Skip to content

Commit

Permalink
LibWeb: Support RSASSA-PKCS1-v1_5 in WebCryptoAPI
Browse files Browse the repository at this point in the history
Adds ~400 WPT test passes!
  • Loading branch information
devgianlu committed Jan 12, 2025
1 parent d15296e commit b17a748
Show file tree
Hide file tree
Showing 10 changed files with 1,094 additions and 315 deletions.
571 changes: 571 additions & 0 deletions Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp

Large diffs are not rendered by default.

19 changes: 19 additions & 0 deletions Libraries/LibWeb/Crypto/CryptoAlgorithms.h
Original file line number Diff line number Diff line change
Expand Up @@ -410,6 +410,25 @@ class RSAPSS : public AlgorithmMethods {
}
};

class RSASSAPKCS1 : public AlgorithmMethods {
public:
virtual WebIDL::ExceptionOr<GC::Ref<JS::ArrayBuffer>> sign(AlgorithmParams const&, GC::Ref<CryptoKey>, ByteBuffer const&) override;
virtual WebIDL::ExceptionOr<JS::Value> verify(AlgorithmParams const&, GC::Ref<CryptoKey>, ByteBuffer const&, ByteBuffer const&) override;

virtual WebIDL::ExceptionOr<Variant<GC::Ref<CryptoKey>, GC::Ref<CryptoKeyPair>>> generate_key(AlgorithmParams const&, bool, Vector<Bindings::KeyUsage> const&) override;

virtual WebIDL::ExceptionOr<GC::Ref<CryptoKey>> import_key(AlgorithmParams const&, Bindings::KeyFormat, CryptoKey::InternalKeyData, bool, Vector<Bindings::KeyUsage> const&) override;
virtual WebIDL::ExceptionOr<GC::Ref<JS::Object>> export_key(Bindings::KeyFormat, GC::Ref<CryptoKey>) override;

static NonnullOwnPtr<AlgorithmMethods> create(JS::Realm& realm) { return adopt_own(*new RSASSAPKCS1(realm)); }

private:
explicit RSASSAPKCS1(JS::Realm& realm)
: AlgorithmMethods(realm)
{
}
};

class AesCbc : public AlgorithmMethods {
public:
virtual WebIDL::ExceptionOr<GC::Ref<JS::ArrayBuffer>> encrypt(AlgorithmParams const&, GC::Ref<CryptoKey>, ByteBuffer const&) override;
Expand Down
10 changes: 5 additions & 5 deletions Libraries/LibWeb/Crypto/SubtleCrypto.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -1072,11 +1072,11 @@ SupportedAlgorithmsMap const& supported_algorithms()
// https://w3c.github.io/webcrypto/#algorithm-conventions

// https://w3c.github.io/webcrypto/#rsassa-pkcs1-registration
// FIXME: define_an_algorithm<RSAESPKCS1>("sign"_string, "RSAES-PKCS1-v1_5"_string);
// FIXME: define_an_algorithm<RSAESPKCS1>("verify"_string, "RSAES-PKCS1-v1_5"_string);
// FIXME: define_an_algorithm<RSAESPKCS1, RsaHashedKeyGenParams>("generateKey"_string, "RSASSA-PKCS1-v1_5"_string);
// FIXME: define_an_algorithm<RSAESPKCS1, RsaHashedImportParams>("importKey"_string, "RSASSA-PKCS1-v1_5"_string);
// FIXME: define_an_algorithm<RSAESPKCS1>("exportKey"_string, "RSASSA-PKCS1-v1_5"_string);
define_an_algorithm<RSASSAPKCS1>("sign"_string, "RSASSA-PKCS1-v1_5"_string);
define_an_algorithm<RSASSAPKCS1>("verify"_string, "RSASSA-PKCS1-v1_5"_string);
define_an_algorithm<RSASSAPKCS1, RsaHashedKeyGenParams>("generateKey"_string, "RSASSA-PKCS1-v1_5"_string);
define_an_algorithm<RSASSAPKCS1, RsaHashedImportParams>("importKey"_string, "RSASSA-PKCS1-v1_5"_string);
define_an_algorithm<RSASSAPKCS1>("exportKey"_string, "RSASSA-PKCS1-v1_5"_string);

// https://w3c.github.io/webcrypto/#rsa-pss-registration
define_an_algorithm<RSAPSS, RsaPssParams>("sign"_string, "RSA-PSS"_string);
Expand Down

Large diffs are not rendered by default.

Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
Harness status: OK

Found 45 tests

39 Pass
6 Fail
Pass setup
Fail RSASSA-PKCS1-v1_5 with SHA-1 verification
Pass RSASSA-PKCS1-v1_5 with SHA-256 verification
Pass RSASSA-PKCS1-v1_5 with SHA-384 verification
Pass RSASSA-PKCS1-v1_5 with SHA-512 verification
Fail RSASSA-PKCS1-v1_5 with SHA-1 verification with altered signature after call
Pass RSASSA-PKCS1-v1_5 with SHA-256 verification with altered signature after call
Pass RSASSA-PKCS1-v1_5 with SHA-384 verification with altered signature after call
Pass RSASSA-PKCS1-v1_5 with SHA-512 verification with altered signature after call
Fail RSASSA-PKCS1-v1_5 with SHA-1 with altered plaintext after call
Pass RSASSA-PKCS1-v1_5 with SHA-256 with altered plaintext after call
Pass RSASSA-PKCS1-v1_5 with SHA-384 with altered plaintext after call
Pass RSASSA-PKCS1-v1_5 with SHA-512 with altered plaintext after call
Pass RSASSA-PKCS1-v1_5 with SHA-1 using privateKey to verify
Pass RSASSA-PKCS1-v1_5 with SHA-256 using privateKey to verify
Pass RSASSA-PKCS1-v1_5 with SHA-384 using privateKey to verify
Pass RSASSA-PKCS1-v1_5 with SHA-512 using privateKey to verify
Pass RSASSA-PKCS1-v1_5 with SHA-1 using publicKey to sign
Pass RSASSA-PKCS1-v1_5 with SHA-256 using publicKey to sign
Pass RSASSA-PKCS1-v1_5 with SHA-384 using publicKey to sign
Pass RSASSA-PKCS1-v1_5 with SHA-512 using publicKey to sign
Pass RSASSA-PKCS1-v1_5 with SHA-1 no verify usage
Pass RSASSA-PKCS1-v1_5 with SHA-256 no verify usage
Pass RSASSA-PKCS1-v1_5 with SHA-384 no verify usage
Pass RSASSA-PKCS1-v1_5 with SHA-512 no verify usage
Fail RSASSA-PKCS1-v1_5 with SHA-1 round trip
Pass RSASSA-PKCS1-v1_5 with SHA-256 round trip
Pass RSASSA-PKCS1-v1_5 with SHA-384 round trip
Pass RSASSA-PKCS1-v1_5 with SHA-512 round trip
Pass RSASSA-PKCS1-v1_5 with SHA-1 signing with wrong algorithm name
Pass RSASSA-PKCS1-v1_5 with SHA-256 signing with wrong algorithm name
Pass RSASSA-PKCS1-v1_5 with SHA-384 signing with wrong algorithm name
Pass RSASSA-PKCS1-v1_5 with SHA-512 signing with wrong algorithm name
Pass RSASSA-PKCS1-v1_5 with SHA-1 verification with wrong algorithm name
Pass RSASSA-PKCS1-v1_5 with SHA-256 verification with wrong algorithm name
Pass RSASSA-PKCS1-v1_5 with SHA-384 verification with wrong algorithm name
Pass RSASSA-PKCS1-v1_5 with SHA-512 verification with wrong algorithm name
Fail RSASSA-PKCS1-v1_5 with SHA-1 verification failure with altered signature
Pass RSASSA-PKCS1-v1_5 with SHA-256 verification failure with altered signature
Pass RSASSA-PKCS1-v1_5 with SHA-384 verification failure with altered signature
Pass RSASSA-PKCS1-v1_5 with SHA-512 verification failure with altered signature
Fail RSASSA-PKCS1-v1_5 with SHA-1 verification failure with altered plaintext
Pass RSASSA-PKCS1-v1_5 with SHA-256 verification failure with altered plaintext
Pass RSASSA-PKCS1-v1_5 with SHA-384 verification failure with altered plaintext
Pass RSASSA-PKCS1-v1_5 with SHA-512 verification failure with altered plaintext
Original file line number Diff line number Diff line change
Expand Up @@ -2,25 +2,9 @@ Harness status: OK

Found 97 tests

67 Pass
30 Fail
83 Pass
14 Fail
Pass setup
Fail importVectorKeys step: RSA-PSS with SHA-1 and no salt signing with wrong algorithm name
Fail importVectorKeys step: RSA-PSS with SHA-256 and no salt signing with wrong algorithm name
Fail importVectorKeys step: RSA-PSS with SHA-384 and no salt signing with wrong algorithm name
Fail importVectorKeys step: RSA-PSS with SHA-512 and no salt signing with wrong algorithm name
Fail importVectorKeys step: RSA-PSS with SHA-1, salted signing with wrong algorithm name
Fail importVectorKeys step: RSA-PSS with SHA-256, salted signing with wrong algorithm name
Fail importVectorKeys step: RSA-PSS with SHA-384, salted signing with wrong algorithm name
Fail importVectorKeys step: RSA-PSS with SHA-512, salted signing with wrong algorithm name
Fail importVectorKeys step: RSA-PSS with SHA-1 and no salt verification with wrong algorithm name
Fail importVectorKeys step: RSA-PSS with SHA-256 and no salt verification with wrong algorithm name
Fail importVectorKeys step: RSA-PSS with SHA-384 and no salt verification with wrong algorithm name
Fail importVectorKeys step: RSA-PSS with SHA-512 and no salt verification with wrong algorithm name
Fail importVectorKeys step: RSA-PSS with SHA-1, salted verification with wrong algorithm name
Fail importVectorKeys step: RSA-PSS with SHA-256, salted verification with wrong algorithm name
Fail importVectorKeys step: RSA-PSS with SHA-384, salted verification with wrong algorithm name
Fail importVectorKeys step: RSA-PSS with SHA-512, salted verification with wrong algorithm name
Fail RSA-PSS with SHA-1 and no salt verification
Pass RSA-PSS with SHA-256 and no salt verification
Pass RSA-PSS with SHA-384 and no salt verification
Expand Down Expand Up @@ -77,6 +61,22 @@ Fail RSA-PSS with SHA-1, salted round trip
Pass RSA-PSS with SHA-256, salted round trip
Pass RSA-PSS with SHA-384, salted round trip
Pass RSA-PSS with SHA-512, salted round trip
Pass RSA-PSS with SHA-1 and no salt signing with wrong algorithm name
Pass RSA-PSS with SHA-256 and no salt signing with wrong algorithm name
Pass RSA-PSS with SHA-384 and no salt signing with wrong algorithm name
Pass RSA-PSS with SHA-512 and no salt signing with wrong algorithm name
Pass RSA-PSS with SHA-1, salted signing with wrong algorithm name
Pass RSA-PSS with SHA-256, salted signing with wrong algorithm name
Pass RSA-PSS with SHA-384, salted signing with wrong algorithm name
Pass RSA-PSS with SHA-512, salted signing with wrong algorithm name
Pass RSA-PSS with SHA-1 and no salt verification with wrong algorithm name
Pass RSA-PSS with SHA-256 and no salt verification with wrong algorithm name
Pass RSA-PSS with SHA-384 and no salt verification with wrong algorithm name
Pass RSA-PSS with SHA-512 and no salt verification with wrong algorithm name
Pass RSA-PSS with SHA-1, salted verification with wrong algorithm name
Pass RSA-PSS with SHA-256, salted verification with wrong algorithm name
Pass RSA-PSS with SHA-384, salted verification with wrong algorithm name
Pass RSA-PSS with SHA-512, salted verification with wrong algorithm name
Fail RSA-PSS with SHA-1 and no salt verification failure with altered signature
Pass RSA-PSS with SHA-256 and no salt verification failure with altered signature
Pass RSA-PSS with SHA-384 and no salt verification failure with altered signature
Expand Down
Original file line number Diff line number Diff line change
@@ -1,9 +1,11 @@
Harness status: OK

Found 333 tests
Found 357 tests

333 Pass
357 Pass
Pass setup
Pass Can wrap and unwrap RSASSA-PKCS1-v1_5 public key keys using spki and RSA-OAEP
Pass Can wrap and unwrap RSASSA-PKCS1-v1_5 public key keys using jwk and RSA-OAEP
Pass Can wrap and unwrap RSA-PSS public key keys using spki and RSA-OAEP
Pass Can wrap and unwrap RSA-PSS public key keys using jwk and RSA-OAEP
Pass Can wrap and unwrap RSA-OAEP public key keys using spki and RSA-OAEP
Expand Down Expand Up @@ -75,6 +77,13 @@ Pass Can wrap and unwrap HMAC keys as non-extractable using raw and RSA-OAEP
Pass Can wrap and unwrap HMAC keys using jwk and RSA-OAEP
Pass Can wrap and unwrap HMAC keys as non-extractable using jwk and RSA-OAEP
Pass Can unwrap HMAC non-extractable keys using jwk and RSA-OAEP
Pass Can wrap and unwrap RSASSA-PKCS1-v1_5 public key keys using spki and AES-CTR
Pass Can wrap and unwrap RSASSA-PKCS1-v1_5 public key keys using jwk and AES-CTR
Pass Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys using pkcs8 and AES-CTR
Pass Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys as non-extractable using pkcs8 and AES-CTR
Pass Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys using jwk and AES-CTR
Pass Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys as non-extractable using jwk and AES-CTR
Pass Can unwrap RSASSA-PKCS1-v1_5 private key non-extractable keys using jwk and AES-CTR
Pass Can wrap and unwrap RSA-PSS public key keys using spki and AES-CTR
Pass Can wrap and unwrap RSA-PSS public key keys using jwk and AES-CTR
Pass Can wrap and unwrap RSA-PSS private key keys using pkcs8 and AES-CTR
Expand Down Expand Up @@ -156,6 +165,13 @@ Pass Can wrap and unwrap HMAC keys as non-extractable using raw and AES-CTR
Pass Can wrap and unwrap HMAC keys using jwk and AES-CTR
Pass Can wrap and unwrap HMAC keys as non-extractable using jwk and AES-CTR
Pass Can unwrap HMAC non-extractable keys using jwk and AES-CTR
Pass Can wrap and unwrap RSASSA-PKCS1-v1_5 public key keys using spki and AES-CBC
Pass Can wrap and unwrap RSASSA-PKCS1-v1_5 public key keys using jwk and AES-CBC
Pass Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys using pkcs8 and AES-CBC
Pass Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys as non-extractable using pkcs8 and AES-CBC
Pass Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys using jwk and AES-CBC
Pass Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys as non-extractable using jwk and AES-CBC
Pass Can unwrap RSASSA-PKCS1-v1_5 private key non-extractable keys using jwk and AES-CBC
Pass Can wrap and unwrap RSA-PSS public key keys using spki and AES-CBC
Pass Can wrap and unwrap RSA-PSS public key keys using jwk and AES-CBC
Pass Can wrap and unwrap RSA-PSS private key keys using pkcs8 and AES-CBC
Expand Down Expand Up @@ -237,6 +253,13 @@ Pass Can wrap and unwrap HMAC keys as non-extractable using raw and AES-CBC
Pass Can wrap and unwrap HMAC keys using jwk and AES-CBC
Pass Can wrap and unwrap HMAC keys as non-extractable using jwk and AES-CBC
Pass Can unwrap HMAC non-extractable keys using jwk and AES-CBC
Pass Can wrap and unwrap RSASSA-PKCS1-v1_5 public key keys using spki and AES-GCM
Pass Can wrap and unwrap RSASSA-PKCS1-v1_5 public key keys using jwk and AES-GCM
Pass Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys using pkcs8 and AES-GCM
Pass Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys as non-extractable using pkcs8 and AES-GCM
Pass Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys using jwk and AES-GCM
Pass Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys as non-extractable using jwk and AES-GCM
Pass Can unwrap RSASSA-PKCS1-v1_5 private key non-extractable keys using jwk and AES-GCM
Pass Can wrap and unwrap RSA-PSS public key keys using spki and AES-GCM
Pass Can wrap and unwrap RSA-PSS public key keys using jwk and AES-GCM
Pass Can wrap and unwrap RSA-PSS private key keys using pkcs8 and AES-GCM
Expand Down Expand Up @@ -318,6 +341,7 @@ Pass Can wrap and unwrap HMAC keys as non-extractable using raw and AES-GCM
Pass Can wrap and unwrap HMAC keys using jwk and AES-GCM
Pass Can wrap and unwrap HMAC keys as non-extractable using jwk and AES-GCM
Pass Can unwrap HMAC non-extractable keys using jwk and AES-GCM
Pass Can wrap and unwrap RSASSA-PKCS1-v1_5 public key keys using jwk and AES-KW
Pass Can wrap and unwrap RSA-PSS public key keys using jwk and AES-KW
Pass Can wrap and unwrap RSA-OAEP public key keys using jwk and AES-KW
Pass Can wrap and unwrap Ed25519 private key keys using pkcs8 and AES-KW
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
<!doctype html>
<meta charset=utf-8>
<title>WebCryptoAPI: sign() and verify() Using RSASSA-PKCS1-v1_5</title>
<meta name="timeout" content="long">
<script>
self.GLOBAL = {
isWindow: function() { return true; },
isWorker: function() { return false; },
isShadowRealm: function() { return false; },
};
</script>
<script src="../../resources/testharness.js"></script>
<script src="../../resources/testharnessreport.js"></script>
<script src="rsa_pkcs_vectors.js"></script>
<script src="rsa.js"></script>
<div id=log></div>
<script src="../../WebCryptoAPI/sign_verify/rsa_pkcs.https.any.js"></script>
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
// META: title=WebCryptoAPI: sign() and verify() Using RSASSA-PKCS1-v1_5
// META: script=rsa_pkcs_vectors.js
// META: script=rsa.js
// META: timeout=long

run_test();
Loading

0 comments on commit b17a748

Please sign in to comment.