mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2024-11-22 15:40:19 +00:00
LibWeb: Support SubtleCrypto.exportKey for RSA-OAEP in JsonWebKey format
This commit is contained in:
parent
2599142214
commit
1521a60a67
Notes:
sideshowbarker
2024-07-17 10:16:43 +09:00
Author: https://github.com/ADKaster Commit: https://github.com/SerenityOS/serenity/commit/1521a60a67 Pull-request: https://github.com/SerenityOS/serenity/pull/23579
13 changed files with 367 additions and 6 deletions
|
@ -38,6 +38,7 @@ static bool is_platform_object(Type const& type)
|
|||
"CanvasGradient"sv,
|
||||
"CanvasPattern"sv,
|
||||
"CanvasRenderingContext2D"sv,
|
||||
"CryptoKey"sv,
|
||||
"Document"sv,
|
||||
"DocumentType"sv,
|
||||
"EventTarget"sv,
|
||||
|
|
|
@ -6,6 +6,7 @@ source_set("Crypto") {
|
|||
"Crypto.h",
|
||||
"CryptoAlgorithms.cpp",
|
||||
"CryptoAlgorithms.h",
|
||||
"CryptoBindings.cpp",
|
||||
"CryptoBindings.h",
|
||||
"CryptoKey.cpp",
|
||||
"CryptoKey.h",
|
||||
|
|
13
Tests/LibWeb/Text/expected/Crypto/SubtleCrypto-exportKey.txt
Normal file
13
Tests/LibWeb/Text/expected/Crypto/SubtleCrypto-exportKey.txt
Normal file
|
@ -0,0 +1,13 @@
|
|||
exportKey with RSA-OAEP algorithm
|
||||
exportedPublicKey kwt: RSA
|
||||
exportedPublicKey alg: RSA-OAEP-256
|
||||
exportedPublicKey exponent: AQAB
|
||||
exportedPublicKey key_ops: encrypt,wrapKey
|
||||
exportedPublicKey ext: true
|
||||
exportedPrivateKey kwt: RSA
|
||||
exportedPrivateKey alg: RSA-OAEP-256
|
||||
exportedPrivateKey exponent: AQAB
|
||||
exportedPrivateKey key_ops: decrypt,unwrapKey
|
||||
exportedPrivateKey ext: true
|
||||
FIXME: exportedPublicKey2: 4649584d45
|
||||
exportKey spki private key: InvalidAccessError Key is not public
|
52
Tests/LibWeb/Text/input/Crypto/SubtleCrypto-exportKey.html
Normal file
52
Tests/LibWeb/Text/input/Crypto/SubtleCrypto-exportKey.html
Normal file
|
@ -0,0 +1,52 @@
|
|||
<script src="../include.js"></script>
|
||||
<script>
|
||||
function bufferToHex(buffer) {
|
||||
return [...new Uint8Array(buffer)].map(b => b.toString(16).padStart(2, "0")).join("");
|
||||
}
|
||||
|
||||
asyncTest(async done => {
|
||||
let algorithm = {
|
||||
name: "RSA-OAEP",
|
||||
modulusLength: 512,
|
||||
publicExponent: new Uint8Array([1, 0, 1]),
|
||||
hash: "SHA-256",
|
||||
};
|
||||
|
||||
println("exportKey with RSA-OAEP algorithm");
|
||||
|
||||
let key = await window.crypto.subtle.generateKey(algorithm, true, [
|
||||
"encrypt",
|
||||
"decrypt",
|
||||
"wrapKey",
|
||||
"unwrapKey",
|
||||
]);
|
||||
|
||||
// FIXME: Create a roundtrip test that starts with a key object and imports it, then exports it.
|
||||
|
||||
let exportedPublicKey = await window.crypto.subtle.exportKey("jwk", key.publicKey);
|
||||
println(`exportedPublicKey kwt: ${exportedPublicKey.kty}`);
|
||||
println(`exportedPublicKey alg: ${exportedPublicKey.alg}`);
|
||||
println(`exportedPublicKey exponent: ${exportedPublicKey.e}`);
|
||||
println(`exportedPublicKey key_ops: ${exportedPublicKey.key_ops}`);
|
||||
println(`exportedPublicKey ext: ${exportedPublicKey.ext}`);
|
||||
|
||||
let exportedPrivateKey = await window.crypto.subtle.exportKey("jwk", key.privateKey);
|
||||
println(`exportedPrivateKey kwt: ${exportedPrivateKey.kty}`);
|
||||
println(`exportedPrivateKey alg: ${exportedPrivateKey.alg}`);
|
||||
println(`exportedPrivateKey exponent: ${exportedPrivateKey.e}`);
|
||||
println(`exportedPrivateKey key_ops: ${exportedPrivateKey.key_ops}`);
|
||||
println(`exportedPrivateKey ext: ${exportedPrivateKey.ext}`);
|
||||
|
||||
let exportedPublicKey2 = await window.crypto.subtle.exportKey("spki", key.publicKey);
|
||||
println(`FIXME: exportedPublicKey2: ${bufferToHex(exportedPublicKey2)}`);
|
||||
|
||||
try {
|
||||
let exportedPrivateKey2 = await window.crypto.subtle.exportKey("spki", key.privateKey);
|
||||
println("FAIL: Shouldn't be able to export private key as spki");
|
||||
} catch (e) {
|
||||
println(`exportKey spki private key: ${e.name} ${e.message}`);
|
||||
}
|
||||
|
||||
done();
|
||||
});
|
||||
</script>
|
|
@ -26,6 +26,7 @@ set(SOURCES
|
|||
Clipboard/Clipboard.cpp
|
||||
Crypto/Crypto.cpp
|
||||
Crypto/CryptoAlgorithms.cpp
|
||||
Crypto/CryptoBindings.cpp
|
||||
Crypto/KeyAlgorithms.cpp
|
||||
Crypto/CryptoKey.cpp
|
||||
Crypto/SubtleCrypto.cpp
|
||||
|
|
|
@ -4,6 +4,7 @@
|
|||
* SPDX-License-Identifier: BSD-2-Clause
|
||||
*/
|
||||
|
||||
#include <AK/Base64.h>
|
||||
#include <AK/QuickSort.h>
|
||||
#include <LibCrypto/Hash/HashManager.h>
|
||||
#include <LibCrypto/PK/RSA.h>
|
||||
|
@ -57,6 +58,34 @@ static ::Crypto::UnsignedBigInteger big_integer_from_api_big_integer(JS::GCPtr<J
|
|||
return result;
|
||||
}
|
||||
|
||||
// https://www.rfc-editor.org/rfc/rfc7518#section-2
|
||||
ErrorOr<String> base64_url_uint_encode(::Crypto::UnsignedBigInteger integer)
|
||||
{
|
||||
static_assert(AK::HostIsLittleEndian, "This code assumes little-endian");
|
||||
|
||||
// The representation of a positive or zero integer value as the
|
||||
// base64url encoding of the value's unsigned big-endian
|
||||
// representation as an octet sequence. The octet sequence MUST
|
||||
// utilize the minimum number of octets needed to represent the
|
||||
// value. Zero is represented as BASE64URL(single zero-valued
|
||||
// octet), which is "AA".
|
||||
|
||||
auto bytes = TRY(ByteBuffer::create_uninitialized(integer.trimmed_byte_length()));
|
||||
|
||||
bool const remove_leading_zeroes = true;
|
||||
auto data_size = integer.export_data(bytes.span(), remove_leading_zeroes);
|
||||
|
||||
auto data_slice = bytes.bytes().slice(bytes.size() - data_size, data_size);
|
||||
|
||||
// We need to encode the integer's big endian representation as a base64 string
|
||||
Vector<u8, 32> byte_swapped_data;
|
||||
byte_swapped_data.ensure_capacity(data_size);
|
||||
for (size_t i = 0; i < data_size; ++i)
|
||||
byte_swapped_data.append(data_slice[data_size - i - 1]);
|
||||
|
||||
return encode_base64(byte_swapped_data);
|
||||
}
|
||||
|
||||
AlgorithmParams::~AlgorithmParams() = default;
|
||||
|
||||
JS::ThrowCompletionOr<NonnullOwnPtr<AlgorithmParams>> AlgorithmParams::from_value(JS::VM& vm, JS::Value value)
|
||||
|
@ -227,6 +256,129 @@ WebIDL::ExceptionOr<Variant<JS::NonnullGCPtr<CryptoKey>, JS::NonnullGCPtr<Crypto
|
|||
return Variant<JS::NonnullGCPtr<CryptoKey>, JS::NonnullGCPtr<CryptoKeyPair>> { CryptoKeyPair::create(m_realm, public_key, private_key) };
|
||||
}
|
||||
|
||||
// https://w3c.github.io/webcrypto/#rsa-oaep-operations
|
||||
WebIDL::ExceptionOr<JS::NonnullGCPtr<JS::Object>> RSAOAEP::export_key(Bindings::KeyFormat format, JS::NonnullGCPtr<CryptoKey> key)
|
||||
{
|
||||
auto& realm = m_realm;
|
||||
auto& vm = realm.vm();
|
||||
|
||||
// 1. Let key be the key to be exported.
|
||||
|
||||
// 2. If the underlying cryptographic key material represented by the [[handle]] internal slot of key cannot be accessed, then throw an OperationError.
|
||||
// Note: In our impl this is always accessible
|
||||
auto const& handle = key->handle();
|
||||
|
||||
JS::GCPtr<JS::Object> result = nullptr;
|
||||
|
||||
// 3. If format is "spki"
|
||||
if (format == Bindings::KeyFormat::Spki) {
|
||||
// 1. If the [[type]] internal slot of key is not "public", then throw an InvalidAccessError.
|
||||
if (key->type() != Bindings::KeyType::Public)
|
||||
return WebIDL::InvalidAccessError::create(realm, "Key is not public"_fly_string);
|
||||
|
||||
// FIXME: 2. Let data be an instance of the subjectPublicKeyInfo ASN.1 structure defined in [RFC5280] with the following properties:
|
||||
// - Set the algorithm field to an AlgorithmIdentifier ASN.1 type with the following properties:
|
||||
// - Set the algorithm field to the OID rsaEncryption defined in [RFC3447].
|
||||
// - Set the params field to the ASN.1 type NULL.
|
||||
// - Set the subjectPublicKey field to the result of DER-encoding an RSAPublicKey ASN.1 type, as defined in [RFC3447], Appendix A.1.1,
|
||||
// that represents the RSA public key represented by the [[handle]] internal slot of key
|
||||
|
||||
// FIXME: 3. Let result be the result of creating an ArrayBuffer containing data.
|
||||
result = JS::ArrayBuffer::create(realm, TRY_OR_THROW_OOM(vm, ByteBuffer::copy(("FIXME"sv).bytes())));
|
||||
}
|
||||
|
||||
// FIXME: If format is "pkcs8"
|
||||
|
||||
// If format is "jwk"
|
||||
else if (format == Bindings::KeyFormat::Jwk) {
|
||||
// 1. Let jwk be a new JsonWebKey dictionary.
|
||||
Bindings::JsonWebKey jwk = {};
|
||||
|
||||
// 2. Set the kty attribute of jwk to the string "RSA".
|
||||
jwk.kty = "RSA"_string;
|
||||
|
||||
// 4. Let hash be the name attribute of the hash attribute of the [[algorithm]] internal slot of key.
|
||||
auto hash = TRY(verify_cast<RsaHashedKeyAlgorithm>(*key->algorithm()).hash().visit([](String const& name) -> JS::ThrowCompletionOr<String> { return name; }, [&](JS::Handle<JS::Object> const& obj) -> JS::ThrowCompletionOr<String> {
|
||||
auto name_property = TRY(obj->get("name"));
|
||||
return name_property.to_string(realm.vm()); }));
|
||||
|
||||
// 4. If hash is "SHA-1":
|
||||
// - Set the alg attribute of jwk to the string "RSA-OAEP".
|
||||
if (hash == "SHA-1"sv) {
|
||||
jwk.alg = "RSA-OAEP"_string;
|
||||
}
|
||||
// If hash is "SHA-256":
|
||||
// - Set the alg attribute of jwk to the string "RSA-OAEP-256".
|
||||
else if (hash == "SHA-256"sv) {
|
||||
jwk.alg = "RSA-OAEP-256"_string;
|
||||
}
|
||||
// If hash is "SHA-384":
|
||||
// - Set the alg attribute of jwk to the string "RSA-OAEP-384".
|
||||
else if (hash == "SHA-384"sv) {
|
||||
jwk.alg = "RSA-OAEP-384"_string;
|
||||
}
|
||||
// If hash is "SHA-512":
|
||||
// - Set the alg attribute of jwk to the string "RSA-OAEP-512".
|
||||
else if (hash == "SHA-512"sv) {
|
||||
jwk.alg = "RSA-OAEP-512"_string;
|
||||
} else {
|
||||
// FIXME: Support 'other applicable specifications'
|
||||
// - Perform any key export steps defined by other applicable specifications,
|
||||
// passing format and the hash attribute of the [[algorithm]] internal slot of key and obtaining alg.
|
||||
// - Set the alg attribute of jwk to alg.
|
||||
return WebIDL::NotSupportedError::create(realm, TRY_OR_THROW_OOM(vm, String::formatted("Unsupported hash algorithm '{}'", hash)));
|
||||
}
|
||||
|
||||
// 10. Set the attributes n and e of jwk according to the corresponding definitions in JSON Web Algorithms [JWA], Section 6.3.1.
|
||||
auto maybe_error = handle.visit(
|
||||
[&](::Crypto::PK::RSAPublicKey<> const& public_key) -> ErrorOr<void> {
|
||||
jwk.n = TRY(base64_url_uint_encode(public_key.modulus()));
|
||||
jwk.e = TRY(base64_url_uint_encode(public_key.public_exponent()));
|
||||
return {};
|
||||
},
|
||||
[&](::Crypto::PK::RSAPrivateKey<> const& private_key) -> ErrorOr<void> {
|
||||
jwk.n = TRY(base64_url_uint_encode(private_key.modulus()));
|
||||
jwk.e = TRY(base64_url_uint_encode(private_key.public_exponent()));
|
||||
|
||||
// 11. If the [[type]] internal slot of key is "private":
|
||||
// 1. Set the attributes named d, p, q, dp, dq, and qi of jwk according to the corresponding definitions in JSON Web Algorithms [JWA], Section 6.3.2.
|
||||
jwk.d = TRY(base64_url_uint_encode(private_key.private_exponent()));
|
||||
// FIXME: Add p, q, dq, qi
|
||||
|
||||
// 12. If the underlying RSA private key represented by the [[handle]] internal slot of key is represented by more than two primes,
|
||||
// set the attribute named oth of jwk according to the corresponding definition in JSON Web Algorithms [JWA], Section 6.3.2.7
|
||||
// FIXME: We don't support more than 2 primes on RSA keys
|
||||
return {};
|
||||
},
|
||||
[](auto) -> ErrorOr<void> {
|
||||
VERIFY_NOT_REACHED();
|
||||
});
|
||||
// FIXME: clang-format butchers the visit if we do the TRY inline
|
||||
TRY_OR_THROW_OOM(vm, maybe_error);
|
||||
|
||||
// 13. Set the key_ops attribute of jwk to the usages attribute of key.
|
||||
jwk.key_ops = Vector<String> {};
|
||||
jwk.key_ops->ensure_capacity(key->internal_usages().size());
|
||||
for (auto const& usage : key->internal_usages()) {
|
||||
jwk.key_ops->append(Bindings::idl_enum_to_string(usage));
|
||||
}
|
||||
|
||||
// 14. Set the ext attribute of jwk to the [[extractable]] internal slot of key.
|
||||
jwk.ext = key->extractable();
|
||||
|
||||
// 15. Let result be the result of converting jwk to an ECMAScript Object, as defined by [WebIDL].
|
||||
result = TRY(jwk.to_object(realm));
|
||||
}
|
||||
|
||||
// Otherwise throw a NotSupportedError.
|
||||
else {
|
||||
return WebIDL::NotSupportedError::create(realm, TRY_OR_THROW_OOM(vm, String::formatted("Exporting to format {} is not supported", Bindings::idl_enum_to_string(format))));
|
||||
}
|
||||
|
||||
// 8. Return result
|
||||
return JS::NonnullGCPtr { *result };
|
||||
}
|
||||
|
||||
WebIDL::ExceptionOr<JS::NonnullGCPtr<CryptoKey>> PBKDF2::import_key(AlgorithmParams const&, Bindings::KeyFormat format, CryptoKey::InternalKeyData key_data, bool extractable, Vector<Bindings::KeyUsage> const& key_usages)
|
||||
{
|
||||
// 1. If format is not "raw", throw a NotSupportedError
|
||||
|
|
|
@ -106,6 +106,11 @@ public:
|
|||
return WebIDL::NotSupportedError::create(m_realm, "generateKey is not supported"_fly_string);
|
||||
}
|
||||
|
||||
virtual WebIDL::ExceptionOr<JS::NonnullGCPtr<JS::Object>> export_key(Bindings::KeyFormat, JS::NonnullGCPtr<CryptoKey>)
|
||||
{
|
||||
return WebIDL::NotSupportedError::create(m_realm, "exportKey is not supported"_fly_string);
|
||||
}
|
||||
|
||||
static NonnullOwnPtr<AlgorithmMethods> create(JS::Realm& realm) { return adopt_own(*new AlgorithmMethods(realm)); }
|
||||
|
||||
protected:
|
||||
|
@ -120,6 +125,7 @@ protected:
|
|||
class RSAOAEP : public AlgorithmMethods {
|
||||
public:
|
||||
virtual WebIDL::ExceptionOr<Variant<JS::NonnullGCPtr<CryptoKey>, JS::NonnullGCPtr<CryptoKeyPair>>> generate_key(AlgorithmParams const&, bool, Vector<Bindings::KeyUsage> const&) override;
|
||||
virtual WebIDL::ExceptionOr<JS::NonnullGCPtr<JS::Object>> export_key(Bindings::KeyFormat, JS::NonnullGCPtr<CryptoKey>) override;
|
||||
|
||||
static NonnullOwnPtr<AlgorithmMethods> create(JS::Realm& realm) { return adopt_own(*new RSAOAEP(realm)); }
|
||||
|
||||
|
@ -156,4 +162,6 @@ private:
|
|||
}
|
||||
};
|
||||
|
||||
ErrorOr<String> base64_url_uint_encode(::Crypto::UnsignedBigInteger);
|
||||
|
||||
}
|
||||
|
|
81
Userland/Libraries/LibWeb/Crypto/CryptoBindings.cpp
Normal file
81
Userland/Libraries/LibWeb/Crypto/CryptoBindings.cpp
Normal file
|
@ -0,0 +1,81 @@
|
|||
/*
|
||||
* Copyright (c) 2024, Andrew Kaster <akaster@serenityos.org>
|
||||
*
|
||||
* SPDX-License-Identifier: BSD-2-Clause
|
||||
*/
|
||||
|
||||
#include <LibJS/Runtime/Array.h>
|
||||
#include <LibJS/Runtime/Object.h>
|
||||
#include <LibJS/Runtime/Realm.h>
|
||||
#include <LibWeb/Crypto/CryptoBindings.h>
|
||||
|
||||
namespace Web::Bindings {
|
||||
|
||||
JS::ThrowCompletionOr<JS::NonnullGCPtr<JS::Object>> JsonWebKey::to_object(JS::Realm& realm)
|
||||
{
|
||||
auto& vm = realm.vm();
|
||||
auto object = JS::Object::create(realm, realm.intrinsics().object_prototype());
|
||||
|
||||
if (kty.has_value())
|
||||
TRY(object->create_data_property("kty", JS::PrimitiveString::create(vm, kty.value())));
|
||||
|
||||
if (use.has_value())
|
||||
TRY(object->create_data_property("use", JS::PrimitiveString::create(vm, use.value())));
|
||||
|
||||
if (key_ops.has_value()) {
|
||||
auto key_ops_array = JS::Array::create_from<String>(realm, key_ops.value().span(), [&](auto& key_usage) -> JS::Value {
|
||||
return JS::PrimitiveString::create(realm.vm(), key_usage);
|
||||
});
|
||||
TRY(object->create_data_property("key_ops", move(key_ops_array)));
|
||||
}
|
||||
|
||||
if (alg.has_value())
|
||||
TRY(object->create_data_property("alg", JS::PrimitiveString::create(vm, alg.value())));
|
||||
|
||||
if (ext.has_value())
|
||||
TRY(object->create_data_property("ext", JS::Value(ext.value())));
|
||||
|
||||
if (crv.has_value())
|
||||
TRY(object->create_data_property("crv", JS::PrimitiveString::create(vm, crv.value())));
|
||||
|
||||
if (x.has_value())
|
||||
TRY(object->create_data_property("x", JS::PrimitiveString::create(vm, x.value())));
|
||||
|
||||
if (y.has_value())
|
||||
TRY(object->create_data_property("y", JS::PrimitiveString::create(vm, y.value())));
|
||||
|
||||
if (d.has_value())
|
||||
TRY(object->create_data_property("d", JS::PrimitiveString::create(vm, d.value())));
|
||||
|
||||
if (n.has_value())
|
||||
TRY(object->create_data_property("n", JS::PrimitiveString::create(vm, n.value())));
|
||||
|
||||
if (e.has_value())
|
||||
TRY(object->create_data_property("e", JS::PrimitiveString::create(vm, e.value())));
|
||||
|
||||
if (p.has_value())
|
||||
TRY(object->create_data_property("p", JS::PrimitiveString::create(vm, p.value())));
|
||||
|
||||
if (q.has_value())
|
||||
TRY(object->create_data_property("q", JS::PrimitiveString::create(vm, q.value())));
|
||||
|
||||
if (dp.has_value())
|
||||
TRY(object->create_data_property("dp", JS::PrimitiveString::create(vm, dp.value())));
|
||||
|
||||
if (dq.has_value())
|
||||
TRY(object->create_data_property("dq", JS::PrimitiveString::create(vm, dq.value())));
|
||||
|
||||
if (qi.has_value())
|
||||
TRY(object->create_data_property("qi", JS::PrimitiveString::create(vm, qi.value())));
|
||||
|
||||
if (oth.has_value()) {
|
||||
TODO();
|
||||
}
|
||||
|
||||
if (k.has_value())
|
||||
TRY(object->create_data_property("k", JS::PrimitiveString::create(vm, k.value())));
|
||||
|
||||
return object;
|
||||
}
|
||||
|
||||
}
|
|
@ -1,5 +1,6 @@
|
|||
/*
|
||||
* Copyright (c) 2023, stelar7 <dudedbz@gmail.com>
|
||||
* Copyright (c) 2024, Andrew Kaster <akaster@serenityos.org>
|
||||
*
|
||||
* SPDX-License-Identifier: BSD-2-Clause
|
||||
*/
|
||||
|
@ -9,8 +10,7 @@
|
|||
#include <AK/Optional.h>
|
||||
#include <AK/String.h>
|
||||
#include <AK/Vector.h>
|
||||
#include <LibJS/Runtime/Object.h>
|
||||
#include <LibWeb/WebIDL/Buffers.h>
|
||||
#include <LibCrypto/BigInt/UnsignedBigInteger.h>
|
||||
|
||||
// FIXME: Generate these from IDL
|
||||
namespace Web::Bindings {
|
||||
|
@ -42,6 +42,8 @@ struct JsonWebKey {
|
|||
Optional<String> qi;
|
||||
Optional<Vector<RsaOtherPrimesInfo>> oth;
|
||||
Optional<String> k;
|
||||
|
||||
JS::ThrowCompletionOr<JS::NonnullGCPtr<JS::Object>> to_object(JS::Realm&);
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -39,6 +39,8 @@ public:
|
|||
void set_algorithm(JS::NonnullGCPtr<Object> algorithm) { m_algorithm = move(algorithm); }
|
||||
void set_usages(Vector<Bindings::KeyUsage>);
|
||||
|
||||
InternalKeyData const& handle() const { return m_key_data; }
|
||||
|
||||
private:
|
||||
CryptoKey(JS::Realm&, InternalKeyData);
|
||||
virtual void initialize(JS::Realm&) override;
|
||||
|
@ -50,7 +52,7 @@ private:
|
|||
JS::NonnullGCPtr<Object> m_usages;
|
||||
|
||||
Vector<Bindings::KeyUsage> m_key_usages;
|
||||
InternalKeyData m_key_data;
|
||||
InternalKeyData m_key_data; // [[handle]]
|
||||
};
|
||||
|
||||
// https://w3c.github.io/webcrypto/#ref-for-dfn-CryptoKeyPair-2
|
||||
|
|
|
@ -11,6 +11,7 @@
|
|||
#include <LibJS/Runtime/Promise.h>
|
||||
#include <LibWeb/Bindings/ExceptionOrUtils.h>
|
||||
#include <LibWeb/Bindings/Intrinsics.h>
|
||||
#include <LibWeb/Crypto/KeyAlgorithms.h>
|
||||
#include <LibWeb/Crypto/SubtleCrypto.h>
|
||||
#include <LibWeb/HTML/Scripting/TemporaryExecutionContext.h>
|
||||
#include <LibWeb/Platform/EventLoopPlugin.h>
|
||||
|
@ -289,6 +290,52 @@ JS::ThrowCompletionOr<JS::NonnullGCPtr<JS::Promise>> SubtleCrypto::import_key(Bi
|
|||
return verify_cast<JS::Promise>(*promise->promise());
|
||||
}
|
||||
|
||||
// https://w3c.github.io/webcrypto/#dfn-SubtleCrypto-method-exportKey
|
||||
JS::ThrowCompletionOr<JS::NonnullGCPtr<JS::Promise>> SubtleCrypto::export_key(Bindings::KeyFormat format, JS::NonnullGCPtr<CryptoKey> key)
|
||||
{
|
||||
auto& realm = this->realm();
|
||||
// 1. Let format and key be the format and key parameters passed to the exportKey() method, respectively.
|
||||
|
||||
// 2. Let promise be a new Promise.
|
||||
auto promise = WebIDL::create_promise(realm);
|
||||
|
||||
// 3. Return promise and perform the remaining steps in parallel.
|
||||
Platform::EventLoopPlugin::the().deferred_invoke([&realm, key, this, promise, format]() -> void {
|
||||
HTML::TemporaryExecutionContext context(Bindings::host_defined_environment_settings_object(realm), HTML::TemporaryExecutionContext::CallbacksEnabled::Yes);
|
||||
// 4. If the following steps or referenced procedures say to throw an error, reject promise with the returned error and then terminate the algorithm.
|
||||
|
||||
// 5. If the name member of the [[algorithm]] internal slot of key does not identify a registered algorithm that supports the export key operation,
|
||||
// then throw a NotSupportedError.
|
||||
// Note: Handled by the base AlgorithmMethods implementation
|
||||
auto& algorithm = verify_cast<KeyAlgorithm>(*key->algorithm());
|
||||
// FIXME: Stash the AlgorithmMethods on the KeyAlgorithm
|
||||
auto normalized_algorithm_or_error = normalize_an_algorithm(algorithm.name(), "exportKey"_string);
|
||||
if (normalized_algorithm_or_error.is_error()) {
|
||||
WebIDL::reject_promise(realm, promise, Bindings::dom_exception_to_throw_completion(realm.vm(), normalized_algorithm_or_error.release_error()).release_value().value());
|
||||
return;
|
||||
}
|
||||
auto normalized_algorithm = normalized_algorithm_or_error.release_value();
|
||||
|
||||
// 6. If the [[extractable]] internal slot of key is false, then throw an InvalidAccessError.
|
||||
if (!key->extractable()) {
|
||||
WebIDL::reject_promise(realm, promise, WebIDL::InvalidAccessError::create(realm, "Key is not extractable"_fly_string));
|
||||
return;
|
||||
}
|
||||
|
||||
// 7. Let result be the result of performing the export key operation specified by the [[algorithm]] internal slot of key using key and format.
|
||||
auto result_or_error = normalized_algorithm.methods->export_key(format, key);
|
||||
if (result_or_error.is_error()) {
|
||||
WebIDL::reject_promise(realm, promise, Bindings::dom_exception_to_throw_completion(realm.vm(), result_or_error.release_error()).release_value().value());
|
||||
return;
|
||||
}
|
||||
|
||||
// 8. Resolve promise with result.
|
||||
WebIDL::resolve_promise(realm, promise, result_or_error.release_value());
|
||||
});
|
||||
|
||||
return verify_cast<JS::Promise>(*promise->promise());
|
||||
}
|
||||
|
||||
SubtleCrypto::SupportedAlgorithmsMap& SubtleCrypto::supported_algorithms_internal()
|
||||
{
|
||||
static SubtleCrypto::SupportedAlgorithmsMap s_supported_algorithms;
|
||||
|
@ -339,7 +386,8 @@ SubtleCrypto::SupportedAlgorithmsMap SubtleCrypto::supported_algorithms()
|
|||
|
||||
// https://w3c.github.io/webcrypto/#rsa-oaep
|
||||
define_an_algorithm<RSAOAEP, RsaHashedKeyGenParams>("generateKey"_string, "RSA-OAEP"_string);
|
||||
// FIXME: encrypt, decrypt, importKey, exportKey
|
||||
define_an_algorithm<RSAOAEP>("exportKey"_string, "RSA-OAEP"_string);
|
||||
// FIXME: encrypt, decrypt, importKey
|
||||
|
||||
return internal_object;
|
||||
}
|
||||
|
|
|
@ -14,7 +14,6 @@
|
|||
#include <LibWeb/Bindings/PlatformObject.h>
|
||||
#include <LibWeb/Bindings/SubtleCryptoPrototype.h>
|
||||
#include <LibWeb/Crypto/CryptoAlgorithms.h>
|
||||
#include <LibWeb/Crypto/CryptoBindings.h>
|
||||
#include <LibWeb/Crypto/CryptoKey.h>
|
||||
|
||||
namespace Web::Crypto {
|
||||
|
@ -39,6 +38,7 @@ public:
|
|||
JS::ThrowCompletionOr<JS::NonnullGCPtr<JS::Promise>> generate_key(AlgorithmIdentifier algorithm, bool extractable, Vector<Bindings::KeyUsage> key_usages);
|
||||
|
||||
JS::ThrowCompletionOr<JS::NonnullGCPtr<JS::Promise>> import_key(Bindings::KeyFormat format, KeyDataType key_data, AlgorithmIdentifier algorithm, bool extractable, Vector<Bindings::KeyUsage> key_usages);
|
||||
JS::ThrowCompletionOr<JS::NonnullGCPtr<JS::Promise>> export_key(Bindings::KeyFormat format, JS::NonnullGCPtr<CryptoKey> key);
|
||||
|
||||
private:
|
||||
explicit SubtleCrypto(JS::Realm&);
|
||||
|
|
|
@ -57,7 +57,7 @@ interface SubtleCrypto {
|
|||
// FIXME: Promise<ArrayBuffer> deriveBits(AlgorithmIdentifier algorithm, CryptoKey baseKey, unsigned long length);
|
||||
|
||||
Promise<CryptoKey> importKey(KeyFormat format, (BufferSource or JsonWebKey) keyData, AlgorithmIdentifier algorithm, boolean extractable, sequence<KeyUsage> keyUsages);
|
||||
// FIXME: Promise<any> exportKey(KeyFormat format, CryptoKey key);
|
||||
Promise<any> exportKey(KeyFormat format, CryptoKey key);
|
||||
|
||||
// FIXME: Promise<any> wrapKey(KeyFormat format, CryptoKey key, CryptoKey wrappingKey, AlgorithmIdentifier wrapAlgorithm);
|
||||
// FIXME: Promise<CryptoKey> unwrapKey(KeyFormat format, BufferSource wrappedKey, CryptoKey unwrappingKey, AlgorithmIdentifier unwrapAlgorithm, AlgorithmIdentifier unwrappedKeyAlgorithm, boolean extractable, sequence<KeyUsage> keyUsages);
|
||||
|
|
Loading…
Reference in a new issue