beenull/ladybird
1
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2024-11-21 23:20:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

LibWeb: Implement Web Crypto HMAC algorithm
Some checks are pending
CI / Lagom (false, FUZZ, ubuntu-24.04, Linux, Clang) (push) Waiting to run
Details
CI / Lagom (false, NO_FUZZ, macos-15, macOS, Clang) (push) Waiting to run
Details
CI / Lagom (false, NO_FUZZ, ubuntu-24.04, Linux, GNU) (push) Waiting to run
Details
CI / Lagom (true, NO_FUZZ, ubuntu-24.04, Linux, Clang) (push) Waiting to run
Details
Package the js repl as a binary artifact / build-and-package (macos-14, macOS, macOS-universal2) (push) Waiting to run
Details
Package the js repl as a binary artifact / build-and-package (ubuntu-24.04, Linux, Linux-x86_64) (push) Waiting to run
Details
Run test262 and test-wasm / run_and_update_results (push) Waiting to run
Details
Lint Code / lint (push) Waiting to run
Details
Push notes / build (push) Waiting to run
Details

Browse source
This commit is contained in:
Jelle Raaijmakers 2024-11-13 15:23:50 +01:00 committed by Andreas Kling
parent 884a4163a0
commit 329cd946ac
Notes: github-actions[bot] 2024-11-14 10:53:12 +00:00 
Author: https://github.com/gmta
Commit: https://github.com/LadybirdBrowser/ladybird/commit/329cd946ac3
Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/2331
10 changed files with 1064 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

480
Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp
View file

@ -302,9 +302,10 @@ static WebIDL::ExceptionOr<void> validate_jwk_key_ops(JS::Realm& realm, Bindings
return {};
}
static WebIDL::ExceptionOr<ByteBuffer> generate_aes_key(JS::VM& vm, u16 const size_in_bits)
static WebIDL::ExceptionOr<ByteBuffer> generate_random_key(JS::VM& vm, u16 const size_in_bits)
{
auto key_buffer = TRY_OR_THROW_OOM(vm, ByteBuffer::create_uninitialized(size_in_bits / 8));
// FIXME: Use a cryptographically secure random generator
fill_with_random(key_buffer);
return key_buffer;
}
@ -606,6 +607,48 @@ JS::ThrowCompletionOr<NonnullOwnPtr<AlgorithmParams>> EcdhKeyDerivePrams::from_v
return adopt_own<AlgorithmParams>(*new EcdhKeyDerivePrams { name, key });
}
HmacImportParams::~HmacImportParams() = default;
JS::ThrowCompletionOr<NonnullOwnPtr<AlgorithmParams>> HmacImportParams::from_value(JS::VM& vm, JS::Value value)
{
auto& object = value.as_object();
auto name_value = TRY(object.get("name"));
auto name = TRY(name_value.to_string(vm));
auto hash_value = TRY(object.get("hash"));
auto hash = TRY(hash_algorithm_identifier_from_value(vm, hash_value));
auto maybe_length = Optional<WebIDL::UnsignedLong> {};
if (MUST(object.has_property("length"))) {
auto length_value = TRY(object.get("length"));
maybe_length = TRY(length_value.to_u32(vm));
}
return adopt_own<AlgorithmParams>(*new HmacImportParams { name, hash, maybe_length });
}
HmacKeyGenParams::~HmacKeyGenParams() = default;
JS::ThrowCompletionOr<NonnullOwnPtr<AlgorithmParams>> HmacKeyGenParams::from_value(JS::VM& vm, JS::Value value)
{
auto& object = value.as_object();
auto name_value = TRY(object.get("name"));
auto name = TRY(name_value.to_string(vm));
auto hash_value = TRY(object.get("hash"));
auto hash = TRY(hash_algorithm_identifier_from_value(vm, hash_value));
auto maybe_length = Optional<WebIDL::UnsignedLong> {};
if (MUST(object.has_property("length"))) {
auto length_value = TRY(object.get("length"));
maybe_length = TRY(length_value.to_u32(vm));
}
return adopt_own<AlgorithmParams>(*new HmacKeyGenParams { name, hash, maybe_length });
}
// https://w3c.github.io/webcrypto/#rsa-oaep-operations
WebIDL::ExceptionOr<JS::NonnullGCPtr<JS::ArrayBuffer>> RSAOAEP::encrypt(AlgorithmParams const& params, JS::NonnullGCPtr<CryptoKey> key, ByteBuffer const& plaintext)
{
@ -1395,7 +1438,7 @@ WebIDL::ExceptionOr<Variant<JS::NonnullGCPtr<CryptoKey>, JS::NonnullGCPtr<Crypto
}
// 3. Generate an AES key of length equal to the length member of normalizedAlgorithm.
auto key_buffer = TRY(generate_aes_key(m_realm->vm(), bits));
auto key_buffer = TRY(generate_random_key(m_realm->vm(), bits));
// 4. If the key generation step fails, then throw an OperationError.
// Note: Cannot happen in our implementation; and if we OOM, then allocating the Exception is probably going to crash anyway.
@ -1721,7 +1764,7 @@ WebIDL::ExceptionOr<Variant<JS::NonnullGCPtr<CryptoKey>, JS::NonnullGCPtr<Crypto
// 3. Generate an AES key of length equal to the length member of normalizedAlgorithm.
// 4. If the key generation step fails, then throw an OperationError.
auto key_buffer = TRY(generate_aes_key(m_realm->vm(), bits));
auto key_buffer = TRY(generate_random_key(m_realm->vm(), bits));
// 5. Let key be a new CryptoKey object representing the generated AES key.
auto key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { key_buffer });
@ -2144,7 +2187,7 @@ WebIDL::ExceptionOr<Variant<JS::NonnullGCPtr<CryptoKey>, JS::NonnullGCPtr<Crypto
// 3. Generate an AES key of length equal to the length member of normalizedAlgorithm.
// 4. If the key generation step fails, then throw an OperationError.
auto key_buffer = TRY(generate_aes_key(m_realm->vm(), bits));
auto key_buffer = TRY(generate_random_key(m_realm->vm(), bits));
// 5. Let key be a new CryptoKey object representing the generated AES key.
auto key = CryptoKey::create(m_realm, CryptoKey::InternalKeyData { key_buffer });
@ -2815,8 +2858,7 @@ WebIDL::ExceptionOr<JS::NonnullGCPtr<JS::ArrayBuffer>> X25519::derive_bits(Algor
// Otherwise: Return an octet string containing the first length bits of secret.
auto slice = TRY_OR_THROW_OOM(realm.vm(), secret.slice(0, length / 8));
auto result = TRY_OR_THROW_OOM(realm.vm(), ByteBuffer::copy(slice));
return JS::ArrayBuffer::create(realm, move(result));
return JS::ArrayBuffer::create(realm, move(slice));
}
WebIDL::ExceptionOr<Variant<JS::NonnullGCPtr<CryptoKey>, JS::NonnullGCPtr<CryptoKeyPair>>> X25519::generate_key([[maybe_unused]] AlgorithmParams const& params, bool extractable, Vector<Bindings::KeyUsage> const& key_usages)
@ -3208,7 +3250,8 @@ WebIDL::ExceptionOr<JS::NonnullGCPtr<JS::Object>> X25519::export_key(Bindings::K
// 6. Set the key_ops attribute of jwk to the usages attribute of key.
auto key_ops = Vector<String> {};
auto key_usages = verify_cast<JS::Array>(key->usages());
for (auto i = 0; i < 10; ++i) {
auto key_usages_length = MUST(MUST(key_usages->get(vm.names.length)).to_length(vm));
for (auto i = 0u; i < key_usages_length; ++i) {
auto usage = key_usages->get(i);
if (!usage.has_value())
break;
@ -3248,4 +3291,427 @@ WebIDL::ExceptionOr<JS::NonnullGCPtr<JS::Object>> X25519::export_key(Bindings::K
return JS::NonnullGCPtr { *result };
}
static WebIDL::ExceptionOr<ByteBuffer> hmac_calculate_message_digest(JS::Realm& realm, JS::GCPtr<KeyAlgorithm> hash, ReadonlyBytes key, ReadonlyBytes message)
{
auto calculate_digest = [&]<typename T>() -> ByteBuffer {
::Crypto::Authentication::HMAC<T> hmac(key);
auto digest = hmac.process(message);
return MUST(ByteBuffer::copy(digest.bytes()));
};
auto hash_name = hash->name();
if (hash_name.equals_ignoring_ascii_case("SHA-1"sv))
return calculate_digest.operator()<::Crypto::Hash::SHA1>();
if (hash_name.equals_ignoring_ascii_case("SHA-256"sv))
return calculate_digest.operator()<::Crypto::Hash::SHA256>();
if (hash_name.equals_ignoring_ascii_case("SHA-384"sv))
return calculate_digest.operator()<::Crypto::Hash::SHA384>();
if (hash_name.equals_ignoring_ascii_case("SHA-512"sv))
return calculate_digest.operator()<::Crypto::Hash::SHA512>();
return WebIDL::NotSupportedError::create(realm, "Invalid algorithm"_string);
}
static WebIDL::ExceptionOr<WebIDL::UnsignedLong> hmac_hash_block_size(JS::Realm& realm, HashAlgorithmIdentifier hash)
{
auto hash_name = TRY(hash.name(realm.vm()));
if (hash_name.equals_ignoring_ascii_case("SHA-1"sv))
return ::Crypto::Hash::SHA1::digest_size();
if (hash_name.equals_ignoring_ascii_case("SHA-256"sv))
return ::Crypto::Hash::SHA256::digest_size();
if (hash_name.equals_ignoring_ascii_case("SHA-384"sv))
return ::Crypto::Hash::SHA384::digest_size();
if (hash_name.equals_ignoring_ascii_case("SHA-512"sv))
return ::Crypto::Hash::SHA512::digest_size();
return WebIDL::NotSupportedError::create(realm, MUST(String::formatted("Invalid hash function '{}'", hash_name)));
}
// https://w3c.github.io/webcrypto/#hmac-operations
WebIDL::ExceptionOr<JS::NonnullGCPtr<JS::ArrayBuffer>> HMAC::sign(AlgorithmParams const&, JS::NonnullGCPtr<CryptoKey> key, ByteBuffer const& message)
{
// 1. Let mac be the result of performing the MAC Generation operation described in Section 4 of
// [FIPS-198-1] using the key represented by [[handle]] internal slot of key, the hash
// function identified by the hash attribute of the [[algorithm]] internal slot of key and
// message as the input data text.
auto const& key_data = key->handle().get<ByteBuffer>();
auto const& algorithm = verify_cast<HmacKeyAlgorithm>(*key->algorithm());
auto mac = TRY(hmac_calculate_message_digest(m_realm, algorithm.hash(), key_data.bytes(), message.bytes()));
// 2. Return the result of creating an ArrayBuffer containing mac.
return JS::ArrayBuffer::create(m_realm, move(mac));
}
// https://w3c.github.io/webcrypto/#hmac-operations
WebIDL::ExceptionOr<JS::Value> HMAC::verify(AlgorithmParams const&, JS::NonnullGCPtr<CryptoKey> key, ByteBuffer const& signature, ByteBuffer const& message)
{
// 1. Let mac be the result of performing the MAC Generation operation described in Section 4 of
// [FIPS-198-1] using the key represented by [[handle]] internal slot of key, the hash
// function identified by the hash attribute of the [[algorithm]] internal slot of key and
// message as the input data text.
auto const& key_data = key->handle().get<ByteBuffer>();
auto const& algorithm = verify_cast<HmacKeyAlgorithm>(*key->algorithm());
auto mac = TRY(hmac_calculate_message_digest(m_realm, algorithm.hash(), key_data.bytes(), message.bytes()));
// 2. Return true if mac is equal to signature and false otherwise.
return mac == signature;
}
// https://w3c.github.io/webcrypto/#hmac-operations
WebIDL::ExceptionOr<Variant<JS::NonnullGCPtr<CryptoKey>, JS::NonnullGCPtr<CryptoKeyPair>>> HMAC::generate_key(AlgorithmParams const& params, bool extractable, Vector<Bindings::KeyUsage> const& usages)
{
// 1. If usages contains any entry which is not "sign" or "verify", then throw a SyntaxError.
for (auto const& usage : usages) {
if (usage != Bindings::KeyUsage::Sign && usage != Bindings::KeyUsage::Verify)
return WebIDL::SyntaxError::create(m_realm, MUST(String::formatted("Invalid key usage '{}'", idl_enum_to_string(usage))));
}
// 2. If the length member of normalizedAlgorithm is not present:
auto const& normalized_algorithm = static_cast<HmacKeyGenParams const&>(params);
WebIDL::UnsignedLong length;
if (!normalized_algorithm.length.has_value()) {
// Let length be the block size in bits of the hash function identified by the hash member
// of normalizedAlgorithm.
length = TRY(hmac_hash_block_size(m_realm, normalized_algorithm.hash));
}
// Otherwise, if the length member of normalizedAlgorithm is non-zero:
else if (normalized_algorithm.length.value() != 0) {
// Let length be equal to the length member of normalizedAlgorithm.
length = normalized_algorithm.length.value();
}
// Otherwise:
else {
// throw an OperationError.
return WebIDL::OperationError::create(m_realm, "Invalid length"_string);
}
// 3. Generate a key of length length bits.
auto key_data = MUST(generate_random_key(m_realm->vm(), length));
// 4. If the key generation step fails, then throw an OperationError.
// NOTE: Currently key generation must succeed
// 5. Let key be a new CryptoKey object representing the generated key.
auto key = CryptoKey::create(m_realm, move(key_data));
// 6. Let algorithm be a new HmacKeyAlgorithm.
auto algorithm = HmacKeyAlgorithm::create(m_realm);
// 7. Set the name attribute of algorithm to "HMAC".
algorithm->set_name("HMAC"_string);
// 8. Let hash be a new KeyAlgorithm.
auto hash = KeyAlgorithm::create(m_realm);
// 9. Set the name attribute of hash to equal the name member of the hash member of normalizedAlgorithm.
hash->set_name(TRY(normalized_algorithm.hash.name(m_realm->vm())));
// 10. Set the hash attribute of algorithm to hash.
algorithm->set_hash(hash);
// 11. Set the [[type]] internal slot of key to "secret".
key->set_type(Bindings::KeyType::Secret);
// 12. Set the [[algorithm]] internal slot of key to algorithm.
key->set_algorithm(algorithm);
// 13. Set the [[extractable]] internal slot of key to be extractable.
key->set_extractable(extractable);
// 14. Set the [[usages]] internal slot of key to be usages.
key->set_usages(usages);
// 15. Return key.
return Variant<JS::NonnullGCPtr<CryptoKey>, JS::NonnullGCPtr<CryptoKeyPair>> { key };
}
// https://w3c.github.io/webcrypto/#hmac-operations
WebIDL::ExceptionOr<JS::NonnullGCPtr<CryptoKey>> HMAC::import_key(Web::Crypto::AlgorithmParams const& params, Bindings::KeyFormat key_format, CryptoKey::InternalKeyData key_data, bool extractable, Vector<Bindings::KeyUsage> const& usages)
{
auto& vm = m_realm->vm();
auto const& normalized_algorithm = static_cast<HmacImportParams const&>(params);
// 1. Let keyData be the key data to be imported.
// 2. If usages contains an entry which is not "sign" or "verify", then throw a SyntaxError.
for (auto const& usage : usages) {
if (usage != Bindings::KeyUsage::Sign && usage != Bindings::KeyUsage::Verify)
return WebIDL::SyntaxError::create(m_realm, MUST(String::formatted("Invalid key usage '{}'", idl_enum_to_string(usage))));
}
// 3. Let hash be a new KeyAlgorithm.
auto hash = KeyAlgorithm::create(m_realm);
// 4. If format is "raw":
AK::ByteBuffer data;
if (key_format == Bindings::KeyFormat::Raw) {
// 4.1. Let data be the octet string contained in keyData.
data = key_data.get<ByteBuffer>();
// 4.2. Set hash to equal the hash member of normalizedAlgorithm.
hash->set_name(TRY(normalized_algorithm.hash.name(vm)));
}
// If format is "jwk":
else if (key_format == Bindings::KeyFormat::Jwk) {
// 1. If keyData is a JsonWebKey dictionary:
// Let jwk equal keyData.
// Otherwise:
// Throw a DataError.
if (!key_data.has<Bindings::JsonWebKey>())
return WebIDL::DataError::create(m_realm, "Data is not a JsonWebKey dictionary"_string);
auto jwk = key_data.get<Bindings::JsonWebKey>();
// 2. If the kty field of jwk is not "oct", then throw a DataError.
if (jwk.kty != "oct"sv)
return WebIDL::DataError::create(m_realm, "Invalid key type"_string);
// 3. If jwk does not meet the requirements of Section 6.4 of JSON Web Algorithms [JWA],
// then throw a DataError.
// 4. Let data be the octet string obtained by decoding the k field of jwk.
data = TRY(parse_jwk_symmetric_key(m_realm, jwk));
// 5. Set the hash to equal the hash member of normalizedAlgorithm.
hash->set_name(TRY(normalized_algorithm.hash.name(vm)));
// 6. If the name attribute of hash is "SHA-1":
auto hash_name = hash->name();
if (hash_name.equals_ignoring_ascii_case("SHA-1"sv)) {
// If the alg field of jwk is present and is not "HS1", then throw a DataError.
if (jwk.alg.has_value() && jwk.alg != "HS1"sv)
return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
}
// If the name attribute of hash is "SHA-256":
else if (hash_name.equals_ignoring_ascii_case("SHA-256"sv)) {
// If the alg field of jwk is present and is not "HS256", then throw a DataError.
if (jwk.alg.has_value() && jwk.alg != "HS256"sv)
return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
}
// If the name attribute of hash is "SHA-384":
else if (hash_name.equals_ignoring_ascii_case("SHA-384"sv)) {
// If the alg field of jwk is present and is not "HS384", then throw a DataError.
if (jwk.alg.has_value() && jwk.alg != "HS384"sv)
return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
}
// If the name attribute of hash is "SHA-512":
else if (hash_name.equals_ignoring_ascii_case("SHA-512"sv)) {
// If the alg field of jwk is present and is not "HS512", then throw a DataError.
if (jwk.alg.has_value() && jwk.alg != "HS512"sv)
return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
}
// FIXME: Otherwise, if the name attribute of hash is defined in another applicable specification:
else {
// FIXME: Perform any key import steps defined by other applicable specifications, passing format,
// jwk and hash and obtaining hash.
dbgln("Hash algorithm '{}' not supported", hash_name);
return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
}
// 7. If usages is non-empty and the use field of jwk is present and is not "sign", then
// throw a DataError.
if (!usages.is_empty() && jwk.use.has_value() && jwk.use != "sign"sv)
return WebIDL::DataError::create(m_realm, "Invalid use in JsonWebKey"_string);
// 8. If the key_ops field of jwk is present, and is invalid according to the requirements
// of JSON Web Key [JWK] or does not contain all of the specified usages values, then
// throw a DataError.
TRY(validate_jwk_key_ops(m_realm, jwk, usages));
// 9. If the ext field of jwk is present and has the value false and extractable is true,
// then throw a DataError.
if (jwk.ext.has_value() && !*jwk.ext && extractable)
return WebIDL::DataError::create(m_realm, "Invalid ext field"_string);
}
// Otherwise:
else {
// throw a NotSupportedError.
return WebIDL::NotSupportedError::create(m_realm, "Invalid key format"_string);
}
// 5. Let length be equivalent to the length, in octets, of data, multiplied by 8.
auto length = data.size() * 8;
// 6. If length is zero then throw a DataError.
if (length == 0)
return WebIDL::DataError::create(m_realm, "No data provided"_string);
// 7. If the length member of normalizedAlgorithm is present:
if (normalized_algorithm.length.has_value()) {
// If the length member of normalizedAlgorithm is greater than length:
auto normalized_algorithm_length = normalized_algorithm.length.value();
if (normalized_algorithm_length > length) {
// throw a DataError.
return WebIDL::DataError::create(m_realm, "Invalid data size"_string);
}
// If the length member of normalizedAlgorithm, is less than or equal to length minus eight:
if (normalized_algorithm_length <= length - 8) {
// throw a DataError.
return WebIDL::DataError::create(m_realm, "Invalid data size"_string);
}
// Otherwise:
// Set length equal to the length member of normalizedAlgorithm.
length = normalized_algorithm_length;
}
// 8. Let key be a new CryptoKey object representing an HMAC key with the first length bits of data.
auto length_in_bytes = length / 8;
if (data.size() > length_in_bytes)
data = MUST(data.slice(0, length_in_bytes));
auto key = CryptoKey::create(m_realm, move(data));
// 9. Set the [[type]] internal slot of key to "secret".
key->set_type(Bindings::KeyType::Secret);
// 10. Let algorithm be a new HmacKeyAlgorithm.
auto algorithm = HmacKeyAlgorithm::create(m_realm);
// 11. Set the name attribute of algorithm to "HMAC".
algorithm->set_name("HMAC"_string);
// 12. Set the length attribute of algorithm to length.
algorithm->set_length(length);
// 13. Set the hash attribute of algorithm to hash.
algorithm->set_hash(hash);
// 14. Set the [[algorithm]] internal slot of key to algorithm.
key->set_algorithm(algorithm);
// 15. Return key.
return key;
}
// https://w3c.github.io/webcrypto/#hmac-operations
WebIDL::ExceptionOr<JS::NonnullGCPtr<JS::Object>> HMAC::export_key(Bindings::KeyFormat format, JS::NonnullGCPtr<CryptoKey> key)
{
auto& vm = m_realm->vm();
// 1. If the underlying cryptographic key material represented by the [[handle]] internal slot
// of key cannot be accessed, then throw an OperationError.
// NOTE: In our impl this is always accessible
// 2. Let bits be the raw bits of the key represented by [[handle]] internal slot of key.
// 3. Let data be an octet string containing bits.
auto data = key->handle().get<ByteBuffer>();
// 4. If format is "raw":
JS::GCPtr<JS::Object> result;
if (format == Bindings::KeyFormat::Raw) {
// Let result be the result of creating an ArrayBuffer containing data.
result = JS::ArrayBuffer::create(m_realm, data);
}
// If format is "jwk":
else if (format == Bindings::KeyFormat::Jwk) {
// Let jwk be a new JsonWebKey dictionary.
Bindings::JsonWebKey jwk {};
// Set the kty attribute of jwk to the string "oct".
jwk.kty = "oct"_string;
// Set the k attribute of jwk to be a string containing data, encoded according to Section
// 6.4 of JSON Web Algorithms [JWA].
jwk.k = MUST(encode_base64url(data, AK::OmitPadding::Yes));
// Let algorithm be the [[algorithm]] internal slot of key.
auto const& algorithm = verify_cast<HmacKeyAlgorithm>(*key->algorithm());
// Let hash be the hash attribute of algorithm.
auto hash = algorithm.hash();
// If the name attribute of hash is "SHA-1":
auto hash_name = hash->name();
if (hash_name.equals_ignoring_ascii_case("SHA-1"sv)) {
// Set the alg attribute of jwk to the string "HS1".
jwk.alg = "HS1"_string;
}
// If the name attribute of hash is "SHA-256":
else if (hash_name.equals_ignoring_ascii_case("SHA-256"sv)) {
// Set the alg attribute of jwk to the string "HS256".
jwk.alg = "HS256"_string;
}
// If the name attribute of hash is "SHA-384":
else if (hash_name.equals_ignoring_ascii_case("SHA-384"sv)) {
// Set the alg attribute of jwk to the string "HS384".
jwk.alg = "HS384"_string;
}
// If the name attribute of hash is "SHA-512":
else if (hash_name.equals_ignoring_ascii_case("SHA-512"sv)) {
// Set the alg attribute of jwk to the string "HS512".
jwk.alg = "HS512"_string;
}
// FIXME: Otherwise, the name attribute of hash is defined in another applicable
// specification:
else {
// FIXME: Perform any key export steps defined by other applicable specifications,
// passing format and key and obtaining alg.
// FIXME: Set the alg attribute of jwk to alg.
dbgln("Hash algorithm '{}' not supported", hash_name);
return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
}
// Set the key_ops attribute of jwk to equal the usages attribute of key.
auto key_usages = verify_cast<JS::Array>(key->usages());
auto key_usages_length = MUST(MUST(key_usages->get(vm.names.length)).to_length(vm));
for (auto i = 0u; i < key_usages_length; ++i) {
auto usage = key_usages->get(i);
if (!usage.has_value())
break;
auto usage_string = TRY(usage.value().to_string(vm));
jwk.key_ops->append(usage_string);
}
// Set the ext attribute of jwk to equal the [[extractable]] internal slot of key.
jwk.ext = key->extractable();
// Let result be the result of converting jwk to an ECMAScript Object, as defined by [WebIDL].
result = TRY(jwk.to_object(m_realm));
}
// Otherwise:
else {
// throw a NotSupportedError.
return WebIDL::NotSupportedError::create(m_realm, "Invalid key format"_string);
}
// 5. Return result.
return JS::NonnullGCPtr { *result };
}
// https://w3c.github.io/webcrypto/#hmac-operations
WebIDL::ExceptionOr<JS::Value> HMAC::get_key_length(AlgorithmParams const& params)
{
auto const& normalized_derived_key_algorithm = static_cast<HmacImportParams const&>(params);
WebIDL::UnsignedLong length;
// 1. If the length member of normalizedDerivedKeyAlgorithm is not present:
if (!normalized_derived_key_algorithm.length.has_value()) {
// Let length be the block size in bits of the hash function identified by the hash member of
// normalizedDerivedKeyAlgorithm.
length = TRY(hmac_hash_block_size(m_realm, normalized_derived_key_algorithm.hash));
}
// Otherwise, if the length member of normalizedDerivedKeyAlgorithm is non-zero:
else if (normalized_derived_key_algorithm.length.value() > 0) {
// Let length be equal to the length member of normalizedDerivedKeyAlgorithm.
length = normalized_derived_key_algorithm.length.value();
}
// Otherwise:
else {
// throw a TypeError.
return WebIDL::SimpleException { WebIDL::SimpleExceptionType::TypeError, "Invalid key length"sv };
}
// 2. Return length.
return JS::Value(length);
}
}

54
Libraries/LibWeb/Crypto/CryptoAlgorithms.h
View file

@ -1,6 +1,7 @@
/*
* Copyright (c) 2024, Andrew Kaster <akaster@serenityos.org>
* Copyright (c) 2024, stelar7 <dudedbz@gmail.com>
* Copyright (c) 2024, Jelle Raaijmakers <jelle@ladybird.org>
*
* SPDX-License-Identifier: BSD-2-Clause
*/
@ -17,6 +18,7 @@
#include <LibWeb/Crypto/CryptoKey.h>
#include <LibWeb/WebIDL/Buffers.h>
#include <LibWeb/WebIDL/ExceptionOr.h>
#include <LibWeb/WebIDL/Types.h>
namespace Web::Crypto {
@ -260,6 +262,40 @@ struct AesDerivedKeyParams : public AlgorithmParams {
static JS::ThrowCompletionOr<NonnullOwnPtr<AlgorithmParams>> from_value(JS::VM&, JS::Value);
};
// https://w3c.github.io/webcrypto/#hmac-importparams
struct HmacImportParams : public AlgorithmParams {
virtual ~HmacImportParams() override;
HmacImportParams(String name, HashAlgorithmIdentifier hash, Optional<WebIDL::UnsignedLong> length)
: AlgorithmParams(move(name))
, hash(move(hash))
, length(length)
{
}
HashAlgorithmIdentifier hash;
Optional<WebIDL::UnsignedLong> length;
static JS::ThrowCompletionOr<NonnullOwnPtr<AlgorithmParams>> from_value(JS::VM&, JS::Value);
};
// https://w3c.github.io/webcrypto/#hmac-keygen-params
struct HmacKeyGenParams : public AlgorithmParams {
virtual ~HmacKeyGenParams() override;
HmacKeyGenParams(String name, HashAlgorithmIdentifier hash, Optional<WebIDL::UnsignedLong> length)
: AlgorithmParams(move(name))
, hash(move(hash))
, length(length)
{
}
HashAlgorithmIdentifier hash;
Optional<WebIDL::UnsignedLong> length;
static JS::ThrowCompletionOr<NonnullOwnPtr<AlgorithmParams>> from_value(JS::VM&, JS::Value);
};
class AlgorithmMethods {
public:
virtual ~AlgorithmMethods();
@ -489,6 +525,24 @@ private:
}
};
class HMAC : public AlgorithmMethods {
public:
virtual WebIDL::ExceptionOr<JS::NonnullGCPtr<JS::ArrayBuffer>> sign(AlgorithmParams const&, JS::NonnullGCPtr<CryptoKey>, ByteBuffer const&) override;
virtual WebIDL::ExceptionOr<JS::Value> verify(AlgorithmParams const&, JS::NonnullGCPtr<CryptoKey>, ByteBuffer const&, ByteBuffer const&) override;
virtual WebIDL::ExceptionOr<Variant<JS::NonnullGCPtr<CryptoKey>, JS::NonnullGCPtr<CryptoKeyPair>>> generate_key(AlgorithmParams const&, bool, Vector<Bindings::KeyUsage> const&) override;
virtual WebIDL::ExceptionOr<JS::NonnullGCPtr<CryptoKey>> import_key(AlgorithmParams const&, Bindings::KeyFormat, CryptoKey::InternalKeyData, bool, Vector<Bindings::KeyUsage> const&) override;
virtual WebIDL::ExceptionOr<JS::NonnullGCPtr<JS::Object>> export_key(Bindings::KeyFormat, JS::NonnullGCPtr<CryptoKey>) override;
virtual WebIDL::ExceptionOr<JS::Value> get_key_length(AlgorithmParams const&) override;
static NonnullOwnPtr<AlgorithmMethods> create(JS::Realm& realm) { return adopt_own(*new HMAC(realm)); }
private:
explicit HMAC(JS::Realm& realm)
: AlgorithmMethods(realm)
{
}
};
struct EcdhKeyDerivePrams : public AlgorithmParams {
virtual ~EcdhKeyDerivePrams() override;

36
Libraries/LibWeb/Crypto/KeyAlgorithms.cpp
View file

@ -1,6 +1,7 @@
/*
* Copyright (c) 2023, stelar7 <dudedbz@gmail.com>
* Copyright (c) 2024, Andrew Kaster <akaster@serenityos.org>
* Copyright (c) 2024, Jelle Raaijmakers <jelle@ladybird.org>
*
* SPDX-License-Identifier: BSD-2-Clause
*/
@ -18,6 +19,7 @@ JS_DEFINE_ALLOCATOR(RsaKeyAlgorithm);
JS_DEFINE_ALLOCATOR(RsaHashedKeyAlgorithm);
JS_DEFINE_ALLOCATOR(EcKeyAlgorithm);
JS_DEFINE_ALLOCATOR(AesKeyAlgorithm);
JS_DEFINE_ALLOCATOR(HmacKeyAlgorithm);
template<typename T>
static JS::ThrowCompletionOr<T*> impl_from(JS::VM& vm, StringView Name)
@ -209,4 +211,38 @@ JS_DEFINE_NATIVE_FUNCTION(AesKeyAlgorithm::length_getter)
return length;
}
JS::NonnullGCPtr<HmacKeyAlgorithm> HmacKeyAlgorithm::create(JS::Realm& realm)
{
return realm.create<HmacKeyAlgorithm>(realm);
}
HmacKeyAlgorithm::HmacKeyAlgorithm(JS::Realm& realm)
: KeyAlgorithm(realm)
{
}
void HmacKeyAlgorithm::initialize(JS::Realm& realm)
{
Base::initialize(realm);
define_native_accessor(realm, "hash", hash_getter, {}, JS::Attribute::Enumerable | JS::Attribute::Configurable);
}
void HmacKeyAlgorithm::visit_edges(JS::Cell::Visitor& visitor)
{
Base::visit_edges(visitor);
visitor.visit(m_hash);
}
JS_DEFINE_NATIVE_FUNCTION(HmacKeyAlgorithm::hash_getter)
{
auto* impl = TRY(impl_from<HmacKeyAlgorithm>(vm, "HmacKeyAlgorithm"sv));
return TRY(Bindings::throw_dom_exception_if_needed(vm, [&] { return impl->hash(); }));
}
JS_DEFINE_NATIVE_FUNCTION(HmacKeyAlgorithm::length_getter)
{
auto* impl = TRY(impl_from<HmacKeyAlgorithm>(vm, "HmacKeyAlgorithm"sv));
return TRY(Bindings::throw_dom_exception_if_needed(vm, [&] { return impl->length(); }));
}
}

31
Libraries/LibWeb/Crypto/KeyAlgorithms.h
View file

@ -1,6 +1,7 @@
/*
* Copyright (c) 2023, stelar7 <dudedbz@gmail.com>
* Copyright (c) 2024, Andrew Kaster <akaster@serenityos.org>
* Copyright (c) 2024, Jelle Raaijmakers <jelle@ladybird.org>
*
* SPDX-License-Identifier: BSD-2-Clause
*/
@ -145,4 +146,34 @@ private:
u16 m_length;
};
// https://w3c.github.io/webcrypto/#HmacKeyAlgorithm-dictionary
struct HmacKeyAlgorithm : public KeyAlgorithm {
JS_OBJECT(HmacKeyAlgorithm, KeyAlgorithm);
JS_DECLARE_ALLOCATOR(HmacKeyAlgorithm);
public:
static JS::NonnullGCPtr<HmacKeyAlgorithm> create(JS::Realm&);
virtual ~HmacKeyAlgorithm() override = default;
JS::GCPtr<KeyAlgorithm> hash() const { return m_hash; }
void set_hash(JS::GCPtr<KeyAlgorithm> hash) { m_hash = hash; }
WebIDL::UnsignedLong length() const { return m_length; }
void set_length(WebIDL::UnsignedLong length) { m_length = length; }
protected:
HmacKeyAlgorithm(JS::Realm&);
virtual void initialize(JS::Realm&) override;
virtual void visit_edges(Visitor&) override;
private:
JS_DECLARE_NATIVE_FUNCTION(hash_getter);
JS_DECLARE_NATIVE_FUNCTION(length_getter);
JS::GCPtr<KeyAlgorithm> m_hash;
WebIDL::UnsignedLong m_length;
};
}

12
Libraries/LibWeb/Crypto/SubtleCrypto.cpp
View file

@ -830,12 +830,12 @@ SupportedAlgorithmsMap supported_algorithms()
// FIXME: define_an_algorithm<AesKw, AesDerivedKeyParams>("get key length"_string, "AES-KW"_string);
// https://w3c.github.io/webcrypto/#hmac-registration
// FIXME: define_an_algorithm<HMAC>("sign"_string, "HMAC"_string);
// FIXME: define_an_algorithm<HMAC>("verify"_string, "HMAC"_string);
// FIXME: define_an_algorithm<HMAC, HmacKeyGenParams>("generateKey"_string, "HMAC"_string);
// FIXME: define_an_algorithm<HMAC, HmacImportParams>("importKey"_string, "HMAC"_string);
// FIXME: define_an_algorithm<HMAC>("exportKey"_string, "HMAC"_string);
// FIXME: define_an_algorithm<HMAC, HmacImportParams>("get key length"_string, "HMAC"_string);
define_an_algorithm<HMAC>("sign"_string, "HMAC"_string);
define_an_algorithm<HMAC>("verify"_string, "HMAC"_string);
define_an_algorithm<HMAC, HmacKeyGenParams>("generateKey"_string, "HMAC"_string);
define_an_algorithm<HMAC, HmacImportParams>("importKey"_string, "HMAC"_string);
define_an_algorithm<HMAC>("exportKey"_string, "HMAC"_string);
define_an_algorithm<HMAC, HmacImportParams>("get key length"_string, "HMAC"_string);
// https://w3c.github.io/webcrypto/#sha-registration
define_an_algorithm<SHA>("digest"_string, "SHA-1"_string);

51
Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/sign_verify/hmac.https.any.txt Normal file
View file

@ -0,0 +1,51 @@
Summary
Harness status: OK
Rerun
Found 41 tests
41 Pass
Details
Result Test Name MessagePass setup
Pass HMAC with SHA-1 verification
Pass HMAC with SHA-256 verification
Pass HMAC with SHA-384 verification
Pass HMAC with SHA-512 verification
Pass HMAC with SHA-1 verification with altered signature after call
Pass HMAC with SHA-256 verification with altered signature after call
Pass HMAC with SHA-384 verification with altered signature after call
Pass HMAC with SHA-512 verification with altered signature after call
Pass HMAC with SHA-1 with altered plaintext after call
Pass HMAC with SHA-256 with altered plaintext after call
Pass HMAC with SHA-384 with altered plaintext after call
Pass HMAC with SHA-512 with altered plaintext after call
Pass HMAC with SHA-1 no verify usage
Pass HMAC with SHA-256 no verify usage
Pass HMAC with SHA-384 no verify usage
Pass HMAC with SHA-512 no verify usage
Pass HMAC with SHA-1 round trip
Pass HMAC with SHA-256 round trip
Pass HMAC with SHA-384 round trip
Pass HMAC with SHA-512 round trip
Pass HMAC with SHA-1 signing with wrong algorithm name
Pass HMAC with SHA-256 signing with wrong algorithm name
Pass HMAC with SHA-384 signing with wrong algorithm name
Pass HMAC with SHA-512 signing with wrong algorithm name
Pass HMAC with SHA-1 verifying with wrong algorithm name
Pass HMAC with SHA-256 verifying with wrong algorithm name
Pass HMAC with SHA-384 verifying with wrong algorithm name
Pass HMAC with SHA-512 verifying with wrong algorithm name
Pass HMAC with SHA-1 verification failure due to wrong plaintext
Pass HMAC with SHA-256 verification failure due to wrong plaintext
Pass HMAC with SHA-384 verification failure due to wrong plaintext
Pass HMAC with SHA-512 verification failure due to wrong plaintext
Pass HMAC with SHA-1 verification failure due to wrong signature
Pass HMAC with SHA-256 verification failure due to wrong signature
Pass HMAC with SHA-384 verification failure due to wrong signature
Pass HMAC with SHA-512 verification failure due to wrong signature
Pass HMAC with SHA-1 verification failure due to short signature
Pass HMAC with SHA-256 verification failure due to short signature
Pass HMAC with SHA-384 verification failure due to short signature
Pass HMAC with SHA-512 verification failure due to short signature

17
Tests/LibWeb/Text/input/wpt-import/WebCryptoAPI/sign_verify/hmac.https.any.html Normal file
View file

@ -0,0 +1,17 @@
<!doctype html>
<meta charset=utf-8>
<title>WebCryptoAPI: sign() and verify() Using HMAC</title>
<meta name="timeout" content="long">
<script>
self.GLOBAL = {
isWindow: function() { return true; },
isWorker: function() { return false; },
isShadowRealm: function() { return false; },
};
</script>
<script src="../../resources/testharness.js"></script>
<script src="../../resources/testharnessreport.js"></script>
<script src="hmac_vectors.js"></script>
<script src="hmac.js"></script>
<div id=log></div>
<script src="../../WebCryptoAPI/sign_verify/hmac.https.any.js"></script>

6
Tests/LibWeb/Text/input/wpt-import/WebCryptoAPI/sign_verify/hmac.https.any.js Normal file
View file

@ -0,0 +1,6 @@
// META: title=WebCryptoAPI: sign() and verify() Using HMAC
// META: script=hmac_vectors.js
// META: script=hmac.js
// META: timeout=long
run_test();

351
Tests/LibWeb/Text/input/wpt-import/WebCryptoAPI/sign_verify/hmac.js Normal file
View file

@ -0,0 +1,351 @@
function run_test() {
setup({explicit_done: true});
var subtle = self.crypto.subtle; // Change to test prefixed implementations
// When are all these tests really done? When all the promises they use have resolved.
var all_promises = [];
// Source file hmac_vectors.js provides the getTestVectors method
// for the algorithm that drives these tests.
var testVectors = getTestVectors();
// Test verification first, because signing tests rely on that working
testVectors.forEach(function(vector) {
var promise = importVectorKeys(vector, ["verify", "sign"])
.then(function(vector) {
promise_test(function(test) {
var operation = subtle.verify({name: "HMAC", hash: vector.hash}, vector.key, vector.signature, vector.plaintext)
.then(function(is_verified) {
assert_true(is_verified, "Signature verified");
}, function(err) {
assert_unreached("Verification should not throw error " + vector.name + ": " + err.message + "'");
});
return operation;
}, vector.name + " verification");
}, function(err) {
// We need a failed test if the importVectorKey operation fails, so
// we know we never tested verification.
promise_test(function(test) {
assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''");
}, "importVectorKeys step: " + vector.name + " verification");
});
all_promises.push(promise);
});
// Test verification with an altered buffer after call
testVectors.forEach(function(vector) {
var promise = importVectorKeys(vector, ["verify", "sign"])
.then(function(vector) {
promise_test(function(test) {
var signature = copyBuffer(vector.signature);
var operation = subtle.verify({name: "HMAC", hash: vector.hash}, vector.key, signature, vector.plaintext)
.then(function(is_verified) {
assert_true(is_verified, "Signature is not verified");
}, function(err) {
assert_unreached("Verification should not throw error " + vector.name + ": " + err.message + "'");
});
signature[0] = 255 - signature[0];
return operation;
}, vector.name + " verification with altered signature after call");
}, function(err) {
promise_test(function(test) {
assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''");
}, "importVectorKeys step: " + vector.name + " verification with altered signature after call");
});
all_promises.push(promise);
});
// Check for successful verification even if plaintext is altered after call.
testVectors.forEach(function(vector) {
var promise = importVectorKeys(vector, ["verify", "sign"])
.then(function(vector) {
promise_test(function(test) {
var plaintext = copyBuffer(vector.plaintext);
var operation = subtle.verify({name: "HMAC", hash: vector.hash}, vector.key, vector.signature, plaintext)
.then(function(is_verified) {
assert_true(is_verified, "Signature verified");
}, function(err) {
assert_unreached("Verification should not throw error " + vector.name + ": " + err.message + "'");
});
plaintext[0] = 255 - plaintext[0];
return operation;
}, vector.name + " with altered plaintext after call");
}, function(err) {
promise_test(function(test) {
assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''");
}, "importVectorKeys step: " + vector.name + " with altered plaintext");
});
all_promises.push(promise);
});
// Check for failures due to no "verify" usage.
testVectors.forEach(function(originalVector) {
var vector = Object.assign({}, originalVector);
var promise = importVectorKeys(vector, ["sign"])
.then(function(vector) {
promise_test(function(test) {
return subtle.verify({name: "HMAC", hash: vector.hash}, vector.key, vector.signature, vector.plaintext)
.then(function(plaintext) {
assert_unreached("Should have thrown error for no verify usage in " + vector.name + ": " + err.message + "'");
}, function(err) {
assert_equals(err.name, "InvalidAccessError", "Should throw InvalidAccessError instead of '" + err.message + "'");
});
}, vector.name + " no verify usage");
}, function(err) {
promise_test(function(test) {
assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''");
}, "importVectorKeys step: " + vector.name + " no verify usage");
});
all_promises.push(promise);
});
// Check for successful signing and verification.
testVectors.forEach(function(vector) {
var promise = importVectorKeys(vector, ["verify", "sign"])
.then(function(vectors) {
promise_test(function(test) {
return subtle.sign({name: "HMAC", hash: vector.hash}, vector.key, vector.plaintext)
.then(function(signature) {
assert_true(equalBuffers(signature, vector.signature), "Signing did not give the expected output");
// Can we get the verify the new signature?
return subtle.verify({name: "HMAC", hash: vector.hash}, vector.key, signature, vector.plaintext)
.then(function(is_verified) {
assert_true(is_verified, "Round trip verifies");
return signature;
}, function(err) {
assert_unreached("verify error for test " + vector.name + ": " + err.message + "'");
});
});
}, vector.name + " round trip");
}, function(err) {
// We need a failed test if the importVectorKey operation fails, so
// we know we never tested signing or verifying
promise_test(function(test) {
assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''");
}, "importVectorKeys step: " + vector.name + " round trip");
});
all_promises.push(promise);
});
// Test signing with the wrong algorithm
testVectors.forEach(function(vector) {
// Want to get the key for the wrong algorithm
var promise = subtle.generateKey({name: "ECDSA", namedCurve: "P-256", hash: "SHA-256"}, false, ["sign", "verify"])
.then(function(wrongKey) {
return importVectorKeys(vector, ["verify", "sign"])
.then(function(vectors) {
promise_test(function(test) {
var operation = subtle.sign({name: "HMAC", hash: vector.hash}, wrongKey.privateKey, vector.plaintext)
.then(function(signature) {
assert_unreached("Signing should not have succeeded for " + vector.name);
}, function(err) {
assert_equals(err.name, "InvalidAccessError", "Should have thrown InvalidAccessError instead of '" + err.message + "'");
});
return operation;
}, vector.name + " signing with wrong algorithm name");
}, function(err) {
// We need a failed test if the importVectorKey operation fails, so
// we know we never tested verification.
promise_test(function(test) {
assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''");
}, "importVectorKeys step: " + vector.name + " signing with wrong algorithm name");
});
}, function(err) {
promise_test(function(test) {
assert_unreached("Generate wrong key for test " + vector.name + " failed: '" + err.message + "'");
}, "generate wrong key step: " + vector.name + " signing with wrong algorithm name");
});
all_promises.push(promise);
});
// Test verification with the wrong algorithm
testVectors.forEach(function(vector) {
// Want to get the key for the wrong algorithm
var promise = subtle.generateKey({name: "ECDSA", namedCurve: "P-256", hash: "SHA-256"}, false, ["sign", "verify"])
.then(function(wrongKey) {
return importVectorKeys(vector, ["verify", "sign"])
.then(function(vector) {
promise_test(function(test) {
var operation = subtle.verify({name: "HMAC", hash: vector.hash}, wrongKey.publicKey, vector.signature, vector.plaintext)
.then(function(signature) {
assert_unreached("Verifying should not have succeeded for " + vector.name);
}, function(err) {
assert_equals(err.name, "InvalidAccessError", "Should have thrown InvalidAccessError instead of '" + err.message + "'");
});
return operation;
}, vector.name + " verifying with wrong algorithm name");
}, function(err) {
// We need a failed test if the importVectorKey operation fails, so
// we know we never tested verification.
promise_test(function(test) {
assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''");
}, "importVectorKeys step: " + vector.name + " verifying with wrong algorithm name");
});
}, function(err) {
promise_test(function(test) {
assert_unreached("Generate wrong key for test " + vector.name + " failed: '" + err.message + "'");
}, "generate wrong key step: " + vector.name + " verifying with wrong algorithm name");
});
all_promises.push(promise);
});
// Verification should fail if the plaintext is changed
testVectors.forEach(function(vector) {
var promise = importVectorKeys(vector, ["verify", "sign"])
.then(function(vector) {
var plaintext = copyBuffer(vector.plaintext);
plaintext[0] = 255 - plaintext[0];
promise_test(function(test) {
var operation = subtle.verify({name: "HMAC", hash: vector.hash}, vector.key, vector.signature, plaintext)
.then(function(is_verified) {
assert_false(is_verified, "Signature is NOT verified");
}, function(err) {
assert_unreached("Verification should not throw error " + vector.name + ": " + err.message + "'");
});
return operation;
}, vector.name + " verification failure due to wrong plaintext");
}, function(err) {
// We need a failed test if the importVectorKey operation fails, so
// we know we never tested verification.
promise_test(function(test) {
assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''");
}, "importVectorKeys step: " + vector.name + " verification failure due to wrong plaintext");
});
all_promises.push(promise);
});
// Verification should fail if the signature is changed
testVectors.forEach(function(vector) {
var promise = importVectorKeys(vector, ["verify", "sign"])
.then(function(vector) {
var signature = copyBuffer(vector.signature);
signature[0] = 255 - signature[0];
promise_test(function(test) {
var operation = subtle.verify({name: "HMAC", hash: vector.hash}, vector.key, signature, vector.plaintext)
.then(function(is_verified) {
assert_false(is_verified, "Signature is NOT verified");
}, function(err) {
assert_unreached("Verification should not throw error " + vector.name + ": " + err.message + "'");
});
return operation;
}, vector.name + " verification failure due to wrong signature");
}, function(err) {
// We need a failed test if the importVectorKey operation fails, so
// we know we never tested verification.
promise_test(function(test) {
assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''");
}, "importVectorKeys step: " + vector.name + " verification failure due to wrong signature");
});
all_promises.push(promise);
});
// Verification should fail if the signature is wrong length
testVectors.forEach(function(vector) {
var promise = importVectorKeys(vector, ["verify", "sign"])
.then(function(vector) {
var signature = vector.signature.slice(1); // Drop first byte
promise_test(function(test) {
var operation = subtle.verify({name: "HMAC", hash: vector.hash}, vector.key, signature, vector.plaintext)
.then(function(is_verified) {
assert_false(is_verified, "Signature is NOT verified");
}, function(err) {
assert_unreached("Verification should not throw error " + vector.name + ": " + err.message + "'");
});
return operation;
}, vector.name + " verification failure due to short signature");
}, function(err) {
// We need a failed test if the importVectorKey operation fails, so
// we know we never tested verification.
promise_test(function(test) {
assert_unreached("importVectorKeys failed for " + vector.name + ". Message: ''" + err.message + "''");
}, "importVectorKeys step: " + vector.name + " verification failure due to short signature");
});
all_promises.push(promise);
});
promise_test(function() {
return Promise.all(all_promises)
.then(function() {done();})
.catch(function() {done();})
}, "setup");
// A test vector has all needed fields for signing and verifying, EXCEPT that the
// key field may be null. This function replaces that null with the Correct
// CryptoKey object.
//
// Returns a Promise that yields an updated vector on success.
function importVectorKeys(vector, keyUsages) {
if (vector.key !== null) {
return new Promise(function(resolve, reject) {
resolve(vector);
});
} else {
return subtle.importKey("raw", vector.keyBuffer, {name: "HMAC", hash: vector.hash}, false, keyUsages)
.then(function(key) {
vector.key = key;
return vector;
});
}
}
// Returns a copy of the sourceBuffer it is sent.
function copyBuffer(sourceBuffer) {
var source = new Uint8Array(sourceBuffer);
var copy = new Uint8Array(sourceBuffer.byteLength)
for (var i=0; i<source.byteLength; i++) {
copy[i] = source[i];
}
return copy;
}
function equalBuffers(a, b) {
if (a.byteLength !== b.byteLength) {
return false;
}
var aBytes = new Uint8Array(a);
var bBytes = new Uint8Array(b);
for (var i=0; i<a.byteLength; i++) {
if (aBytes[i] !== bBytes[i]) {
return false;
}
}
return true;
}
return;
}

39
Tests/LibWeb/Text/input/wpt-import/WebCryptoAPI/sign_verify/hmac_vectors.js Normal file
View file

@ -0,0 +1,39 @@
function getTestVectors() {
var plaintext = new Uint8Array([95, 77, 186, 79, 50, 12, 12, 232, 118, 114, 90, 252, 229, 251, 210, 91, 248, 62, 90, 113, 37, 160, 140, 175, 231, 60, 62, 186, 196, 33, 119, 157, 249, 213, 93, 24, 12, 58, 233, 148, 38, 69, 225, 216, 47, 238, 140, 157, 41, 75, 60, 177, 160, 138, 153, 49, 32, 27, 60, 14, 129, 252, 71, 202, 207, 131, 21, 162, 175, 102, 50, 65, 19, 195, 182, 98, 48, 195, 70, 8, 196, 244, 89, 54, 52, 206, 2, 178, 103, 54, 34, 119, 240, 168, 64, 202, 116, 188, 61, 26, 98, 54, 149, 44, 94, 215, 170, 248, 168, 254, 203, 221, 250, 117, 132, 230, 151, 140, 234, 93, 42, 91, 159, 183, 241, 180, 140, 139, 11, 229, 138, 48, 82, 2, 117, 77, 131, 118, 16, 115, 116, 121, 60, 240, 38, 170, 238, 83, 0, 114, 125, 131, 108, 215, 30, 113, 179, 69, 221, 178, 228, 68, 70, 255, 197, 185, 1, 99, 84, 19, 137, 13, 145, 14, 163, 128, 152, 74, 144, 25, 16, 49, 50, 63, 22, 219, 204, 157, 107, 225, 104, 184, 72, 133, 56, 76, 160, 62, 18, 96, 10, 193, 194, 72, 2, 138, 243, 114, 108, 201, 52, 99, 136, 46, 168, 192, 42, 171]);
var raw = {
"SHA-1": new Uint8Array([71, 162, 7, 70, 209, 113, 121, 219, 101, 224, 167, 157, 237, 255, 199, 253, 241, 129, 8, 27]),
"SHA-256": new Uint8Array([229, 136, 236, 8, 17, 70, 61, 118, 114, 65, 223, 16, 116, 180, 122, 228, 7, 27, 81, 242, 206, 54, 83, 123, 166, 156, 205, 195, 253, 194, 183, 168]),
"SHA-384": new Uint8Array([107, 29, 162, 142, 171, 31, 88, 42, 217, 113, 142, 255, 224, 94, 35, 213, 253, 44, 152, 119, 162, 217, 68, 63, 144, 190, 192, 147, 190, 206, 46, 167, 210, 53, 76, 208, 189, 197, 225, 71, 210, 233, 0, 147, 115, 73, 68, 136]),
"SHA-512": new Uint8Array([93, 204, 53, 148, 67, 170, 246, 82, 250, 19, 117, 214, 179, 230, 31, 220, 242, 155, 180, 162, 139, 213, 211, 220, 250, 64, 248, 47, 144, 107, 178, 128, 4, 85, 219, 3, 181, 211, 31, 185, 114, 161, 90, 109, 1, 3, 162, 78, 86, 209, 86, 161, 25, 192, 229, 161, 233, 42, 68, 195, 197, 101, 124, 249])
};
var signatures = {
"SHA-1": new Uint8Array([5, 51, 144, 42, 153, 248, 82, 78, 229, 10, 240, 29, 56, 222, 220, 225, 51, 217, 140, 160]),
"SHA-256": new Uint8Array([133, 164, 12, 234, 46, 7, 140, 40, 39, 163, 149, 63, 251, 102, 194, 123, 41, 26, 71, 43, 13, 112, 160, 0, 11, 69, 216, 35, 128, 62, 235, 84]),
"SHA-384": new Uint8Array([33, 124, 61, 80, 240, 186, 154, 109, 110, 174, 30, 253, 215, 165, 24, 254, 46, 56, 128, 181, 130, 164, 13, 6, 30, 144, 153, 193, 224, 38, 239, 88, 130, 84, 139, 93, 92, 236, 221, 85, 152, 217, 155, 107, 111, 48, 87, 255]),
"SHA-512": new Uint8Array([97, 251, 39, 140, 63, 251, 12, 206, 43, 241, 207, 114, 61, 223, 216, 239, 31, 147, 28, 12, 97, 140, 37, 144, 115, 36, 96, 89, 57, 227, 249, 162, 198, 244, 175, 105, 11, 218, 52, 7, 220, 47, 87, 112, 246, 160, 164, 75, 149, 77, 100, 163, 50, 227, 238, 8, 33, 171, 248, 43, 127, 62, 153, 193])
};
// Each test vector has the following fields:
// name - a unique name for this vector
// keyBuffer - an arrayBuffer with the key data
// key - a CryptoKey object for the keyBuffer. INITIALLY null! You must fill this in first to use it!
// hashName - the hash function to sign with
// plaintext - the text to encrypt
// signature - the expected signature
var vectors = [];
Object.keys(raw).forEach(function(hashName) {
vectors.push({
name: "HMAC with " + hashName,
hash: hashName,
keyBuffer: raw[hashName],
key: null,
plaintext: plaintext,
signature: signatures[hashName]
});
});
return vectors;
}