We currently use the crate `aws-lc-rs` for HKDF in the WebCrypto API.
When generating output bytes from the output of HKDF-Expand operation
(OKM, Output Key Material), it enforces the requested output length must
match the length of key type (see error condition of `Okm::fill` at
https://docs.rs/aws-lc-rs/1.14.1/aws_lc_rs/hkdf/struct.Okm.html#method.fill).
However, according to the WebCrypto API specification, user should be
allowed to choose the output length
(https://w3c.github.io/webcrypto/#hkdf-operations-derive-bits). The
restriction from `aws-lc-rs` causes several HKDF-related WPT tests to
fail.
This patch switches to use a more flexible crate `hkdf`
(https://crates.io/crates/hkdf) for implementing HKDF in our WebCrypto
API, and allowing variable length output. This helps to make those
HKDF-related WPT tests pass.
Testing: Pass some WPT tests that were expected to fail.
---------
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
The goal of this change is to prevent having to copy so much data out of
listeners when a fetch completes, which will be particularly important
for off-the-main thread parsing of CSS (see #22478). This change has
pros and cons:
Pros:
- This makes the design of the `FetchResponseListener` a great deal
simpler.
They no longer individually store a dummy `ResourceFetchTiming` that is
only replaced right before `process_response_eof`.
- The creation of the `Arc<Mutex<FetchResponseListener>>` in the
`NetworkListener` is abstracted away from clients and now they just
pass the `FetchResponseListener` to the fetch methods in the global.
Cons:
- Now each `FetchResponseListener` must explicitly call `submit_timing`
instead of having the `NetworkListener` do it. This is arguably a bit
easier to follow in the code.
- Since the internal data of the `NetworkListener` is now an
`Arc<Mutex<Option<FetchResponseListener>>>`, when the fetching code
needs to share state with the `NetworkListener` it either needs to
share an `Option` or some sort of internal state. In one case I've
stored the `Option` and in another case, I've stored a new inner
shared value.
Testing: This should not change observable behavior and is thus covered
by existing tests.
Fixes: #22550
---------
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Continue on adding ECDSA support to WebCrypto API. This patch implements
verify operation of ECDSA, using ECDSA implementation from the crates
`ecdsa` for the operation, `p256`, `p384`, `p521`, and `elliptic_curve`
for the key, and `sha1`, `sha2` and `digest` for digesting messages.
Testing: Pass some WPT tests that were expected to fail.
Fixes: Part of #39060
---------
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
Other than upgrading phf, phf_codegen and phf_shared to 0.13, this also
upgrades html5ever, markup5ever and xml5ever to 0.36, string_cache to
0.9, and Stylo to https://github.com/servo/stylo/pull/266.
Testing: Not needed, no behavior change
Fixes: #40533
Signed-off-by: Oriol Brufau <obrufau@igalia.com>
This is last step toward enabling the default rustc
`unsafe_op_in_unsafe_fn` warning for the script crate. It wraps the
remaining unsafe code in `unsafe {}` and removes the line disabling this
warning from `script`'s `Cargo.toml`. In addition, two variables are
renamed from `v` to something slightly more descriptive.
Testing: This should not change behavior so is covered by existing
tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Start adding X25519 support to WebCrypto API. This patch implements
import key operation of X25519, using X25519 implementation from the
crate `x25519-dalek`.
Testing:
- Pass some WPT tests that were expected to fail.
- Some FAIL expectations are added. They require other
not-yet-implemented operations of X25519. WPT skipped them when "import
key" operation for X25519 were not yet implemented.
Fixes: Part of #39060
---------
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
The `SubtleCrypto` interface of WebCrypto API needs to encode and decode
keys in base64 alphabets when exporting/importing keys in JsonWebKey
format.
We currently use the `base64` crate to handle base64 encoding and
decoding. This patch switches to use the `base64ct` crate, which is a
constant-time implementation of base64 alphabets.
Using constant-time implementation to handle base64 encoding and
decoding of cryptographic secret provides a better protection against
time-based sidechannel attack.
Remarks: The multi-line changes in `ecdh_operation.rs` are mostly caused
by `./mach fmt`.
Testing: Refactoring. Existing tests suffice.
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
Implement import key operation for ECDH, using cryptographic calculation
implementation from the crates `p256`, `p384` and `p521`.
Testing:
- Pass some WPT tests that were expected to fail.
- Some FAIL expectations are added. They are related to the
not-yet-implemented "derive bits" operation of ECDH. WPT skipped them
when "import key" operation for ECDH were not yet implemented.
Fixes: Part of #39060
---------
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
The patch implements Compression (https://compression.spec.whatwg.org/)
with the compression and decompression provided by the `flate2` crate
(https://crates.io/crates/flate2).
`flate2` supports several different backends, controlled through the
crate's features. By default, it uses `miniz_oxide`
(https://crates.io/crates/miniz_oxide).
`flate2` provides three modules `read`, `write` and `bufread` which work
on instances of the `std::io::Read`, `std::io::Write` and
`std::io::Bufread` traits, respectively. The `write` module is chosen in
the patch since it matches the streaming model in the specification.
Testing: Enable WPT for Compression API, and introduce WPT expectation.
---------
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
This wrapper was added in order to eliminate the number of file
descriptors used accessing `/dev/urandom`, but these days `osrandom` and
by proxy `rand` will try to use `getrandom` on Linux and similar system
APIs on other platforms [^1].
This is a trial balloon for removing the wrapper, since almost all
modern Linux systems have `getrandom` (available since Linux
3.17).
[^1]: https://docs.rs/getrandom/0.3.4/getrandom/#supported-targets
Testing: Should not change observable behavior (only in random ways), so
should
be covered by WPT tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
XPath (and, in the future, XSLT) is only loosely coupled to `script`. As
`script` is already very large, I'd like to move the xpath parser and
evaluator into a seperate crate. Doing so allows us to iterate on it
more easily, without having to recompile `script`. Abstracting over the
concrete DOM implementation could also allow us to write some more
comprehensive unit tests.
Testing: Covered by existing web platform tests
Part of https://github.com/servo/servo/issues/34527
Fixes https://github.com/servo/servo/issues/39551
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
The Link HTTP header can do the same as link elements,
in that they can preload/prefetch/etc... This implements
the basics of header parsing and hooks it up for preload.
Note that we use a new nom-rfc8288 crate that implements
the parsing behavior. However, that crate is too strict
in that empty attributes (;; as part of the header) are
discarded and resulting in a parsing failure. Therefore,
we use its lenient parsing mode.
Part of #35035
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Tim van der Lippe <TimvdLippe@users.noreply.github.com>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
This should be the final PR for the Hash Function series that is
trivial.
Of note: I decided to transform `HashMapTracedValues<Atom,..>` to use
FxBuildHasher. This is likely not going to improve performance as Atom's
already have a unique u32 that is used as the Hash but it safes a few
bytes for the RandomState that is normally in the HashMap.
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
Testing: Hash function changes should not change functionality, we
slightly decrease the size and unit tests still work.
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
Instead of doing font selection and text shaping in `canvas`, move this
to `script`. This allows canvas to use the shared `Document`
`FontContext`, which has access to web fonts. In addition, ensure that
there is a font style accessible for `OffscreenCanvas` in workers.
Testing: This causes a number of WPT tests to start to pass as web fonts
are
supported on canvas again. In addition, some start to fail as they
expose other
issues:
- The lack of support for the `Context2D.fontStretch` property
- Issues with zerosize gradient interpolation.
- Differences between quoted and unquoted font family names. This seems
like
a timing issue with the way we are handling web fonts. The test seems to
be
expecting Local fonts to be available immediately (without waiting for
them
to load). This isn't how Servo works ATM. Seems like an issue with the
test.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Remove unused `Cargo.toml` dependency to reduce binary size.
Testing: Can still compile in different platforms.
Signed-off-by: Euclid Ye <euclid.ye@huawei.com>
This PR removes existing path(segment) abstractions in favor of
`kurbo::BezPath`, well actually wrapped `kurbo::BezPath`, to ensure
building of valid paths. This allows us better Path2D building in script
and doing all validation and segmentation there and also allows us
remove blocking is_point_in_path on Path2D as we can now do this in
script. Current path is still done on canvas thread side as it will be
harder to move to script (will be done as a follow up), but it now uses
this new path abstraction.
Using kurbo also allows us to ditch our manual svgpath parser with the
one provided by kurbo.
Same code is stolen from: https://github.com/servo/servo/pull/36821.
Testing: Existing WPT tests
Fixes: #37904
wpt run: https://github.com/sagudev/servo/actions/runs/16172191716
---------
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
The cookie-rs library parses the cookie expiry date based on the format
from RFC 2616 (for HTTP/1.1), which is stricter than the format from RFC
6265 (for HTTP cookie).
This patch implements the cookie expiry date algorithm from RFC 6265.
When Cookie::parse fails in parsing the expiry date, we try to parse the
expiry again with this algorithm, to provide extra compatibility with
legacy systems.
Testing: Pass a WPT test that was expected to fail before, and add a
unit test.
Fixes: #36452
---------
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
- Make feature flag of smallvec global.
- Removed unused dependency of thinvec.
- Removed unused flag of hyper-util.
Reduces the binary size by an astonishing 3.352k.
Testing: Compilation 'tests' this change.
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
This change fixes an issue and makes a few more minor improvements to
the `ImageAnimationState`:
1. Image rooting and unrooted now happens in one step from
`Window::update_animations_post_reflow`.
2. The `node_to_animating_image_map` is now stored as a shared `RwLock`
so that it doesn't need to be taken and then replaced in the
`ImageAnimationState` during reflow. This should prevent a hypothetical
issue
where image animations are restarted during empty reflows.
3. General naming and idiomatic Rust usage improvements.
Testing: This doesn't really have any obvious behavioral changes,
because all
reflows currently trigger a restyle. It becomes a serious problem with
#37677
and this change fixes the failing test there.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Now that we are standardizing on the `_traits` crates becoming `_api`
and exposing the API of the crate that they get their name from [^1],
`script_layout_interface` becomes `layout_api` as it exposes the API for
`layout` that is used by `script` This brings the crate in line with the
naming of the other ones in `shared`.
[^1]:
https://servo.zulipchat.com/#narrow/channel/263398-general/topic/Organizing.20*_traits.20crates/with/396893711
Testing: This should not change any behavior and thus is covered by
existing tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
1. The `shared` directory is for the "_traits" crates, which will likely
be moved out of this directly at some point and renamed "_api". These
crates expose the API of crates to avoid circular dependencies.
`Snapshot` isn't really this.
2. `Snapshot` is essentially a specialied kind of `Image` so it makes
sense that it is grouped with other image-related things in `pixels`.
Testing: This should not change any behavior so is covered by existing
tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Removed unused dependencies in various crates using cargo-machete, grep
and cargo-udeps.
Testing: The CI tests if any dependencies were used that are removed.
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
Instead, use the `filter_map` functions of `std::cell::Ref` and
`accountable_refcell::Ref`, which provide the same functionality as
`ref_filter_map`.
Testing: Refactoring for removing dependency. No extra test is needed.
Fixes: #36851
---------
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
Disabling the TestBinding-related bindings and implementations saves 2mb
in a release build. Also, we lost the related test preferences when we
turned the layout-2020 tests on, so the tests have all been failing for
a long time.
Testing: Existing tests in CI.
---------
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Each canvas context returns snapshot instead of just raw bytes. This
allows as to hold off conversions (BGRA <-> RGBA, (un)premultiply) to
when/if they are actually needed. For example when loading snapshot into
webgl we can load both RGBA and BGRA so no conversion is really needed.
Currently whole thing is designed to be able to be extend on
https://github.com/servo/ipc-channel/pull/356, to make less copies.
Hence some commented out code.
Fixes#35759
There are tests for these changes in WPT
---------
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
These two traits both exposed different parts of the compositing API,
but now that the compositor doesn't depend directly on `script` any
longer and the `script_traits` crate has been split into the
`constellation_traits` crate, this can be finally be cleaned up without
causing circular dependencies. In addition, some unit tests for the
`IOPCompositor`'s scroll node tree are also moved into
`compositing_traits` as well.
Testing: This just combines two crates, so no new tests are necessary.
Fixes: #35984.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
After #36320, `script` only depends on `webgpu` for its type aliases to
`wgpu_core` and `wgpu_types`. This change removes the dependency on
`webgpu` in favor of depending directly on the upstream crates. This
makes it so that you can change `webgpu` without recompiling `script`.
Testing: This change is covered by existing WebGPU tests and is mainly
just changing the way dependencies are accessed.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
This breaks the `script_traits` dependency on `webgpu`. In general, the
`traits` crates shouldn't depend on Servo non-`traits` crates. This is
necessary to move "script to constellation" messages to the
`constellation_traits` crate, making it the entire API for talking to
the
constellation. This will break a circular dependency when that happens.
Testing: Successfully building is enough of a test for this one as
it is mainly moving types around.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
This is the final step of #1799, where the majority of the generated
code for the JS bindings is now compiled as part of the script_bindings
build step. The remaining pieces in script must live there because they
refer to concrete DOM types; all code in script_bindings is generic over
the
[DomTypes](https://doc.servo.org/script/dom/bindings/codegen/DomTypes/trait.DomTypes.html)
trait.
My testing with incremental builds shows me a 12 second reduction in
build times on my 2024 M4 Macbook Pro when modifying code in the script
crate after these changes. Before this PR those changes took 20 seconds
to rebuild Servo, and now they take 8 seconds.
Testing: Existing WPT tests ensure no regressions.
Fixes: #1799
---------
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
This change creates a `constellation_traits` crate. Previously messages
to the `Constellation` were in the `compositing_traits` crate, which
came about organically. This change moves these to a new crate which
also contains data types that are used in both compositing/libservo and
script (ie types that cross the process boundary). The idea is similar
to `embedding_traits`, but this is meant for types not exposed to the
API.
This change allows deduplicating `UntrustedNodeAddress`, which
previously had two versions to avoid circular dependencies.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Now that Stylo considers `servo` as the default feature, Servo doesn't
need to specify `features = ["servo"]`.
Also use the same crate names as Stylo, rather than renaming them with
`package`.
Signed-off-by: Oriol Brufau <obrufau@igalia.com>
`strum` allows us to avoid manually listing enum variant names and also
to get their names as static strings. We cannot use this for all cases
due to https://github.com/Peternator7/strum/issues/152, but we can
still use it to remove a lot of code.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
* Migrate to 2024 edition
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Allow unsafe_op_in_unsafe_fn lint
This lint warns by default in the 2024
edition, but is *way* too noisy for servo.
We might enable it in the future, but not now.
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Compile using the 2024 edition
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
In addition to some small API changes, this downstream version of
WebRender no longer depends on a very old version of time. This is the
last step toward removing the dependency on `time0.1`.
The review for this commit should also include: 9f552bebab
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Before all timers were managed by the Constellation process, meaning
that they had to trigger IPC calls to be scheduled and fired. Currently,
timers are only used in the `ScriptThread`, so it makes sense that they
are per-process.
This change restores the timer thread functionality that existed before
avoided entirely. Completion is done using a callback that is sent to
the timer thread similarly to how fetch is done. This allows reusing the
existing task queue without making any new channels.
Fixes#15219.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
