LibWeb: Support SubtleCrypto.exportKey for RSA-OAEP in JsonWebKey format

This commit is contained in:
Andrew Kaster 2024-03-13 21:19:57 -06:00 committed by Andrew Kaster
parent 2599142214
commit 1521a60a67
Notes: sideshowbarker 2024-07-17 10:16:43 +09:00
13 changed files with 367 additions and 6 deletions

View file

@ -38,6 +38,7 @@ static bool is_platform_object(Type const& type)
"CanvasGradient"sv,
"CanvasPattern"sv,
"CanvasRenderingContext2D"sv,
"CryptoKey"sv,
"Document"sv,
"DocumentType"sv,
"EventTarget"sv,

View file

@ -6,6 +6,7 @@ source_set("Crypto") {
"Crypto.h",
"CryptoAlgorithms.cpp",
"CryptoAlgorithms.h",
"CryptoBindings.cpp",
"CryptoBindings.h",
"CryptoKey.cpp",
"CryptoKey.h",

View file

@ -0,0 +1,13 @@
exportKey with RSA-OAEP algorithm
exportedPublicKey kwt: RSA
exportedPublicKey alg: RSA-OAEP-256
exportedPublicKey exponent: AQAB
exportedPublicKey key_ops: encrypt,wrapKey
exportedPublicKey ext: true
exportedPrivateKey kwt: RSA
exportedPrivateKey alg: RSA-OAEP-256
exportedPrivateKey exponent: AQAB
exportedPrivateKey key_ops: decrypt,unwrapKey
exportedPrivateKey ext: true
FIXME: exportedPublicKey2: 4649584d45
exportKey spki private key: InvalidAccessError Key is not public

View file

@ -0,0 +1,52 @@
<script src="../include.js"></script>
<script>
function bufferToHex(buffer) {
return [...new Uint8Array(buffer)].map(b => b.toString(16).padStart(2, "0")).join("");
}
asyncTest(async done => {
let algorithm = {
name: "RSA-OAEP",
modulusLength: 512,
publicExponent: new Uint8Array([1, 0, 1]),
hash: "SHA-256",
};
println("exportKey with RSA-OAEP algorithm");
let key = await window.crypto.subtle.generateKey(algorithm, true, [
"encrypt",
"decrypt",
"wrapKey",
"unwrapKey",
]);
// FIXME: Create a roundtrip test that starts with a key object and imports it, then exports it.
let exportedPublicKey = await window.crypto.subtle.exportKey("jwk", key.publicKey);
println(`exportedPublicKey kwt: ${exportedPublicKey.kty}`);
println(`exportedPublicKey alg: ${exportedPublicKey.alg}`);
println(`exportedPublicKey exponent: ${exportedPublicKey.e}`);
println(`exportedPublicKey key_ops: ${exportedPublicKey.key_ops}`);
println(`exportedPublicKey ext: ${exportedPublicKey.ext}`);
let exportedPrivateKey = await window.crypto.subtle.exportKey("jwk", key.privateKey);
println(`exportedPrivateKey kwt: ${exportedPrivateKey.kty}`);
println(`exportedPrivateKey alg: ${exportedPrivateKey.alg}`);
println(`exportedPrivateKey exponent: ${exportedPrivateKey.e}`);
println(`exportedPrivateKey key_ops: ${exportedPrivateKey.key_ops}`);
println(`exportedPrivateKey ext: ${exportedPrivateKey.ext}`);
let exportedPublicKey2 = await window.crypto.subtle.exportKey("spki", key.publicKey);
println(`FIXME: exportedPublicKey2: ${bufferToHex(exportedPublicKey2)}`);
try {
let exportedPrivateKey2 = await window.crypto.subtle.exportKey("spki", key.privateKey);
println("FAIL: Shouldn't be able to export private key as spki");
} catch (e) {
println(`exportKey spki private key: ${e.name} ${e.message}`);
}
done();
});
</script>

View file

@ -26,6 +26,7 @@ set(SOURCES
Clipboard/Clipboard.cpp
Crypto/Crypto.cpp
Crypto/CryptoAlgorithms.cpp
Crypto/CryptoBindings.cpp
Crypto/KeyAlgorithms.cpp
Crypto/CryptoKey.cpp
Crypto/SubtleCrypto.cpp

View file

@ -4,6 +4,7 @@
* SPDX-License-Identifier: BSD-2-Clause
*/
#include <AK/Base64.h>
#include <AK/QuickSort.h>
#include <LibCrypto/Hash/HashManager.h>
#include <LibCrypto/PK/RSA.h>
@ -57,6 +58,34 @@ static ::Crypto::UnsignedBigInteger big_integer_from_api_big_integer(JS::GCPtr<J
return result;
}
// https://www.rfc-editor.org/rfc/rfc7518#section-2
ErrorOr<String> base64_url_uint_encode(::Crypto::UnsignedBigInteger integer)
{
static_assert(AK::HostIsLittleEndian, "This code assumes little-endian");
// The representation of a positive or zero integer value as the
// base64url encoding of the value's unsigned big-endian
// representation as an octet sequence. The octet sequence MUST
// utilize the minimum number of octets needed to represent the
// value. Zero is represented as BASE64URL(single zero-valued
// octet), which is "AA".
auto bytes = TRY(ByteBuffer::create_uninitialized(integer.trimmed_byte_length()));
bool const remove_leading_zeroes = true;
auto data_size = integer.export_data(bytes.span(), remove_leading_zeroes);
auto data_slice = bytes.bytes().slice(bytes.size() - data_size, data_size);
// We need to encode the integer's big endian representation as a base64 string
Vector<u8, 32> byte_swapped_data;
byte_swapped_data.ensure_capacity(data_size);
for (size_t i = 0; i < data_size; ++i)
byte_swapped_data.append(data_slice[data_size - i - 1]);
return encode_base64(byte_swapped_data);
}
AlgorithmParams::~AlgorithmParams() = default;
JS::ThrowCompletionOr<NonnullOwnPtr<AlgorithmParams>> AlgorithmParams::from_value(JS::VM& vm, JS::Value value)
@ -227,6 +256,129 @@ WebIDL::ExceptionOr<Variant<JS::NonnullGCPtr<CryptoKey>, JS::NonnullGCPtr<Crypto
return Variant<JS::NonnullGCPtr<CryptoKey>, JS::NonnullGCPtr<CryptoKeyPair>> { CryptoKeyPair::create(m_realm, public_key, private_key) };
}
// https://w3c.github.io/webcrypto/#rsa-oaep-operations
WebIDL::ExceptionOr<JS::NonnullGCPtr<JS::Object>> RSAOAEP::export_key(Bindings::KeyFormat format, JS::NonnullGCPtr<CryptoKey> key)
{
auto& realm = m_realm;
auto& vm = realm.vm();
// 1. Let key be the key to be exported.
// 2. If the underlying cryptographic key material represented by the [[handle]] internal slot of key cannot be accessed, then throw an OperationError.
// Note: In our impl this is always accessible
auto const& handle = key->handle();
JS::GCPtr<JS::Object> result = nullptr;
// 3. If format is "spki"
if (format == Bindings::KeyFormat::Spki) {
// 1. If the [[type]] internal slot of key is not "public", then throw an InvalidAccessError.
if (key->type() != Bindings::KeyType::Public)
return WebIDL::InvalidAccessError::create(realm, "Key is not public"_fly_string);
// FIXME: 2. Let data be an instance of the subjectPublicKeyInfo ASN.1 structure defined in [RFC5280] with the following properties:
// - Set the algorithm field to an AlgorithmIdentifier ASN.1 type with the following properties:
// - Set the algorithm field to the OID rsaEncryption defined in [RFC3447].
// - Set the params field to the ASN.1 type NULL.
// - Set the subjectPublicKey field to the result of DER-encoding an RSAPublicKey ASN.1 type, as defined in [RFC3447], Appendix A.1.1,
// that represents the RSA public key represented by the [[handle]] internal slot of key
// FIXME: 3. Let result be the result of creating an ArrayBuffer containing data.
result = JS::ArrayBuffer::create(realm, TRY_OR_THROW_OOM(vm, ByteBuffer::copy(("FIXME"sv).bytes())));
}
// FIXME: If format is "pkcs8"
// If format is "jwk"
else if (format == Bindings::KeyFormat::Jwk) {
// 1. Let jwk be a new JsonWebKey dictionary.
Bindings::JsonWebKey jwk = {};
// 2. Set the kty attribute of jwk to the string "RSA".
jwk.kty = "RSA"_string;
// 4. Let hash be the name attribute of the hash attribute of the [[algorithm]] internal slot of key.
auto hash = TRY(verify_cast<RsaHashedKeyAlgorithm>(*key->algorithm()).hash().visit([](String const& name) -> JS::ThrowCompletionOr<String> { return name; }, [&](JS::Handle<JS::Object> const& obj) -> JS::ThrowCompletionOr<String> {
auto name_property = TRY(obj->get("name"));
return name_property.to_string(realm.vm()); }));
// 4. If hash is "SHA-1":
// - Set the alg attribute of jwk to the string "RSA-OAEP".
if (hash == "SHA-1"sv) {
jwk.alg = "RSA-OAEP"_string;
}
// If hash is "SHA-256":
// - Set the alg attribute of jwk to the string "RSA-OAEP-256".
else if (hash == "SHA-256"sv) {
jwk.alg = "RSA-OAEP-256"_string;
}
// If hash is "SHA-384":
// - Set the alg attribute of jwk to the string "RSA-OAEP-384".
else if (hash == "SHA-384"sv) {
jwk.alg = "RSA-OAEP-384"_string;
}
// If hash is "SHA-512":
// - Set the alg attribute of jwk to the string "RSA-OAEP-512".
else if (hash == "SHA-512"sv) {
jwk.alg = "RSA-OAEP-512"_string;
} else {
// FIXME: Support 'other applicable specifications'
// - Perform any key export steps defined by other applicable specifications,
// passing format and the hash attribute of the [[algorithm]] internal slot of key and obtaining alg.
// - Set the alg attribute of jwk to alg.
return WebIDL::NotSupportedError::create(realm, TRY_OR_THROW_OOM(vm, String::formatted("Unsupported hash algorithm '{}'", hash)));
}
// 10. Set the attributes n and e of jwk according to the corresponding definitions in JSON Web Algorithms [JWA], Section 6.3.1.
auto maybe_error = handle.visit(
[&](::Crypto::PK::RSAPublicKey<> const& public_key) -> ErrorOr<void> {
jwk.n = TRY(base64_url_uint_encode(public_key.modulus()));
jwk.e = TRY(base64_url_uint_encode(public_key.public_exponent()));
return {};
},
[&](::Crypto::PK::RSAPrivateKey<> const& private_key) -> ErrorOr<void> {
jwk.n = TRY(base64_url_uint_encode(private_key.modulus()));
jwk.e = TRY(base64_url_uint_encode(private_key.public_exponent()));
// 11. If the [[type]] internal slot of key is "private":
// 1. Set the attributes named d, p, q, dp, dq, and qi of jwk according to the corresponding definitions in JSON Web Algorithms [JWA], Section 6.3.2.
jwk.d = TRY(base64_url_uint_encode(private_key.private_exponent()));
// FIXME: Add p, q, dq, qi
// 12. If the underlying RSA private key represented by the [[handle]] internal slot of key is represented by more than two primes,
// set the attribute named oth of jwk according to the corresponding definition in JSON Web Algorithms [JWA], Section 6.3.2.7
// FIXME: We don't support more than 2 primes on RSA keys
return {};
},
[](auto) -> ErrorOr<void> {
VERIFY_NOT_REACHED();
});
// FIXME: clang-format butchers the visit if we do the TRY inline
TRY_OR_THROW_OOM(vm, maybe_error);
// 13. Set the key_ops attribute of jwk to the usages attribute of key.
jwk.key_ops = Vector<String> {};
jwk.key_ops->ensure_capacity(key->internal_usages().size());
for (auto const& usage : key->internal_usages()) {
jwk.key_ops->append(Bindings::idl_enum_to_string(usage));
}
// 14. Set the ext attribute of jwk to the [[extractable]] internal slot of key.
jwk.ext = key->extractable();
// 15. Let result be the result of converting jwk to an ECMAScript Object, as defined by [WebIDL].
result = TRY(jwk.to_object(realm));
}
// Otherwise throw a NotSupportedError.
else {
return WebIDL::NotSupportedError::create(realm, TRY_OR_THROW_OOM(vm, String::formatted("Exporting to format {} is not supported", Bindings::idl_enum_to_string(format))));
}
// 8. Return result
return JS::NonnullGCPtr { *result };
}
WebIDL::ExceptionOr<JS::NonnullGCPtr<CryptoKey>> PBKDF2::import_key(AlgorithmParams const&, Bindings::KeyFormat format, CryptoKey::InternalKeyData key_data, bool extractable, Vector<Bindings::KeyUsage> const& key_usages)
{
// 1. If format is not "raw", throw a NotSupportedError

View file

@ -106,6 +106,11 @@ public:
return WebIDL::NotSupportedError::create(m_realm, "generateKey is not supported"_fly_string);
}
virtual WebIDL::ExceptionOr<JS::NonnullGCPtr<JS::Object>> export_key(Bindings::KeyFormat, JS::NonnullGCPtr<CryptoKey>)
{
return WebIDL::NotSupportedError::create(m_realm, "exportKey is not supported"_fly_string);
}
static NonnullOwnPtr<AlgorithmMethods> create(JS::Realm& realm) { return adopt_own(*new AlgorithmMethods(realm)); }
protected:
@ -120,6 +125,7 @@ protected:
class RSAOAEP : public AlgorithmMethods {
public:
virtual WebIDL::ExceptionOr<Variant<JS::NonnullGCPtr<CryptoKey>, JS::NonnullGCPtr<CryptoKeyPair>>> generate_key(AlgorithmParams const&, bool, Vector<Bindings::KeyUsage> const&) override;
virtual WebIDL::ExceptionOr<JS::NonnullGCPtr<JS::Object>> export_key(Bindings::KeyFormat, JS::NonnullGCPtr<CryptoKey>) override;
static NonnullOwnPtr<AlgorithmMethods> create(JS::Realm& realm) { return adopt_own(*new RSAOAEP(realm)); }
@ -156,4 +162,6 @@ private:
}
};
ErrorOr<String> base64_url_uint_encode(::Crypto::UnsignedBigInteger);
}

View file

@ -0,0 +1,81 @@
/*
* Copyright (c) 2024, Andrew Kaster <akaster@serenityos.org>
*
* SPDX-License-Identifier: BSD-2-Clause
*/
#include <LibJS/Runtime/Array.h>
#include <LibJS/Runtime/Object.h>
#include <LibJS/Runtime/Realm.h>
#include <LibWeb/Crypto/CryptoBindings.h>
namespace Web::Bindings {
JS::ThrowCompletionOr<JS::NonnullGCPtr<JS::Object>> JsonWebKey::to_object(JS::Realm& realm)
{
auto& vm = realm.vm();
auto object = JS::Object::create(realm, realm.intrinsics().object_prototype());
if (kty.has_value())
TRY(object->create_data_property("kty", JS::PrimitiveString::create(vm, kty.value())));
if (use.has_value())
TRY(object->create_data_property("use", JS::PrimitiveString::create(vm, use.value())));
if (key_ops.has_value()) {
auto key_ops_array = JS::Array::create_from<String>(realm, key_ops.value().span(), [&](auto& key_usage) -> JS::Value {
return JS::PrimitiveString::create(realm.vm(), key_usage);
});
TRY(object->create_data_property("key_ops", move(key_ops_array)));
}
if (alg.has_value())
TRY(object->create_data_property("alg", JS::PrimitiveString::create(vm, alg.value())));
if (ext.has_value())
TRY(object->create_data_property("ext", JS::Value(ext.value())));
if (crv.has_value())
TRY(object->create_data_property("crv", JS::PrimitiveString::create(vm, crv.value())));
if (x.has_value())
TRY(object->create_data_property("x", JS::PrimitiveString::create(vm, x.value())));
if (y.has_value())
TRY(object->create_data_property("y", JS::PrimitiveString::create(vm, y.value())));
if (d.has_value())
TRY(object->create_data_property("d", JS::PrimitiveString::create(vm, d.value())));
if (n.has_value())
TRY(object->create_data_property("n", JS::PrimitiveString::create(vm, n.value())));
if (e.has_value())
TRY(object->create_data_property("e", JS::PrimitiveString::create(vm, e.value())));
if (p.has_value())
TRY(object->create_data_property("p", JS::PrimitiveString::create(vm, p.value())));
if (q.has_value())
TRY(object->create_data_property("q", JS::PrimitiveString::create(vm, q.value())));
if (dp.has_value())
TRY(object->create_data_property("dp", JS::PrimitiveString::create(vm, dp.value())));
if (dq.has_value())
TRY(object->create_data_property("dq", JS::PrimitiveString::create(vm, dq.value())));
if (qi.has_value())
TRY(object->create_data_property("qi", JS::PrimitiveString::create(vm, qi.value())));
if (oth.has_value()) {
TODO();
}
if (k.has_value())
TRY(object->create_data_property("k", JS::PrimitiveString::create(vm, k.value())));
return object;
}
}

View file

@ -1,5 +1,6 @@
/*
* Copyright (c) 2023, stelar7 <dudedbz@gmail.com>
* Copyright (c) 2024, Andrew Kaster <akaster@serenityos.org>
*
* SPDX-License-Identifier: BSD-2-Clause
*/
@ -9,8 +10,7 @@
#include <AK/Optional.h>
#include <AK/String.h>
#include <AK/Vector.h>
#include <LibJS/Runtime/Object.h>
#include <LibWeb/WebIDL/Buffers.h>
#include <LibCrypto/BigInt/UnsignedBigInteger.h>
// FIXME: Generate these from IDL
namespace Web::Bindings {
@ -42,6 +42,8 @@ struct JsonWebKey {
Optional<String> qi;
Optional<Vector<RsaOtherPrimesInfo>> oth;
Optional<String> k;
JS::ThrowCompletionOr<JS::NonnullGCPtr<JS::Object>> to_object(JS::Realm&);
};
}

View file

@ -39,6 +39,8 @@ public:
void set_algorithm(JS::NonnullGCPtr<Object> algorithm) { m_algorithm = move(algorithm); }
void set_usages(Vector<Bindings::KeyUsage>);
InternalKeyData const& handle() const { return m_key_data; }
private:
CryptoKey(JS::Realm&, InternalKeyData);
virtual void initialize(JS::Realm&) override;
@ -50,7 +52,7 @@ private:
JS::NonnullGCPtr<Object> m_usages;
Vector<Bindings::KeyUsage> m_key_usages;
InternalKeyData m_key_data;
InternalKeyData m_key_data; // [[handle]]
};
// https://w3c.github.io/webcrypto/#ref-for-dfn-CryptoKeyPair-2

View file

@ -11,6 +11,7 @@
#include <LibJS/Runtime/Promise.h>
#include <LibWeb/Bindings/ExceptionOrUtils.h>
#include <LibWeb/Bindings/Intrinsics.h>
#include <LibWeb/Crypto/KeyAlgorithms.h>
#include <LibWeb/Crypto/SubtleCrypto.h>
#include <LibWeb/HTML/Scripting/TemporaryExecutionContext.h>
#include <LibWeb/Platform/EventLoopPlugin.h>
@ -289,6 +290,52 @@ JS::ThrowCompletionOr<JS::NonnullGCPtr<JS::Promise>> SubtleCrypto::import_key(Bi
return verify_cast<JS::Promise>(*promise->promise());
}
// https://w3c.github.io/webcrypto/#dfn-SubtleCrypto-method-exportKey
JS::ThrowCompletionOr<JS::NonnullGCPtr<JS::Promise>> SubtleCrypto::export_key(Bindings::KeyFormat format, JS::NonnullGCPtr<CryptoKey> key)
{
auto& realm = this->realm();
// 1. Let format and key be the format and key parameters passed to the exportKey() method, respectively.
// 2. Let promise be a new Promise.
auto promise = WebIDL::create_promise(realm);
// 3. Return promise and perform the remaining steps in parallel.
Platform::EventLoopPlugin::the().deferred_invoke([&realm, key, this, promise, format]() -> void {
HTML::TemporaryExecutionContext context(Bindings::host_defined_environment_settings_object(realm), HTML::TemporaryExecutionContext::CallbacksEnabled::Yes);
// 4. If the following steps or referenced procedures say to throw an error, reject promise with the returned error and then terminate the algorithm.
// 5. If the name member of the [[algorithm]] internal slot of key does not identify a registered algorithm that supports the export key operation,
// then throw a NotSupportedError.
// Note: Handled by the base AlgorithmMethods implementation
auto& algorithm = verify_cast<KeyAlgorithm>(*key->algorithm());
// FIXME: Stash the AlgorithmMethods on the KeyAlgorithm
auto normalized_algorithm_or_error = normalize_an_algorithm(algorithm.name(), "exportKey"_string);
if (normalized_algorithm_or_error.is_error()) {
WebIDL::reject_promise(realm, promise, Bindings::dom_exception_to_throw_completion(realm.vm(), normalized_algorithm_or_error.release_error()).release_value().value());
return;
}
auto normalized_algorithm = normalized_algorithm_or_error.release_value();
// 6. If the [[extractable]] internal slot of key is false, then throw an InvalidAccessError.
if (!key->extractable()) {
WebIDL::reject_promise(realm, promise, WebIDL::InvalidAccessError::create(realm, "Key is not extractable"_fly_string));
return;
}
// 7. Let result be the result of performing the export key operation specified by the [[algorithm]] internal slot of key using key and format.
auto result_or_error = normalized_algorithm.methods->export_key(format, key);
if (result_or_error.is_error()) {
WebIDL::reject_promise(realm, promise, Bindings::dom_exception_to_throw_completion(realm.vm(), result_or_error.release_error()).release_value().value());
return;
}
// 8. Resolve promise with result.
WebIDL::resolve_promise(realm, promise, result_or_error.release_value());
});
return verify_cast<JS::Promise>(*promise->promise());
}
SubtleCrypto::SupportedAlgorithmsMap& SubtleCrypto::supported_algorithms_internal()
{
static SubtleCrypto::SupportedAlgorithmsMap s_supported_algorithms;
@ -339,7 +386,8 @@ SubtleCrypto::SupportedAlgorithmsMap SubtleCrypto::supported_algorithms()
// https://w3c.github.io/webcrypto/#rsa-oaep
define_an_algorithm<RSAOAEP, RsaHashedKeyGenParams>("generateKey"_string, "RSA-OAEP"_string);
// FIXME: encrypt, decrypt, importKey, exportKey
define_an_algorithm<RSAOAEP>("exportKey"_string, "RSA-OAEP"_string);
// FIXME: encrypt, decrypt, importKey
return internal_object;
}

View file

@ -14,7 +14,6 @@
#include <LibWeb/Bindings/PlatformObject.h>
#include <LibWeb/Bindings/SubtleCryptoPrototype.h>
#include <LibWeb/Crypto/CryptoAlgorithms.h>
#include <LibWeb/Crypto/CryptoBindings.h>
#include <LibWeb/Crypto/CryptoKey.h>
namespace Web::Crypto {
@ -39,6 +38,7 @@ public:
JS::ThrowCompletionOr<JS::NonnullGCPtr<JS::Promise>> generate_key(AlgorithmIdentifier algorithm, bool extractable, Vector<Bindings::KeyUsage> key_usages);
JS::ThrowCompletionOr<JS::NonnullGCPtr<JS::Promise>> import_key(Bindings::KeyFormat format, KeyDataType key_data, AlgorithmIdentifier algorithm, bool extractable, Vector<Bindings::KeyUsage> key_usages);
JS::ThrowCompletionOr<JS::NonnullGCPtr<JS::Promise>> export_key(Bindings::KeyFormat format, JS::NonnullGCPtr<CryptoKey> key);
private:
explicit SubtleCrypto(JS::Realm&);

View file

@ -57,7 +57,7 @@ interface SubtleCrypto {
// FIXME: Promise<ArrayBuffer> deriveBits(AlgorithmIdentifier algorithm, CryptoKey baseKey, unsigned long length);
Promise<CryptoKey> importKey(KeyFormat format, (BufferSource or JsonWebKey) keyData, AlgorithmIdentifier algorithm, boolean extractable, sequence<KeyUsage> keyUsages);
// FIXME: Promise<any> exportKey(KeyFormat format, CryptoKey key);
Promise<any> exportKey(KeyFormat format, CryptoKey key);
// FIXME: Promise<any> wrapKey(KeyFormat format, CryptoKey key, CryptoKey wrappingKey, AlgorithmIdentifier wrapAlgorithm);
// FIXME: Promise<CryptoKey> unwrapKey(KeyFormat format, BufferSource wrappedKey, CryptoKey unwrappingKey, AlgorithmIdentifier unwrapAlgorithm, AlgorithmIdentifier unwrappedKeyAlgorithm, boolean extractable, sequence<KeyUsage> keyUsages);