LibWeb: Support RSA-PSS in WebCryptoAPI

devgianlu · Dec 25, 2024 · a416bfd · a416bfd
1 parent feb2545
commit a416bfd
Show file tree

Hide file tree

Showing 10 changed files with 1,419 additions and 57 deletions.
diff --git a/Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp b/Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp
diff --git a/Libraries/LibWeb/Crypto/CryptoAlgorithms.h b/Libraries/LibWeb/Crypto/CryptoAlgorithms.h
@@ -195,6 +195,20 @@ struct RsaOaepParams : public AlgorithmParams {
     static JS::ThrowCompletionOr<NonnullOwnPtr<AlgorithmParams>> from_value(JS::VM&, JS::Value);
 };
 
+// https://w3c.github.io/webcrypto/#dfn-RsaPssParams
+struct RsaPssParams : public AlgorithmParams {
+    virtual ~RsaPssParams() override;
+
+    RsaPssParams(WebIDL::UnsignedLong salt_length)
+        : salt_length(salt_length)
+    {
+    }
+
+    WebIDL::UnsignedLong salt_length;
+
+    static JS::ThrowCompletionOr<NonnullOwnPtr<AlgorithmParams>> from_value(JS::VM&, JS::Value);
+};
+
 // https://w3c.github.io/webcrypto/#dfn-EcdsaParams
 struct EcdsaParams : public AlgorithmParams {
     virtual ~EcdsaParams() override;
@@ -377,6 +391,25 @@ class RSAOAEP : public AlgorithmMethods {
     }
 };
 
+class RSAPSS : public AlgorithmMethods {
+public:
+    virtual WebIDL::ExceptionOr<GC::Ref<JS::ArrayBuffer>> sign(AlgorithmParams const&, GC::Ref<CryptoKey>, ByteBuffer const&) override;
+    virtual WebIDL::ExceptionOr<JS::Value> verify(AlgorithmParams const&, GC::Ref<CryptoKey>, ByteBuffer const&, ByteBuffer const&) override;
+
+    virtual WebIDL::ExceptionOr<Variant<GC::Ref<CryptoKey>, GC::Ref<CryptoKeyPair>>> generate_key(AlgorithmParams const&, bool, Vector<Bindings::KeyUsage> const&) override;
+
+    virtual WebIDL::ExceptionOr<GC::Ref<CryptoKey>> import_key(AlgorithmParams const&, Bindings::KeyFormat, CryptoKey::InternalKeyData, bool, Vector<Bindings::KeyUsage> const&) override;
+    virtual WebIDL::ExceptionOr<GC::Ref<JS::Object>> export_key(Bindings::KeyFormat, GC::Ref<CryptoKey>) override;
+
+    static NonnullOwnPtr<AlgorithmMethods> create(JS::Realm& realm) { return adopt_own(*new RSAPSS(realm)); }
+
+private:
+    explicit RSAPSS(JS::Realm& realm)
+        : AlgorithmMethods(realm)
+    {
+    }
+};
+
 class AesCbc : public AlgorithmMethods {
 public:
     virtual WebIDL::ExceptionOr<GC::Ref<JS::ArrayBuffer>> encrypt(AlgorithmParams const&, GC::Ref<CryptoKey>, ByteBuffer const&) override;

diff --git a/Libraries/LibWeb/Crypto/SubtleCrypto.cpp b/Libraries/LibWeb/Crypto/SubtleCrypto.cpp
@@ -1079,11 +1079,11 @@ SupportedAlgorithmsMap const& supported_algorithms()
     // FIXME: define_an_algorithm<RSAESPKCS1>("exportKey"_string, "RSASSA-PKCS1-v1_5"_string);
 
     // https://w3c.github.io/webcrypto/#rsa-pss-registration
-    // FIXME: define_an_algorithm<RSAPSS>("sign"_string, "RSA-PSS"_string);
-    // FIXME: define_an_algorithm<RSAPSS>("verify"_string, "RSA-PSS"_string);
-    // FIXME: define_an_algorithm<RSAPSS, RsaHashedKeyGenParams>("generateKey"_string, "RSA-PSS"_string);
-    // FIXME: define_an_algorithm<RSAPSS, RsaHashedImportParams>("importKey"_string, "RSA-PSS"_string);
-    // FIXME: define_an_algorithm<RSAPSS>("exportKey"_string, "RSA-PSS"_string);
+    define_an_algorithm<RSAPSS, RsaPssParams>("sign"_string, "RSA-PSS"_string);
+    define_an_algorithm<RSAPSS, RsaPssParams>("verify"_string, "RSA-PSS"_string);
+    define_an_algorithm<RSAPSS, RsaHashedKeyGenParams>("generateKey"_string, "RSA-PSS"_string);
+    define_an_algorithm<RSAPSS, RsaHashedImportParams>("importKey"_string, "RSA-PSS"_string);
+    define_an_algorithm<RSAPSS>("exportKey"_string, "RSA-PSS"_string);
 
     // https://w3c.github.io/webcrypto/#rsa-oaep-registration
     define_an_algorithm<RSAOAEP, RsaOaepParams>("encrypt"_string, "RSA-OAEP"_string);

diff --git a/Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/import_export/rsa_importKey.https.any.txt b/Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/import_export/rsa_importKey.https.any.txt
diff --git a/Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/sign_verify/rsa_pss.https.any.txt b/Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/sign_verify/rsa_pss.https.any.txt
@@ -0,0 +1,103 @@
+Harness status: OK
+
+Found 97 tests
+
+67 Pass
+30 Fail
+Pass	setup
+Fail	importVectorKeys step: RSA-PSS with SHA-1 and no salt signing with wrong algorithm name
+Fail	importVectorKeys step: RSA-PSS with SHA-256 and no salt signing with wrong algorithm name
+Fail	importVectorKeys step: RSA-PSS with SHA-384 and no salt signing with wrong algorithm name
+Fail	importVectorKeys step: RSA-PSS with SHA-512 and no salt signing with wrong algorithm name
+Fail	importVectorKeys step: RSA-PSS with SHA-1, salted signing with wrong algorithm name
+Fail	importVectorKeys step: RSA-PSS with SHA-256, salted signing with wrong algorithm name
+Fail	importVectorKeys step: RSA-PSS with SHA-384, salted signing with wrong algorithm name
+Fail	importVectorKeys step: RSA-PSS with SHA-512, salted signing with wrong algorithm name
+Fail	importVectorKeys step: RSA-PSS with SHA-1 and no salt verification with wrong algorithm name
+Fail	importVectorKeys step: RSA-PSS with SHA-256 and no salt verification with wrong algorithm name
+Fail	importVectorKeys step: RSA-PSS with SHA-384 and no salt verification with wrong algorithm name
+Fail	importVectorKeys step: RSA-PSS with SHA-512 and no salt verification with wrong algorithm name
+Fail	importVectorKeys step: RSA-PSS with SHA-1, salted verification with wrong algorithm name
+Fail	importVectorKeys step: RSA-PSS with SHA-256, salted verification with wrong algorithm name
+Fail	importVectorKeys step: RSA-PSS with SHA-384, salted verification with wrong algorithm name
+Fail	importVectorKeys step: RSA-PSS with SHA-512, salted verification with wrong algorithm name
+Fail	RSA-PSS with SHA-1 and no salt verification
+Pass	RSA-PSS with SHA-256 and no salt verification
+Pass	RSA-PSS with SHA-384 and no salt verification
+Pass	RSA-PSS with SHA-512 and no salt verification
+Fail	RSA-PSS with SHA-1, salted verification
+Pass	RSA-PSS with SHA-256, salted verification
+Pass	RSA-PSS with SHA-384, salted verification
+Pass	RSA-PSS with SHA-512, salted verification
+Fail	RSA-PSS with SHA-1 and no salt verification with altered signature after call
+Pass	RSA-PSS with SHA-256 and no salt verification with altered signature after call
+Pass	RSA-PSS with SHA-384 and no salt verification with altered signature after call
+Pass	RSA-PSS with SHA-512 and no salt verification with altered signature after call
+Fail	RSA-PSS with SHA-1, salted verification with altered signature after call
+Pass	RSA-PSS with SHA-256, salted verification with altered signature after call
+Pass	RSA-PSS with SHA-384, salted verification with altered signature after call
+Pass	RSA-PSS with SHA-512, salted verification with altered signature after call
+Fail	RSA-PSS with SHA-1 and no salt with altered plaintext after call
+Pass	RSA-PSS with SHA-256 and no salt with altered plaintext after call
+Pass	RSA-PSS with SHA-384 and no salt with altered plaintext after call
+Pass	RSA-PSS with SHA-512 and no salt with altered plaintext after call
+Fail	RSA-PSS with SHA-1, salted with altered plaintext after call
+Pass	RSA-PSS with SHA-256, salted with altered plaintext after call
+Pass	RSA-PSS with SHA-384, salted with altered plaintext after call
+Pass	RSA-PSS with SHA-512, salted with altered plaintext after call
+Pass	RSA-PSS with SHA-1 and no salt using privateKey to verify
+Pass	RSA-PSS with SHA-256 and no salt using privateKey to verify
+Pass	RSA-PSS with SHA-384 and no salt using privateKey to verify
+Pass	RSA-PSS with SHA-512 and no salt using privateKey to verify
+Pass	RSA-PSS with SHA-1, salted using privateKey to verify
+Pass	RSA-PSS with SHA-256, salted using privateKey to verify
+Pass	RSA-PSS with SHA-384, salted using privateKey to verify
+Pass	RSA-PSS with SHA-512, salted using privateKey to verify
+Pass	RSA-PSS with SHA-1 and no salt using publicKey to sign
+Pass	RSA-PSS with SHA-256 and no salt using publicKey to sign
+Pass	RSA-PSS with SHA-384 and no salt using publicKey to sign
+Pass	RSA-PSS with SHA-512 and no salt using publicKey to sign
+Pass	RSA-PSS with SHA-1, salted using publicKey to sign
+Pass	RSA-PSS with SHA-256, salted using publicKey to sign
+Pass	RSA-PSS with SHA-384, salted using publicKey to sign
+Pass	RSA-PSS with SHA-512, salted using publicKey to sign
+Pass	RSA-PSS with SHA-1 and no salt no verify usage
+Pass	RSA-PSS with SHA-256 and no salt no verify usage
+Pass	RSA-PSS with SHA-384 and no salt no verify usage
+Pass	RSA-PSS with SHA-512 and no salt no verify usage
+Pass	RSA-PSS with SHA-1, salted no verify usage
+Pass	RSA-PSS with SHA-256, salted no verify usage
+Pass	RSA-PSS with SHA-384, salted no verify usage
+Pass	RSA-PSS with SHA-512, salted no verify usage
+Fail	RSA-PSS with SHA-1 and no salt round trip
+Pass	RSA-PSS with SHA-256 and no salt round trip
+Pass	RSA-PSS with SHA-384 and no salt round trip
+Pass	RSA-PSS with SHA-512 and no salt round trip
+Fail	RSA-PSS with SHA-1, salted round trip
+Pass	RSA-PSS with SHA-256, salted round trip
+Pass	RSA-PSS with SHA-384, salted round trip
+Pass	RSA-PSS with SHA-512, salted round trip
+Fail	RSA-PSS with SHA-1 and no salt verification failure with altered signature
+Pass	RSA-PSS with SHA-256 and no salt verification failure with altered signature
+Pass	RSA-PSS with SHA-384 and no salt verification failure with altered signature
+Pass	RSA-PSS with SHA-512 and no salt verification failure with altered signature
+Fail	RSA-PSS with SHA-1, salted verification failure with altered signature
+Pass	RSA-PSS with SHA-256, salted verification failure with altered signature
+Pass	RSA-PSS with SHA-384, salted verification failure with altered signature
+Pass	RSA-PSS with SHA-512, salted verification failure with altered signature
+Fail	RSA-PSS with SHA-1 and no salt verification failure with wrong saltLength
+Pass	RSA-PSS with SHA-256 and no salt verification failure with wrong saltLength
+Pass	RSA-PSS with SHA-384 and no salt verification failure with wrong saltLength
+Pass	RSA-PSS with SHA-512 and no salt verification failure with wrong saltLength
+Fail	RSA-PSS with SHA-1, salted verification failure with wrong saltLength
+Pass	RSA-PSS with SHA-256, salted verification failure with wrong saltLength
+Pass	RSA-PSS with SHA-384, salted verification failure with wrong saltLength
+Pass	RSA-PSS with SHA-512, salted verification failure with wrong saltLength
+Fail	RSA-PSS with SHA-1 and no salt verification failure with altered plaintext
+Pass	RSA-PSS with SHA-256 and no salt verification failure with altered plaintext
+Pass	RSA-PSS with SHA-384 and no salt verification failure with altered plaintext
+Pass	RSA-PSS with SHA-512 and no salt verification failure with altered plaintext
+Fail	RSA-PSS with SHA-1, salted verification failure with altered plaintext
+Pass	RSA-PSS with SHA-256, salted verification failure with altered plaintext
+Pass	RSA-PSS with SHA-384, salted verification failure with altered plaintext
+Pass	RSA-PSS with SHA-512, salted verification failure with altered plaintext
diff --git a/...b/Text/expected/wpt-import/WebCryptoAPI/wrapKey_unwrapKey/wrapKey_unwrapKey.https.any.txt b/...b/Text/expected/wpt-import/WebCryptoAPI/wrapKey_unwrapKey/wrapKey_unwrapKey.https.any.txt
@@ -1,9 +1,12 @@
 Harness status: OK
 
-Found 309 tests
+Found 333 tests
 
-309 Pass
+312 Pass
+21 Fail
 Pass	setup
+Fail	Can wrap and unwrap RSA-PSS public key keys using spki and RSA-OAEP
+Fail	Can wrap and unwrap RSA-PSS public key keys using jwk and RSA-OAEP
 Pass	Can wrap and unwrap RSA-OAEP public key keys using spki and RSA-OAEP
 Pass	Can wrap and unwrap RSA-OAEP public key keys using jwk and RSA-OAEP
 Pass	Can wrap and unwrap ECDSA public key keys using spki and RSA-OAEP
@@ -73,6 +76,13 @@ Pass	Can wrap and unwrap HMAC keys as non-extractable using raw and RSA-OAEP
 Pass	Can wrap and unwrap HMAC keys using jwk and RSA-OAEP
 Pass	Can wrap and unwrap HMAC keys as non-extractable using jwk and RSA-OAEP
 Pass	Can unwrap HMAC non-extractable keys using jwk and RSA-OAEP
+Fail	Can wrap and unwrap RSA-PSS public key keys using spki and AES-CTR
+Fail	Can wrap and unwrap RSA-PSS public key keys using jwk and AES-CTR
+Fail	Can wrap and unwrap RSA-PSS private key keys using pkcs8 and AES-CTR
+Fail	Can wrap and unwrap RSA-PSS private key keys as non-extractable using pkcs8 and AES-CTR
+Fail	Can wrap and unwrap RSA-PSS private key keys using jwk and AES-CTR
+Fail	Can wrap and unwrap RSA-PSS private key keys as non-extractable using jwk and AES-CTR
+Pass	Can unwrap RSA-PSS private key non-extractable keys using jwk and AES-CTR
 Pass	Can wrap and unwrap RSA-OAEP public key keys using spki and AES-CTR
 Pass	Can wrap and unwrap RSA-OAEP public key keys using jwk and AES-CTR
 Pass	Can wrap and unwrap RSA-OAEP private key keys using pkcs8 and AES-CTR
@@ -147,6 +157,13 @@ Pass	Can wrap and unwrap HMAC keys as non-extractable using raw and AES-CTR
 Pass	Can wrap and unwrap HMAC keys using jwk and AES-CTR
 Pass	Can wrap and unwrap HMAC keys as non-extractable using jwk and AES-CTR
 Pass	Can unwrap HMAC non-extractable keys using jwk and AES-CTR
+Fail	Can wrap and unwrap RSA-PSS public key keys using spki and AES-CBC
+Fail	Can wrap and unwrap RSA-PSS public key keys using jwk and AES-CBC
+Fail	Can wrap and unwrap RSA-PSS private key keys using pkcs8 and AES-CBC
+Fail	Can wrap and unwrap RSA-PSS private key keys as non-extractable using pkcs8 and AES-CBC
+Fail	Can wrap and unwrap RSA-PSS private key keys using jwk and AES-CBC
+Fail	Can wrap and unwrap RSA-PSS private key keys as non-extractable using jwk and AES-CBC
+Pass	Can unwrap RSA-PSS private key non-extractable keys using jwk and AES-CBC
 Pass	Can wrap and unwrap RSA-OAEP public key keys using spki and AES-CBC
 Pass	Can wrap and unwrap RSA-OAEP public key keys using jwk and AES-CBC
 Pass	Can wrap and unwrap RSA-OAEP private key keys using pkcs8 and AES-CBC
@@ -221,6 +238,13 @@ Pass	Can wrap and unwrap HMAC keys as non-extractable using raw and AES-CBC
 Pass	Can wrap and unwrap HMAC keys using jwk and AES-CBC
 Pass	Can wrap and unwrap HMAC keys as non-extractable using jwk and AES-CBC
 Pass	Can unwrap HMAC non-extractable keys using jwk and AES-CBC
+Fail	Can wrap and unwrap RSA-PSS public key keys using spki and AES-GCM
+Fail	Can wrap and unwrap RSA-PSS public key keys using jwk and AES-GCM
+Fail	Can wrap and unwrap RSA-PSS private key keys using pkcs8 and AES-GCM
+Fail	Can wrap and unwrap RSA-PSS private key keys as non-extractable using pkcs8 and AES-GCM
+Fail	Can wrap and unwrap RSA-PSS private key keys using jwk and AES-GCM
+Fail	Can wrap and unwrap RSA-PSS private key keys as non-extractable using jwk and AES-GCM
+Pass	Can unwrap RSA-PSS private key non-extractable keys using jwk and AES-GCM
 Pass	Can wrap and unwrap RSA-OAEP public key keys using spki and AES-GCM
 Pass	Can wrap and unwrap RSA-OAEP public key keys using jwk and AES-GCM
 Pass	Can wrap and unwrap RSA-OAEP private key keys using pkcs8 and AES-GCM
@@ -295,6 +319,7 @@ Pass	Can wrap and unwrap HMAC keys as non-extractable using raw and AES-GCM
 Pass	Can wrap and unwrap HMAC keys using jwk and AES-GCM
 Pass	Can wrap and unwrap HMAC keys as non-extractable using jwk and AES-GCM
 Pass	Can unwrap HMAC non-extractable keys using jwk and AES-GCM
+Fail	Can wrap and unwrap RSA-PSS public key keys using jwk and AES-KW
 Pass	Can wrap and unwrap RSA-OAEP public key keys using jwk and AES-KW
 Pass	Can wrap and unwrap Ed25519 private key keys using pkcs8 and AES-KW
 Pass	Can wrap and unwrap Ed25519 private key keys as non-extractable using pkcs8 and AES-KW