LibWeb: Support the importing of ml-kem keys in raw-seed format

Author: https://github.com/tete17
Commit: https://github.com/LadybirdBrowser/ladybird/commit/ed025f5fcda
Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/7320
Reviewed-by: https://github.com/shannonbooth ✅

Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp

@@ -9167,7 +9167,54 @@ WebIDL::ExceptionOr<GC::Ref<CryptoKey>> MLKEM::import_key(AlgorithmParams const&
         // 6. Set the [[algorithm]] internal slot of key to algorithm.
         key->set_algorithm(algorithm);
     }
-    // FIXME: -> If format is "raw-seed":
+    //    -> If format is "raw-seed":
+    else if (key_format == Bindings::KeyFormat::RawSeed) {
+        // 1. If usages contains an entry which is not "decapsulateKey" or "decapsulateBits" then throw a SyntaxError.
+        for (auto const& usage : usages) {
+            if (usage != Bindings::KeyUsage::Decapsulatekey && usage != Bindings::KeyUsage::Decapsulatebits) {
+                return WebIDL::SyntaxError::create(m_realm, Utf16String::formatted("Invalid key usage '{}'", idl_enum_to_string(usage)));
+            }
+        }
+
+        // 2. Let data be keyData.
+        VERIFY(key_data.has<ByteBuffer>());
+        auto const data = move(key_data.get<ByteBuffer>());
+
+        // 3. If the length in bits of data is not 512 then throw a DataError.
+        if (data.size() * 8 != 512)
+            return WebIDL::DataError::create(m_realm, "Invalid key format"_utf16);
+
+        // 4. Let privateKey be the result of performing the ML-KEM.KeyGen_internal function described in
+        //    Section 6.1 of [FIPS-203] with the parameter set indicated by the name member of
+        //    normalizedAlgorithm, using the first 256 bits of data as d and the last 256 bits of data as z.
+        auto maybe_key_pair = [&] {
+            if (params.name == "ML-KEM-512")
+                return ::Crypto::PK::MLKEM::generate_key_pair(::Crypto::PK::MLKEMSize::MLKEM512, data);
+            if (params.name == "ML-KEM-768")
+                return ::Crypto::PK::MLKEM::generate_key_pair(::Crypto::PK::MLKEMSize::MLKEM768, data);
+            if (params.name == "ML-KEM-1024")
+                return ::Crypto::PK::MLKEM::generate_key_pair(::Crypto::PK::MLKEMSize::MLKEM1024, data);
+            VERIFY_NOT_REACHED();
+        }();
+        if (maybe_key_pair.is_error())
+            return WebIDL::OperationError::create(m_realm, Utf16String::formatted("Key generation failed: {}", maybe_key_pair.release_error()));
+        auto const key_pair = maybe_key_pair.release_value();
+
+        // 5. Let key be a new CryptoKey that represents the ML-KEM private key identified by privateKey.
+        key = CryptoKey::create(m_realm, key_pair.private_key);
+
+        // 6. Set the [[type]] internal slot of key to "private"
+        key->set_type(Bindings::KeyType::Private);
+
+        // 7. Let algorithm be a new KeyAlgorithm.
+        auto const algorithm = KeyAlgorithm::create(m_realm);
+
+        // 8. Set the name attribute of algorithm to the name attribute of normalizedAlgorithm.
+        algorithm->set_name(params.name);
+
+        // 9. Set the [[algorithm]] internal slot of key to algorithm.
+        key->set_algorithm(algorithm);
+    }
     // FIXME: -> If format is "jwk":
     //    -> Otherwise:
     else {