Let algorithm be a new EcKeyAlgorithm.
- auto algorithm = EcKeyAlgorithm::create(m_realm);
- // 15. Set the name attribute of algorithm to "ECDH".
- algorithm->set_name("ECDH"_string);
- // 16. Set the namedCurve attribute of algorithm to namedCurve.
- algorithm->set_named_curve(named_curve);
- // 17. Set the [[algorithm]] internal slot of key to algorithm.
- key->set_algorithm(algorithm);
- }
- // 2. If format is "jwk":
- else if (key_format == Bindings::KeyFormat::Jwk) {
- // 1. If keyData is a JsonWebKey dictionary: Let jwk equal keyData.
- // Otherwise: Throw a DataError.
- if (!key_data.has<Bindings::JsonWebKey>())
- return WebIDL::DataError::create(m_realm, "keyData is not a JsonWebKey dictionary"_string);
- auto& jwk = key_data.get<Bindings::JsonWebKey>();
- // 2. If the d field is present and if usages contains an entry which is not "deriveKey" or "deriveBits" then throw a SyntaxError.
- if (jwk.d.has_value() && !usages.is_empty()) {
- for (auto const& usage : usages) {
- if (usage != Bindings::KeyUsage::Derivekey && usage != Bindings::KeyUsage::Derivebits) {
- return WebIDL::SyntaxError::create(m_realm, MUST(String::formatted("Invalid key usage '{}'", idl_enum_to_string(usage))));
- }
- }
- }
- // 3. If the d field is not present and if usages is not empty then throw a SyntaxError.
- if (!jwk.d.has_value() && !usages.is_empty())
- return WebIDL::SyntaxError::create(m_realm, "Usages must be empty"_string);
- // 4. If the kty field of jwk is not "EC", then throw a DataError.
- if (jwk.kty != "EC"sv)
- return WebIDL::DataError::create(m_realm, "Invalid key type"_string);
- // 5. If usages is non-empty and the use field of jwk is present and is not equal to "enc" then throw a DataError.
- if (!usages.is_empty() && jwk.use.has_value() && *jwk.use != "enc"sv)
- return WebIDL::DataError::create(m_realm, "Invalid key use"_string);
- // 6. If the key_ops field of jwk is present, and is invalid according to the requirements of JSON Web Key [JWK],
- // or it does not contain all of the specified usages values, then throw a DataError.
- TRY(validate_jwk_key_ops(m_realm, jwk, usages));
- // 7. If the ext field of jwk is present and has the value false and extractable is true, then throw a DataError.
- if (jwk.ext.has_value() && !*jwk.ext && extractable)
- return WebIDL::DataError::create(m_realm, "Invalid extractable"_string);
- // 8. Let namedCurve be a string whose value is equal to the crv field of jwk.
- // NOTE: The spec does not say what to do if crv is missing.
- if (!jwk.crv.has_value())
- return WebIDL::DataError::create(m_realm, "Invalid key crv"_string);
- auto named_curve = *jwk.crv;
- // 9. If namedCurve is not equal to the namedCurve member of normalizedAlgorithm, throw a DataError.
- if (named_curve != normalized_algorithm.named_curve)
- return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
- // 10. If namedCurve is "P-256", "P-384" or "P-521":
- if (named_curve.is_one_of("P-256"sv, "P-384"sv, "P-521"sv)) {
- size_t coord_size;
- if (named_curve == "P-256"sv)
- coord_size = 256 / 8;
- else if (named_curve == "P-384"sv)
- coord_size = 384 / 8;
- else if (named_curve == "P-521"sv)
- coord_size = ceil_div(521, 8);
- else
- VERIFY_NOT_REACHED();
- // NOTE: according to Section 6.2.1 and 6.2.2 of JSON Web Algorithms [JWA], x and y are always required
- if (!jwk.x.has_value() || !jwk.y.has_value())
- return WebIDL::DataError::create(m_realm, "Invalid key"_string);
- auto maybe_x_bytes = decode_base64url(jwk.x.value());
- if (maybe_x_bytes.is_error()) {
- return WebIDL::DataError::create(m_realm, "Failed to decode base64"_string);
- }
- auto x_bytes = maybe_x_bytes.release_value();
- if (x_bytes.size() != coord_size)
- return WebIDL::DataError::create(m_realm, "Invalid key size"_string);
- auto maybe_y_bytes = decode_base64url(jwk.y.value());
- if (maybe_y_bytes.is_error()) {
- return WebIDL::DataError::create(m_realm, "Failed to decode base64"_string);
- }
- auto y_bytes = maybe_y_bytes.release_value();
- if (y_bytes.size() != coord_size)
- return WebIDL::DataError::create(m_realm, "Invalid key size"_string);
- auto public_key = ::Crypto::PK::ECPublicKey<> {
- ::Crypto::UnsignedBigInteger::import_data(x_bytes),
- ::Crypto::UnsignedBigInteger::import_data(y_bytes),
- coord_size,
- };
- // If the d field is present:
- if (jwk.d.has_value()) {
- // 1. If jwk does not meet the requirements of Section 6.2.2 of JSON Web Algorithms [JWA], then throw a DataError.
- auto maybe_d_bytes = decode_base64url(jwk.d.value());
- if (maybe_d_bytes.is_error()) {
- return WebIDL::DataError::create(m_realm, "Failed to decode base64"_string);
- }
- auto d_bytes = maybe_d_bytes.release_value();
- if (d_bytes.size() != coord_size)
- return WebIDL::DataError::create(m_realm, "Invalid key size"_string);
- // 2. Let key be a new CryptoKey object that represents the Elliptic Curve private key identified
- // by interpreting jwk according to Section 6.2.2 of JSON Web Algorithms [JWA].
- auto private_key = ::Crypto::PK::ECPrivateKey<> {
- ::Crypto::UnsignedBigInteger::import_data(d_bytes),
- coord_size,
- {},
- public_key,
- };
- key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { private_key });
- // 3. Set the [[type]] internal slot of Key to "private".
- key->set_type(Bindings::KeyType::Private);
- } else {
- // Otherwise:
- // 1. If jwk does not meet the requirements of Section 6.2.1 of JSON Web Algorithms [JWA], then throw a DataError.
- // 2. Let key be a new CryptoKey object that represents the Elliptic Curve public key identified by interpreting
- // jwk according to Section 6.2.1 of JSON Web Algorithms [JWA].
- key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { public_key });
- // 3. Set the [[type]] internal slot of Key to "public".
- key->set_type(Bindings::KeyType::Public);
- }
- } else {
- // 1. Perform any key import steps defined by other applicable specifications, passing format, jwk and obtaining key.
- // TODO: support 'applicable specifications'
- // 2. If an error occurred or there are no applicable specifications, throw a DataError.
- return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
- }
- // TODO: 11. If the key value is not a valid point on the Elliptic Curve identified
- // by the namedCurve member of normalizedAlgorithm throw a DataError.
- // 12. Let algorithm be a new instance of an EcKeyAlgorithm object.
- auto algorithm = EcKeyAlgorithm::create(m_realm);
- // 13. Set the name attribute of algorithm to "ECDH".
- algorithm->set_name("ECDH"_string);
- // 14. Set the namedCurve attribute of algorithm to namedCurve.
- algorithm->set_named_curve(named_curve);
- // 15. Set the [[algorithm]] internal slot of key to algorithm.
- key->set_algorithm(algorithm);
- }
- // 2. If format is "raw":
- else if (key_format == Bindings::KeyFormat::Raw) {
- // 1. If the namedCurve member of normalizedAlgorithm is not a named curve, then throw a DataError.
- if (!normalized_algorithm.named_curve.is_one_of("P-256"sv, "P-384"sv, "P-521"sv))
- return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
- // 2. If usages is not the empty list, then throw a SyntaxError.
- if (!usages.is_empty())
- return WebIDL::SyntaxError::create(m_realm, "Usages must be empty"_string);
- // 3. If namedCurve is "P-256", "P-384" or "P-521":
- if (normalized_algorithm.named_curve.is_one_of("P-256"sv, "P-384"sv, "P-521"sv)) {
- auto key_bytes = key_data.get<ByteBuffer>();
- // 1. Let Q be the Elliptic Curve public key on the curve identified by the namedCurve
- // member of normalizedAlgorithm identified by performing the conversion steps
- // defined in Section 2.3.4 of [SEC1] to keyData.
- // The uncompressed point format MUST be supported.
- // 2. If the implementation does not support the compressed point format and a compressed point is provided, throw a DataError.
- // 3. If a decode error occurs or an identity point is found, throw a DataError.
- auto maybe_public_key = ::Crypto::PK::EC::parse_ec_key(key_bytes, false, {});
- if (maybe_public_key.is_error())
- return WebIDL::DataError::create(m_realm, "Failed to parse key"_string);
- // 4. Let key be a new CryptoKey that represents Q.
- key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { maybe_public_key.release_value().public_key });
- } else {
- // Otherwise:
- // 1. Perform any key import steps defined by other applicable specifications, passing format, keyData and obtaining key.
- // TODO: support 'applicable specifications'
- // 2. If an error occured or there are no applicable specifications, throw a DataError.
- return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
- }
- // 4. Let algorithm be a new EcKeyAlgorithm object.
- auto algorithm = EcKeyAlgorithm::create(m_realm);
- // 5. Set the name attribute of algorithm to "ECDH".
- algorithm->set_name("ECDH"_string);
- // 6. Set the namedCurve attribute of algorithm to equal the namedCurve member of normalizedAlgorithm.
- algorithm->set_named_curve(normalized_algorithm.named_curve);
- // 7. Set the [[type]] internal slot of key to "public"
- key->set_type(Bindings::KeyType::Public);
- // 8. Set the [[algorithm]] internal slot of key to algorithm.
- key->set_algorithm(algorithm);
- }
- // 3. Return key
- return GC::Ref { *key };
- }
- // https://w3c.github.io/webcrypto/#ecdh-operations
- WebIDL::ExceptionOr<GC::Ref<JS::Object>> ECDH::export_key(Bindings::KeyFormat format, GC::Ref<CryptoKey> key)
- {
- // NOTE: This is a parameter to the function
- // 1. Let key be the CryptoKey to be exported.
- // 2. If the underlying cryptographic key material represented by the [[handle]] internal slot of key cannot be accessed, then throw an OperationError.
- // Note: In our impl this is always accessible
- auto const& handle = key->handle();
- GC::Ptr<JS::Object> result = nullptr;
- // 3. If format is "spki":
- if (format == Bindings::KeyFormat::Spki) {
- // 1. If the [[type]] internal slot of key is not "public", then throw an InvalidAccessError.
- if (key->type() != Bindings::KeyType::Public)
- return WebIDL::InvalidAccessError::create(m_realm, "Key is not a public key"_string);
- ByteBuffer data;
- // 2. Let data be an instance of the subjectPublicKeyInfo ASN.1 structure defined in [RFC5280] with the following properties:
- // Set the algorithm field to the OID id-ecPublicKey defined in [RFC5480].
- // Set the parameters field to an instance of the ECParameters ASN.1 type defined in [RFC5480] as follows:
- // Set the subjectPublicKey field to keyData
- // If the namedCurve attribute of the [[algorithm]] internal slot of key is "P-256", "P-384" or "P-521":
- auto& algorithm = static_cast<EcKeyAlgorithm const&>(*key->algorithm());
- if (algorithm.named_curve().is_one_of("P-256"sv, "P-384"sv, "P-521"sv)) {
- // Let keyData be the octet string that represents the Elliptic Curve public key represented by the [[handle]] internal slot
- // of key according to the encoding rules specified in Section 2.3.3 of [SEC1] and using the uncompressed form.
- // If the namedCurve attribute of the [[algorithm]] internal slot of key is "P-256":
- // Set parameters to the namedCurve choice with value equal to the object identifier secp256r1 defined in [RFC5480]
- // If the namedCurve attribute of the [[algorithm]] internal slot of key is "P-384":
- // Set parameters to the namedCurve choice with value equal to the object identifier secp384r1 defined in [RFC5480]
- // If the namedCurve attribute of the [[algorithm]] internal slot of key is "P-521":
- // Set parameters to the namedCurve choice with value equal to the object identifier secp521r1 defined in [RFC5480]
- // NOTE: everything above happens in wrap_in_subject_public_key_info
- auto maybe_data = handle.visit(
- [&](::Crypto::PK::ECPublicKey<> const& public_key) -> ErrorOr<ByteBuffer> {
- auto public_key_bytes = TRY(public_key.to_uncompressed());
- Span<int const> ec_params;
- if (algorithm.named_curve() == "P-256"sv)
- ec_params = ::Crypto::ASN1::secp256r1_oid;
- else if (algorithm.named_curve() == "P-384"sv)
- ec_params = ::Crypto::ASN1::secp384r1_oid;
- else if (algorithm.named_curve() == "P-521"sv)
- ec_params = ::Crypto::ASN1::secp521r1_oid;
- else
- VERIFY_NOT_REACHED();
- return TRY(::Crypto::PK::wrap_in_subject_public_key_info(public_key_bytes, ::Crypto::ASN1::ec_public_key_encryption_oid, ec_params));
- },
- [](auto) -> ErrorOr<ByteBuffer> {
- VERIFY_NOT_REACHED();
- });
- if (maybe_data.is_error()) {
- return WebIDL::DataError::create(m_realm, "Failed to encode public key"_string);
- }
- data = maybe_data.release_value();
- } else {
- // Otherwise:
- // 1. Perform any key export steps defined by other applicable specifications, passing format and the namedCurve attribute
- // of the [[algorithm]] internal slot of key and obtaining namedCurveOid and keyData.
- // TODO: support 'applicable specifications'
- // 2. Set parameters to the namedCurve choice with value equal to the object identifier namedCurveOid.
- return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
- }
- // NOTE: Spec does not say anything about this.
- result = JS::ArrayBuffer::create(m_realm, data);
- }
- // 3. If format is "pkcs8":
- else if (format == Bindings::KeyFormat::Pkcs8) {
- // 1. If the [[type]] internal slot of key is not "private", then throw an InvalidAccessError.
- if (key->type() != Bindings::KeyType::Private)
- return WebIDL::InvalidAccessError::create(m_realm, "Key is not a private key"_string);
- ByteBuffer data;
- // 2. Let data be an instance of the privateKeyInfo ASN.1 structure defined in [RFC5280] with the following properties:
- // Set the version field to 0.
- // Set the privateKeyAlgorithm field to an PrivateKeyAlgorithmIdentifier ASN.1 type with the following properties:
- // Set the algorithm field to the OID id-ecPublicKey defined in [RFC5480].
- // Set the privateKey field to keyData.
- // Set the parameters field to an instance of the ECParameters ASN.1 type defined in [RFC5480] as follows:
- // If the namedCurve attribute of the [[algorithm]] internal slot of key is "P-256", "P-384" or "P-521":
- auto& algorithm = static_cast<EcKeyAlgorithm const&>(*key->algorithm());
- if (algorithm.named_curve().is_one_of("P-256"sv, "P-384"sv, "P-521"sv)) {
- // Let keyData be the result of DER-encoding an instance of the ECPrivateKey structure defined
- // in Section 3 of [RFC5915] for the Elliptic Curve private key represented by the [[handle]] internal slot
- // of key and that conforms to the following:
- // The parameters field is present, and is equivalent to the parameters field of the privateKeyAlgorithm field
- // of this PrivateKeyInfo ASN.1 structure.
- // The publicKey field is present and represents the Elliptic Curve public key associated with the Elliptic Curve
- // private key represented by the [[handle]] internal slot of key.
- // If the namedCurve attribute of the [[algorithm]] internal slot of key is "P-256":
- // Set parameters to the namedCurve choice with value equal to the object identifier secp256r1 defined in [RFC5480]
- // If the namedCurve attribute of the [[algorithm]] internal slot of key is "P-384":
- // Set parameters to the namedCurve choice with value equal to the object identifier secp384r1 defined in [RFC5480]
- // If the namedCurve attribute of the [[algorithm]] internal slot of key is "P-521":
- // Set parameters to the namedCurve choice with value equal to the object identifier secp521r1 defined in [RFC5480]
- // NOTE: everything above happens in wrap_in_private_key_info
- auto maybe_data = handle.visit(
- [&](::Crypto::PK::ECPrivateKey<> const& private_key) -> ErrorOr<ByteBuffer> {
- Span<int const> ec_params;
- if (algorithm.named_curve() == "P-256"sv)
- ec_params = ::Crypto::ASN1::secp256r1_oid;
- else if (algorithm.named_curve() == "P-384"sv)
- ec_params = ::Crypto::ASN1::secp384r1_oid;
- else if (algorithm.named_curve() == "P-521"sv)
- ec_params = ::Crypto::ASN1::secp521r1_oid;
- else
- VERIFY_NOT_REACHED();
- return TRY(::Crypto::PK::wrap_in_private_key_info(private_key, ::Crypto::ASN1::ec_public_key_encryption_oid, ec_params));
- },
- [](auto) -> ErrorOr<ByteBuffer> {
- VERIFY_NOT_REACHED();
- });
- if (maybe_data.is_error())
- return WebIDL::DataError::create(m_realm, "Failed to encode private key"_string);
- data = maybe_data.release_value();
- } else {
- // Otherwise:
- // 1. Perform any key export steps defined by other applicable specifications, passing format and the namedCurve attribute
- // of the [[algorithm]] internal slot of key and obtaining namedCurveOid and keyData.
- // TODO: support 'applicable specifications'
- // 2. Set parameters to the namedCurve choice with value equal to the object identifier namedCurveOid.
- return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
- }
- // NOTE: Spec does not say anything about this.
- result = JS::ArrayBuffer::create(m_realm, data);
- }
- // 3. If format is "jwt":
- else if (format == Bindings::KeyFormat::Jwk) {
- // 1. Let jwk be a new JsonWebKey dictionary.
- Bindings::JsonWebKey jwk = {};
- // 2. Set the kty attribute of jwk to "EC".
- jwk.kty = "EC"_string;
- // 3. If the namedCurve attribute of the [[algorithm]] internal slot of key is "P-256", "P-384" or "P-521":
- auto& algorithm = static_cast<EcKeyAlgorithm const&>(*key->algorithm());
- if (algorithm.named_curve().is_one_of("P-256"sv, "P-384"sv, "P-521"sv)) {
- // 1. If the namedCurve attribute of the [[algorithm]] internal slot of key is "P-256":
- if (algorithm.named_curve() == "P-256"sv) {
- // Set the crv attribute of jwk to "P-256"
- jwk.crv = "P-256"_string;
- }
- // If the namedCurve attribute of the [[algorithm]] internal slot of key is "P-384":
- else if (algorithm.named_curve() == "P-384"sv) {
- // Set the crv attribute of jwk to "P-384"
- jwk.crv = "P-384"_string;
- }
- // If the namedCurve attribute of the [[algorithm]] internal slot of key is "P-521":
- else if (algorithm.named_curve() == "P-521"sv) {
- // Set the crv attribute of jwk to "P-521"
- jwk.crv = "P-521"_string;
- }
- auto maybe_error = handle.visit(
- [&](::Crypto::PK::ECPublicKey<> const& public_key) -> ErrorOr<void> {
- // 2. Set the x attribute of jwk according to the definition in Section 6.2.1.2 of JSON Web Algorithms [JWA].
- auto x_bytes = TRY(public_key.x_bytes());
- jwk.x = TRY(encode_base64url(x_bytes, AK::OmitPadding::Yes));
- // 3. Set the y attribute of jwk according to the definition in Section 6.2.1.3 of JSON Web Algorithms [JWA].
- auto y_bytes = TRY(public_key.y_bytes());
- jwk.y = TRY(encode_base64url(y_bytes, AK::OmitPadding::Yes));
- return {};
- },
- [&](::Crypto::PK::ECPrivateKey<> const& private_key) -> ErrorOr<void> {
- Variant<Empty, ::Crypto::Curves::SECP256r1, ::Crypto::Curves::SECP384r1, ::Crypto::Curves::SECP521r1> curve;
- if (algorithm.named_curve() == "P-256"sv)
- curve = ::Crypto::Curves::SECP256r1 {};
- else if (algorithm.named_curve() == "P-384"sv)
- curve = ::Crypto::Curves::SECP384r1 {};
- else if (algorithm.named_curve() == "P-521"sv)
- curve = ::Crypto::Curves::SECP521r1 {};
- else
- VERIFY_NOT_REACHED();
- auto maybe_public_key = curve.visit(
- [](Empty const&) -> ErrorOr<::Crypto::Curves::SECPxxxr1Point> { return Error::from_string_literal("noop error"); },
- [&](auto instance) { return instance.generate_public_key_point(private_key.d()); });
- auto public_key = TRY(maybe_public_key);
- auto x_bytes = TRY(public_key.x_bytes());
- auto y_bytes = TRY(public_key.y_bytes());
- // 2. Set the x attribute of jwk according to the definition in Section 6.2.1.2 of JSON Web Algorithms [JWA].
- jwk.x = TRY(encode_base64url(x_bytes, AK::OmitPadding::Yes));
- // 3. Set the y attribute of jwk according to the definition in Section 6.2.1.3 of JSON Web Algorithms [JWA].
- jwk.y = TRY(encode_base64url(y_bytes, AK::OmitPadding::Yes));
- return {};
- },
- [](auto) -> ErrorOr<void> {
- VERIFY_NOT_REACHED();
- });
- if (maybe_error.is_error())
- return WebIDL::DataError::create(m_realm, "Failed to encode public key"_string);
- // 4. If the [[type]] internal slot of key is "private"
- if (key->type() == Bindings::KeyType::Private) {
- auto maybe_error = handle.visit(
- [&](::Crypto::PK::ECPrivateKey<> const& private_key) -> ErrorOr<void> {
- // Set the d attribute of jwk according to the definition in Section 6.2.2.1 of JSON Web Algorithms [JWA].
- auto d_bytes = TRY(private_key.d_bytes());
- jwk.d = TRY(encode_base64url(d_bytes, AK::OmitPadding::Yes));
- return {};
- },
- [](auto) -> ErrorOr<void> {
- VERIFY_NOT_REACHED();
- });
- if (maybe_error.is_error())
- return WebIDL::DataError::create(m_realm, "Failed to encode private key"_string);
- }
- } else {
- // 1. Perform any key export steps defined by other applicable specifications,
- // passing format and the namedCurve attribute of the [[algorithm]] internal slot
- // of key and obtaining namedCurve and a new value of jwk.
- // TODO: support 'applicable specifications'
- // 2. Set the crv attribute of jwk to namedCurve.
- jwk.crv = algorithm.named_curve();
- }
- // 4. Set the key_ops attribute of jwk to the usages attribute of key.
- jwk.key_ops = Vector<String> {};
- jwk.key_ops->ensure_capacity(key->internal_usages().size());
- for (auto const& usage : key->internal_usages())
- jwk.key_ops->append(idl_enum_to_string(usage));
- // 5. Set the ext attribute of jwk to the [[extractable]] internal slot of key.
- jwk.ext = key->extractable();
- // 6. Let result be the result of converting jwk to an ECMAScript Object, as defined by [WebIDL].
- result = TRY(jwk.to_object(m_realm));
- }
- // 3. If format is "raw":
- else if (format == Bindings::KeyFormat::Raw) {
- // 1. If the [[type]] internal slot of key is not "public", then throw an InvalidAccessError.
- if (key->type() != Bindings::KeyType::Public)
- return WebIDL::InvalidAccessError::create(m_realm, "Key is not a public key"_string);
- ByteBuffer data;
- // 2. If the namedCurve attribute of the [[algorithm]] internal slot of key is "P-256", "P-384" or "P-521":
- auto& algorithm = static_cast<EcKeyAlgorithm const&>(*key->algorithm());
- if (algorithm.named_curve().is_one_of("P-256"sv, "P-384"sv, "P-521"sv)) {
- // Let data be the octet string that represents the Elliptic Curve public key represented by the [[handle]] internal slot
- // of key according to the encoding rules specified in Section 2.3.3 of [SEC1] and using the uncompressed form.
- auto maybe_data = handle.visit(
- [](::Crypto::PK::ECPublicKey<> const& public_key) -> ErrorOr<ByteBuffer> {
- return public_key.to_uncompressed();
- },
- [](auto) -> ErrorOr<ByteBuffer> {
- VERIFY_NOT_REACHED();
- });
- if (maybe_data.is_error())
- return WebIDL::DataError::create(m_realm, "Failed to encode public key"_string);
- data = maybe_data.release_value();
- } else {
- // Perform any key export steps defined by other applicable specifications, passing format and
- // the namedCurve attribute of the [[algorithm]] internal slot of key and obtaining namedCurve and data.
- // TODO: support 'applicable specifications'
- return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
- }
- // 3. Let result be the result of creating an ArrayBuffer containing data.
- result = JS::ArrayBuffer::create(m_realm, move(data));
- }
- // 4. Return result.
- return GC::Ref { *result };
- }
- // https://wicg.github.io/webcrypto-secure-curves/#ed25519-operations
- WebIDL::ExceptionOr<Variant<GC::Ref<CryptoKey>, GC::Ref<CryptoKeyPair>>> ED25519::generate_key([[maybe_unused]] AlgorithmParams const& params, bool extractable, Vector<Bindings::KeyUsage> const& key_usages)
- {
- // 1. If usages contains a value which is not one of "sign" or "verify", then throw a SyntaxError.
- for (auto const& usage : key_usages) {
- if (usage != Bindings::KeyUsage::Sign && usage != Bindings::KeyUsage::Verify) {
- return WebIDL::SyntaxError::create(m_realm, MUST(String::formatted("Invalid key usage '{}'", idl_enum_to_string(usage))));
- }
- }
- // 2. Generate an Ed25519 key pair, as defined in [RFC8032], section 5.1.5.
- ::Crypto::Curves::Ed25519 curve;
- auto maybe_private_key = curve.generate_private_key();
- if (maybe_private_key.is_error())
- return WebIDL::OperationError::create(m_realm, "Failed to generate private key"_string);
- auto private_key_data = maybe_private_key.release_value();
- auto maybe_public_key = curve.generate_public_key(private_key_data);
- if (maybe_public_key.is_error())
- return WebIDL::OperationError::create(m_realm, "Failed to generate public key"_string);
- auto public_key_data = maybe_public_key.release_value();
- // 3. Let algorithm be a new KeyAlgorithm object.
- auto algorithm = KeyAlgorithm::create(m_realm);
- // 4. Set the name attribute of algorithm to "Ed25519".
- algorithm->set_name("Ed25519"_string);
- // 5. Let publicKey be a new CryptoKey associated with the relevant global object of this [HTML],
- // and representing the public key of the generated key pair.
- auto public_key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { public_key_data });
- // 6. Set the [[type]] internal slot of publicKey to "public"
- public_key->set_type(Bindings::KeyType::Public);
- // 7. Set the [[algorithm]] internal slot of publicKey to algorithm.
- public_key->set_algorithm(algorithm);
- // 8. Set the [[extractable]] internal slot of publicKey to true.
- public_key->set_extractable(true);
- // 9. Set the [[usages]] internal slot of publicKey to be the usage intersection of usages and [ "verify" ].
- public_key->set_usages(usage_intersection(key_usages, { { Bindings::KeyUsage::Verify } }));
- // 10. Let privateKey be a new CryptoKey associated with the relevant global object of this [HTML],
- // and representing the private key of the generated key pair.
- auto private_key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { private_key_data });
- // 11. Set the [[type]] internal slot of privateKey to "private"
- private_key->set_type(Bindings::KeyType::Private);
- // 12. Set the [[algorithm]] internal slot of privateKey to algorithm.
- private_key->set_algorithm(algorithm);
- // 13. Set the [[extractable]] internal slot of privateKey to extractable.
- private_key->set_extractable(extractable);
- // 14. Set the [[usages]] internal slot of privateKey to be the usage intersection of usages and [ "sign" ].
- private_key->set_usages(usage_intersection(key_usages, { { Bindings::KeyUsage::Sign } }));
- // 15. Let result be a new CryptoKeyPair dictionary.
- // 16. Set the publicKey attribute of result to be publicKey.
- // 17. Set the privateKey attribute of result to be privateKey.
- // 18. Return the result of converting result to an ECMAScript Object, as defined by [WebIDL].
- return Variant<GC::Ref<CryptoKey>, GC::Ref<CryptoKeyPair>> { CryptoKeyPair::create(m_realm, public_key, private_key) };
- }
- // https://wicg.github.io/webcrypto-secure-curves/#ed25519-operations
- WebIDL::ExceptionOr<GC::Ref<CryptoKey>> ED25519::import_key(
- [[maybe_unused]] Web::Crypto::AlgorithmParams const& params,
- Bindings::KeyFormat format,
- CryptoKey::InternalKeyData key_data,
- bool extractable,
- Vector<Bindings::KeyUsage> const& usages)
- {
- GC::Ptr<CryptoKey> key = nullptr;
- // 1. Let keyData be the key data to be imported.
- // 2. If format is "spki":
- if (format == Bindings::KeyFormat::Spki) {
- // 1. If usages contains a value which is not "verify" then throw a SyntaxError.
- for (auto const& usage : usages) {
- if (usage != Bindings::KeyUsage::Verify) {
- return WebIDL::SyntaxError::create(m_realm, MUST(String::formatted("Invalid key usage '{}'", idl_enum_to_string(usage))));
- }
- }
- // 2. Let spki be the result of running the parse a subjectPublicKeyInfo algorithm over keyData.
- // 3. If an error occurred while parsing, then throw a DataError.
- auto spki = TRY(parse_a_subject_public_key_info(m_realm, key_data.get<ByteBuffer>()));
- // 4. If the algorithm object identifier field of the algorithm AlgorithmIdentifier field of spki
- // is not equal to the id-Ed25519 object identifier defined in [RFC8410], then throw a DataError.
- if (spki.algorithm.identifier != ::Crypto::ASN1::ed25519_oid)
- return WebIDL::DataError::create(m_realm, "Invalid algorithm identifier"_string);
- // 5. If the parameters field of the algorithm AlgorithmIdentifier field of spki is present, then throw a DataError.
- if (spki.algorithm.ec_parameters.has_value())
- return WebIDL::DataError::create(m_realm, "Invalid algorithm parameters"_string);
- // 6. Let publicKey be the Ed25519 public key identified by the subjectPublicKey field of spki.
- auto const& public_key = spki.raw_key;
- // 7. Let key be a new CryptoKey associated with the relevant global object of this [HTML],
- // and that represents publicKey.
- key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { public_key });
- // 8. Set the [[type]] internal slot of key to "public"
- key->set_type(Bindings::KeyType::Public);
- // 9. Let algorithm be a new KeyAlgorithm.
- auto algorithm = KeyAlgorithm::create(m_realm);
- // 10. Set the name attribute of algorithm to "Ed25519".
- algorithm->set_name("Ed25519"_string);
- // 11. Set the [[algorithm]] internal slot of key to algorithm.
- key->set_algorithm(algorithm);
- }
- // 2. If format is "pkcs8":
- else if (format == Bindings::KeyFormat::Pkcs8) {
- // 1. If usages contains a value which is not "sign" then throw a SyntaxError.
- for (auto const& usage : usages) {
- if (usage != Bindings::KeyUsage::Sign) {
- return WebIDL::SyntaxError::create(m_realm, MUST(String::formatted("Invalid key usage '{}'", idl_enum_to_string(usage))));
- }
- }
- // 2. Let privateKeyInfo be the result of running the parse a privateKeyInfo algorithm over keyData.
- // 3. If an error occurs while parsing, then throw a DataError.
- auto private_key_info = TRY(parse_a_private_key_info(m_realm, key_data.get<ByteBuffer>()));
- // 4. If the algorithm object identifier field of the privateKeyAlgorithm PrivateKeyAlgorithm field
- // of privateKeyInfo is not equal to the id-Ed25519 object identifier defined in [RFC8410], then throw a DataError.
- if (private_key_info.algorithm.identifier != ::Crypto::ASN1::ed25519_oid)
- return WebIDL::DataError::create(m_realm, "Invalid algorithm identifier"_string);
- // 5. If the parameters field of the privateKeyAlgorithm PrivateKeyAlgorithmIdentifier field of privateKeyInfo is present,
- // then throw a DataError.
- if (private_key_info.algorithm.ec_parameters.has_value())
- return WebIDL::DataError::create(m_realm, "Invalid algorithm parameters"_string);
- // 6. Let curvePrivateKey be the result of performing the parse an ASN.1 structure algorithm,
- // with data as the privateKey field of privateKeyInfo, structure as the ASN.1 CurvePrivateKey structure
- // specified in Section 7 of [RFC8410], and exactData set to true.
- // 7. If an error occurred while parsing, then throw a DataError.
- auto curve_private_key = TRY(parse_an_ASN1_structure<StringView>(m_realm, private_key_info.raw_key, true));
- auto curve_private_key_bytes = TRY_OR_THROW_OOM(m_realm->vm(), ByteBuffer::copy(curve_private_key.bytes()));
- // 8. Let key be a new CryptoKey associated with the relevant global object of this [HTML],
- // and that represents the Ed25519 private key identified by curvePrivateKey.
- key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { curve_private_key_bytes });
- // 9. Set the [[type]] internal slot of key to "private"
- key->set_type(Bindings::KeyType::Private);
- // 10. Let algorithm be a new KeyAlgorithm.
- auto algorithm = KeyAlgorithm::create(m_realm);
- // 11. Set the name attribute of algorithm to "Ed25519".
- algorithm->set_name("Ed25519"_string);
- // 12. Set the [[algorithm]] internal slot of key to algorithm.
- key->set_algorithm(algorithm);
- }
- // 2. If format is "jwk":
- else if (format == Bindings::KeyFormat::Jwk) {
- // 1. If keyData is a JsonWebKey dictionary: Let jwk equal keyData.
- // Otherwise: Throw a DataError.
- if (!key_data.has<Bindings::JsonWebKey>())
- return WebIDL::DataError::create(m_realm, "keyData is not a JsonWebKey dictionary"_string);
- auto& jwk = key_data.get<Bindings::JsonWebKey>();
- // 2. If the d field is present and usages contains a value which is not "sign",
- // or, if the d field is not present and usages contains a value which is not "verify" then throw a SyntaxError.
- if (jwk.d.has_value()) {
- for (auto const& usage : usages) {
- if (usage != Bindings::KeyUsage::Sign) {
- return WebIDL::SyntaxError::create(m_realm, MUST(String::formatted("Invalid key usage '{}'", idl_enum_to_string(usage))));
- }
- }
- } else {
- for (auto const& usage : usages) {
- if (usage != Bindings::KeyUsage::Verify) {
- return WebIDL::SyntaxError::create(m_realm, MUST(String::formatted("Invalid key usage '{}'", idl_enum_to_string(usage))));
- }
- }
- }
- // 3. If the kty field of jwk is not "OKP", then throw a DataError.
- if (jwk.kty != "OKP"sv)
- return WebIDL::DataError::create(m_realm, "Invalid key type"_string);
- // 4. If the crv field of jwk is not "Ed25519", then throw a DataError.
- if (jwk.crv != "Ed25519"sv)
- return WebIDL::DataError::create(m_realm, "Invalid curve"_string);
- // 5. If usages is non-empty and the use field of jwk is present and is not "sig", then throw a DataError.
- if (!usages.is_empty() && jwk.use.has_value() && jwk.use.value() != "sig")
- return WebIDL::DataError::create(m_realm, "Invalid key usage"_string);
- // 6. If the key_ops field of jwk is present, and is invalid according to the requirements of JSON Web Key [JWK],
- // or it does not contain all of the specified usages values, then throw a DataError.
- TRY(validate_jwk_key_ops(m_realm, jwk, usages));
- // 7. If the ext field of jwk is present and has the value false and extractable is true, then throw a DataError.
- if (jwk.ext.has_value() && !jwk.ext.value() && extractable)
- return WebIDL::DataError::create(m_realm, "Invalid extractable"_string);
- // 8. If the d field is present:
- if (jwk.d.has_value()) {
- // 1. If jwk does not meet the requirements of the JWK private key format described in Section 2 of [RFC8037],
- // then throw a DataError.
- // o The parameter "kty" MUST be "OKP".
- if (jwk.kty != "OKP"sv)
- return WebIDL::DataError::create(m_realm, "Invalid key type"_string);
- // https://www.iana.org/assignments/jose/jose.xhtml#web-key-elliptic-curve
- // o The parameter "crv" MUST be present and contain the subtype of the key (from the "JSON Web Elliptic Curve" registry).
- if (jwk.crv != "Ed25519"sv)
- return WebIDL::DataError::create(m_realm, "Invalid curve"_string);
- // o The parameter "x" MUST be present and contain the public key encoded using the base64url [RFC4648] encoding.
- if (!jwk.x.has_value())
- return WebIDL::DataError::create(m_realm, "Missing x field"_string);
- // o The parameter "d" MUST be present for private keys and contain the private key encoded using the base64url encoding.
- // This parameter MUST NOT be present for public keys.
- if (!jwk.d.has_value())
- return WebIDL::DataError::create(m_realm, "Present d field"_string);
- // 2. Let key be a new CryptoKey object that represents the Ed25519 private key identified by interpreting jwk according to Section 2 of [RFC8037].
- auto private_key_base_64 = jwk.d.value();
- auto private_key_or_error = decode_base64url(private_key_base_64);
- if (private_key_or_error.is_error()) {
- return WebIDL::DataError::create(m_realm, "Failed to decode base64"_string);
- }
- auto private_key = private_key_or_error.release_value();
- key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { private_key });
- // 3. Set the [[type]] internal slot of Key to "private".
- key->set_type(Bindings::KeyType::Private);
- }
- // Otherwise:
- else {
- // 1. If jwk does not meet the requirements of the JWK public key format described in Section 2 of [RFC8037], then throw a DataError.
- // o The parameter "kty" MUST be "OKP".
- if (jwk.kty != "OKP"sv)
- return WebIDL::DataError::create(m_realm, "Invalid key type"_string);
- // https://www.iana.org/assignments/jose/jose.xhtml#web-key-elliptic-curve
- // o The parameter "crv" MUST be present and contain the subtype of the key (from the "JSON Web Elliptic Curve" registry).
- if (jwk.crv != "Ed25519"sv)
- return WebIDL::DataError::create(m_realm, "Invalid curve"_string);
- // o The parameter "x" MUST be present and contain the public key encoded using the base64url [RFC4648] encoding.
- if (!jwk.x.has_value())
- return WebIDL::DataError::create(m_realm, "Missing x field"_string);
- // o The parameter "d" MUST be present for private keys and contain the private key encoded using the base64url encoding.
- // This parameter MUST NOT be present for public keys.
- if (jwk.d.has_value())
- return WebIDL::DataError::create(m_realm, "Present d field"_string);
- // 2. Let key be a new CryptoKey object that represents the Ed25519 public key identified by interpreting jwk according to Section 2 of [RFC8037].
- auto public_key_base_64 = jwk.x.value();
- auto public_key_or_error = decode_base64url(public_key_base_64);
- if (public_key_or_error.is_error()) {
- return WebIDL::DataError::create(m_realm, "Failed to decode base64"_string);
- }
- auto public_key = public_key_or_error.release_value();
- key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { public_key });
- // 3. Set the [[type]] internal slot of Key to "public".
- key->set_type(Bindings::KeyType::Public);
- }
- // 9. Let algorithm be a new instance of a KeyAlgorithm object.
- auto algorithm = KeyAlgorithm::create(m_realm);
- // 10. Set the name attribute of algorithm to "Ed25519".
- algorithm->set_name("Ed25519"_string);
- // 11. Set the [[algorithm]] internal slot of key to algorithm.
- key->set_algorithm(algorithm);
- }
- // 2. If format is "raw":
- else if (format == Bindings::KeyFormat::Raw) {
- // 1. If usages contains a value which is not "verify" then throw a SyntaxError.
- for (auto const& usage : usages) {
- if (usage != Bindings::KeyUsage::Verify) {
- return WebIDL::SyntaxError::create(m_realm, MUST(String::formatted("Invalid key usage '{}'", idl_enum_to_string(usage))));
- }
- }
- // 2. Let algorithm be a new KeyAlgorithm object.
- auto algorithm = KeyAlgorithm::create(m_realm);
- // 3. Set the name attribute of algorithm to "Ed25519".
- algorithm->set_name("Ed25519"_string);
- // 4. Let key be a new CryptoKey associated with the relevant global object of this [HTML], and representing the key data provided in keyData.
- key = CryptoKey::create(m_realm, key_data);
- // 5. Set the [[type]] internal slot of key to "public"
- key->set_type(Bindings::KeyType::Public);
- // 6. Set the [[algorithm]] internal slot of key to algorithm.
- key->set_algorithm(algorithm);
- }
- // 2. Otherwise:
- else {
- // throw a NotSupportedError.
- return WebIDL::NotSupportedError::create(m_realm, "Invalid key format"_string);
- }
- return GC::Ref { *key };
- }
- WebIDL::ExceptionOr<GC::Ref<JS::Object>> ED25519::export_key(Bindings::KeyFormat format, GC::Ref<CryptoKey> key)
- {
- auto& vm = m_realm->vm();
- // 1. Let key be the CryptoKey to be exported.
- // 2. If the underlying cryptographic key material represented by the [[handle]] internal slot of key cannot be accessed, then throw an OperationError.
- // Note: In our impl this is always accessible
- auto const& key_data = key->handle().get<ByteBuffer>();
- // 3. If format is "spki":
- if (format == Bindings::KeyFormat::Spki) {
- // 1. If the [[type]] internal slot of key is not "public", then throw an InvalidAccessError.
- if (key->type() != Bindings::KeyType::Public)
- return WebIDL::InvalidAccessError::create(m_realm, "Key is not a public key"_string);
- // 2. Let data be an instance of the subjectPublicKeyInfo ASN.1 structure defined in [RFC5280] with the following properties:
- // * Set the algorithm field to an AlgorithmIdentifier ASN.1 type with the following properties:
- // * Set the algorithm object identifier to the id-Ed25519 OID defined in [RFC8410].
- // * Set the subjectPublicKey field to keyData.
- auto ed25519_oid = ::Crypto::ASN1::ed25519_oid;
- auto data = TRY_OR_THROW_OOM(vm, ::Crypto::PK::wrap_in_subject_public_key_info(key_data, ed25519_oid, nullptr));
- // 3. Let result be a new ArrayBuffer associated with the relevant global object of this [HTML], and containing data.
- return JS::ArrayBuffer::create(m_realm, move(data));
- }
- // 3. If format is "pkcs8":
- if (format == Bindings::KeyFormat::Pkcs8) {
- // 1. If the [[type]] internal slot of key is not "private", then throw an InvalidAccessError.
- if (key->type() != Bindings::KeyType::Private)
- return WebIDL::InvalidAccessError::create(m_realm, "Key is not a private key"_string);
- // 2. Let data be an instance of the privateKeyInfo ASN.1 structure defined in [RFC5208] with the following properties:
- // * Set the version field to 0.
- // * Set the privateKeyAlgorithm field to a PrivateKeyAlgorithmIdentifier ASN.1 type with the following properties:
- // * Set the algorithm object identifier to the id-Ed25519 OID defined in [RFC8410].
- // * Set the privateKey field to the result of DER-encoding a CurvePrivateKey ASN.1 type, as defined in Section 7 of [RFC8410], that represents the Ed25519 private key represented by the [[handle]] internal slot of key
- auto ed25519_oid = ::Crypto::ASN1::ed25519_oid;
- auto data = TRY_OR_THROW_OOM(vm, ::Crypto::PK::wrap_in_private_key_info(key_data, ed25519_oid, nullptr));
- // 3. Let result be a new ArrayBuffer associated with the relevant global object of this [HTML], and containing data.
- return JS::ArrayBuffer::create(m_realm, move(data));
- }
- // 2. If format is "jwk":
- if (format == Bindings::KeyFormat::Jwk) {
- // 1. Let jwk be a new JsonWebKey dictionary.
- Bindings::JsonWebKey jwk;
- // 2. Set the kty attribute of jwk to "OKP".
- jwk.kty = "OKP"_string;
- // 3. Set the crv attribute of jwk to "Ed25519".
- jwk.crv = "Ed25519"_string;
- // 4. Set the x attribute of jwk according to the definition in Section 2 of [RFC8037].
- if (key->type() == Bindings::KeyType::Public) {
- jwk.x = TRY_OR_THROW_OOM(vm, encode_base64url(key_data));
- } else {
- // The "x" parameter of the "epk" field is set as follows:
- // Apply the appropriate ECDH function to the ephemeral private key (as scalar input)
- // and the standard base point (as u-coordinate input).
- // The base64url encoding of the output is the value for the "x" parameter of the "epk" field.
- ::Crypto::Curves::Ed25519 curve;
- auto public_key = TRY_OR_THROW_OOM(vm, curve.generate_public_key(key_data));
- jwk.x = TRY_OR_THROW_OOM(vm, encode_base64url(key_data));
- }
- // 5. If the [[type]] internal slot of key is "private"
- if (key->type() == Bindings::KeyType::Private) {
- // 1. Set the d attribute of jwk according to the definition in Section 2 of [RFC8037].
- jwk.d = TRY_OR_THROW_OOM(vm, encode_base64url(key_data));
- }
- // 6. Set the key_ops attribute of jwk to the usages attribute of key.
- jwk.key_ops = Vector<String> {};
- jwk.key_ops->ensure_capacity(key->internal_usages().size());
- for (auto const& usage : key->internal_usages())
- jwk.key_ops->append(Bindings::idl_enum_to_string(usage));
- // 7. Set the ext attribute of jwk to the [[extractable]] internal slot of key.
- jwk.ext = key->extractable();
- // 8. Let result be the result of converting jwk to an ECMAScript Object, as defined by [WebIDL].
- return TRY(jwk.to_object(m_realm));
- }
- // 2. If format is "raw":
- if (format == Bindings::KeyFormat::Raw) {
- // 1. If the [[type]] internal slot of key is not "public", then throw an InvalidAccessError.
- if (key->type() != Bindings::KeyType::Public)
- return WebIDL::InvalidAccessError::create(m_realm, "Key is not a public key"_string);
- // 2. Let data be an octet string representing the Ed25519 public key represented by the [[handle]] internal slot of key.
- // 3. Let result be a new ArrayBuffer associated with the relevant global object of this [HTML], and containing data.
- return JS::ArrayBuffer::create(m_realm, key_data);
- }
- // 2. Otherwise:
- // throw a NotSupportedError.
- return WebIDL::NotSupportedError::create(m_realm, "Invalid key format"_string);
- }
- WebIDL::ExceptionOr<GC::Ref<JS::ArrayBuffer>> ED25519::sign([[maybe_unused]] AlgorithmParams const& params, GC::Ref<CryptoKey> key, ByteBuffer const& message)
- {
- auto& realm = *m_realm;
- auto& vm = realm.vm();
- // 1. If the [[type]] internal slot of key is not "private", then throw an InvalidAccessError.
- if (key->type() != Bindings::KeyType::Private)
- return WebIDL::InvalidAccessError::create(realm, "Key is not a private key"_string);
- // 2. Perform the Ed25519 signing process, as specified in [RFC8032], Section 5.1.6,
- // with message as M, using the Ed25519 private key associated with key.
- auto private_key = key->handle().get<ByteBuffer>();
- ::Crypto::Curves::Ed25519 curve;
- auto maybe_public_key = curve.generate_public_key(private_key);
- if (maybe_public_key.is_error())
- return WebIDL::OperationError::create(realm, "Failed to generate public key"_string);
- auto public_key = maybe_public_key.release_value();
- auto maybe_signature = curve.sign(public_key, private_key, message);
- if (maybe_signature.is_error())
- return WebIDL::OperationError::create(realm, "Failed to sign message"_string);
- auto signature = maybe_signature.release_value();
- // 3. Return a new ArrayBuffer associated with the relevant global object of this [HTML],
- // and containing the bytes of the signature resulting from performing the Ed25519 signing process.
- auto result = TRY_OR_THROW_OOM(vm, ByteBuffer::copy(signature));
- return JS::ArrayBuffer::create(realm, move(result));
- }
- WebIDL::ExceptionOr<JS::Value> ED25519::verify([[maybe_unused]] AlgorithmParams const& params, GC::Ref<CryptoKey> key, ByteBuffer const& signature, ByteBuffer const& message)
- {
- auto& realm = *m_realm;
- // 1. If the [[type]] internal slot of key is not "public", then throw an InvalidAccessError.
- if (key->type() != Bindings::KeyType::Public)
- return WebIDL::InvalidAccessError::create(realm, "Key is not a public key"_string);
- // NOTE: this is checked by ED25519::verify()
- // 2. If the key data of key represents an invalid point or a small-order element on the Elliptic Curve of Ed25519, return false.
- // 3. If the point R, encoded in the first half of signature, represents an invalid point or a small-order element on the Elliptic Curve of Ed25519, return false.
- // 4. Perform the Ed25519 verification steps, as specified in [RFC8032], Section 5.1.7,
- // using the cofactorless (unbatched) equation, [S]B = R + [k]A', on the signature,
- // with message as M, using the Ed25519 public key associated with key.
- auto public_key = key->handle().get<ByteBuffer>();
- // 9. Let result be a boolean with the value true if the signature is valid and the value false otherwise.
- ::Crypto::Curves::Ed25519 curve;
- auto result = curve.verify(public_key, signature, message);
- // 10. Return result.
- return JS::Value(result);
- }
- // https://w3c.github.io/webcrypto/#hkdf-operations
- WebIDL::ExceptionOr<GC::Ref<JS::ArrayBuffer>> HKDF::derive_bits(AlgorithmParams const& params, GC::Ref<CryptoKey> key, Optional<u32> length_optional)
- {
- auto& realm = *m_realm;
- auto const& normalized_algorithm = static_cast<HKDFParams const&>(params);
- // 1. If length is null or zero, or is not a multiple of 8, then throw an OperationError.
- auto length = length_optional.value_or(0);
- if (length == 0 || length % 8 != 0)
- return WebIDL::OperationError::create(realm, "Length must be greater than 0 and divisible by 8"_string);
- // 2. Let keyDerivationKey be the secret represented by [[handle]] internal slot of key as the message.
- auto key_derivation_key = key->handle().get<ByteBuffer>();
- // 3. Let result be the result of performing the HKDF extract and then the HKDF expand step described in Section 2 of [RFC5869] using:
- // * the hash member of normalizedAlgorithm as Hash,
- // * keyDerivationKey as the input keying material, IKM,
- // * the contents of the salt member of normalizedAlgorithm as salt,
- // * the contents of the info member of normalizedAlgorithm as info,
- // * length divided by 8 as the value of L,
- // Note: Although HKDF technically supports absent salt (treating it as hashLen many NUL bytes),
- // all major browsers instead raise a TypeError, for example:
- // "Failed to execute 'deriveBits' on 'SubtleCrypto': HkdfParams: salt: Not a BufferSource"
- // Because we are forced by neither peer pressure nor the spec, we don't support it either.
- auto const& hash_algorithm = TRY(normalized_algorithm.hash.name(realm.vm()));
- ErrorOr<ByteBuffer> result = Error::from_string_literal("noop error");
- if (hash_algorithm == "SHA-1") {
- result = ::Crypto::Hash::HKDF<::Crypto::Hash::SHA1>::derive_key(Optional<ReadonlyBytes>(normalized_algorithm.salt), key_derivation_key, normalized_algorithm.info, length / 8);
- } else if (hash_algorithm == "SHA-256") {
- result = ::Crypto::Hash::HKDF<::Crypto::Hash::SHA256>::derive_key(Optional<ReadonlyBytes>(normalized_algorithm.salt), key_derivation_key, normalized_algorithm.info, length / 8);
- } else if (hash_algorithm == "SHA-384") {
- result = ::Crypto::Hash::HKDF<::Crypto::Hash::SHA384>::derive_key(Optional<ReadonlyBytes>(normalized_algorithm.salt), key_derivation_key, normalized_algorithm.info, length / 8);
- } else if (hash_algorithm == "SHA-512") {
- result = ::Crypto::Hash::HKDF<::Crypto::Hash::SHA512>::derive_key(Optional<ReadonlyBytes>(normalized_algorithm.salt), key_derivation_key, normalized_algorithm.info, length / 8);
- } else {
- return WebIDL::NotSupportedError::create(m_realm, MUST(String::formatted("Invalid hash function '{}'", hash_algorithm)));
- }
- // 4. If the key derivation operation fails, then throw an OperationError.
- if (result.is_error())
- return WebIDL::OperationError::create(realm, "Failed to derive key"_string);
- // 5. Return result
- return JS::ArrayBuffer::create(realm, result.release_value());
- }
- WebIDL::ExceptionOr<JS::Value> HKDF::get_key_length(AlgorithmParams const&)
- {
- // 1. Return null.
- return JS::js_null();
- }
- // https://w3c.github.io/webcrypto/#pbkdf2-operations
- WebIDL::ExceptionOr<GC::Ref<JS::ArrayBuffer>> PBKDF2::derive_bits(AlgorithmParams const& params, GC::Ref<CryptoKey> key, Optional<u32> length_optional)
- {
- auto& realm = *m_realm;
- auto const& normalized_algorithm = static_cast<PBKDF2Params const&>(params);
- // 1. If length is null or zero, or is not a multiple of 8, then throw an OperationError.
- auto length = length_optional.value_or(0);
- if (length == 0 || length % 8 != 0)
- return WebIDL::OperationError::create(realm, "Length must be greater than 0 and divisible by 8"_string);
- // 2. If the iterations member of normalizedAlgorithm is zero, then throw an OperationError.
- if (normalized_algorithm.iterations == 0)
- return WebIDL::OperationError::create(realm, "Iterations must be greater than 0"_string);
- // 3. Let prf be the MAC Generation function described in Section 4 of [FIPS-198-1] using the hash function described by the hash member of normalizedAlgorithm.
- auto const& hash_algorithm = TRY(normalized_algorithm.hash.name(realm.vm()));
- // 4. Let result be the result of performing the PBKDF2 operation defined in Section 5.2 of [RFC8018]
- // using prf as the pseudo-random function, PRF,
- // the password represented by [[handle]] internal slot of key as the password, P,
- // the contents of the salt attribute of normalizedAlgorithm as the salt, S,
- // the value of the iterations attribute of normalizedAlgorithm as the iteration count, c,
- // and length divided by 8 as the intended key length, dkLen.
- ErrorOr<ByteBuffer> result = Error::from_string_literal("noop error");
- auto password = key->handle().get<ByteBuffer>();
- auto salt = normalized_algorithm.salt;
- auto iterations = normalized_algorithm.iterations;
- auto derived_key_length_bytes = length / 8;
- if (hash_algorithm == "SHA-1") {
- result = ::Crypto::Hash::PBKDF2::derive_key<::Crypto::Authentication::HMAC<::Crypto::Hash::SHA1>>(password, salt, iterations, derived_key_length_bytes);
- } else if (hash_algorithm == "SHA-256") {
- result = ::Crypto::Hash::PBKDF2::derive_key<::Crypto::Authentication::HMAC<::Crypto::Hash::SHA256>>(password, salt, iterations, derived_key_length_bytes);
- } else if (hash_algorithm == "SHA-384") {
- result = ::Crypto::Hash::PBKDF2::derive_key<::Crypto::Authentication::HMAC<::Crypto::Hash::SHA384>>(password, salt, iterations, derived_key_length_bytes);
- } else if (hash_algorithm == "SHA-512") {
- result = ::Crypto::Hash::PBKDF2::derive_key<::Crypto::Authentication::HMAC<::Crypto::Hash::SHA512>>(password, salt, iterations, derived_key_length_bytes);
- } else {
- return WebIDL::NotSupportedError::create(m_realm, MUST(String::formatted("Invalid hash function '{}'", hash_algorithm)));
- }
- // 5. If the key derivation operation fails, then throw an OperationError.
- if (result.is_error())
- return WebIDL::OperationError::create(realm, "Failed to derive key"_string);
- // 6. Return result
- return JS::ArrayBuffer::create(realm, result.release_value());
- }
- // https://w3c.github.io/webcrypto/#pbkdf2-operations
- WebIDL::ExceptionOr<JS::Value> PBKDF2::get_key_length(AlgorithmParams const&)
- {
- // 1. Return null.
- return JS::js_null();
- }
- // https://w3c.github.io/webcrypto/#pbkdf2-operations
- WebIDL::ExceptionOr<GC::Ref<CryptoKey>> PBKDF2::import_key(AlgorithmParams const&, Bindings::KeyFormat format, CryptoKey::InternalKeyData key_data, bool extractable, Vector<Bindings::KeyUsage> const& key_usages)
- {
- // 1. If format is not "raw", throw a NotSupportedError
- if (format != Bindings::KeyFormat::Raw)
- return WebIDL::NotSupportedError::create(m_realm, "Only raw format is supported"_string);
- // 2. If usages contains a value that is not "deriveKey" or "deriveBits", then throw a SyntaxError.
- for (auto& usage : key_usages) {
- if (usage != Bindings::KeyUsage::Derivekey && usage != Bindings::KeyUsage::Derivebits)
- return WebIDL::SyntaxError::create(m_realm, MUST(String::formatted("Invalid key usage '{}'", idl_enum_to_string(usage))));
- }
- // 3. If extractable is not false, then throw a SyntaxError.
- if (extractable)
- return WebIDL::SyntaxError::create(m_realm, "extractable must be false"_string);
- // 4. Let key be a new CryptoKey representing keyData.
- auto key = CryptoKey::create(m_realm, move(key_data));
- // 5. Set the [[type]] internal slot of key to "secret".
- key->set_type(Bindings::KeyType::Secret);
- // 6. Let algorithm be a new KeyAlgorithm object.
- auto algorithm = KeyAlgorithm::create(m_realm);
- // 7. Set the name attribute of algorithm to "PBKDF2".
- algorithm->set_name("PBKDF2"_string);
- // 8. Set the [[algorithm]] internal slot of key to algorithm.
- key->set_algorithm(algorithm);
- // 9. Return key.
- return key;
- }
- // https://wicg.github.io/webcrypto-secure-curves/#x25519-operations
- WebIDL::ExceptionOr<GC::Ref<JS::ArrayBuffer>> X25519::derive_bits(AlgorithmParams const& params, GC::Ref<CryptoKey> key, Optional<u32> length_optional)
- {
- auto& realm = *m_realm;
- auto const& normalized_algorithm = static_cast<EcdhKeyDeriveParams const&>(params);
- // 1. If the [[type]] internal slot of key is not "private", then throw an InvalidAccessError.
- if (key->type() != Bindings::KeyType::Private)
- return WebIDL::InvalidAccessError::create(realm, "Key is not a private key"_string);
- // 2. Let publicKey be the public member of normalizedAlgorithm.
- auto& public_key = normalized_algorithm.public_key;
- // 3. If the [[type]] internal slot of publicKey is not "public", then throw an InvalidAccessError.
- if (public_key->type() != Bindings::KeyType::Public)
- return WebIDL::InvalidAccessError::create(realm, "Public key is not a public key"_string);
- // 4. If the name attribute of the [[algorithm]] internal slot of publicKey is not equal to
- // the name property of the [[algorithm]] internal slot of key, then throw an InvalidAccessError.
- auto& internal_algorithm = static_cast<KeyAlgorithm const&>(*key->algorithm());
- auto& public_internal_algorithm = static_cast<KeyAlgorithm const&>(*public_key->algorithm());
- if (internal_algorithm.name() != public_internal_algorithm.name())
- return WebIDL::InvalidAccessError::create(realm, "Algorithm mismatch"_string);
- // 5. Let secret be the result of performing the X25519 function specified in [RFC7748] Section 5 with
- // key as the X25519 private key k and
- // the X25519 public key represented by the [[handle]] internal slot of publicKey as the X25519 public key u.
- auto private_key = key->handle().get<ByteBuffer>();
- auto public_key_data = public_key->handle().get<ByteBuffer>();
- ::Crypto::Curves::X25519 curve;
- auto maybe_secret = curve.compute_coordinate(private_key, public_key_data);
- if (maybe_secret.is_error())
- return WebIDL::OperationError::create(realm, "Failed to compute secret"_string);
- auto secret = maybe_secret.release_value();
- // 6. If secret is the all-zero value, then throw a OperationError.
- // This check must be performed in constant-time, as per [RFC7748] Section 6.1.
- // NOTE: The check may be performed by ORing all the bytes together and checking whether the result is zero,
- // as this eliminates standard side-channels in software implementations.
- auto or_bytes = 0;
- for (auto byte : secret.bytes()) {
- or_bytes |= byte;
- }
- if (or_bytes == 0)
- return WebIDL::OperationError::create(realm, "Secret is the all-zero value"_string);
- // 7. If length is null: Return secret
- if (!length_optional.has_value()) {
- auto result = TRY_OR_THROW_OOM(realm.vm(), ByteBuffer::copy(secret));
- return JS::ArrayBuffer::create(realm, move(result));
- }
- // Otherwise: If the length of secret in bits is less than length: throw an OperationError.
- auto length = length_optional.value();
- if (secret.size() * 8 < length)
- return WebIDL::OperationError::create(realm, "Secret is too short"_string);
- // Otherwise: Return an octet string containing the first length bits of secret.
- auto slice = TRY_OR_THROW_OOM(realm.vm(), secret.slice(0, length / 8));
- return JS::ArrayBuffer::create(realm, move(slice));
- }
- WebIDL::ExceptionOr<Variant<GC::Ref<CryptoKey>, GC::Ref<CryptoKeyPair>>> X25519::generate_key([[maybe_unused]] AlgorithmParams const& params, bool extractable, Vector<Bindings::KeyUsage> const& key_usages)
- {
- // 1. If usages contains an entry which is not "deriveKey" or "deriveBits" then throw a SyntaxError.
- for (auto const& usage : key_usages) {
- if (usage != Bindings::KeyUsage::Derivekey && usage != Bindings::KeyUsage::Derivebits) {
- return WebIDL::SyntaxError::create(m_realm, MUST(String::formatted("Invalid key usage '{}'", idl_enum_to_string(usage))));
- }
- }
- // 2. Generate an X25519 key pair, with the private key being 32 random bytes,
- // and the public key being X25519(a, 9), as defined in [RFC7748], section 6.1.
- ::Crypto::Curves::X25519 curve;
- auto maybe_private_key = curve.generate_private_key();
- if (maybe_private_key.is_error())
- return WebIDL::OperationError::create(m_realm, "Failed to generate private key"_string);
- auto private_key_data = maybe_private_key.release_value();
- auto maybe_public_key = curve.generate_public_key(private_key_data);
- if (maybe_public_key.is_error())
- return WebIDL::OperationError::create(m_realm, "Failed to generate public key"_string);
- auto public_key_data = maybe_public_key.release_value();
- // 3. Let algorithm be a new KeyAlgorithm object.
- auto algorithm = KeyAlgorithm::create(m_realm);
- // 4. Set the name attribute of algorithm to "X25519".
- algorithm->set_name("X25519"_string);
- // 5. Let publicKey be a new CryptoKey associated with the relevant global object of this [HTML],
- // and representing the public key of the generated key pair.
- auto public_key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { public_key_data });
- // 6. Set the [[type]] internal slot of publicKey to "public"
- public_key->set_type(Bindings::KeyType::Public);
- // 7. Set the [[algorithm]] internal slot of publicKey to algorithm.
- public_key->set_algorithm(algorithm);
- // 8. Set the [[extractable]] internal slot of publicKey to true.
- public_key->set_extractable(true);
- // 9. Set the [[usages]] internal slot of publicKey to be the empty list.
- public_key->set_usages({});
- // 10. Let privateKey be a new CryptoKey associated with the relevant global object of this [HTML],
- // and representing the private key of the generated key pair.
- auto private_key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { private_key_data });
- // 11. Set the [[type]] internal slot of privateKey to "private"
- private_key->set_type(Bindings::KeyType::Private);
- // 12. Set the [[algorithm]] internal slot of privateKey to algorithm.
- private_key->set_algorithm(algorithm);
- // 13. Set the [[extractable]] internal slot of privateKey to extractable.
- private_key->set_extractable(extractable);
- // 14. Set the [[usages]] internal slot of privateKey to be the usage intersection of usages and [ "deriveKey", "deriveBits" ].
- private_key->set_usages(usage_intersection(key_usages, { { Bindings::KeyUsage::Derivekey, Bindings::KeyUsage::Derivebits } }));
- // 15. Let result be a new CryptoKeyPair dictionary.
- // 16. Set the publicKey attribute of result to be publicKey.
- // 17. Set the privateKey attribute of result to be privateKey.
- // 18. Return the result of converting result to an ECMAScript Object, as defined by [WebIDL].
- return Variant<GC::Ref<CryptoKey>, GC::Ref<CryptoKeyPair>> { CryptoKeyPair::create(m_realm, public_key, private_key) };
- }
- WebIDL::ExceptionOr<GC::Ref<CryptoKey>> X25519::import_key([[maybe_unused]] Web::Crypto::AlgorithmParams const& params, Bindings::KeyFormat key_format, CryptoKey::InternalKeyData key_data, bool extractable, Vector<Bindings::KeyUsage> const& usages)
- {
- // NOTE: This is a parameter to the function
- // 1. Let keyData be the key data to be imported.
- auto& vm = m_realm->vm();
- GC::Ptr<CryptoKey> key = nullptr;
- // 2. If format is "spki":
- if (key_format == Bindings::KeyFormat::Spki) {
- // 1. If usages is not empty then throw a SyntaxError.
- if (!usages.is_empty())
- return WebIDL::SyntaxError::create(m_realm, "Usages must be empty"_string);
- // 2. Let spki be the result of running the parse a subjectPublicKeyInfo algorithm over keyData.
- // 3. If an error occurred while parsing, then throw a DataError.
- auto spki = TRY(parse_a_subject_public_key_info(m_realm, key_data.get<ByteBuffer>()));
- // 4. If the algorithm object identifier field of the algorithm AlgorithmIdentifier field of spki
- // is not equal to the id-X25519 object identifier defined in [RFC8410], then throw a DataError.
- if (spki.algorithm.identifier != ::Crypto::ASN1::x25519_oid)
- return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
- // 5. If the parameters field of the algorithm AlgorithmIdentifier field of spki is present, then throw a DataError.
- if (spki.algorithm.ec_parameters.has_value())
- return WebIDL::DataError::create(m_realm, "Invalid algorithm parameters"_string);
- // 6. Let publicKey be the X25519 public key identified by the subjectPublicKey field of spki.
- auto public_key = spki.raw_key;
- // 7. Let key be a new CryptoKey associated with the relevant global object of this [HTML], and that represents publicKey.
- key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { public_key });
- // 8. Set the [[type]] internal slot of key to "public"
- key->set_type(Bindings::KeyType::Public);
- // 9. Let algorithm be a new KeyAlgorithm.
- auto algorithm = KeyAlgorithm::create(m_realm);
- // 10. Set the name attribute of algorithm to "X25519".
- algorithm->set_name("X25519"_string);
- // 11. Set the [[algorithm]] internal slot of key to algorithm.
- key->set_algorithm(algorithm);
- }
- // 2. If format is "pkcs8":
- else if (key_format == Bindings::KeyFormat::Pkcs8) {
- // 1. If usages contains an entry which is not "deriveKey" or "deriveBits" then throw a SyntaxError.
- for (auto const& usage : usages) {
- if (usage != Bindings::KeyUsage::Derivekey && usage != Bindings::KeyUsage::Derivebits) {
- return WebIDL::SyntaxError::create(m_realm, MUST(String::formatted("Invalid key usage '{}'", idl_enum_to_string(usage))));
- }
- }
- // 2. Let privateKeyInfo be the result of running the parse a privateKeyInfo algorithm over keyData.
- // 3. If an error occurred while parsing, then throw a DataError.
- auto private_key_info = TRY(parse_a_private_key_info(m_realm, key_data.get<ByteBuffer>()));
- // 4. If the algorithm object identifier field of the privateKeyAlgorithm PrivateKeyAlgorithm field of privateKeyInfo
- // is not equal to the id-X25519 object identifier defined in [RFC8410], then throw a DataError.
- if (private_key_info.algorithm.identifier != ::Crypto::ASN1::x25519_oid)
- return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
- // 5. If the parameters field of the privateKeyAlgorithm PrivateKeyAlgorithmIdentifier field of privateKeyInfo is present, then throw a DataError.
- if (private_key_info.algorithm.ec_parameters.has_value())
- return WebIDL::DataError::create(m_realm, "Invalid algorithm parameters"_string);
- // 6. Let curvePrivateKey be the result of performing the parse an ASN.1 structure algorithm,
- // with data as the privateKey field of privateKeyInfo,
- // structure as the ASN.1 CurvePrivateKey structure specified in Section 7 of [RFC8410], and
- // exactData set to true.
- // 7. If an error occurred while parsing, then throw a DataError.
- auto curve_private_key = TRY(parse_an_ASN1_structure<StringView>(m_realm, private_key_info.raw_key, true));
- auto curve_private_key_bytes = TRY_OR_THROW_OOM(vm, ByteBuffer::copy(curve_private_key.bytes()));
- // 8. Let key be a new CryptoKey associated with the relevant global object of this [HTML],
- // and that represents the X25519 private key identified by curvePrivateKey.
- key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { curve_private_key_bytes });
- // 9. Set the [[type]] internal slot of key to "private"
- key->set_type(Bindings::KeyType::Private);
- // 10. Let algorithm be a new KeyAlgorithm.
- auto algorithm = KeyAlgorithm::create(m_realm);
- // 11. Set the name attribute of algorithm to "X25519".
- algorithm->set_name("X25519"_string);
- // 12. Set the [[algorithm]] internal slot of key to algorithm.
- key->set_algorithm(algorithm);
- }
- // 2. If format is "jwk":
- else if (key_format == Bindings::KeyFormat::Jwk) {
- // 1. If keyData is a JsonWebKey dictionary: Let jwk equal keyData.
- // Otherwise: Throw a DataError.
- if (!key_data.has<Bindings::JsonWebKey>())
- return WebIDL::DataError::create(m_realm, "keyData is not a JsonWebKey dictionary"_string);
- auto& jwk = key_data.get<Bindings::JsonWebKey>();
- // 2. If the d field is present and if usages contains an entry which is not "deriveKey" or "deriveBits" then throw a SyntaxError.
- if (jwk.d.has_value() && !usages.is_empty()) {
- for (auto const& usage : usages) {
- if (usage != Bindings::KeyUsage::Derivekey && usage != Bindings::KeyUsage::Derivebits) {
- return WebIDL::SyntaxError::create(m_realm, MUST(String::formatted("Invalid key usage '{}'", idl_enum_to_string(usage))));
- }
- }
- }
- // 3. If the d field is not present and if usages is not empty then throw a SyntaxError.
- if (!jwk.d.has_value() && !usages.is_empty())
- return WebIDL::SyntaxError::create(m_realm, "Usages must be empty if d is missing"_string);
- // 4. If the kty field of jwk is not "OKP", then throw a DataError.
- if (jwk.kty != "OKP"sv)
- return WebIDL::DataError::create(m_realm, "Invalid key type"_string);
- // 5. If the crv field of jwk is not "X25519", then throw a DataError.
- if (jwk.crv != "X25519"sv)
- return WebIDL::DataError::create(m_realm, "Invalid curve"_string);
- // 6. If usages is non-empty and the use field of jwk is present and is not equal to "enc" then throw a DataError.
- if (!usages.is_empty() && jwk.use.has_value() && jwk.use.value() != "enc"sv)
- return WebIDL::DataError::create(m_realm, "Invalid use"_string);
- // 7. If the key_ops field of jwk is present, and is invalid according to the requirements of JSON Web Key [JWK],
- // or it does not contain all of the specified usages values, then throw a DataError.
- TRY(validate_jwk_key_ops(m_realm, jwk, usages));
- // 8. If the ext field of jwk is present and has the value false and extractable is true, then throw a DataError.
- if (jwk.ext.has_value() && !jwk.ext.value() && extractable)
- return WebIDL::DataError::create(m_realm, "Invalid extractable"_string);
- // 9. If the d field is present:
- if (jwk.d.has_value()) {
- // 1. If jwk does not meet the requirements of the JWK private key format described in Section 2 of [RFC8037], then throw a DataError.
- // o The parameter "kty" MUST be "OKP".
- if (jwk.kty != "OKP"sv)
- return WebIDL::DataError::create(m_realm, "Invalid key type"_string);
- // // https://www.iana.org/assignments/jose/jose.xhtml#web-key-elliptic-curve
- // o The parameter "crv" MUST be present and contain the subtype of the key (from the "JSON Web Elliptic Curve" registry).
- if (jwk.crv != "X25519"sv)
- return WebIDL::DataError::create(m_realm, "Invalid curve"_string);
- // o The parameter "x" MUST be present and contain the public key encoded using the base64url [RFC4648] encoding.
- if (!jwk.x.has_value())
- return WebIDL::DataError::create(m_realm, "Missing x field"_string);
- // o The parameter "d" MUST be present for private keys and contain the private key encoded using the base64url encoding.
- // This parameter MUST NOT be present for public keys.
- if (!jwk.d.has_value())
- return WebIDL::DataError::create(m_realm, "Missing d field"_string);
- // 2. Let key be a new CryptoKey object that represents the X25519 private key identified by interpreting jwk according to Section 2 of [RFC8037].
- auto private_key_base_64 = jwk.d.value();
- auto private_key_or_error = decode_base64url(private_key_base_64);
- if (private_key_or_error.is_error()) {
- return WebIDL::DataError::create(m_realm, "Failed to decode base64"_string);
- }
- auto private_key = private_key_or_error.release_value();
- key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { private_key });
- // 3. Set the [[type]] internal slot of Key to "private".
- key->set_type(Bindings::KeyType::Private);
- }
- // 9. Otherwise:
- else {
- // 1. If jwk does not meet the requirements of the JWK public key format described in Section 2 of [RFC8037], then throw a DataError.
- // o The parameter "kty" MUST be "OKP".
- if (jwk.kty != "OKP"sv)
- return WebIDL::DataError::create(m_realm, "Invalid key type"_string);
- // https://www.iana.org/assignments/jose/jose.xhtml#web-key-elliptic-curve
- // o The parameter "crv" MUST be present and contain the subtype of the key (from the "JSON Web Elliptic Curve" registry).
- if (jwk.crv != "X25519"sv)
- return WebIDL::DataError::create(m_realm, "Invalid curve"_string);
- // o The parameter "x" MUST be present and contain the public key encoded using the base64url [RFC4648] encoding.
- if (!jwk.x.has_value())
- return WebIDL::DataError::create(m_realm, "Missing x field"_string);
- // o The parameter "d" MUST be present for private keys and contain the private key encoded using the base64url encoding.
- // This parameter MUST NOT be present for public keys.
- if (jwk.d.has_value())
- return WebIDL::DataError::create(m_realm, "Present d field"_string);
- // 2. Let key be a new CryptoKey object that represents the X25519 public key identified by interpreting jwk according to Section 2 of [RFC8037].
- auto public_key_base_64 = jwk.x.value();
- auto public_key_or_error = decode_base64url(public_key_base_64);
- if (public_key_or_error.is_error()) {
- return WebIDL::DataError::create(m_realm, "Failed to decode base64"_string);
- }
- auto public_key = public_key_or_error.release_value();
- key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { public_key });
- // 3. Set the [[type]] internal slot of Key to "public".
- key->set_type(Bindings::KeyType::Public);
- }
- // 10. Let algorithm be a new instance of a KeyAlgorithm object.
- auto algorithm = KeyAlgorithm::create(m_realm);
- // 11. Set the name attribute of algorithm to "X25519".
- algorithm->set_name("X25519"_string);
- // 12. Set the [[algorithm]] internal slot of key to algorithm.
- key->set_algorithm(algorithm);
- }
- // 2. If format is "raw":
- else if (key_format == Bindings::KeyFormat::Raw) {
- // 1. If usages is not empty then throw a SyntaxError.
- if (!usages.is_empty())
- return WebIDL::SyntaxError::create(m_realm, "Usages must be empty"_string);
- // 2. Let algorithm be a new KeyAlgorithm object.
- auto algorithm = KeyAlgorithm::create(m_realm);
- // 3. Set the name attribute of algorithm to "X25519".
- algorithm->set_name("X25519"_string);
- // 4. Let key be a new CryptoKey associated with the relevant global object of this [HTML], and representing the key data provided in keyData.
- key = CryptoKey::create(m_realm, key_data);
- // 5. Set the [[type]] internal slot of key to "public"
- key->set_type(Bindings::KeyType::Public);
- // 6. Set the [[algorithm]] internal slot of key to algorithm.
- key->set_algorithm(algorithm);
- }
- // 2. Otherwise: throw a NotSupportedError.
- else {
- return WebIDL::NotSupportedError::create(m_realm, "Invalid key format"_string);
- }
- // 3. Return key
- return GC::Ref { *key };
- }
- WebIDL::ExceptionOr<GC::Ref<JS::Object>> X25519::export_key(Bindings::KeyFormat format, GC::Ref<CryptoKey> key)
- {
- auto& vm = m_realm->vm();
- // NOTE: This is a parameter to the function
- // 1. Let key be the CryptoKey to be exported.
- // 2. If the underlying cryptographic key material represented by the [[handle]] internal slot of key cannot be accessed, then throw an OperationError.
- // Note: In our impl this is always accessible
- auto const& handle = key->handle();
- GC::Ptr<JS::Object> result = nullptr;
- // 3. If format is "spki":
- if (format == Bindings::KeyFormat::Spki) {
- // 1. If the [[type]] internal slot of key is not "public", then throw an InvalidAccessError.
- if (key->type() != Bindings::KeyType::Public)
- return WebIDL::InvalidAccessError::create(m_realm, "Key is not a public key"_string);
- // 2. Let data be an instance of the subjectPublicKeyInfo ASN.1 structure defined in [RFC5280] with the following properties:
- // Set the algorithm field to an AlgorithmIdentifier ASN.1 type with the following properties:
- // Set the algorithm object identifier to the id-X25519 OID defined in [RFC8410].
- // Set the subjectPublicKey field to keyData.
- auto public_key = handle.get<ByteBuffer>();
- auto data = TRY_OR_THROW_OOM(vm, ::Crypto::PK::wrap_in_subject_public_key_info(public_key, ::Crypto::ASN1::x25519_oid, nullptr));
- // 3. Let result be a new ArrayBuffer associated with the relevant global object of this [HTML], and containing data.
- result = JS::ArrayBuffer::create(m_realm, data);
- }
- // 3. If format is "pkcs8":
- else if (format == Bindings::KeyFormat::Pkcs8) {
- // 1. If the [[type]] internal slot of key is not "private", then throw an InvalidAccessError.
- if (key->type() != Bindings::KeyType::Private)
- return WebIDL::InvalidAccessError::create(m_realm, "Key is not a private key"_string);
- // 2. Let data be an instance of the privateKeyInfo ASN.1 structure defined in [RFC5208] with the following properties:
- // Set the version field to 0.
- // Set the privateKeyAlgorithm field to a PrivateKeyAlgorithmIdentifier ASN.1 type with the following properties:
- // Set the algorithm object identifier to the id-X25519 OID defined in [RFC8410].
- // Set the privateKey field to the result of DER-encoding a CurvePrivateKey ASN.1 type, as defined in Section 7 of [RFC8410],
- // that represents the X25519 private key represented by the [[handle]] internal slot of key
- auto private_key = handle.get<ByteBuffer>();
- auto data = TRY_OR_THROW_OOM(vm, ::Crypto::PK::wrap_in_private_key_info(private_key, ::Crypto::ASN1::x25519_oid, nullptr));
- // 3. Let result be a new ArrayBuffer associated with the relevant global object of this [HTML], and containing data.
- result = JS::ArrayBuffer::create(m_realm, data);
- }
- // 3. If format is "jwt":
- else if (format == Bindings::KeyFormat::Jwk) {
- // 1. Let jwk be a new JsonWebKey dictionar1y.
- Bindings::JsonWebKey jwk = {};
- // 2. Set the kty attribute of jwk to "OKP".
- jwk.kty = "OKP"_string;
- // 3. Set the crv attribute of jwk to "X25519".
- jwk.crv = "X25519"_string;
- // 4. Set the x attribute of jwk according to the definition in Section 2 of [RFC8037].
- if (key->type() == Bindings::KeyType::Public) {
- auto public_key = handle.get<ByteBuffer>();
- jwk.x = TRY_OR_THROW_OOM(vm, encode_base64url(public_key));
- } else {
- // The "x" parameter of the "epk" field is set as follows:
- // Apply the appropriate ECDH function to the ephemeral private key (as scalar input)
- // and the standard base point (as u-coordinate input).
- // The base64url encoding of the output is the value for the "x" parameter of the "epk" field.
- ::Crypto::Curves::X25519 curve;
- auto public_key = TRY_OR_THROW_OOM(vm, curve.generate_public_key(handle.get<ByteBuffer>()));
- jwk.x = TRY_OR_THROW_OOM(vm, encode_base64url(public_key));
- }
- // 5. If the [[type]] internal slot of key is "private"
- if (key->type() == Bindings::KeyType::Private) {
- // 1. Set the d attribute of jwk according to the definition in Section 2 of [RFC8037].
- auto private_key = handle.get<ByteBuffer>();
- jwk.d = TRY_OR_THROW_OOM(vm, encode_base64url(private_key));
- }
- // 6. Set the key_ops attribute of jwk to the usages attribute of key.
- jwk.key_ops = Vector<String> {};
- jwk.key_ops->ensure_capacity(key->internal_usages().size());
- for (auto const& usage : key->internal_usages())
- jwk.key_ops->append(Bindings::idl_enum_to_string(usage));
- // 7. Set the ext attribute of jwk to the [[extractable]] internal slot of key.
- jwk.ext = key->extractable();
- // 8. Let result be the result of converting jwk to an ECMAScript Object, as defined by [WebIDL].
- result = TRY(jwk.to_object(m_realm));
- }
- // 3. If format is "raw":
- else if (format == Bindings::KeyFormat::Raw) {
- // 1. If the [[type]] internal slot of key is not "public", then throw an InvalidAccessError.
- if (key->type() != Bindings::KeyType::Public)
- return WebIDL::InvalidAccessError::create(m_realm, "Key is not a public key"_string);
- // 2. Let data be an octet string representing the X25519 public key represented by the [[handle]] internal slot of key.
- auto public_key = handle.get<ByteBuffer>();
- // 3. Let result be a new ArrayBuffer associated with the relevant global object of this [HTML], and containing data.
- result = JS::ArrayBuffer::create(m_realm, public_key);
- }
- // 3. Otherwise:
- else {
- return WebIDL::NotSupportedError::create(m_realm, "Invalid key format"_string);
- }
- // 4. Return result.
- return GC::Ref { *result };
- }
- // https://wicg.github.io/webcrypto-secure-curves/#x448-operations
- WebIDL::ExceptionOr<GC::Ref<JS::ArrayBuffer>> X448::derive_bits(
- AlgorithmParams const& params,
- GC::Ref<CryptoKey> key,
- Optional<u32> length_optional)
- {
- // 1. If the [[type]] internal slot of key is not "private", then throw an InvalidAccessError.
- if (key->type() != Bindings::KeyType::Private)
- return WebIDL::InvalidAccessError::create(m_realm, "Key is not a private key"_string);
- // 2. Let publicKey be the public member of normalizedAlgorithm.
- auto& public_key = static_cast<EcdhKeyDeriveParams const&>(params).public_key;
- // 3. If the [[type]] internal slot of publicKey is not "public", then throw an InvalidAccessError.
- if (public_key->type() != Bindings::KeyType::Public)
- return WebIDL::InvalidAccessError::create(m_realm, "Public key is not a public key"_string);
- // 4. If the name attribute of the [[algorithm]] internal slot of publicKey is not equal to
- // the name property of the [[algorithm]] internal slot of key, then throw an InvalidAccessError.
- auto& internal_algorithm = static_cast<KeyAlgorithm const&>(*key->algorithm());
- auto& public_internal_algorithm = static_cast<KeyAlgorithm const&>(*public_key->algorithm());
- if (internal_algorithm.name() != public_internal_algorithm.name())
- return WebIDL::InvalidAccessError::create(m_realm, "Algorithm mismatch"_string);
- // 5. Let secret be the result of performing the X448 function specified in [RFC7748] Section 5
- // with key as the X448 private key k and the X448 public key represented by the [[handle]]
- // internal slot of publicKey as the X448 public key u.
- auto private_key = key->handle().get<ByteBuffer>();
- auto public_key_data = public_key->handle().get<ByteBuffer>();
- ::Crypto::Curves::X448 curve;
- auto maybe_secret = curve.compute_coordinate(private_key, public_key_data);
- if (maybe_secret.is_error())
- return WebIDL::OperationError::create(m_realm, "Failed to compute secret"_string);
- auto secret = maybe_secret.release_value();
- // 6. If secret is the all-zero value, then throw a OperationError. This check must be performed in constant-time, as per [RFC7748] Section 6.2.
- // NOTE: The check may be performed by ORing all the bytes together and checking whether the result is zero,
- // as this eliminates standard side-channels in software implementations.
- auto or_bytes = 0;
- for (auto byte : secret.bytes()) {
- or_bytes |= byte;
- }
- if (or_bytes == 0)
- return WebIDL::OperationError::create(m_realm, "Secret is the all-zero value"_string);
- // 7. If length is null: Return secret
- if (!length_optional.has_value()) {
- auto result = TRY_OR_THROW_OOM(m_realm->vm(), ByteBuffer::copy(secret));
- return JS::ArrayBuffer::create(m_realm, move(result));
- }
- // Otherwise: Return an octet string containing the first length bits of secret.
- auto length = length_optional.value();
- if (secret.size() * 8 < length)
- return WebIDL::OperationError::create(m_realm, "Secret is too short"_string);
- auto slice = TRY_OR_THROW_OOM(m_realm->vm(), secret.slice(0, length / 8));
- return JS::ArrayBuffer::create(m_realm, move(slice));
- }
- // https://wicg.github.io/webcrypto-secure-curves/#x448-operations
- WebIDL::ExceptionOr<Variant<GC::Ref<CryptoKey>, GC::Ref<CryptoKeyPair>>> X448::generate_key(
- AlgorithmParams const&,
- bool extractable,
- Vector<Bindings::KeyUsage> const& usages)
- {
- // 1. If usages contains an entry which is not "deriveKey" or "deriveBits" then throw a SyntaxError.
- for (auto const& usage : usages) {
- if (usage != Bindings::KeyUsage::Derivekey && usage != Bindings::KeyUsage::Derivebits) {
- return WebIDL::SyntaxError::create(m_realm, MUST(String::formatted("Invalid key usage '{}'", idl_enum_to_string(usage))));
- }
- }
- // 2. Generate an X448 key pair, with the private key being 56 random bytes, and the public key being X448(a, 5), as defined in [RFC7748], section 6.2.
- ::Crypto::Curves::X448 curve;
- auto maybe_private_key = curve.generate_private_key();
- if (maybe_private_key.is_error())
- return WebIDL::OperationError::create(m_realm, "Failed to generate private key"_string);
- auto private_key_data = maybe_private_key.release_value();
- auto maybe_public_key = curve.generate_public_key(private_key_data);
- if (maybe_public_key.is_error())
- return WebIDL::OperationError::create(m_realm, "Failed to generate public key"_string);
- auto public_key_data = maybe_public_key.release_value();
- // 3. Let algorithm be a new KeyAlgorithm object.
- auto algorithm = KeyAlgorithm::create(m_realm);
- // 4. Set the name attribute of algorithm to "X448".
- algorithm->set_name("X448"_string);
- // 5. Let publicKey be a new CryptoKey associated with the relevant global object of this [HTML], and representing the public key of the generated key pair.
- auto public_key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { public_key_data });
- // 6. Set the [[type]] internal slot of publicKey to "public"
- public_key->set_type(Bindings::KeyType::Public);
- // 7. Set the [[algorithm]] internal slot of publicKey to algorithm.
- public_key->set_algorithm(algorithm);
- // 8. Set the [[extractable]] internal slot of publicKey to true.
- public_key->set_extractable(true);
- // 9. Set the [[usages]] internal slot of publicKey to be the empty list.
- public_key->set_usages({});
- // 10. Let privateKey be a new CryptoKey associated with the relevant global object of this [HTML], and representing the private key of the generated key pair.
- auto private_key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { private_key_data });
- // 11. Set the [[type]] internal slot of privateKey to "private"
- private_key->set_type(Bindings::KeyType::Private);
- // 12. Set the [[algorithm]] internal slot of privateKey to algorithm.
- private_key->set_algorithm(algorithm);
- // 13. Set the [[extractable]] internal slot of privateKey to extractable.
- private_key->set_extractable(extractable);
- // 14. Set the [[usages]] internal slot of privateKey to be the usage intersection of usages and [ "deriveKey", "deriveBits" ].
- private_key->set_usages(usage_intersection(usages, { { Bindings::KeyUsage::Derivekey, Bindings::KeyUsage::Derivebits } }));
- // 15. Let result be a new CryptoKeyPair dictionary.
- // 16. Set the publicKey attribute of result to be publicKey.
- // 17. Set the privateKey attribute of result to be privateKey.
- auto result = CryptoKeyPair::create(m_realm, public_key, private_key);
- // 18. Return the result of converting result to an ECMAScript Object, as defined by [WebIDL].
- return Variant<GC::Ref<CryptoKey>, GC::Ref<CryptoKeyPair>> { result };
- }
- // https://wicg.github.io/webcrypto-secure-curves/#x448-operations
- WebIDL::ExceptionOr<GC::Ref<JS::Object>> X448::export_key(Bindings::KeyFormat format, GC::Ref<CryptoKey> key)
- {
- // 1. Let key be the CryptoKey to be exported.
- // 2. If the underlying cryptographic key material represented by the [[handle]] internal slot of key cannot be accessed, then throw an OperationError.
- // Note: In our impl this is always accessible
- auto const& key_data = key->handle().get<ByteBuffer>();
- // 3. If format is "spki":
- if (format == Bindings::KeyFormat::Spki) {
- // 1. If the [[type]] internal slot of key is not "public", then throw an InvalidAccessError.
- if (key->type() != Bindings::KeyType::Public)
- return WebIDL::InvalidAccessError::create(m_realm, "Key is not a public key"_string);
- // 2. Let data be an instance of the subjectPublicKeyInfo ASN.1 structure defined in [RFC5280] with the following properties:
- // * Set the algorithm field to an AlgorithmIdentifier ASN.1 type with the following properties:
- // * Set the algorithm object identifier to the id-X448 OID defined in [RFC8410].
- // * Set the subjectPublicKey field to keyData.
- auto x448_oid = ::Crypto::ASN1::x448_oid;
- auto data = TRY_OR_THROW_OOM(m_realm->vm(), ::Crypto::PK::wrap_in_subject_public_key_info(key_data, x448_oid, nullptr));
- // 3. Let result be a new ArrayBuffer associated with the relevant global object of this [HTML], and containing data.
- return JS::ArrayBuffer::create(m_realm, data);
- }
- // 3. If format is "pkcs8":
- if (format == Bindings::KeyFormat::Pkcs8) {
- // 1. If the [[type]] internal slot of key is not "private", then throw an InvalidAccessError.
- if (key->type() != Bindings::KeyType::Private)
- return WebIDL::InvalidAccessError::create(m_realm, "Key is not a private key"_string);
- // 2. Let data be an instance of the privateKeyInfo ASN.1 structure defined in [RFC5208] with the following properties:
- // * Set the version field to 0.
- // * Set the privateKeyAlgorithm field to a PrivateKeyAlgorithmIdentifier ASN.1 type with the following properties:
- // * Set the algorithm object identifier to the id-X448 OID defined in [RFC8410].
- // * Set the privateKey field to the result of DER-encoding a CurvePrivateKey ASN.1 type, as defined in Section 7 of [RFC8410], that represents the X448 private key represented by the [[handle]] internal slot of key
- auto x448_oid = ::Crypto::ASN1::x448_oid;
- auto data = TRY_OR_THROW_OOM(m_realm->vm(), ::Crypto::PK::wrap_in_private_key_info(key_data, x448_oid, nullptr));
- // 3. Let result be a new ArrayBuffer associated with the relevant global object of this [HTML], and containing data.
- return JS::ArrayBuffer::create(m_realm, data);
- }
- // 3. If format is "jwk":
- if (format == Bindings::KeyFormat::Jwk) {
- // 1. Let jwk be a new JsonWebKey dictionary.
- Bindings::JsonWebKey jwk = {};
- // 2. Set the kty attribute of jwk to "OKP".
- jwk.kty = "OKP"_string;
- // 3. Set the crv attribute of jwk to "X448".
- jwk.crv = "X448"_string;
- // 4. Set the x attribute of jwk according to the definition in Section 2 of [RFC8037].
- jwk.x = TRY_OR_THROW_OOM(m_realm->vm(), encode_base64url(key_data));
- // 5. If the [[type]] internal slot of key is "private"
- if (key->type() == Bindings::KeyType::Private) {
- // 1. Set the d attribute of jwk according to the definition in Section 2 of [RFC8037].
- jwk.d = TRY_OR_THROW_OOM(m_realm->vm(), encode_base64url(key_data));
- }
- // 6. Set the key_ops attribute of jwk to the usages attribute of key.
- jwk.key_ops = Vector<String> {};
- jwk.key_ops->ensure_capacity(key->internal_usages().size());
- for (auto const& usage : key->internal_usages())
- jwk.key_ops->append(Bindings::idl_enum_to_string(usage));
- // 7. Set the ext attribute of jwk to the [[extractable]] internal slot of key.
- jwk.ext = key->extractable();
- // 8. Let result be the result of converting jwk to an ECMAScript Object, as defined by [WebIDL].
- auto result = TRY(jwk.to_object(m_realm));
- return GC::Ref { *result };
- }
- // 3. If format is "raw":
- if (format == Bindings::KeyFormat::Raw) {
- // 1. If the [[type]] internal slot of key is not "public", then throw an InvalidAccessError.
- if (key->type() != Bindings::KeyType::Public)
- return WebIDL::InvalidAccessError::create(m_realm, "Key is not a public key"_string);
- // 2. Let data be an octet string representing the X448 public key represented by the [[handle]] internal slot of key.
- // 3. Let result be a new ArrayBuffer associated with the relevant global object of this [HTML], and containing data.
- return JS::ArrayBuffer::create(m_realm, key_data);
- }
- // 3. Otherwise:
- // throw a NotSupportedError.
- return WebIDL::NotSupportedError::create(m_realm, "Invalid key format"_string);
- }
- // https://wicg.github.io/webcrypto-secure-curves/#x448-operations
- WebIDL::ExceptionOr<GC::Ref<CryptoKey>> X448::import_key(
- AlgorithmParams const&,
- Bindings::KeyFormat format,
- CryptoKey::InternalKeyData key_data,
- bool extractable,
- Vector<Bindings::KeyUsage> const& usages)
- {
- // 1. Let keyData be the key data to be imported.
- // 2. If format is "spki":
- if (format == Bindings::KeyFormat::Spki) {
- // 1. If usages is not empty then throw a SyntaxError.
- if (!usages.is_empty())
- return WebIDL::SyntaxError::create(m_realm, "Usages must be empty"_string);
- // 2. Let spki be the result of running the parse a subjectPublicKeyInfo algorithm over keyData.
- // 3. If an error occurred while parsing, then throw a DataError.
- auto spki = TRY(parse_a_subject_public_key_info(m_realm, key_data.get<ByteBuffer>()));
- // 4. If the algorithm object identifier field of the algorithm AlgorithmIdentifier field of spki is not equal to the id-X448 object identifier defined in [RFC8410], then throw a DataError.
- if (spki.algorithm.identifier != ::Crypto::ASN1::x448_oid)
- return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
- // 5. If the parameters field of the algorithm AlgorithmIdentifier field of spki is present, then throw a DataError.
- if (spki.algorithm.ec_parameters.has_value())
- return WebIDL::DataError::create(m_realm, "Invalid algorithm parameters"_string);
- // 6. Let publicKey be the X448 public key identified by the subjectPublicKey field of spki.
- auto const& public_key = spki.raw_key;
- // 7. Let key be a new CryptoKey associated with the relevant global object of this [HTML], and that represents publicKey.
- auto key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { public_key });
- // 8. Set the [[type]] internal slot of key to "public"
- key->set_type(Bindings::KeyType::Public);
- // 9. Let algorithm be a new KeyAlgorithm.
- auto algorithm = KeyAlgorithm::create(m_realm);
- // 10. Set the name attribute of algorithm to "X448".
- algorithm->set_name("X448"_string);
- // 11. Set the [[algorithm]] internal slot of key to algorithm.
- key->set_algorithm(algorithm);
- return key;
- }
- // 3. If format is "pkcs8":
- if (format == Bindings::KeyFormat::Pkcs8) {
- // 1. If usages contains an entry which is not "deriveKey" or "deriveBits" then throw a SyntaxError.
- for (auto const& usage : usages) {
- if (usage != Bindings::KeyUsage::Derivekey && usage != Bindings::KeyUsage::Derivebits) {
- return WebIDL::SyntaxError::create(m_realm, MUST(String::formatted("Invalid key usage '{}'", idl_enum_to_string(usage))));
- }
- }
- // 2. Let privateKeyInfo be the result of running the parse a privateKeyInfo algorithm over keyData.
- // 3. If an error occurred while parsing, then throw a DataError.
- auto private_key_info = TRY(parse_a_private_key_info(m_realm, key_data.get<ByteBuffer>()));
- auto private_key = private_key_info.raw_key;
- // 4. If the algorithm object identifier field of the privateKeyAlgorithm PrivateKeyAlgorithm field of privateKeyInfo is not equal to the id-X448 object identifier defined in [RFC8410], then throw a DataError.
- if (private_key_info.algorithm.identifier != ::Crypto::ASN1::x448_oid)
- return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
- // 5. If the parameters field of the privateKeyAlgorithm PrivateKeyAlgorithmIdentifier field of privateKeyInfo is present, then throw a DataError.
- if (private_key_info.algorithm.ec_parameters.has_value())
- return WebIDL::DataError::create(m_realm, "Invalid algorithm parameters"_string);
- // 6. Let curvePrivateKey be the result of performing the parse an ASN.1 structure algorithm,
- // with data as the privateKey field of privateKeyInfo, structure as the ASN.1 CurvePrivateKey
- // structure specified in Section 7 of [RFC8410], and exactData set to true.
- // 7. If an error occurred while parsing, then throw a DataError.
- auto curve_private_key = TRY(parse_an_ASN1_structure<StringView>(m_realm, private_key_info.raw_key, true));
- auto curve_private_key_bytes = TRY_OR_THROW_OOM(m_realm->vm(), ByteBuffer::copy(curve_private_key.bytes()));
- // 8. Let key be a new CryptoKey associated with the relevant global object of this [HTML], and that represents the X448 private key identified by curvePrivateKey.
- auto key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { curve_private_key_bytes });
- // 9. Set the [[type]] internal slot of key to "private"
- key->set_type(Bindings::KeyType::Private);
- // 10. Let algorithm be a new KeyAlgorithm.
- auto algorithm = KeyAlgorithm::create(m_realm);
- // 11. Set the name attribute of algorithm to "X448".
- algorithm->set_name("X448"_string);
- // 12. Set the [[algorithm]] internal slot of key to algorithm.
- key->set_algorithm(algorithm);
- return key;
- }
- // 3. If format is "jwk":
- if (format == Bindings::KeyFormat::Jwk) {
- // 1. If keyData is a JsonWebKey dictionary:
- // Let jwk equal keyData.
- // Otherwise:
- // Throw a DataError.
- if (!key_data.has<Bindings::JsonWebKey>())
- return WebIDL::DataError::create(m_realm, "Data is not a JsonWebKey dictionary"_string);
- auto jwk = key_data.get<Bindings::JsonWebKey>();
- // 2. If the d field is present and if usages contains an entry which is not "deriveKey" or "deriveBits" then throw a SyntaxError.
- if (jwk.d.has_value()) {
- for (auto const& usage : usages) {
- if (usage != Bindings::KeyUsage::Derivekey && usage != Bindings::KeyUsage::Derivebits) {
- return WebIDL::SyntaxError::create(m_realm, MUST(String::formatted("Invalid key usage '{}'", idl_enum_to_string(usage))));
- }
- }
- }
- // 3. If the d field is not present and if usages is not empty then throw a SyntaxError.
- if (!jwk.d.has_value() && !usages.is_empty())
- return WebIDL::SyntaxError::create(m_realm, "Usages must be empty"_string);
- // 4. If the kty field of jwk is not "OKP", then throw a DataError.
- if (jwk.kty != "OKP"sv)
- return WebIDL::DataError::create(m_realm, "Invalid key type"_string);
- // 5. If the crv field of jwk is not "X448", then throw a DataError.
- if (jwk.crv != "X448"sv)
- return WebIDL::DataError::create(m_realm, "Invalid curve"_string);
- // 6. If usages is non-empty and the use field of jwk is present and is not equal to "enc" then throw a DataError.
- if (!usages.is_empty() && jwk.use.has_value() && jwk.use.value() != "enc"sv)
- return WebIDL::DataError::create(m_realm, "Invalid use"_string);
- // 7. If the key_ops field of jwk is present, and is invalid according to the requirements of JSON Web Key [JWK],
- // or it does not contain all of the specified usages values, then throw a DataError.
- TRY(validate_jwk_key_ops(m_realm, jwk, usages));
- // 8. If the ext field of jwk is present and has the value false and extractable is true, then throw a DataError.
- if (jwk.ext.has_value() && !jwk.ext.value() && extractable)
- return WebIDL::DataError::create(m_realm, "Invalid extractable"_string);
- GC::Ptr<CryptoKey> key = nullptr;
- // 9. If the d field is present:
- if (jwk.d.has_value()) {
- // 1. If jwk does not meet the requirements of the JWK private key format described in Section 2 of [RFC8037], then throw a DataError.
- // o The parameter "kty" MUST be "OKP".
- if (jwk.kty != "OKP"sv)
- return WebIDL::DataError::create(m_realm, "Invalid key type"_string);
- // // https://www.iana.org/assignments/jose/jose.xhtml#web-key-elliptic-curve
- // o The parameter "crv" MUST be present and contain the subtype of the key (from the "JSON Web Elliptic Curve" registry).
- if (jwk.crv != "X448"sv)
- return WebIDL::DataError::create(m_realm, "Invalid curve"_string);
- // o The parameter "x" MUST be present and contain the public key encoded using the base64url [RFC4648] encoding.
- if (!jwk.x.has_value())
- return WebIDL::DataError::create(m_realm, "Missing x field"_string);
- // o The parameter "d" MUST be present for private keys and contain the private key encoded using the base64url encoding.
- // This parameter MUST NOT be present for public keys.
- if (!jwk.d.has_value())
- return WebIDL::DataError::create(m_realm, "Missing d field"_string);
- // 2. Let key be a new CryptoKey object that represents the X25519 private key identified by interpreting jwk according to Section 2 of [RFC8037].
- auto private_key_base_64 = jwk.d.value();
- auto private_key_or_error = decode_base64url(private_key_base_64);
- if (private_key_or_error.is_error()) {
- return WebIDL::DataError::create(m_realm, "Failed to decode base64"_string);
- }
- auto private_key = private_key_or_error.release_value();
- key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { private_key });
- // 3. Set the [[type]] internal slot of Key to "private".
- key->set_type(Bindings::KeyType::Private);
- }
- // Otherwise:
- else {
- // 1. If jwk does not meet the requirements of the JWK public key format described in Section 2 of [RFC8037], then throw a DataError.
- // o The parameter "kty" MUST be "OKP".
- if (jwk.kty != "OKP"sv)
- return WebIDL::DataError::create(m_realm, "Invalid key type"_string);
- // https://www.iana.org/assignments/jose/jose.xhtml#web-key-elliptic-curve
- // o The parameter "crv" MUST be present and contain the subtype of the key (from the "JSON Web Elliptic Curve" registry).
- if (jwk.crv != "X448"sv)
- return WebIDL::DataError::create(m_realm, "Invalid curve"_string);
- // o The parameter "x" MUST be present and contain the public key encoded using the base64url [RFC4648] encoding.
- if (!jwk.x.has_value())
- return WebIDL::DataError::create(m_realm, "Missing x field"_string);
- // o The parameter "d" MUST be present for private keys and contain the private key encoded using the base64url encoding.
- // This parameter MUST NOT be present for public keys.
- if (jwk.d.has_value())
- return WebIDL::DataError::create(m_realm, "Present d field"_string);
- // 2. Let key be a new CryptoKey object that represents the Ed25519 public key identified by interpreting jwk according to Section 2 of [RFC8037].
- auto public_key_base_64 = jwk.x.value();
- auto public_key_or_error = decode_base64url(public_key_base_64);
- if (public_key_or_error.is_error()) {
- return WebIDL::DataError::create(m_realm, "Failed to decode base64"_string);
- }
- auto public_key = public_key_or_error.release_value();
- key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { public_key });
- // 3. Set the [[type]] internal slot of Key to "public".
- key->set_type(Bindings::KeyType::Public);
- }
- // 10. Let algorithm be a new instance of a KeyAlgorithm object.
- auto algorithm = KeyAlgorithm::create(m_realm);
- // 11. Set the name attribute of algorithm to "X448".
- algorithm->set_name("X448"_string);
- // 12. Set the [[algorithm]] internal slot of key to algorithm.
- key->set_algorithm(algorithm);
- return GC::Ref { *key };
- }
- // 3. If format is "raw":
- if (format == Bindings::KeyFormat::Raw) {
- // 1. If usages is not empty then throw a SyntaxError.
- if (!usages.is_empty())
- return WebIDL::SyntaxError::create(m_realm, "Usages must be empty"_string);
- // 2. Let algorithm be a new KeyAlgorithm object.
- auto algorithm = KeyAlgorithm::create(m_realm);
- // 3. Set the name attribute of algorithm to "X448".
- algorithm->set_name("X448"_string);
- // 4. Let key be a new CryptoKey associated with the relevant global object of this [HTML], and representing the key data provided in keyData.
- auto key = CryptoKey::create(m_realm, key_data);
- // 5. Set the [[type]] internal slot of key to "public"
- key->set_type(Bindings::KeyType::Public);
- // 6. Set the [[algorithm]] internal slot of key to algorithm.
- key->set_algorithm(algorithm);
- return key;
- }
- (void)extractable;
- // 3. Otherwise:
- // throw a NotSupportedError.
- return WebIDL::NotSupportedError::create(m_realm, "Invalid key format"_string);
- }
- static WebIDL::ExceptionOr<ByteBuffer> hmac_calculate_message_digest(JS::Realm& realm, GC::Ptr<KeyAlgorithm> hash, ReadonlyBytes key, ReadonlyBytes message)
- {
- auto calculate_digest = [&]<typename T>() -> ByteBuffer {
- ::Crypto::Authentication::HMAC<T> hmac(key);
- auto digest = hmac.process(message);
- return MUST(ByteBuffer::copy(digest.bytes()));
- };
- auto hash_name = hash->name();
- if (hash_name == "SHA-1")
- return calculate_digest.operator()<::Crypto::Hash::SHA1>();
- if (hash_name == "SHA-256")
- return calculate_digest.operator()<::Crypto::Hash::SHA256>();
- if (hash_name == "SHA-384")
- return calculate_digest.operator()<::Crypto::Hash::SHA384>();
- if (hash_name == "SHA-512")
- return calculate_digest.operator()<::Crypto::Hash::SHA512>();
- return WebIDL::NotSupportedError::create(realm, "Invalid algorithm"_string);
- }
- static WebIDL::ExceptionOr<WebIDL::UnsignedLong> hmac_hash_block_size(JS::Realm& realm, HashAlgorithmIdentifier hash)
- {
- auto hash_name = TRY(hash.name(realm.vm()));
- if (hash_name == "SHA-1")
- return ::Crypto::Hash::SHA1::digest_size();
- if (hash_name == "SHA-256")
- return ::Crypto::Hash::SHA256::digest_size();
- if (hash_name == "SHA-384")
- return ::Crypto::Hash::SHA384::digest_size();
- if (hash_name == "SHA-512")
- return ::Crypto::Hash::SHA512::digest_size();
- return WebIDL::NotSupportedError::create(realm, MUST(String::formatted("Invalid hash function '{}'", hash_name)));
- }
- // https://w3c.github.io/webcrypto/#hmac-operations
- WebIDL::ExceptionOr<GC::Ref<JS::ArrayBuffer>> HMAC::sign(AlgorithmParams const&, GC::Ref<CryptoKey> key, ByteBuffer const& message)
- {
- // 1. Let mac be the result of performing the MAC Generation operation described in Section 4 of
- // [FIPS-198-1] using the key represented by [[handle]] internal slot of key, the hash
- // function identified by the hash attribute of the [[algorithm]] internal slot of key and
- // message as the input data text.
- auto const& key_data = key->handle().get<ByteBuffer>();
- auto const& algorithm = verify_cast<HmacKeyAlgorithm>(*key->algorithm());
- auto mac = TRY(hmac_calculate_message_digest(m_realm, algorithm.hash(), key_data.bytes(), message.bytes()));
- // 2. Return the result of creating an ArrayBuffer containing mac.
- return JS::ArrayBuffer::create(m_realm, move(mac));
- }
- // https://w3c.github.io/webcrypto/#hmac-operations
- WebIDL::ExceptionOr<JS::Value> HMAC::verify(AlgorithmParams const&, GC::Ref<CryptoKey> key, ByteBuffer const& signature, ByteBuffer const& message)
- {
- // 1. Let mac be the result of performing the MAC Generation operation described in Section 4 of
- // [FIPS-198-1] using the key represented by [[handle]] internal slot of key, the hash
- // function identified by the hash attribute of the [[algorithm]] internal slot of key and
- // message as the input data text.
- auto const& key_data = key->handle().get<ByteBuffer>();
- auto const& algorithm = verify_cast<HmacKeyAlgorithm>(*key->algorithm());
- auto mac = TRY(hmac_calculate_message_digest(m_realm, algorithm.hash(), key_data.bytes(), message.bytes()));
- // 2. Return true if mac is equal to signature and false otherwise.
- return mac == signature;
- }
- // https://w3c.github.io/webcrypto/#hmac-operations
- WebIDL::ExceptionOr<Variant<GC::Ref<CryptoKey>, GC::Ref<CryptoKeyPair>>> HMAC::generate_key(AlgorithmParams const& params, bool extractable, Vector<Bindings::KeyUsage> const& usages)
- {
- // 1. If usages contains any entry which is not "sign" or "verify", then throw a SyntaxError.
- for (auto const& usage : usages) {
- if (usage != Bindings::KeyUsage::Sign && usage != Bindings::KeyUsage::Verify)
- return WebIDL::SyntaxError::create(m_realm, MUST(String::formatted("Invalid key usage '{}'", idl_enum_to_string(usage))));
- }
- // 2. If the length member of normalizedAlgorithm is not present:
- auto const& normalized_algorithm = static_cast<HmacKeyGenParams const&>(params);
- WebIDL::UnsignedLong length;
- if (!normalized_algorithm.length.has_value()) {
- // Let length be the block size in bits of the hash function identified by the hash member
- // of normalizedAlgorithm.
- length = TRY(hmac_hash_block_size(m_realm, normalized_algorithm.hash));
- }
- // Otherwise, if the length member of normalizedAlgorithm is non-zero:
- else if (normalized_algorithm.length.value() != 0) {
- // Let length be equal to the length member of normalizedAlgorithm.
- length = normalized_algorithm.length.value();
- }
- // Otherwise:
- else {
- // throw an OperationError.
- return WebIDL::OperationError::create(m_realm, "Invalid length"_string);
- }
- // 3. Generate a key of length length bits.
- auto key_data = MUST(generate_random_key(m_realm->vm(), length));
- // 4. If the key generation step fails, then throw an OperationError.
- // NOTE: Currently key generation must succeed
- // 5. Let key be a new CryptoKey object representing the generated key.
- auto key = CryptoKey::create(m_realm, move(key_data));
- // 6. Let algorithm be a new HmacKeyAlgorithm.
- auto algorithm = HmacKeyAlgorithm::create(m_realm);
- // 7. Set the name attribute of algorithm to "HMAC".
- algorithm->set_name("HMAC"_string);
- // 8. Let hash be a new KeyAlgorithm.
- auto hash = KeyAlgorithm::create(m_realm);
- // 9. Set the name attribute of hash to equal the name member of the hash member of normalizedAlgorithm.
- hash->set_name(TRY(normalized_algorithm.hash.name(m_realm->vm())));
- // 10. Set the hash attribute of algorithm to hash.
- algorithm->set_hash(hash);
- // 11. Set the [[type]] internal slot of key to "secret".
- key->set_type(Bindings::KeyType::Secret);
- // 12. Set the [[algorithm]] internal slot of key to algorithm.
- key->set_algorithm(algorithm);
- // 13. Set the [[extractable]] internal slot of key to be extractable.
- key->set_extractable(extractable);
- // 14. Set the [[usages]] internal slot of key to be usages.
- key->set_usages(usages);
- // 15. Return key.
- return Variant<GC::Ref<CryptoKey>, GC::Ref<CryptoKeyPair>> { key };
- }
- // https://w3c.github.io/webcrypto/#hmac-operations
- WebIDL::ExceptionOr<GC::Ref<CryptoKey>> HMAC::import_key(Web::Crypto::AlgorithmParams const& params, Bindings::KeyFormat key_format, CryptoKey::InternalKeyData key_data, bool extractable, Vector<Bindings::KeyUsage> const& usages)
- {
- auto& vm = m_realm->vm();
- auto const& normalized_algorithm = static_cast<HmacImportParams const&>(params);
- // 1. Let keyData be the key data to be imported.
- // 2. If usages contains an entry which is not "sign" or "verify", then throw a SyntaxError.
- for (auto const& usage : usages) {
- if (usage != Bindings::KeyUsage::Sign && usage != Bindings::KeyUsage::Verify)
- return WebIDL::SyntaxError::create(m_realm, MUST(String::formatted("Invalid key usage '{}'", idl_enum_to_string(usage))));
- }
- // 3. Let hash be a new KeyAlgorithm.
- auto hash = KeyAlgorithm::create(m_realm);
- // 4. If format is "raw":
- AK::ByteBuffer data;
- if (key_format == Bindings::KeyFormat::Raw) {
- // 4.1. Let data be the octet string contained in keyData.
- data = key_data.get<ByteBuffer>();
- // 4.2. Set hash to equal the hash member of normalizedAlgorithm.
- hash->set_name(TRY(normalized_algorithm.hash.name(vm)));
- }
- // If format is "jwk":
- else if (key_format == Bindings::KeyFormat::Jwk) {
- // 1. If keyData is a JsonWebKey dictionary:
- // Let jwk equal keyData.
- // Otherwise:
- // Throw a DataError.
- if (!key_data.has<Bindings::JsonWebKey>())
- return WebIDL::DataError::create(m_realm, "Data is not a JsonWebKey dictionary"_string);
- auto jwk = key_data.get<Bindings::JsonWebKey>();
- // 2. If the kty field of jwk is not "oct", then throw a DataError.
- if (jwk.kty != "oct"sv)
- return WebIDL::DataError::create(m_realm, "Invalid key type"_string);
- // 3. If jwk does not meet the requirements of Section 6.4 of JSON Web Algorithms [JWA],
- // then throw a DataError.
- // 4. Let data be the octet string obtained by decoding the k field of jwk.
- data = TRY(parse_jwk_symmetric_key(m_realm, jwk));
- // 5. Set the hash to equal the hash member of normalizedAlgorithm.
- hash->set_name(TRY(normalized_algorithm.hash.name(vm)));
- // 6. If the name attribute of hash is "SHA-1":
- auto hash_name = hash->name();
- if (hash_name == "SHA-1") {
- // If the alg field of jwk is present and is not "HS1", then throw a DataError.
- if (jwk.alg.has_value() && jwk.alg != "HS1"sv)
- return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
- }
- // If the name attribute of hash is "SHA-256":
- else if (hash_name == "SHA-256") {
- // If the alg field of jwk is present and is not "HS256", then throw a DataError.
- if (jwk.alg.has_value() && jwk.alg != "HS256"sv)
- return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
- }
- // If the name attribute of hash is "SHA-384":
- else if (hash_name == "SHA-384") {
- // If the alg field of jwk is present and is not "HS384", then throw a DataError.
- if (jwk.alg.has_value() && jwk.alg != "HS384"sv)
- return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
- }
- // If the name attribute of hash is "SHA-512":
- else if (hash_name == "SHA-512") {
- // If the alg field of jwk is present and is not "HS512", then throw a DataError.
- if (jwk.alg.has_value() && jwk.alg != "HS512"sv)
- return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
- }
- // FIXME: Otherwise, if the name attribute of hash is defined in another applicable specification:
- else {
- // FIXME: Perform any key import steps defined by other applicable specifications, passing format,
- // jwk and hash and obtaining hash.
- dbgln("Hash algorithm '{}' not supported", hash_name);
- return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
- }
- // 7. If usages is non-empty and the use field of jwk is present and is not "sign", then
- // throw a DataError.
- if (!usages.is_empty() && jwk.use.has_value() && jwk.use != "sign"sv)
- return WebIDL::DataError::create(m_realm, "Invalid use in JsonWebKey"_string);
- // 8. If the key_ops field of jwk is present, and is invalid according to the requirements
- // of JSON Web Key [JWK] or does not contain all of the specified usages values, then
- // throw a DataError.
- TRY(validate_jwk_key_ops(m_realm, jwk, usages));
- // 9. If the ext field of jwk is present and has the value false and extractable is true,
- // then throw a DataError.
- if (jwk.ext.has_value() && !*jwk.ext && extractable)
- return WebIDL::DataError::create(m_realm, "Invalid ext field"_string);
- }
- // Otherwise:
- else {
- // throw a NotSupportedError.
- return WebIDL::NotSupportedError::create(m_realm, "Invalid key format"_string);
- }
- // 5. Let length be equivalent to the length, in octets, of data, multiplied by 8.
- auto length = data.size() * 8;
- // 6. If length is zero then throw a DataError.
- if (length == 0)
- return WebIDL::DataError::create(m_realm, "No data provided"_string);
- // 7. If the length member of normalizedAlgorithm is present:
- if (normalized_algorithm.length.has_value()) {
- // If the length member of normalizedAlgorithm is greater than length:
- auto normalized_algorithm_length = normalized_algorithm.length.value();
- if (normalized_algorithm_length > length) {
- // throw a DataError.
- return WebIDL::DataError::create(m_realm, "Invalid data size"_string);
- }
- // If the length member of normalizedAlgorithm, is less than or equal to length minus eight:
- if (normalized_algorithm_length <= length - 8) {
- // throw a DataError.
- return WebIDL::DataError::create(m_realm, "Invalid data size"_string);
- }
- // Otherwise:
- // Set length equal to the length member of normalizedAlgorithm.
- length = normalized_algorithm_length;
- }
- // 8. Let key be a new CryptoKey object representing an HMAC key with the first length bits of data.
- auto length_in_bytes = length / 8;
- if (data.size() > length_in_bytes)
- data = MUST(data.slice(0, length_in_bytes));
- auto key = CryptoKey::create(m_realm, move(data));
- // 9. Set the [[type]] internal slot of key to "secret".
- key->set_type(Bindings::KeyType::Secret);
- // 10. Let algorithm be a new HmacKeyAlgorithm.
- auto algorithm = HmacKeyAlgorithm::create(m_realm);
- // 11. Set the name attribute of algorithm to "HMAC".
- algorithm->set_name("HMAC"_string);
- // 12. Set the length attribute of algorithm to length.
- algorithm->set_length(length);
- // 13. Set the hash attribute of algorithm to hash.
- algorithm->set_hash(hash);
- // 14. Set the [[algorithm]] internal slot of key to algorithm.
- key->set_algorithm(algorithm);
- // 15. Return key.
- return key;
- }
- // https://w3c.github.io/webcrypto/#hmac-operations
- WebIDL::ExceptionOr<GC::Ref<JS::Object>> HMAC::export_key(Bindings::KeyFormat format, GC::Ref<CryptoKey> key)
- {
- // 1. If the underlying cryptographic key material represented by the [[handle]] internal slot
- // of key cannot be accessed, then throw an OperationError.
- // NOTE: In our impl this is always accessible
- // 2. Let bits be the raw bits of the key represented by [[handle]] internal slot of key.
- // 3. Let data be an octet string containing bits.
- auto data = key->handle().get<ByteBuffer>();
- // 4. If format is "raw":
- GC::Ptr<JS::Object> result;
- if (format == Bindings::KeyFormat::Raw) {
- // Let result be the result of creating an ArrayBuffer containing data.
- result = JS::ArrayBuffer::create(m_realm, data);
- }
- // If format is "jwk":
- else if (format == Bindings::KeyFormat::Jwk) {
- // Let jwk be a new JsonWebKey dictionary.
- Bindings::JsonWebKey jwk {};
- // Set the kty attribute of jwk to the string "oct".
- jwk.kty = "oct"_string;
- // Set the k attribute of jwk to be a string containing data, encoded according to Section
- // 6.4 of JSON Web Algorithms [JWA].
- jwk.k = MUST(encode_base64url(data, AK::OmitPadding::Yes));
- // Let algorithm be the [[algorithm]] internal slot of key.
- auto const& algorithm = verify_cast<HmacKeyAlgorithm>(*key->algorithm());
- // Let hash be the hash attribute of algorithm.
- auto hash = algorithm.hash();
- // If the name attribute of hash is "SHA-1":
- auto hash_name = hash->name();
- if (hash_name == "SHA-1") {
- // Set the alg attribute of jwk to the string "HS1".
- jwk.alg = "HS1"_string;
- }
- // If the name attribute of hash is "SHA-256":
- else if (hash_name == "SHA-256") {
- // Set the alg attribute of jwk to the string "HS256".
- jwk.alg = "HS256"_string;
- }
- // If the name attribute of hash is "SHA-384":
- else if (hash_name == "SHA-384") {
- // Set the alg attribute of jwk to the string "HS384".
- jwk.alg = "HS384"_string;
- }
- // If the name attribute of hash is "SHA-512":
- else if (hash_name == "SHA-512") {
- // Set the alg attribute of jwk to the string "HS512".
- jwk.alg = "HS512"_string;
- }
- // FIXME: Otherwise, the name attribute of hash is defined in another applicable
- // specification:
- else {
- // FIXME: Perform any key export steps defined by other applicable specifications,
- // passing format and key and obtaining alg.
- // FIXME: Set the alg attribute of jwk to alg.
- dbgln("Hash algorithm '{}' not supported", hash_name);
- return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
- }
- // Set the key_ops attribute of jwk to equal the usages attribute of key.
- jwk.key_ops = Vector<String> {};
- jwk.key_ops->ensure_capacity(key->internal_usages().size());
- for (auto const& usage : key->internal_usages()) {
- jwk.key_ops->append(Bindings::idl_enum_to_string(usage));
- }
- // Set the ext attribute of jwk to equal the [[extractable]] internal slot of key.
- jwk.ext = key->extractable();
- // Let result be the result of converting jwk to an ECMAScript Object, as defined by [WebIDL].
- result = TRY(jwk.to_object(m_realm));
- }
- // Otherwise:
- else {
- // throw a NotSupportedError.
- return WebIDL::NotSupportedError::create(m_realm, "Invalid key format"_string);
- }
- // 5. Return result.
- return GC::Ref { *result };
- }
- // https://w3c.github.io/webcrypto/#hmac-operations
- WebIDL::ExceptionOr<JS::Value> HMAC::get_key_length(AlgorithmParams const& params)
- {
- auto const& normalized_derived_key_algorithm = static_cast<HmacImportParams const&>(params);
- WebIDL::UnsignedLong length;
- // 1. If the length member of normalizedDerivedKeyAlgorithm is not present:
- if (!normalized_derived_key_algorithm.length.has_value()) {
- // Let length be the block size in bits of the hash function identified by the hash member of
- // normalizedDerivedKeyAlgorithm.
- length = TRY(hmac_hash_block_size(m_realm, normalized_derived_key_algorithm.hash));
- }
- // Otherwise, if the length member of normalizedDerivedKeyAlgorithm is non-zero:
- else if (normalized_derived_key_algorithm.length.value() > 0) {
- // Let length be equal to the length member of normalizedDerivedKeyAlgorithm.
- length = normalized_derived_key_algorithm.length.value();
- }
- // Otherwise:
- else {
- // throw a TypeError.
- return WebIDL::SimpleException { WebIDL::SimpleExceptionType::TypeError, "Invalid key length"sv };
- }
- // 2. Return length.
- return JS::Value(length);
- }
- }
|