In the WebCrypto modern algorithm specification, the issue
(https://github.com/WICG/webcrypto-modern-algos/issues/47) on algorithm
name referencing in the export key operation of ML-KEM had been resolved
by the following commit in the specification repository:
705f8ec6ce
Our implementation actually matches the new specification. We simply
update the specification text, with some minor refactoring accordingly.
Testing: Refactoring. Existing tests suffice.
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
`NormalizedAlgorithm::encrypt`, `NormalizedAlgorithm::decrypt` and other
similar functions have some catch-all `match` arms that are unreachable.
They are unreachable because we rely on the name attribute in `String`
of the subtle dictionaries and the `NormalizedAlgorithm` enum to
determine which cryptographic algorithm to use, while the algorithm
normalization mechanism guarantees that some combinations of name and
enum variants won't exist.
This patch tries to get rid of those unreachable `match` arms to make
our WebCrypto code more idiomatic so that the Rust compiler can help us
ensure the correctness in the future.
To achieve this, we break the enum `NormalizedAlgorithm` into multiple
enums: `EncryptAlgorithm`, `DecryptAlgorithm`, `SignAlgorithm`, etc.
Each one is associated to a cryptographic operation, and its variants
are the cryptographic algorithms that support the associated operation.
The inner type of each variant is the desired parameter dictionary.
Therefore, when the call `EncryptAlgorithm::encrypt`,
`DecryptAlgorithm::decrypt` and other similar functions, we can have
`match` statements that cover all patterns since those enums only
contains necessary variants.
To make this change, we also need to change the algorithm registration
mechanism. Instead of using the `SupportedAlgorithm` enum and its method
`SupportedAlgorithm::support` to register the operations of the
algorithms, the algorithm registration is now done in the function
`from_object_value` of a new trait named `NormalizedAlgorithm`, which
the new enums `EncryptAlgorithm`, `DecryptAlgorithm` and so implement.
(Note that the existing enum named `NormalizedAlgorithm` is removed.)
Some refactoring in also done in the `normalize_algorithm` function to
adapt the above changes.
This new design of algorithm registration is also closer to the
WebCrypto specification, as explained in the comment block below the
`normalize_algorithm` function.
The crate `strum` is also used to reduce some boilerplate code.
Testing: Refactoring. Existing tests suffice.
Fixes: Part of #42579
---------
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
Use the new `reflect_dom_object_with_cx` introduced in #42725 in
`CryptoKey::new`.
Testing: Refactoring. Existing tests suffice.
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
This patch changes the methods of `SubtleCrypto` to use the new `&mut
JSContext` and `&mut CurrentRealm`, Those methods are `Encrypt`,
`Decrypt`, `Sign`, `Verify`, `GenerateKey`, `DeriveKey`, `DeriveBits`,
`Digest`, `ImportKey`, `ExportKey`, `WrapKey`, `UnwrapKey`,
`EncapsulateKey`, `EncapsulateBits`, `DecapsulateKey`,
`DecapsulateBits`.
The change also propagate to the all internal methods within the
`subtlecrypto` module.
Testing: Refactoring. Existing tests suffice.
Fixes: Part of #42638
---------
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
Continuation of https://github.com/servo/servo/pull/42135, switch
Error::Type and Error::Range to also use CStrings internally, as they
are converted to CString for throwing JS exceptions (other get thrown as
DomException object, which uses rust string internally).
Changes in script crate are mechanical.
Testing: Should be covered by WPT tests.
Part of #42126
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
The import key operations of
- RSASSA-PKCS1-v1_5 (`rsassa_pkcs1_v1_5_operation::import_key`)
- RSA-PSS (`rsa_pss::import_key`)
- RSA_OAEP (`rsa_oaep::import_key`)
only differ from each other by a few steps. This patch combines them
into a single function (`rsa_common::import_key`) shared among them.
The enum variant `RsaAlgorithm::RsaSsaPkcs1v15` is also renamed as
`RsaAlgorithm::RsassaPkcs1v1_5` for clarity.
Testing: Refactoring. Existing tests suffice.
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
Move some common/similar steps of the import key operations of AES-CTR,
AES-CBC, AES-GCM, AES-KW and AES-OCB to the shared module `aes_common`.
Some comments are also added to the shared module `aes_common` to
explain the small difference in the specification of AES-OCB operations.
Testing: Refactoring. Existing tests suffice.
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
Add all the missing error messages for `hkdf_operation.rs` and
`cshake_operation.rs` (one message only). Tried to follow the style of
existing messages and used an existing message for the HKDF-expand
operation. Related to #40756.
Testing: No tests added.
Signed-off-by: César Pedraza <cpedraza@unal.edu.co>
Adding error messages across
`script/dom/subtlecrypto/ecdh_operation.rs`.
Testing: No tests as this is just adding error messages
Fixes: (part of) #40756
---------
Signed-off-by: PaulTreitel <paul.treitel@gmail.com>
We previously introduced new infrastructure for sharing code in
`aes_common.rs` among AES algorithms.
This patch makes AES-KW algorithm adapt the new infrastructure, by
moving the relevant code away from `aes_operation.rs` to its own
`aes_kw_operation.rs`, and calling AES common steps in the new
`aes_common.rs`.
Since all AES algorithms have been moved away from `aes_operation.rs`,
the file `aes_operation.rs` is also removed. The key handle variants
`Handle::Aes128`, `Handle::Aes192` and `Handle::Aes256` used by the old
AES infrastructure is also removed.
Testing: Refactoring. Existing tests suffice.
Fixes: Part of #41763
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
We currently only support 128-bit tags for AES-GCM authenticated
decryption. This patch expands support to 96-bit, 104-bit, 112-bit, and
120-bit tags.
The specification recommends supporting 32-bit and 64-bit tags as well.
However, the `aes-gcm` crate currently does not support them. We may
need to look for a workaround or wait for updates from the upstream
project.
Testing: Pass some WPT tests that were expected to fail.
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
Add all the missing error messages in `ed25519_operation.rs`. Followed
the other implementations of `importKey`, `exportKey` and others to try
and follow the same style. Related to #40756.
Testing: No tests added, did some manual tests
---------
Signed-off-by: César Pedraza <cpedraza@unal.edu.co>
We previously introduced new infrastructure for sharing code in
`aes_common.rs` among AES algorithms.
Similar to #41856 on AES-CTR and #41883 on AES-CBC, this patch makes
AES-GCM algorithm adapt the new infrastructure, by moving the relevant
code away from `aes_operation.rs` to its own `aes_gcm_operation.rs`, and
calling AES common steps in the new `aes_common.rs`.
The patch also re-wrote the encrypt and decrypt operations of AES-GCM to
properly handle different tag lengths. This helps extend our support on
more tag lengths later, in order pass more WPT tests.
Testing: Refactoring. Existing tests suffice.
Fixes: Part of #41763
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
We previously introduced new infrastructure for sharing code in
`aes_common.rs` among AES algorithms.
Similar to #41856 on AES-CTR, this patch makes AES-CBC algorithm adapt
the new infrastructure, by moving the relevant code away from
`aes_operation.rs` to its own `aes_cbc_operation.rs`, and calling AES
common steps in the new `aes_common.rs`. The patch also does some
refactoring on the encrypt and decrypt operations to get closer to
specification.
Testing: Refactoring. Existing tests suffice.
Fixes: Part of #41763
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
#41762 introduced new infrastructure for sharing code in `aes_common.rs`
among AES algorithms.
This patch makes AES-CTR algorithm adopt the new infrastructure, by
moving the relevant code away from `aes_operation.rs` to its own
`aes_ctr_operation.rs`, with refactoring for adaptation.
Testing: Refactoring. Existing tests suffice.
Fixes: Part of #41763
---------
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
Start adding AES-OCB support to WebCrypto API.
This patch implements the import key operations of AES-OCB, with the
`aes` crate.
Specification:
https://wicg.github.io/webcrypto-modern-algos/#aes-ocb-operations-import-key
Testing:
- Pass some WPT tests that were expected to fail.
- Some new FAIL expectations are added. They were skipped by WPT when
the import key operation of AES-OCB had not been implemented, and
requires other not-yet-implemented operations to pass.
Fixes: Part of #41762
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
Start adding ML-DSA support to WebCrypto API.
This patch implements the import key operations of ML-DSA, with `ml-dsa`
crate.
Specification:
https://wicg.github.io/webcrypto-modern-algos/#ml-dsa-operations-import-key
Testing:
- Pass some WPT tests that were expected to fail.
- Some new FAIL expectations are added. They were skipped by WPT when
the import key operations of ML-DSA had not been implemented, and
requires other not-yet-implemented operations to pass.
Fixes: Part of #41626
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
We wrongly use the object identifier of ML-KEM for the `alg` field of
exported ML-KEM key in JWK format. We should use the values specified in
Section 8 of [draft-ietf-jose-pqc-kem-01] (Figure 1) instead.
[draft-ietf-jose-pqc-kem-01] (Figure 1):
https://www.ietf.org/archive/id/draft-ietf-jose-pqc-kem-01.html#direct-table
Testing: WPT currently does not have relevant tests for ML-KEM keys in
JWK format since The JWK format for ML-KEM is not standardized yet. We
strive to remain compliant with the current specification.
---------
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
Continue on adding ML-KEM support to WebCrypto API.
Specification: https://wicg.github.io/webcrypto-modern-algos/#ml-kem
This patch implements generate key operation of ML-KEM, with `ml-kem`
crate.
Testing: Pass some WPT tests that were expected to fail.
Fixes: Part of #41473
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
Continue on adding ML-KEM support to WebCrypto API.
Specification: https://wicg.github.io/webcrypto-modern-algos/#ml-kem
This patch implements export key operation of ML-KEM, with `ml-kem`
crate.
Testing: Pass some WPT tests that were expected to fail.
Fixes: Part of #41473
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
Start adding ML-KEM support to WebCrypto API.
Specification: https://wicg.github.io/webcrypto-modern-algos/#ml-kem
This patch implements import key operation of ML-KEM, with `ml-kem`
crate.
Testing: Pass some WPT tests that were expected to fail.
Fixes: Part of #41473
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
WebCrypto API has an internal object `supportedAlgorithms`
<https://w3c.github.io/webcrypto/#dfn-supportedAlgorithms> that maps the
all supported algorithms and operations to their desired IDL dictionary
types. It is mainly used by the "normalize an algorithm" algorithm
<https://w3c.github.io/webcrypto/#algorithm-normalization-normalize-an-algorithm>.
We currently implement it as a large `match` block in the
`normalize_algorithm` function.
This patch properly implements the internal object `supportedAlgorithms`
as a new enum type `SupportedAlgorithm`.
By doing so, we can reduce a lot of string comparison to enum matching,
which can be done faster. This patch also separates the dictionary
conversion away from the `match` block to make our code cleaner.
Furthermore, the `exportKey()` method can now utilize the new
`SupportedAlgorithm` to properly check against the algorithm
registration, instead of hard-coding an list of unsupported algorithms
by itself.
Testing: Refactoring. Existing tests suffice.
---------
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
Add a helper function `JsonWebKey::set_key_ops` for setting JsonWebKey
key_ops attribute to a given list of key usages. This task is very
common in export key operation of different cryptographic algorithms.
Adding this helper function helps simplify our code.
Testing: Refactoring. Existing tests suffice.
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
Companion of #41428, which added helper functions to handle JsonWebKey
common decoding tasks.
This patch adds a helper function `JsonWebKey::encode_string_field` to
handle common base64url encoding tasks across multiple algorithms.
Testing: Refactoring. Existing tests suffice.
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
Add several helper functions to JsonWebKey to handle common base64url
decoding tasks across multiple algorithms. Those helper functions
include:
- `JsonWebKey::decode_optional_string_field`: decode optional field
- `JsonWebKey::decode_required_string_field`: decode required field
- `JsonWebKey::decode_primes_from_oth_field`: decode oth field to primes
These help simplify our code for importing keys in JsonWebKey format.
Testing: Refactoring. Existing tests suffice.
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
Fill in the error messages across
`script/dom/subtlecrypto/aes_operations.rs` that were still left as
`None`.
Testing: No tests added as these are just error messages.
Addressing: #40756
---------
Signed-off-by: PaulTreitel <paul.treitel@gmail.com>
For some dictionaries in SubtleCrypto interface, we store the hash field
of `HashAlgorithmIdentifier` type as a `SubtleKeyAlgorithm`. The
conversion to `SubtleKeyAlgorithm` is unnecessary. Moreover,
`SubtleKeyAlgorithm` is not supposed to be used there.
This patch fixes it by simply storing them as the normalized algorithm
given by Step 10.1.3 of normalization [1], for those hash field of
`HashAlgorithmIdentifier` type.
[1]
https://w3c.github.io/webcrypto/#algorithm-normalization-normalize-an-algorithm
Testing: Refactoring. Existing tests suffice.
---------
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
Finish adding RSA-OAEP support to WebCrypto API, by implementing the
encrypt and decrypt operations of RSA-OAEP.
Testing: Pass some WPT tests that were expected to fail.
Fixes: Part of #41113
---------
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
add error messages for `encrypt_aes_ctr`, `encrypt_aes_cbc`, and
`decrypt_aes_cbc`
Related issue: #40756
For some of the messages I just used the `fmt::Display` of `UnpadError`,
but maybe these messages should be more specific?
---------
Signed-off-by: César Pedraza <cpedraza@unal.edu.co>
Finish adding RSA-PSS support to WebCrypto API, by implementing the sign
and verify operations of RSA-PSS.
Testing: Pass some WPT tests that were expected to fail.
Fixes: Part of #41113
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
Finish adding RSASSA-PKCS1-v1_5 support to WebCrypto API, by
implementing the sign and verify operations of RSASSA-PKCS1-v1_5.
Testing: Pass some WPT tests that were expected to fail.
Fixes: Part of #41113
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
This patch implements generate key operations of three RSA algorithms
(RSASSA-PKCS1-v1_5, RSA-OAEP, RSA-OAEP), with `rsa` crate.
The three operations are very similar to each other, so we can implement
them as a single function, located at the sub-module `rsa_common`,
shared among the three RSA algorithms. The enum `RsaAlgorithm` is used
differentiate the behavior of a few steps (Step 1, 5, 13 and 18) that
are slightly different among the three RSA algorithms.
Testing: Pass some WPT tests that were expected to fail.
Fixes: Part of #41113
---------
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
This patch implements export key operations of three RSA algorithms
(RSASSA-PKCS1-v1_5, RSA-OAEP, RSA-OAEP), with `rsa` crate.
The three operations are very similar to each other, so we can implement
them as a single function, located at a new sub-module `rsa_common`,
shared among the three RSA algorithms. An enum `RsaAlgorithm` is also
added to the sub-module `rsa_common`, in order to slightly differentiate
the behavior of the step (Step 3.4 of "jwk" format) that are different
among the three RSA algorithms.
Testing:
- Pass some WPT tests that were expected to fail.
- Some new FAIL expectations are added. They were skipped by WPT when
the export key operations of RSASSA-PKCS1-v1_5, RSA-PSS and RSA-OAEP had
not been implemented, and requires other not-yet-implemented operations
to pass.
Fixes: Part of #41113
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
Start adding RSAS-OAEP support to WebCrypto API.
This patch implements import key operation of RSA-OAEP, with `rsa`
crate.
Testing:
- Pass some WPT tests that were expected to fail.
- Some new FAIL expectations are added. They were skipped by WPT when
the import key operation of RSA-OAEP had not been implemented, and
requires other not-yet-implemented operations to pass.
Fixes: Part of #41113
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
Co-authored-by: Tim van der Lippe <TimvdLippe@users.noreply.github.com>
Start adding RSASSA-PKCS1-v1_5 support to WebCrypto API.
This patch implements import key operation of RSASSA-PKCS1-v1_5, with
`rsa` crate.
Testing:
- Pass some WPT tests that were expected to fail.
- Some new FAIL expectations are added. They were skipped by WPT when
the import key operation of RSASSA-PKCS1-v1_5 had not been implemented,
and requires other not-yet-implemented operations to pass.
Fixes: Part of #41113
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
Start adding RSA-PSS support to WebCrypto API.
This patch implements import key operation of RSA-PSS, with `rsa` crate.
Testing:
- Pass some WPT tests that were expected to fail.
- Some new FAIL expectations are added. They were skipped by WPT when
the import key operation of RSA-PSS had not been implemented, and
requires other not-yet-implemented operations to pass.
Fixes: #34362, and part of #41113
---------
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
Error messages in the import/export key operations of ChaCha20-Poly1305
are missing. This patch adds those error messages.
Testing: No behavioral change. Existing tests suffice.
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
Finish adding ChaCha20-Poly1305 support to WebCrypto API.
This patch implements encrypt operation and decrypt operation of
ChaCha20-Poly1305, using the crate `chacha20poly1305` to support the
cryptographic calculation. The get key length operation of
ChaCha20-Poly1305 is also included in this patch.
Testing: Pass some WPT tests that were expected to fail.
Fixes: Part of #40687
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
Continue on adding ChaCha20-Poly1305 support to WebCrypto API.
This patch implements generate key operation of ChaCha20-Poly1305, using
the crate `chacha20poly1305` to support the cryptographic calculation.
Testing: Pass some WPT tests that were expected to fail.
Fixes: Part of #40687
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
Start adding ChaCha20-Poly1305 support to WebCrypto API.
This patch implements "import key" operation and "export key" operation
of ChaCha20-Poly1305, using the crate `chacha20poly1305` to support the
cryptographic calculation.
Testing: Pass some WPT tests that were expected to fail.
Fixes: Part of #40687
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
