Implement SubtleCrypto.digest (#34034)

* Implement SubtleCrypto.digest Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> * Update WPT expectations Signed-off-by: Simon Wülker <simon.wuelker@arcor.de> --------- Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
2025-08-04 13:10:20 +01:00 · 2024-10-30 03:06:02 +01:00 · 2024-10-30 03:06:02 +01:00 · 7fa548f555
commit 7fa548f555
parent 01820e2a8a
9 changed files with 108 additions and 516 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -6120,6 +6120,7 @@ dependencies = [
 "range",
 "ref_filter_map",
 "regex",
 "ring",
 "script_layout_interface",
 "script_traits",
 "selectors",
--- a/Cargo.toml
+++ b/Cargo.toml
@ -100,6 +100,7 @@ rand_core = "0.6"
 rand_isaac = "0.3"
 rayon = "1"
 regex = "1.11"
 ring = "0.17.8"
 rustls = { version = "0.21.12", features = ["dangerous_configuration"] }
 rustls-pemfile = "1.0.4"
 script_layout_interface = { path = "components/shared/script_layout" }
--- a/components/script/Cargo.toml
+++ b/components/script/Cargo.toml
@ -89,6 +89,7 @@ profile_traits = { workspace = true }
 range = { path = "../range" }
 ref_filter_map = "1.0.1"
 regex = { workspace = true }
 ring = { workspace = true }
 script_layout_interface = { workspace = true }
 script_traits = { workspace = true }
 selectors = { workspace = true }
--- a/components/script/dom/bindings/codegen/Bindings.conf
+++ b/components/script/dom/bindings/codegen/Bindings.conf
@ -433,8 +433,8 @@ DOMInterfaces = {
 },
 'SubtleCrypto': {
-    'inRealms': ['Encrypt', 'Decrypt', 'GenerateKey', 'ImportKey', 'ExportKey'],
+    'inRealms': ['Encrypt', 'Decrypt', 'GenerateKey', 'Digest', 'ImportKey', 'ExportKey'],
-    'canGc': ['Encrypt', 'Decrypt', 'GenerateKey', 'ImportKey', 'ExportKey'],
+    'canGc': ['Encrypt', 'Decrypt', 'GenerateKey', 'Digest', 'ImportKey', 'ExportKey'],
 },
 'SVGElement': {
--- a/components/script/dom/subtlecrypto.rs
+++ b/components/script/dom/subtlecrypto.rs
@ -16,6 +16,7 @@ use js::jsapi::JSObject;
 use js::jsval::ObjectValue;
 use js::rust::MutableHandleObject;
 use js::typedarray::ArrayBufferU8;
 use ring::digest;
 use servo_rand::{RngCore, ServoRng};
 use crate::dom::bindings::buffer_source::create_buffer_source;
@ -31,6 +32,7 @@ use crate::dom::bindings::codegen::UnionTypes::{
    ArrayBufferViewOrArrayBuffer, ArrayBufferViewOrArrayBufferOrJsonWebKey,
 };
 use crate::dom::bindings::error::Error;
 use crate::dom::bindings::import::module::SafeJSContext;
 use crate::dom::bindings::inheritance::Castable;
 use crate::dom::bindings::refcounted::{Trusted, TrustedPromise};
 use crate::dom::bindings::reflector::{reflect_dom_object, DomObject, Reflector};
@ -53,10 +55,10 @@ const ALG_AES_CBC: &str = "AES-CBC";
 const ALG_AES_CTR: &str = "AES-CTR";
 const ALG_AES_GCM: &str = "AES-GCM";
 const ALG_AES_KW: &str = "AES-KW";
-const ALG_SHA1: &str = "SHA1";
+const ALG_SHA1: &str = "SHA-1";
-const ALG_SHA256: &str = "SHA256";
+const ALG_SHA256: &str = "SHA-256";
-const ALG_SHA384: &str = "SHA384";
+const ALG_SHA384: &str = "SHA-384";
-const ALG_SHA512: &str = "SHA512";
+const ALG_SHA512: &str = "SHA-512";
 const ALG_HMAC: &str = "HMAC";
 const ALG_HKDF: &str = "HKDF";
 const ALG_PBKDF2: &str = "PBKDF2";
@ -65,6 +67,7 @@ const ALG_RSA_OAEP: &str = "RSA-OAEP";
 const ALG_RSA_PSS: &str = "RSA-PSS";
 const ALG_ECDH: &str = "ECDH";
 const ALG_ECDSA: &str = "ECDSA";
 #[allow(dead_code)]
 static SUPPORTED_ALGORITHMS: &[&str] = &[
    ALG_AES_CBC,
@ -274,6 +277,79 @@ impl SubtleCryptoMethods for SubtleCrypto {
        promise
    }
    /// <https://w3c.github.io/webcrypto/#SubtleCrypto-method-digest>
    fn Digest(
        &self,
        cx: SafeJSContext,
        algorithm: AlgorithmIdentifier,
        data: ArrayBufferViewOrArrayBuffer,
        comp: InRealm,
        can_gc: CanGc,
    ) -> Rc<Promise> {
        // Step 1. Let algorithm be the algorithm parameter passed to the digest() method.
        // NOTE I think this is a no-op?
        // Step 2. Let data be the result of getting a copy of the bytes held by the
        // data parameter passed to the digest() method.
        let data = match data {
            ArrayBufferViewOrArrayBuffer::ArrayBufferView(view) => view.to_vec(),
            ArrayBufferViewOrArrayBuffer::ArrayBuffer(buffer) => buffer.to_vec(),
        };
        // Step 3. Let normalizedAlgorithm be the result of normalizing an algorithm,
        // with alg set to algorithm and op set to "digest".
        let promise = Promise::new_in_current_realm(comp, can_gc);
        let normalized_algorithm = match normalize_algorithm(cx, algorithm, "digest") {
            Ok(normalized_algorithm) => normalized_algorithm,
            Err(e) => {
                // Step 4. If an error occurred, return a Promise rejected with normalizedAlgorithm.
                promise.reject_error(e);
                return promise;
            },
        };
        // Step 5. Let promise be a new Promise.
        // NOTE: We did that in preparation of Step 4.
        // Step 6. Return promise and perform the remaining steps in parallel.
        let (task_source, canceller) = self.task_source_with_canceller();
        let trusted_promise = TrustedPromise::new(promise.clone());
        let alg = normalized_algorithm.clone();
        let _ = task_source.queue_with_canceller(
            task!(generate_key: move || {
                // Step 7. If the following steps or referenced procedures say to throw an error, reject promise
                // with the returned error and then terminate the algorithm.
                let promise = trusted_promise.root();
                // Step 8. Let result be the result of performing the digest operation specified by
                // normalizedAlgorithm using algorithm, with data as message.
                let algorithm = match alg {
                    NormalizedAlgorithm::Sha1 => &digest::SHA1_FOR_LEGACY_USE_ONLY,
                    NormalizedAlgorithm::Sha256 => &digest::SHA256,
                    NormalizedAlgorithm::Sha384 => &digest::SHA384,
                    NormalizedAlgorithm::Sha512 => &digest::SHA512,
                    _ => {
                        promise.reject_error(Error::NotSupported);
                        return;
                    },
                };
                let cx = GlobalScope::get_cx();
                rooted!(in(*cx) let mut array_buffer_ptr = ptr::null_mut::<JSObject>());
                let digest = digest::digest(algorithm, &data);
                create_buffer_source::<ArrayBufferU8>(cx, digest.as_ref(), array_buffer_ptr.handle_mut())
                    .expect("failed to create buffer source for exported key.");
                // Step 9. Resolve promise with result.
                promise.resolve_native(&*array_buffer_ptr);
            }),
            &canceller,
        );
        promise
    }
    /// <https://w3c.github.io/webcrypto/#SubtleCrypto-method-generateKey>
    fn GenerateKey(
        &self,
@ -450,19 +526,31 @@ impl SubtleCryptoMethods for SubtleCrypto {
    }
 }
-#[derive(Clone)]
+#[derive(Clone, Debug)]
 pub enum NormalizedAlgorithm {
    #[allow(dead_code)]
    Algorithm(SubtleAlgorithm),
    AesCbcParams(SubtleAesCbcParams),
    AesCtrParams(SubtleAesCtrParams),
    AesKeyGenParams(SubtleAesKeyGenParams),
    /// <https://w3c.github.io/webcrypto/#sha>
    Sha1,
    /// <https://w3c.github.io/webcrypto/#sha>
    Sha256,
    /// <https://w3c.github.io/webcrypto/#sha>
    Sha384,
    /// <https://w3c.github.io/webcrypto/#sha>
    Sha512,
 }
 // These "subtle" structs are proxies for the codegen'd dicts which don't hold a DOMString
 // so they can be sent safely when running steps in parallel.
-#[derive(Clone)]
+#[derive(Clone, Debug)]
 pub struct SubtleAlgorithm {
    #[allow(dead_code)]
    pub name: String,
@ -476,7 +564,7 @@ impl From<DOMString> for SubtleAlgorithm {
    }
 }
-#[derive(Clone)]
+#[derive(Clone, Debug)]
 pub struct SubtleAesCbcParams {
    #[allow(dead_code)]
    pub name: String,
@ -496,7 +584,7 @@ impl From<RootedTraceableBox<AesCbcParams>> for SubtleAesCbcParams {
    }
 }
-#[derive(Clone)]
+#[derive(Clone, Debug)]
 pub struct SubtleAesCtrParams {
    pub name: String,
    pub counter: Vec<u8>,
@ -517,7 +605,7 @@ impl From<RootedTraceableBox<AesCtrParams>> for SubtleAesCtrParams {
    }
 }
-#[derive(Clone)]
+#[derive(Clone, Debug)]
 pub struct SubtleAesKeyGenParams {
    pub name: String,
    pub length: u16,
@ -578,6 +666,10 @@ fn normalize_algorithm(
                (ALG_AES_CTR, "importKey") => Ok(NormalizedAlgorithm::Algorithm(SubtleAlgorithm {
                    name: ALG_AES_CTR.to_string(),
                })),
                (ALG_SHA1, "digest") => Ok(NormalizedAlgorithm::Sha1),
                (ALG_SHA256, "digest") => Ok(NormalizedAlgorithm::Sha256),
                (ALG_SHA384, "digest") => Ok(NormalizedAlgorithm::Sha384),
                (ALG_SHA512, "digest") => Ok(NormalizedAlgorithm::Sha512),
                _ => Err(Error::NotSupported),
            }
        },
--- a/components/script/dom/webidls/SubtleCrypto.webidl
+++ b/components/script/dom/webidls/SubtleCrypto.webidl
@ -33,8 +33,8 @@ interface SubtleCrypto {
  //                     CryptoKey key,
  //                     BufferSource signature,
  //                     BufferSource data);
-  // Promise<any> digest(AlgorithmIdentifier algorithm,
+  Promise<any> digest(AlgorithmIdentifier algorithm,
-  //                     BufferSource data);
+                      BufferSource data);
  Promise<any> generateKey(AlgorithmIdentifier algorithm,
                          boolean extractable,
--- a/tests/wpt/meta/WebCryptoAPI/algorithm-discards-context.https.window.js.ini
+++ b/tests/wpt/meta/WebCryptoAPI/algorithm-discards-context.https.window.js.ini
@ -6,9 +6,6 @@
  [Context is discarded in decrypt]
    expected: TIMEOUT
  [Context is discarded in digest]
    expected: TIMEOUT
  [Context is discarded in sign]
    expected: TIMEOUT
--- a/tests/wpt/meta/WebCryptoAPI/digest/digest.https.any.js.ini
+++ b/tests/wpt/meta/WebCryptoAPI/digest/digest.https.any.js.ini
@ -1,482 +0,0 @@
 [digest.https.any.worker.html]
  [SHA-1 with empty source data]
    expected: FAIL
  [sha-1 with empty source data]
    expected: FAIL
  [Sha-1 with empty source data]
    expected: FAIL
  [SHA-1 with empty source data and altered buffer after call]
    expected: FAIL
  [SHA-256 with empty source data]
    expected: FAIL
  [sha-256 with empty source data]
    expected: FAIL
  [Sha-256 with empty source data]
    expected: FAIL
  [SHA-256 with empty source data and altered buffer after call]
    expected: FAIL
  [SHA-384 with empty source data]
    expected: FAIL
  [sha-384 with empty source data]
    expected: FAIL
  [Sha-384 with empty source data]
    expected: FAIL
  [SHA-384 with empty source data and altered buffer after call]
    expected: FAIL
  [SHA-512 with empty source data]
    expected: FAIL
  [sha-512 with empty source data]
    expected: FAIL
  [Sha-512 with empty source data]
    expected: FAIL
  [SHA-512 with empty source data and altered buffer after call]
    expected: FAIL
  [SHA-1 with short source data]
    expected: FAIL
  [sha-1 with short source data]
    expected: FAIL
  [Sha-1 with short source data]
    expected: FAIL
  [SHA-1 with short source data and altered buffer after call]
    expected: FAIL
  [SHA-256 with short source data]
    expected: FAIL
  [sha-256 with short source data]
    expected: FAIL
  [Sha-256 with short source data]
    expected: FAIL
  [SHA-256 with short source data and altered buffer after call]
    expected: FAIL
  [SHA-384 with short source data]
    expected: FAIL
  [sha-384 with short source data]
    expected: FAIL
  [Sha-384 with short source data]
    expected: FAIL
  [SHA-384 with short source data and altered buffer after call]
    expected: FAIL
  [SHA-512 with short source data]
    expected: FAIL
  [sha-512 with short source data]
    expected: FAIL
  [Sha-512 with short source data]
    expected: FAIL
  [SHA-512 with short source data and altered buffer after call]
    expected: FAIL
  [SHA-1 with medium source data]
    expected: FAIL
  [sha-1 with medium source data]
    expected: FAIL
  [Sha-1 with medium source data]
    expected: FAIL
  [SHA-1 with medium source data and altered buffer after call]
    expected: FAIL
  [SHA-256 with medium source data]
    expected: FAIL
  [sha-256 with medium source data]
    expected: FAIL
  [Sha-256 with medium source data]
    expected: FAIL
  [SHA-256 with medium source data and altered buffer after call]
    expected: FAIL
  [SHA-384 with medium source data]
    expected: FAIL
  [sha-384 with medium source data]
    expected: FAIL
  [Sha-384 with medium source data]
    expected: FAIL
  [SHA-384 with medium source data and altered buffer after call]
    expected: FAIL
  [SHA-512 with medium source data]
    expected: FAIL
  [sha-512 with medium source data]
    expected: FAIL
  [Sha-512 with medium source data]
    expected: FAIL
  [SHA-512 with medium source data and altered buffer after call]
    expected: FAIL
  [SHA-1 with long source data]
    expected: FAIL
  [sha-1 with long source data]
    expected: FAIL
  [Sha-1 with long source data]
    expected: FAIL
  [SHA-1 with long source data and altered buffer after call]
    expected: FAIL
  [SHA-256 with long source data]
    expected: FAIL
  [sha-256 with long source data]
    expected: FAIL
  [Sha-256 with long source data]
    expected: FAIL
  [SHA-256 with long source data and altered buffer after call]
    expected: FAIL
  [SHA-384 with long source data]
    expected: FAIL
  [sha-384 with long source data]
    expected: FAIL
  [Sha-384 with long source data]
    expected: FAIL
  [SHA-384 with long source data and altered buffer after call]
    expected: FAIL
  [SHA-512 with long source data]
    expected: FAIL
  [sha-512 with long source data]
    expected: FAIL
  [Sha-512 with long source data]
    expected: FAIL
  [SHA-512 with long source data and altered buffer after call]
    expected: FAIL
  [AES-GCM with empty]
    expected: FAIL
  [RSA-OAEP with empty]
    expected: FAIL
  [PBKDF2 with empty]
    expected: FAIL
  [AES-KW with empty]
    expected: FAIL
  [AES-GCM with short]
    expected: FAIL
  [RSA-OAEP with short]
    expected: FAIL
  [PBKDF2 with short]
    expected: FAIL
  [AES-KW with short]
    expected: FAIL
  [AES-GCM with medium]
    expected: FAIL
  [RSA-OAEP with medium]
    expected: FAIL
  [PBKDF2 with medium]
    expected: FAIL
  [AES-KW with medium]
    expected: FAIL
  [AES-GCM with long]
    expected: FAIL
  [RSA-OAEP with long]
    expected: FAIL
  [PBKDF2 with long]
    expected: FAIL
  [AES-KW with long]
    expected: FAIL
 [digest.https.any.html]
  [SHA-1 with empty source data]
    expected: FAIL
  [sha-1 with empty source data]
    expected: FAIL
  [Sha-1 with empty source data]
    expected: FAIL
  [SHA-1 with empty source data and altered buffer after call]
    expected: FAIL
  [SHA-256 with empty source data]
    expected: FAIL
  [sha-256 with empty source data]
    expected: FAIL
  [Sha-256 with empty source data]
    expected: FAIL
  [SHA-256 with empty source data and altered buffer after call]
    expected: FAIL
  [SHA-384 with empty source data]
    expected: FAIL
  [sha-384 with empty source data]
    expected: FAIL
  [Sha-384 with empty source data]
    expected: FAIL
  [SHA-384 with empty source data and altered buffer after call]
    expected: FAIL
  [SHA-512 with empty source data]
    expected: FAIL
  [sha-512 with empty source data]
    expected: FAIL
  [Sha-512 with empty source data]
    expected: FAIL
  [SHA-512 with empty source data and altered buffer after call]
    expected: FAIL
  [SHA-1 with short source data]
    expected: FAIL
  [sha-1 with short source data]
    expected: FAIL
  [Sha-1 with short source data]
    expected: FAIL
  [SHA-1 with short source data and altered buffer after call]
    expected: FAIL
  [SHA-256 with short source data]
    expected: FAIL
  [sha-256 with short source data]
    expected: FAIL
  [Sha-256 with short source data]
    expected: FAIL
  [SHA-256 with short source data and altered buffer after call]
    expected: FAIL
  [SHA-384 with short source data]
    expected: FAIL
  [sha-384 with short source data]
    expected: FAIL
  [Sha-384 with short source data]
    expected: FAIL
  [SHA-384 with short source data and altered buffer after call]
    expected: FAIL
  [SHA-512 with short source data]
    expected: FAIL
  [sha-512 with short source data]
    expected: FAIL
  [Sha-512 with short source data]
    expected: FAIL
  [SHA-512 with short source data and altered buffer after call]
    expected: FAIL
  [SHA-1 with medium source data]
    expected: FAIL
  [sha-1 with medium source data]
    expected: FAIL
  [Sha-1 with medium source data]
    expected: FAIL
  [SHA-1 with medium source data and altered buffer after call]
    expected: FAIL
  [SHA-256 with medium source data]
    expected: FAIL
  [sha-256 with medium source data]
    expected: FAIL
  [Sha-256 with medium source data]
    expected: FAIL
  [SHA-256 with medium source data and altered buffer after call]
    expected: FAIL
  [SHA-384 with medium source data]
    expected: FAIL
  [sha-384 with medium source data]
    expected: FAIL
  [Sha-384 with medium source data]
    expected: FAIL
  [SHA-384 with medium source data and altered buffer after call]
    expected: FAIL
  [SHA-512 with medium source data]
    expected: FAIL
  [sha-512 with medium source data]
    expected: FAIL
  [Sha-512 with medium source data]
    expected: FAIL
  [SHA-512 with medium source data and altered buffer after call]
    expected: FAIL
  [SHA-1 with long source data]
    expected: FAIL
  [sha-1 with long source data]
    expected: FAIL
  [Sha-1 with long source data]
    expected: FAIL
  [SHA-1 with long source data and altered buffer after call]
    expected: FAIL
  [SHA-256 with long source data]
    expected: FAIL
  [sha-256 with long source data]
    expected: FAIL
  [Sha-256 with long source data]
    expected: FAIL
  [SHA-256 with long source data and altered buffer after call]
    expected: FAIL
  [SHA-384 with long source data]
    expected: FAIL
  [sha-384 with long source data]
    expected: FAIL
  [Sha-384 with long source data]
    expected: FAIL
  [SHA-384 with long source data and altered buffer after call]
    expected: FAIL
  [SHA-512 with long source data]
    expected: FAIL
  [sha-512 with long source data]
    expected: FAIL
  [Sha-512 with long source data]
    expected: FAIL
  [SHA-512 with long source data and altered buffer after call]
    expected: FAIL
  [AES-GCM with empty]
    expected: FAIL
  [RSA-OAEP with empty]
    expected: FAIL
  [PBKDF2 with empty]
    expected: FAIL
  [AES-KW with empty]
    expected: FAIL
  [AES-GCM with short]
    expected: FAIL
  [RSA-OAEP with short]
    expected: FAIL
  [PBKDF2 with short]
    expected: FAIL
  [AES-KW with short]
    expected: FAIL
  [AES-GCM with medium]
    expected: FAIL
  [RSA-OAEP with medium]
    expected: FAIL
  [PBKDF2 with medium]
    expected: FAIL
  [AES-KW with medium]
    expected: FAIL
  [AES-GCM with long]
    expected: FAIL
  [RSA-OAEP with long]
    expected: FAIL
  [PBKDF2 with long]
    expected: FAIL
  [AES-KW with long]
    expected: FAIL
--- a/tests/wpt/meta/WebCryptoAPI/idlharness.https.any.js.ini
+++ b/tests/wpt/meta/WebCryptoAPI/idlharness.https.any.js.ini
@ -5,9 +5,6 @@
  [SubtleCrypto interface: operation verify(AlgorithmIdentifier, CryptoKey, BufferSource, BufferSource)]
    expected: FAIL
  [SubtleCrypto interface: operation digest(AlgorithmIdentifier, BufferSource)]
    expected: FAIL
  [SubtleCrypto interface: operation deriveKey(AlgorithmIdentifier, CryptoKey, AlgorithmIdentifier, boolean, sequence<KeyUsage>)]
    expected: FAIL
@ -32,12 +29,6 @@
  [SubtleCrypto interface: calling verify(AlgorithmIdentifier, CryptoKey, BufferSource, BufferSource) on crypto.subtle with too few arguments must throw TypeError]
    expected: FAIL
  [SubtleCrypto interface: crypto.subtle must inherit property "digest(AlgorithmIdentifier, BufferSource)" with the proper type]
    expected: FAIL
  [SubtleCrypto interface: calling digest(AlgorithmIdentifier, BufferSource) on crypto.subtle with too few arguments must throw TypeError]
    expected: FAIL
  [SubtleCrypto interface: crypto.subtle must inherit property "deriveKey(AlgorithmIdentifier, CryptoKey, AlgorithmIdentifier, boolean, sequence<KeyUsage>)" with the proper type]
    expected: FAIL
@ -79,9 +70,6 @@
  [SubtleCrypto interface: operation verify(AlgorithmIdentifier, CryptoKey, BufferSource, BufferSource)]
    expected: FAIL
  [SubtleCrypto interface: operation digest(AlgorithmIdentifier, BufferSource)]
    expected: FAIL
  [SubtleCrypto interface: operation deriveKey(AlgorithmIdentifier, CryptoKey, AlgorithmIdentifier, boolean, sequence<KeyUsage>)]
    expected: FAIL
@ -106,12 +94,6 @@
  [SubtleCrypto interface: calling verify(AlgorithmIdentifier, CryptoKey, BufferSource, BufferSource) on crypto.subtle with too few arguments must throw TypeError]
    expected: FAIL
  [SubtleCrypto interface: crypto.subtle must inherit property "digest(AlgorithmIdentifier, BufferSource)" with the proper type]
    expected: FAIL
  [SubtleCrypto interface: calling digest(AlgorithmIdentifier, BufferSource) on crypto.subtle with too few arguments must throw TypeError]
    expected: FAIL
  [SubtleCrypto interface: crypto.subtle must inherit property "deriveKey(AlgorithmIdentifier, CryptoKey, AlgorithmIdentifier, boolean, sequence<KeyUsage>)" with the proper type]
    expected: FAIL