In our current implementation, we have multiple functions such as
`normalize_algoirthm_for_encrypt_or_decrypt` and
`normalize_algorithm_for_sign_or_verify` to normalize an algorithm, and
each of them works slightly differently. However, the spec defines a
single normalization procedure to handle all normalization.
This patch tries to consolidate our functions into a single
spec-compliant normalization function named `normalize_algorithm`.
The refactoring involves many existing code, so this patch only
introduces the new infrastructure without touching the existing. When
this patch gets approved and merged, we can then start migrating the
existing to the new infrastructure. (Note that SHA's digestion and
AES_CTR's encryption are also copied to the new infrastructure as
demonstration.)
More details about the refactoring can be found in the comment:
https://github.com/servo/servo/issues/39368#issuecomment-3316943206
Testing: The new code is not in used right now. No test is needed.
Fixes: Part of #39368
---------
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
The Web Cryptography API has the "crypto task source"
(https://w3c.github.io/webcrypto/#dfn-crypto-task-source-0) to queue
tasks to resolve or reject promises created in response to calls to
methods of `SubtleCrypto`.
This patch enables this task source at the script task manager, and
queue tasks on this task source from existing steps.
A few WPT error expectations are also added to WPT meta. The related
cryptographic algorithms have not yet implemented, so the errors are
expected. I don't know why WPT test did not capture them before.
Testing: Existing tests suffice.
---------
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
The WebCryptoAPI spec requires that when we generate crypto keys by the
generateKey method of SubtleCrypto interface we have to check whether
the usages is empty. If the usages is empty, throw a SyntaxError.
FYI, Step 9 of
https://w3c.github.io/webcrypto/#SubtleCrypto-method-generateKey
We have not yet implemented this logic, and this patch implements it.
Testing: Pass WPT tests that were expected to fail.
---------
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
In Step 15, we are given the unwrapped key as bytes. If the format is
"jwk", we execute parse-a-JWK algorithm to parse it (and deserialize it
to a JsonWebKey dictionary).
In next step, we perform the import key operation on the unwrapped key.
In our current implementation, we serialize the JsonWebKey dictionary
(when format is "jwk") back to bytes, in order to perform the import key
operation.
In fact, this serialization step is redundant since we have already been
given the unwrapped key as bytes in Step 15. We can directly use it for
perform the import key operation. This patch remove this redundant step
of re-serializing the JsonWebKey dictionary.
Testing: Refactoring only. No change in tests.
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
In our current implementation, the `importKey` method and `unwrapKey`
method of `SubtleCrypto` interface unwrap JsonWebKey before running the
normalized algorithms. Therefore, all cryptography algorithms share the
same unwrapping mechanism. Our current unwrapping mechanism is not
compatible with some cryptography algorithms, which we have not yet
implemented such as Ed25519.
Following the WebCrypto API spec, this patch moves the JsonWebKey
unwrapping mechanism to normalized algorithms so that each cryptography
algorithm can unwrap JsonWebKey in its own way.
This does not introduce behavioral changes, but makes implementing the
unwrap operation for new cryptography algorithms easier in the future.
Remark: Step 8 and 13 of `SubtleCrypto::ImportKey` require the crypto
task source in the script task manager, but we don't have it yet. So,
they're marked as TODO.
Testing: Existing tests should suffice.
---------
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
The value_from_js_object macro exists to paper over differences between
dictionary types that require rooting (via `RootedTraceableBox`) and
those that do not. However, I need to read the macro source every time I
look at the code that uses it because I can never remember what it's
doing. These changes replace the macro with a trait abstraction that is
clearer, and should be a code size win as well.
Testing: Existing WPT tests suffice.
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Reduce the reliance on standalone helper functions for handling JWK
format. Instead, those functionalities are now integrated into the
`JsonWebKey` type generated by script_binding, via the local trait
`JsonWebKeyExt`, for internal use.
The `parse_jwk` function remains for now. It will be removed when once
we refactor `SubtleCrypto::ImportKey` to support a more generic approach
across different cryptographic algorithms.
Testing: Refactoring. Existing WPT tests should suffice.
---------
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
Adding an optional message to be attached to a SyntaxError. Unblocks
#39050.
The enum definition of Syntax is now `Syntax(Option<String>)`. Future
PRs should probably add more appropriate messages to some of the
`Syntax(None)`s.
Testing: Just a refactor
Fixes: Partially #39053
Signed-off-by: Ashwin Naren <arihant2math@gmail.com>
Implement raw export of HMAC keys. JWT export of HMAC keys will come in
a separate PR.
Testing: WPT
Fixes: Partially #39060
---------
Signed-off-by: Ashwin Naren <arihant2math@gmail.com>
* Use 2024 style edition
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Reformat all code
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
No longer hide errors while queueing tasks on the main thread. This
requires creating two types of `TaskSource`s: one for the main thread
and one that can be sent to other threads. This makes queueing a bit
more efficient on the main thread and more importantly, no longer hides
task queue errors.
Fixes#25688.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Mukilan Thiyagarajan <mukilan@igalia.com>
This is a simplification of the internal `TaskQueue` API that moves the
`TaskManager` to the `GlobalScope` itself. In addition, the handling of
cancellers is moved to the `TaskManager` as well. This means that no
arguments other than the `task` are necessary for queueing tasks, which
makes the API a lot easier to use and cleaner.
`TaskSource` now also keeps a copy of the canceller with it, so that
they always know the proper way to cancel any tasks queued on them.
There is one complication here. The event loop `sender` for dedicated
workers is constantly changing as it is set to `None` when not handling
messages. This is because this sender keeps a handle to the main
thread's `Worker` object, preventing garbage collection while any
messages are still in flight or being handled. This change allows
setting the `sender` on the `TaskManager` to `None` to allow proper
garbabge collection.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Instead of creating a type for each `TaskSource` variety have each `TaskSource`
hold the same kind of sender (this was inconsistent before, but each
sender was effectively the same trait object), a pipeline, and a
`TaskSourceName`. This elminates the need to reimplement the same
queuing code for every task source.
In addition, have workers hold their own `TaskManager`. This allows just
exposing the manager on the `GlobalScope`. Currently the `TaskCanceller`
is different, but this will also be eliminated in a followup change.
This is a the first step toward having a shared set of `Sender`s on
`GlobalScope`.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
* Support normalizing AES-GCM for encryption
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Implement "encrypt" operation for AES-GCM
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Allow importing AES-GCM keys
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Implement AES-GCM decryption
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Allow normalizing AES-GCM for "generate key"
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Update WPT expectations
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* fmt
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Fix clippy errors
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Remove silly checks
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Support AES-GCM 128-bit encryption with 128 bit IV
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Support AES-GCM with wrapKey/unwrapKey
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Update WPT expectations (again)
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Don't throw exceptions twice when converting to Algorithm object
Removes match statements like
```rust
let Ok(ConversionResult::Success(algorithm)) = Algorithm::new(cx, value.handle())
else {
return Err(Error::Syntax);
};
```
These don't cause issues if `Algorithm::new` returns `Ok(ConversionResult::Failure`,
but in the case of `Err(())` the implementation already called `throw_type_error`
and we must not throw an additional Syntax error, otherwise we'll crash.
Luckily, this case is already handled elsewhere by the
`value_from_js_object` macro.
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Test that calling subtlecrypto methods with empty algorithm objects throws a TypeError
The WebCryptoAPI spec does not tell us which error to throw exactly, but
according to https://webidl.spec.whatwg.org/ it should be a TypeError.
This previously crashed servo.
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Implement NormalizedAlgorithm::get_key_length
This is a minimal implementation, which will make
the DeriveKey operation work for AES-CTR keys in
the future.
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Implement SubtleCrypto.deriveKey
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Update WPT expectations
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Start implementing SubtleCrypto.deriveBits
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Move shared crypto operations into their own functions
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Update some doclinks
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Remove note about potential no-op
It is, indeed, a no-op.
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Move normalized algorithm digest operation into its own function
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Implement mvp for pbkdf2 derivation
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Add missing division to derive bytes instead of bits
The length argument specifies the number of bits that
we need to derive, so we should divide it by 8 to
get the number of bytes.
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Allow using PBKDF2 with usage "importKey"
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Update WPT expectations
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Fix test-tidy errors
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Fix clippy warnings
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Return cached object from CryptoKey.algorithm getter
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Test that CryptoKey.algorithm returns a cached object
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Move duplicated code into a helper function
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Add support for AES-CTR operations
Signed-off-by: Daniel Adams <msub2official@gmail.com>
* Update expectations
Signed-off-by: Daniel Adams <msub2official@gmail.com>
* clippy
Signed-off-by: Daniel Adams <msub2official@gmail.com>
* Consolidate encrypt/decrypt for AES-CTR
Signed-off-by: Daniel Adams <msub2official@gmail.com>
* Update expectations
Signed-off-by: Daniel Adams <msub2official@gmail.com>
---------
Signed-off-by: Daniel Adams <msub2official@gmail.com>
* Add support for raw importKey with AES-CBC
Signed-off-by: Daniel Adams <msub2official@gmail.com>
* Support JWK import/export, importKey for AES-CBC
Signed-off-by: Daniel Adams <msub2official@gmail.com>
* Implement encrypt/decrypt for AES-CBC
Signed-off-by: Daniel Adams <msub2official@gmail.com>
* Update expectations
Signed-off-by: Daniel Adams <msub2official@gmail.com>
* Update Cargo.lock
Signed-off-by: Daniel Adams <msub2official@gmail.com>
* Pass MutableHandleObject as arg instead of returning raw pointer
Signed-off-by: Daniel Adams <msub2official@gmail.com>
* Swap order of checks in generate_key_aes_cbc
- Fixes WPT tests that expect to error on algorithm first before usages
Signed-off-by: Daniel Adams <msub2official@gmail.com>
* Avoid potential GC hazard with array_buffer_ptr
Signed-off-by: Daniel Adams <msub2official@gmail.com>
* Update expectations for discards context
Signed-off-by: Daniel Adams <msub2official@gmail.com>
---------
Signed-off-by: Daniel Adams <msub2official@gmail.com>
* Update IDLs and Bindings conf
Signed-off-by: Daniel Adams <msub2official@gmail.com>
* Add AES crate
Signed-off-by: Daniel Adams <msub2official@gmail.com>
* Implement DOM interfaces
Signed-off-by: Daniel Adams <msub2official@gmail.com>
* IDL tidy
Signed-off-by: Daniel Adams <msub2official@gmail.com>
* Remove deriveKey from inRealms for now until implemented
Signed-off-by: Daniel Adams <msub2official@gmail.com>
* Fix CryptoKey rustdoc comments
Signed-off-by: Daniel Adams <msub2official@gmail.com>
* Move string constants to top of file
Signed-off-by: Daniel Adams <msub2official@gmail.com>
* Use properly rooted CryptoKey
Signed-off-by: Daniel Adams <msub2official@gmail.com>
* Code clarity
Signed-off-by: Daniel Adams <msub2official@gmail.com>
* Rework NormalizedAlgorithm to not hold a DOMString
Signed-off-by: Daniel Adams <msub2official@gmail.com>
* Add Rustdoc for CryptoKey interface
Signed-off-by: Daniel Adams <msub2official@gmail.com>
* Move ignore mallocsizeof to rand crate, remove from crypto
Signed-off-by: Daniel Adams <msub2official@gmail.com>
* Update cargo lock
Signed-off-by: Daniel Adams <msub2official@gmail.com>
* Fix key handling, implement exportKey with JWK TODO
Signed-off-by: Daniel Adams <msub2official@gmail.com>
* Add missing spec link
Signed-off-by: Daniel Adams <msub2official@gmail.com>
* Use create_buffer_source, remove aes dep from libservo
Signed-off-by: Daniel Adams <msub2official@gmail.com>
* Fix crash when running in worker
Signed-off-by: Daniel Adams <msub2official@gmail.com>
* Update expectations
Signed-off-by: Daniel Adams <msub2official@gmail.com>
* fmt
Signed-off-by: Daniel Adams <msub2official@gmail.com>
* Move CryptoKey and SubtleCrypto behind pref for now
Signed-off-by: Daniel Adams <msub2official@gmail.com>
* Update expectations
Signed-off-by: Daniel Adams <msub2official@gmail.com>
* Readd timeout expectation
Signed-off-by: Daniel Adams <msub2official@gmail.com>
---------
Signed-off-by: Daniel Adams <msub2official@gmail.com>
