LibWeb: Support RSASSA-PKCS1-v1_5 in WebCryptoAPI

Adds ~400 WPT test passes!
devgianlu · Dec 26, 2024 · 5c79a24 · 5c79a24
1 parent fd9eccb
commit 5c79a24
Show file tree

Hide file tree

Showing 10 changed files with 1,094 additions and 315 deletions.
diff --git a/Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp b/Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp
diff --git a/Libraries/LibWeb/Crypto/CryptoAlgorithms.h b/Libraries/LibWeb/Crypto/CryptoAlgorithms.h
@@ -410,6 +410,25 @@ class RSAPSS : public AlgorithmMethods {
     }
 };
 
+class RSASSAPKCS1 : public AlgorithmMethods {
+public:
+    virtual WebIDL::ExceptionOr<GC::Ref<JS::ArrayBuffer>> sign(AlgorithmParams const&, GC::Ref<CryptoKey>, ByteBuffer const&) override;
+    virtual WebIDL::ExceptionOr<JS::Value> verify(AlgorithmParams const&, GC::Ref<CryptoKey>, ByteBuffer const&, ByteBuffer const&) override;
+
+    virtual WebIDL::ExceptionOr<Variant<GC::Ref<CryptoKey>, GC::Ref<CryptoKeyPair>>> generate_key(AlgorithmParams const&, bool, Vector<Bindings::KeyUsage> const&) override;
+
+    virtual WebIDL::ExceptionOr<GC::Ref<CryptoKey>> import_key(AlgorithmParams const&, Bindings::KeyFormat, CryptoKey::InternalKeyData, bool, Vector<Bindings::KeyUsage> const&) override;
+    virtual WebIDL::ExceptionOr<GC::Ref<JS::Object>> export_key(Bindings::KeyFormat, GC::Ref<CryptoKey>) override;
+
+    static NonnullOwnPtr<AlgorithmMethods> create(JS::Realm& realm) { return adopt_own(*new RSASSAPKCS1(realm)); }
+
+private:
+    explicit RSASSAPKCS1(JS::Realm& realm)
+        : AlgorithmMethods(realm)
+    {
+    }
+};
+
 class AesCbc : public AlgorithmMethods {
 public:
     virtual WebIDL::ExceptionOr<GC::Ref<JS::ArrayBuffer>> encrypt(AlgorithmParams const&, GC::Ref<CryptoKey>, ByteBuffer const&) override;

diff --git a/Libraries/LibWeb/Crypto/SubtleCrypto.cpp b/Libraries/LibWeb/Crypto/SubtleCrypto.cpp
@@ -1072,11 +1072,11 @@ SupportedAlgorithmsMap const& supported_algorithms()
     // https://w3c.github.io/webcrypto/#algorithm-conventions
 
     // https://w3c.github.io/webcrypto/#rsassa-pkcs1-registration
-    // FIXME: define_an_algorithm<RSAESPKCS1>("sign"_string, "RSAES-PKCS1-v1_5"_string);
-    // FIXME: define_an_algorithm<RSAESPKCS1>("verify"_string, "RSAES-PKCS1-v1_5"_string);
-    // FIXME: define_an_algorithm<RSAESPKCS1, RsaHashedKeyGenParams>("generateKey"_string, "RSASSA-PKCS1-v1_5"_string);
-    // FIXME: define_an_algorithm<RSAESPKCS1, RsaHashedImportParams>("importKey"_string, "RSASSA-PKCS1-v1_5"_string);
-    // FIXME: define_an_algorithm<RSAESPKCS1>("exportKey"_string, "RSASSA-PKCS1-v1_5"_string);
+    define_an_algorithm<RSASSAPKCS1>("sign"_string, "RSASSA-PKCS1-v1_5"_string);
+    define_an_algorithm<RSASSAPKCS1>("verify"_string, "RSASSA-PKCS1-v1_5"_string);
+    define_an_algorithm<RSASSAPKCS1, RsaHashedKeyGenParams>("generateKey"_string, "RSASSA-PKCS1-v1_5"_string);
+    define_an_algorithm<RSASSAPKCS1, RsaHashedImportParams>("importKey"_string, "RSASSA-PKCS1-v1_5"_string);
+    define_an_algorithm<RSASSAPKCS1>("exportKey"_string, "RSASSA-PKCS1-v1_5"_string);
 
     // https://w3c.github.io/webcrypto/#rsa-pss-registration
     define_an_algorithm<RSAPSS, RsaPssParams>("sign"_string, "RSA-PSS"_string);

diff --git a/Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/import_export/rsa_importKey.https.any.txt b/Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/import_export/rsa_importKey.https.any.txt
diff --git a/Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/sign_verify/rsa_pkcs.https.any.txt b/Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/sign_verify/rsa_pkcs.https.any.txt
@@ -0,0 +1,51 @@
+Harness status: OK
+
+Found 45 tests
+
+39 Pass
+6 Fail
+Pass	setup
+Fail	RSASSA-PKCS1-v1_5 with SHA-1 verification
+Pass	RSASSA-PKCS1-v1_5 with SHA-256 verification
+Pass	RSASSA-PKCS1-v1_5 with SHA-384 verification
+Pass	RSASSA-PKCS1-v1_5 with SHA-512 verification
+Fail	RSASSA-PKCS1-v1_5 with SHA-1 verification with altered signature after call
+Pass	RSASSA-PKCS1-v1_5 with SHA-256 verification with altered signature after call
+Pass	RSASSA-PKCS1-v1_5 with SHA-384 verification with altered signature after call
+Pass	RSASSA-PKCS1-v1_5 with SHA-512 verification with altered signature after call
+Fail	RSASSA-PKCS1-v1_5 with SHA-1 with altered plaintext after call
+Pass	RSASSA-PKCS1-v1_5 with SHA-256 with altered plaintext after call
+Pass	RSASSA-PKCS1-v1_5 with SHA-384 with altered plaintext after call
+Pass	RSASSA-PKCS1-v1_5 with SHA-512 with altered plaintext after call
+Pass	RSASSA-PKCS1-v1_5 with SHA-1 using privateKey to verify
+Pass	RSASSA-PKCS1-v1_5 with SHA-256 using privateKey to verify
+Pass	RSASSA-PKCS1-v1_5 with SHA-384 using privateKey to verify
+Pass	RSASSA-PKCS1-v1_5 with SHA-512 using privateKey to verify
+Pass	RSASSA-PKCS1-v1_5 with SHA-1 using publicKey to sign
+Pass	RSASSA-PKCS1-v1_5 with SHA-256 using publicKey to sign
+Pass	RSASSA-PKCS1-v1_5 with SHA-384 using publicKey to sign
+Pass	RSASSA-PKCS1-v1_5 with SHA-512 using publicKey to sign
+Pass	RSASSA-PKCS1-v1_5 with SHA-1 no verify usage
+Pass	RSASSA-PKCS1-v1_5 with SHA-256 no verify usage
+Pass	RSASSA-PKCS1-v1_5 with SHA-384 no verify usage
+Pass	RSASSA-PKCS1-v1_5 with SHA-512 no verify usage
+Fail	RSASSA-PKCS1-v1_5 with SHA-1 round trip
+Pass	RSASSA-PKCS1-v1_5 with SHA-256 round trip
+Pass	RSASSA-PKCS1-v1_5 with SHA-384 round trip
+Pass	RSASSA-PKCS1-v1_5 with SHA-512 round trip
+Pass	RSASSA-PKCS1-v1_5 with SHA-1 signing with wrong algorithm name
+Pass	RSASSA-PKCS1-v1_5 with SHA-256 signing with wrong algorithm name
+Pass	RSASSA-PKCS1-v1_5 with SHA-384 signing with wrong algorithm name
+Pass	RSASSA-PKCS1-v1_5 with SHA-512 signing with wrong algorithm name
+Pass	RSASSA-PKCS1-v1_5 with SHA-1 verification with wrong algorithm name
+Pass	RSASSA-PKCS1-v1_5 with SHA-256 verification with wrong algorithm name
+Pass	RSASSA-PKCS1-v1_5 with SHA-384 verification with wrong algorithm name
+Pass	RSASSA-PKCS1-v1_5 with SHA-512 verification with wrong algorithm name
+Fail	RSASSA-PKCS1-v1_5 with SHA-1 verification failure with altered signature
+Pass	RSASSA-PKCS1-v1_5 with SHA-256 verification failure with altered signature
+Pass	RSASSA-PKCS1-v1_5 with SHA-384 verification failure with altered signature
+Pass	RSASSA-PKCS1-v1_5 with SHA-512 verification failure with altered signature
+Fail	RSASSA-PKCS1-v1_5 with SHA-1 verification failure with altered plaintext
+Pass	RSASSA-PKCS1-v1_5 with SHA-256 verification failure with altered plaintext
+Pass	RSASSA-PKCS1-v1_5 with SHA-384 verification failure with altered plaintext
+Pass	RSASSA-PKCS1-v1_5 with SHA-512 verification failure with altered plaintext
diff --git a/Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/sign_verify/rsa_pss.https.any.txt b/Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/sign_verify/rsa_pss.https.any.txt
@@ -2,25 +2,9 @@ Harness status: OK
 
 Found 97 tests
 
-67 Pass
-30 Fail
+83 Pass
+14 Fail
 Pass	setup
-Fail	importVectorKeys step: RSA-PSS with SHA-1 and no salt signing with wrong algorithm name
-Fail	importVectorKeys step: RSA-PSS with SHA-256 and no salt signing with wrong algorithm name
-Fail	importVectorKeys step: RSA-PSS with SHA-384 and no salt signing with wrong algorithm name
-Fail	importVectorKeys step: RSA-PSS with SHA-512 and no salt signing with wrong algorithm name
-Fail	importVectorKeys step: RSA-PSS with SHA-1, salted signing with wrong algorithm name
-Fail	importVectorKeys step: RSA-PSS with SHA-256, salted signing with wrong algorithm name
-Fail	importVectorKeys step: RSA-PSS with SHA-384, salted signing with wrong algorithm name
-Fail	importVectorKeys step: RSA-PSS with SHA-512, salted signing with wrong algorithm name
-Fail	importVectorKeys step: RSA-PSS with SHA-1 and no salt verification with wrong algorithm name
-Fail	importVectorKeys step: RSA-PSS with SHA-256 and no salt verification with wrong algorithm name
-Fail	importVectorKeys step: RSA-PSS with SHA-384 and no salt verification with wrong algorithm name
-Fail	importVectorKeys step: RSA-PSS with SHA-512 and no salt verification with wrong algorithm name
-Fail	importVectorKeys step: RSA-PSS with SHA-1, salted verification with wrong algorithm name
-Fail	importVectorKeys step: RSA-PSS with SHA-256, salted verification with wrong algorithm name
-Fail	importVectorKeys step: RSA-PSS with SHA-384, salted verification with wrong algorithm name
-Fail	importVectorKeys step: RSA-PSS with SHA-512, salted verification with wrong algorithm name
 Fail	RSA-PSS with SHA-1 and no salt verification
 Pass	RSA-PSS with SHA-256 and no salt verification
 Pass	RSA-PSS with SHA-384 and no salt verification
@@ -77,6 +61,22 @@ Fail	RSA-PSS with SHA-1, salted round trip
 Pass	RSA-PSS with SHA-256, salted round trip
 Pass	RSA-PSS with SHA-384, salted round trip
 Pass	RSA-PSS with SHA-512, salted round trip
+Pass	RSA-PSS with SHA-1 and no salt signing with wrong algorithm name
+Pass	RSA-PSS with SHA-256 and no salt signing with wrong algorithm name
+Pass	RSA-PSS with SHA-384 and no salt signing with wrong algorithm name
+Pass	RSA-PSS with SHA-512 and no salt signing with wrong algorithm name
+Pass	RSA-PSS with SHA-1, salted signing with wrong algorithm name
+Pass	RSA-PSS with SHA-256, salted signing with wrong algorithm name
+Pass	RSA-PSS with SHA-384, salted signing with wrong algorithm name
+Pass	RSA-PSS with SHA-512, salted signing with wrong algorithm name
+Pass	RSA-PSS with SHA-1 and no salt verification with wrong algorithm name
+Pass	RSA-PSS with SHA-256 and no salt verification with wrong algorithm name
+Pass	RSA-PSS with SHA-384 and no salt verification with wrong algorithm name
+Pass	RSA-PSS with SHA-512 and no salt verification with wrong algorithm name
+Pass	RSA-PSS with SHA-1, salted verification with wrong algorithm name
+Pass	RSA-PSS with SHA-256, salted verification with wrong algorithm name
+Pass	RSA-PSS with SHA-384, salted verification with wrong algorithm name
+Pass	RSA-PSS with SHA-512, salted verification with wrong algorithm name
 Fail	RSA-PSS with SHA-1 and no salt verification failure with altered signature
 Pass	RSA-PSS with SHA-256 and no salt verification failure with altered signature
 Pass	RSA-PSS with SHA-384 and no salt verification failure with altered signature

diff --git a/...b/Text/expected/wpt-import/WebCryptoAPI/wrapKey_unwrapKey/wrapKey_unwrapKey.https.any.txt b/...b/Text/expected/wpt-import/WebCryptoAPI/wrapKey_unwrapKey/wrapKey_unwrapKey.https.any.txt
@@ -1,9 +1,11 @@
 Harness status: OK
 
-Found 333 tests
+Found 357 tests
 
-333 Pass
+357 Pass
 Pass	setup
+Pass	Can wrap and unwrap RSASSA-PKCS1-v1_5 public key keys using spki and RSA-OAEP
+Pass	Can wrap and unwrap RSASSA-PKCS1-v1_5 public key keys using jwk and RSA-OAEP
 Pass	Can wrap and unwrap RSA-PSS public key keys using spki and RSA-OAEP
 Pass	Can wrap and unwrap RSA-PSS public key keys using jwk and RSA-OAEP
 Pass	Can wrap and unwrap RSA-OAEP public key keys using spki and RSA-OAEP
@@ -75,6 +77,13 @@ Pass	Can wrap and unwrap HMAC keys as non-extractable using raw and RSA-OAEP
 Pass	Can wrap and unwrap HMAC keys using jwk and RSA-OAEP
 Pass	Can wrap and unwrap HMAC keys as non-extractable using jwk and RSA-OAEP
 Pass	Can unwrap HMAC non-extractable keys using jwk and RSA-OAEP
+Pass	Can wrap and unwrap RSASSA-PKCS1-v1_5 public key keys using spki and AES-CTR
+Pass	Can wrap and unwrap RSASSA-PKCS1-v1_5 public key keys using jwk and AES-CTR
+Pass	Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys using pkcs8 and AES-CTR
+Pass	Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys as non-extractable using pkcs8 and AES-CTR
+Pass	Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys using jwk and AES-CTR
+Pass	Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys as non-extractable using jwk and AES-CTR
+Pass	Can unwrap RSASSA-PKCS1-v1_5 private key non-extractable keys using jwk and AES-CTR
 Pass	Can wrap and unwrap RSA-PSS public key keys using spki and AES-CTR
 Pass	Can wrap and unwrap RSA-PSS public key keys using jwk and AES-CTR
 Pass	Can wrap and unwrap RSA-PSS private key keys using pkcs8 and AES-CTR
@@ -156,6 +165,13 @@ Pass	Can wrap and unwrap HMAC keys as non-extractable using raw and AES-CTR
 Pass	Can wrap and unwrap HMAC keys using jwk and AES-CTR
 Pass	Can wrap and unwrap HMAC keys as non-extractable using jwk and AES-CTR
 Pass	Can unwrap HMAC non-extractable keys using jwk and AES-CTR
+Pass	Can wrap and unwrap RSASSA-PKCS1-v1_5 public key keys using spki and AES-CBC
+Pass	Can wrap and unwrap RSASSA-PKCS1-v1_5 public key keys using jwk and AES-CBC
+Pass	Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys using pkcs8 and AES-CBC
+Pass	Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys as non-extractable using pkcs8 and AES-CBC
+Pass	Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys using jwk and AES-CBC
+Pass	Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys as non-extractable using jwk and AES-CBC
+Pass	Can unwrap RSASSA-PKCS1-v1_5 private key non-extractable keys using jwk and AES-CBC
 Pass	Can wrap and unwrap RSA-PSS public key keys using spki and AES-CBC
 Pass	Can wrap and unwrap RSA-PSS public key keys using jwk and AES-CBC
 Pass	Can wrap and unwrap RSA-PSS private key keys using pkcs8 and AES-CBC
@@ -237,6 +253,13 @@ Pass	Can wrap and unwrap HMAC keys as non-extractable using raw and AES-CBC
 Pass	Can wrap and unwrap HMAC keys using jwk and AES-CBC
 Pass	Can wrap and unwrap HMAC keys as non-extractable using jwk and AES-CBC
 Pass	Can unwrap HMAC non-extractable keys using jwk and AES-CBC
+Pass	Can wrap and unwrap RSASSA-PKCS1-v1_5 public key keys using spki and AES-GCM
+Pass	Can wrap and unwrap RSASSA-PKCS1-v1_5 public key keys using jwk and AES-GCM
+Pass	Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys using pkcs8 and AES-GCM
+Pass	Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys as non-extractable using pkcs8 and AES-GCM
+Pass	Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys using jwk and AES-GCM
+Pass	Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys as non-extractable using jwk and AES-GCM
+Pass	Can unwrap RSASSA-PKCS1-v1_5 private key non-extractable keys using jwk and AES-GCM
 Pass	Can wrap and unwrap RSA-PSS public key keys using spki and AES-GCM
 Pass	Can wrap and unwrap RSA-PSS public key keys using jwk and AES-GCM
 Pass	Can wrap and unwrap RSA-PSS private key keys using pkcs8 and AES-GCM
@@ -318,6 +341,7 @@ Pass	Can wrap and unwrap HMAC keys as non-extractable using raw and AES-GCM
 Pass	Can wrap and unwrap HMAC keys using jwk and AES-GCM
 Pass	Can wrap and unwrap HMAC keys as non-extractable using jwk and AES-GCM
 Pass	Can unwrap HMAC non-extractable keys using jwk and AES-GCM
+Pass	Can wrap and unwrap RSASSA-PKCS1-v1_5 public key keys using jwk and AES-KW
 Pass	Can wrap and unwrap RSA-PSS public key keys using jwk and AES-KW
 Pass	Can wrap and unwrap RSA-OAEP public key keys using jwk and AES-KW
 Pass	Can wrap and unwrap Ed25519 private key keys using pkcs8 and AES-KW

diff --git a/Tests/LibWeb/Text/input/wpt-import/WebCryptoAPI/sign_verify/rsa_pkcs.https.any.html b/Tests/LibWeb/Text/input/wpt-import/WebCryptoAPI/sign_verify/rsa_pkcs.https.any.html
@@ -0,0 +1,17 @@
+<!doctype html>
+<meta charset=utf-8>
+<title>WebCryptoAPI: sign() and verify() Using RSASSA-PKCS1-v1_5</title>
+<meta name="timeout" content="long">
+<script>
+self.GLOBAL = {
+  isWindow: function() { return true; },
+  isWorker: function() { return false; },
+  isShadowRealm: function() { return false; },
+};
+</script>
+<script src="../../resources/testharness.js"></script>
+<script src="../../resources/testharnessreport.js"></script>
+<script src="rsa_pkcs_vectors.js"></script>
+<script src="rsa.js"></script>
+<div id=log></div>
+<script src="../../WebCryptoAPI/sign_verify/rsa_pkcs.https.any.js"></script>
diff --git a/Tests/LibWeb/Text/input/wpt-import/WebCryptoAPI/sign_verify/rsa_pkcs.https.any.js b/Tests/LibWeb/Text/input/wpt-import/WebCryptoAPI/sign_verify/rsa_pkcs.https.any.js
@@ -0,0 +1,6 @@
+// META: title=WebCryptoAPI: sign() and verify() Using RSASSA-PKCS1-v1_5
+// META: script=rsa_pkcs_vectors.js
+// META: script=rsa.js
+// META: timeout=long
+
+run_test();