mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2025-08-06 08:10:02 +00:00
LibCrypto: Move ASN1 constants to Crypto::ASN1
Makes more sense to have them in `Crypto::ASN1` rather than in `Crypto::Certificate`.
This commit is contained in:
parent
ab2960e49f
commit
51f69be51f
Notes:
github-actions[bot]
2024-11-30 10:19:16 +00:00
Author: https://github.com/devgianlu
Commit: 51f69be51f
Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/2648
7 changed files with 271 additions and 255 deletions
155
Libraries/LibCrypto/ASN1/Constants.h
Normal file
155
Libraries/LibCrypto/ASN1/Constants.h
Normal file
|
@ -0,0 +1,155 @@
|
||||||
|
/*
|
||||||
|
* Copyright (c) 2020-2023, the SerenityOS developers.
|
||||||
|
*
|
||||||
|
* SPDX-License-Identifier: BSD-2-Clause
|
||||||
|
*/
|
||||||
|
|
||||||
|
#pragma once
|
||||||
|
|
||||||
|
#include <LibCrypto/ASN1/DER.h>
|
||||||
|
|
||||||
|
namespace Crypto::ASN1 {
|
||||||
|
|
||||||
|
constexpr static Array<int, 7>
|
||||||
|
rsa_encryption_oid { 1, 2, 840, 113549, 1, 1, 1 },
|
||||||
|
rsa_md5_encryption_oid { 1, 2, 840, 113549, 1, 1, 4 },
|
||||||
|
rsa_sha1_encryption_oid { 1, 2, 840, 113549, 1, 1, 5 },
|
||||||
|
rsa_sha256_encryption_oid { 1, 2, 840, 113549, 1, 1, 11 },
|
||||||
|
rsa_sha384_encryption_oid { 1, 2, 840, 113549, 1, 1, 12 },
|
||||||
|
rsa_sha512_encryption_oid { 1, 2, 840, 113549, 1, 1, 13 },
|
||||||
|
rsa_sha224_encryption_oid { 1, 2, 840, 113549, 1, 1, 14 },
|
||||||
|
ecdsa_with_sha224_encryption_oid { 1, 2, 840, 10045, 4, 3, 1 },
|
||||||
|
ecdsa_with_sha256_encryption_oid { 1, 2, 840, 10045, 4, 3, 2 },
|
||||||
|
ecdsa_with_sha384_encryption_oid { 1, 2, 840, 10045, 4, 3, 3 },
|
||||||
|
ecdsa_with_sha512_encryption_oid { 1, 2, 840, 10045, 4, 3, 4 },
|
||||||
|
secp256r1_oid { 1, 2, 840, 10045, 3, 1, 7 };
|
||||||
|
|
||||||
|
constexpr static Array<int, 6>
|
||||||
|
ec_public_key_encryption_oid { 1, 2, 840, 10045, 2, 1 };
|
||||||
|
|
||||||
|
constexpr static Array<int, 5>
|
||||||
|
secp384r1_oid { 1, 3, 132, 0, 34 },
|
||||||
|
secp521r1_oid { 1, 3, 132, 0, 35 };
|
||||||
|
|
||||||
|
constexpr static Array<int, 4>
|
||||||
|
x25519_oid { 1, 3, 101, 110 },
|
||||||
|
x448_oid { 1, 3, 101, 111 },
|
||||||
|
ed25519_oid { 1, 3, 101, 112 },
|
||||||
|
ed448_oid { 1, 3, 101, 113 },
|
||||||
|
key_usage_oid { 2, 5, 29, 15 },
|
||||||
|
subject_alternative_name_oid { 2, 5, 29, 17 },
|
||||||
|
issuer_alternative_name_oid { 2, 5, 29, 18 },
|
||||||
|
basic_constraints_oid { 2, 5, 29, 19 };
|
||||||
|
|
||||||
|
#define _ENUM(key, value) key,
|
||||||
|
|
||||||
|
#define __ENUM_OBJECT_CLASS \
|
||||||
|
_ENUM(ApplicationProcess, "2.5.6.11"sv) \
|
||||||
|
_ENUM(Country, "2.5.6.2"sv) \
|
||||||
|
_ENUM(DcObject, "1.3.6.1.4.1.1466.344"sv) \
|
||||||
|
_ENUM(Device, "2.5.6.14"sv) \
|
||||||
|
_ENUM(GroupOfNames, "2.5.6.9"sv) \
|
||||||
|
_ENUM(GroupOfUniqueNames, "2.5.6.17"sv) \
|
||||||
|
_ENUM(Locality, "2.5.6.3"sv) \
|
||||||
|
_ENUM(Organization, "2.5.6.4"sv) \
|
||||||
|
_ENUM(OrganizationalPerson, "2.5.6.7"sv) \
|
||||||
|
_ENUM(OrganizationalRole, "2.5.6.8"sv) \
|
||||||
|
_ENUM(OrganizationalUnit, "2.5.6.5"sv) \
|
||||||
|
_ENUM(Person, "2.5.6.6"sv) \
|
||||||
|
_ENUM(ResidentialPerson, "2.5.6.10"sv) \
|
||||||
|
_ENUM(UidObject, "1.3.6.1.1.3.1"sv)
|
||||||
|
|
||||||
|
// NOTE: Type = O
|
||||||
|
// NOTE: This list is not exhaustive. If more members are needed, find them at the link below.
|
||||||
|
// https://www.iana.org/assignments/ldap-parameters/ldap-parameters.xhtml#ldap-parameters-3
|
||||||
|
enum class ObjectClass {
|
||||||
|
__ENUM_OBJECT_CLASS
|
||||||
|
};
|
||||||
|
|
||||||
|
#define __ENUM_ATTRIBUTE_TYPE \
|
||||||
|
_ENUM(BusinessCategory, "2.5.4.15"sv) \
|
||||||
|
_ENUM(C, "2.5.4.6"sv) \
|
||||||
|
_ENUM(Cn, "2.5.4.3"sv) \
|
||||||
|
_ENUM(Dc, "0.9.2342.19200300.100.1.25"sv) \
|
||||||
|
_ENUM(Description, "2.5.4.13"sv) \
|
||||||
|
_ENUM(DestinationIndicator, "2.5.4.27"sv) \
|
||||||
|
_ENUM(DistinguishedName, "2.5.4.49"sv) \
|
||||||
|
_ENUM(DnQualifier, "2.5.4.46"sv) \
|
||||||
|
_ENUM(EnhancedSearchGuide, "2.5.4.47"sv) \
|
||||||
|
_ENUM(Email, "1.2.840.113549.1.9.1"sv) \
|
||||||
|
_ENUM(FacsimileTelephoneNumber, "2.5.4.23"sv) \
|
||||||
|
_ENUM(GenerationQualifier, "2.5.4.44"sv) \
|
||||||
|
_ENUM(GivenName, "2.5.4.42"sv) \
|
||||||
|
_ENUM(HouseIdentifier, "2.5.4.51"sv) \
|
||||||
|
_ENUM(Initials, "2.5.4.43"sv) \
|
||||||
|
_ENUM(InternationalISDNNumber, "2.5.4.25"sv) \
|
||||||
|
_ENUM(L, "2.5.4.7"sv) \
|
||||||
|
_ENUM(Member, "2.5.4.31"sv) \
|
||||||
|
_ENUM(Name, "2.5.4.41"sv) \
|
||||||
|
_ENUM(O, "2.5.4.10"sv) \
|
||||||
|
_ENUM(Ou, "2.5.4.11"sv) \
|
||||||
|
_ENUM(Owner, "2.5.4.32"sv) \
|
||||||
|
_ENUM(PhysicalDeliveryOfficeName, "2.5.4.19"sv) \
|
||||||
|
_ENUM(PostalAddress, "2.5.4.16"sv) \
|
||||||
|
_ENUM(PostalCode, "2.5.4.17"sv) \
|
||||||
|
_ENUM(PostOfficeBox, "2.5.4.18"sv) \
|
||||||
|
_ENUM(PreferredDeliveryMethod, "2.5.4.28"sv) \
|
||||||
|
_ENUM(RegisteredAddress, "2.5.4.26"sv) \
|
||||||
|
_ENUM(RoleOccupant, "2.5.4.33"sv) \
|
||||||
|
_ENUM(SearchGuide, "2.5.4.14"sv) \
|
||||||
|
_ENUM(SeeAlso, "2.5.4.34"sv) \
|
||||||
|
_ENUM(SerialNumber, "2.5.4.5"sv) \
|
||||||
|
_ENUM(Sn, "2.5.4.4"sv) \
|
||||||
|
_ENUM(St, "2.5.4.8"sv) \
|
||||||
|
_ENUM(Street, "2.5.4.9"sv) \
|
||||||
|
_ENUM(Surname, "2.5.4.4"sv) \
|
||||||
|
_ENUM(TelephoneNumber, "2.5.4.20"sv) \
|
||||||
|
_ENUM(TeletexTerminalIdentifier, "2.5.4.22"sv) \
|
||||||
|
_ENUM(TelexNumber, "2.5.4.21"sv) \
|
||||||
|
_ENUM(Title, "2.5.4.12"sv) \
|
||||||
|
_ENUM(Uid, "0.9.2342.19200300.100.1.1"sv) \
|
||||||
|
_ENUM(UniqueMember, "2.5.4.50"sv) \
|
||||||
|
_ENUM(UserPassword, "2.5.4.35"sv) \
|
||||||
|
_ENUM(X121Address, "2.5.4.24"sv) \
|
||||||
|
_ENUM(X500UniqueIdentifier, "2.5.4.45"sv)
|
||||||
|
|
||||||
|
// NOTE: Type = A
|
||||||
|
// NOTE: This list is not exhaustive. If more members are needed, find them at the link below.
|
||||||
|
// https://www.iana.org/assignments/ldap-parameters/ldap-parameters.xhtml#ldap-parameters-3
|
||||||
|
enum class AttributeType {
|
||||||
|
__ENUM_ATTRIBUTE_TYPE
|
||||||
|
};
|
||||||
|
|
||||||
|
#undef _ENUM
|
||||||
|
|
||||||
|
constexpr static StringView enum_value(ObjectClass object_class)
|
||||||
|
{
|
||||||
|
#define _ENUM(key, value) \
|
||||||
|
case ObjectClass::key: \
|
||||||
|
return value;
|
||||||
|
|
||||||
|
switch (object_class) {
|
||||||
|
__ENUM_OBJECT_CLASS
|
||||||
|
}
|
||||||
|
|
||||||
|
return "Unknown"sv;
|
||||||
|
#undef _ENUM
|
||||||
|
#undef __ENUM_OBJECT_CLASS
|
||||||
|
}
|
||||||
|
|
||||||
|
constexpr static StringView enum_value(AttributeType object_class)
|
||||||
|
{
|
||||||
|
#define _ENUM(key, value) \
|
||||||
|
case AttributeType::key: \
|
||||||
|
return value;
|
||||||
|
|
||||||
|
switch (object_class) {
|
||||||
|
__ENUM_ATTRIBUTE_TYPE
|
||||||
|
}
|
||||||
|
|
||||||
|
return "Unknown"sv;
|
||||||
|
#undef _ENUM
|
||||||
|
#undef __ENUM_ATTRIBUTE_TYPE
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -112,9 +112,9 @@ ErrorOr<Vector<int>> parse_ec_parameters(Crypto::ASN1::Decoder& decoder, Vector<
|
||||||
POP_SCOPE();
|
POP_SCOPE();
|
||||||
|
|
||||||
constexpr static Array<Span<int const>, 3> known_curve_identifiers {
|
constexpr static Array<Span<int const>, 3> known_curve_identifiers {
|
||||||
secp256r1_oid,
|
ASN1::secp256r1_oid,
|
||||||
secp384r1_oid,
|
ASN1::secp384r1_oid,
|
||||||
secp521r1_oid
|
ASN1::secp521r1_oid
|
||||||
};
|
};
|
||||||
|
|
||||||
bool is_known_curve = false;
|
bool is_known_curve = false;
|
||||||
|
@ -144,18 +144,18 @@ static ErrorOr<AlgorithmIdentifier> parse_algorithm_identifier(Crypto::ASN1::Dec
|
||||||
POP_SCOPE();
|
POP_SCOPE();
|
||||||
|
|
||||||
constexpr static Array<Span<int const>, 12> known_algorithm_identifiers {
|
constexpr static Array<Span<int const>, 12> known_algorithm_identifiers {
|
||||||
rsa_encryption_oid,
|
ASN1::rsa_encryption_oid,
|
||||||
rsa_md5_encryption_oid,
|
ASN1::rsa_md5_encryption_oid,
|
||||||
rsa_sha1_encryption_oid,
|
ASN1::rsa_sha1_encryption_oid,
|
||||||
rsa_sha256_encryption_oid,
|
ASN1::rsa_sha256_encryption_oid,
|
||||||
rsa_sha384_encryption_oid,
|
ASN1::rsa_sha384_encryption_oid,
|
||||||
rsa_sha512_encryption_oid,
|
ASN1::rsa_sha512_encryption_oid,
|
||||||
ecdsa_with_sha256_encryption_oid,
|
ASN1::ecdsa_with_sha256_encryption_oid,
|
||||||
ecdsa_with_sha384_encryption_oid,
|
ASN1::ecdsa_with_sha384_encryption_oid,
|
||||||
ec_public_key_encryption_oid,
|
ASN1::ec_public_key_encryption_oid,
|
||||||
x25519_oid,
|
ASN1::x25519_oid,
|
||||||
ed25519_oid,
|
ASN1::ed25519_oid,
|
||||||
x448_oid,
|
ASN1::x448_oid,
|
||||||
};
|
};
|
||||||
|
|
||||||
bool is_known_algorithm = false;
|
bool is_known_algorithm = false;
|
||||||
|
@ -180,13 +180,13 @@ static ErrorOr<AlgorithmIdentifier> parse_algorithm_identifier(Crypto::ASN1::Dec
|
||||||
// sha512WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 13 }
|
// sha512WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 13 }
|
||||||
// sha224WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 14 }
|
// sha224WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 14 }
|
||||||
constexpr static Array<Span<int const>, 8> rsa_null_algorithms = {
|
constexpr static Array<Span<int const>, 8> rsa_null_algorithms = {
|
||||||
rsa_encryption_oid,
|
ASN1::rsa_encryption_oid,
|
||||||
rsa_md5_encryption_oid,
|
ASN1::rsa_md5_encryption_oid,
|
||||||
rsa_sha1_encryption_oid,
|
ASN1::rsa_sha1_encryption_oid,
|
||||||
rsa_sha256_encryption_oid,
|
ASN1::rsa_sha256_encryption_oid,
|
||||||
rsa_sha384_encryption_oid,
|
ASN1::rsa_sha384_encryption_oid,
|
||||||
rsa_sha512_encryption_oid,
|
ASN1::rsa_sha512_encryption_oid,
|
||||||
rsa_sha224_encryption_oid,
|
ASN1::rsa_sha224_encryption_oid,
|
||||||
};
|
};
|
||||||
|
|
||||||
bool is_rsa_null_algorithm = false;
|
bool is_rsa_null_algorithm = false;
|
||||||
|
@ -216,14 +216,14 @@ static ErrorOr<AlgorithmIdentifier> parse_algorithm_identifier(Crypto::ASN1::Dec
|
||||||
// https://datatracker.ietf.org/doc/html/rfc8410#section-9
|
// https://datatracker.ietf.org/doc/html/rfc8410#section-9
|
||||||
// For all of the OIDs, the parameters MUST be absent.
|
// For all of the OIDs, the parameters MUST be absent.
|
||||||
constexpr static Array<Span<int const>, 8> no_parameter_algorithms = {
|
constexpr static Array<Span<int const>, 8> no_parameter_algorithms = {
|
||||||
ecdsa_with_sha224_encryption_oid,
|
ASN1::ecdsa_with_sha224_encryption_oid,
|
||||||
ecdsa_with_sha256_encryption_oid,
|
ASN1::ecdsa_with_sha256_encryption_oid,
|
||||||
ecdsa_with_sha384_encryption_oid,
|
ASN1::ecdsa_with_sha384_encryption_oid,
|
||||||
ecdsa_with_sha512_encryption_oid,
|
ASN1::ecdsa_with_sha512_encryption_oid,
|
||||||
x25519_oid,
|
ASN1::x25519_oid,
|
||||||
x448_oid,
|
ASN1::x448_oid,
|
||||||
ed25519_oid,
|
ASN1::ed25519_oid,
|
||||||
ed448_oid
|
ASN1::ed448_oid
|
||||||
};
|
};
|
||||||
|
|
||||||
bool is_no_parameter_algorithm = false;
|
bool is_no_parameter_algorithm = false;
|
||||||
|
@ -239,7 +239,7 @@ static ErrorOr<AlgorithmIdentifier> parse_algorithm_identifier(Crypto::ASN1::Dec
|
||||||
return AlgorithmIdentifier(algorithm);
|
return AlgorithmIdentifier(algorithm);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (algorithm.span() == ec_public_key_encryption_oid.span()) {
|
if (algorithm.span() == ASN1::ec_public_key_encryption_oid.span()) {
|
||||||
// The parameters associated with id-ecPublicKey SHOULD be absent or ECParameters,
|
// The parameters associated with id-ecPublicKey SHOULD be absent or ECParameters,
|
||||||
// and NULL is allowed to support legacy implementations.
|
// and NULL is allowed to support legacy implementations.
|
||||||
if (decoder.eof()) {
|
if (decoder.eof()) {
|
||||||
|
@ -380,7 +380,7 @@ ErrorOr<SubjectPublicKey> parse_subject_public_key_info(Crypto::ASN1::Decoder& d
|
||||||
|
|
||||||
public_key.raw_key = TRY(ByteBuffer::copy(TRY(value.raw_bytes())));
|
public_key.raw_key = TRY(ByteBuffer::copy(TRY(value.raw_bytes())));
|
||||||
|
|
||||||
if (public_key.algorithm.identifier.span() == rsa_encryption_oid.span()) {
|
if (public_key.algorithm.identifier.span() == ASN1::rsa_encryption_oid.span()) {
|
||||||
auto key = Crypto::PK::RSA::parse_rsa_key(TRY(value.raw_bytes()));
|
auto key = Crypto::PK::RSA::parse_rsa_key(TRY(value.raw_bytes()));
|
||||||
if (!key.public_key.length()) {
|
if (!key.public_key.length()) {
|
||||||
return Error::from_string_literal("Invalid RSA key");
|
return Error::from_string_literal("Invalid RSA key");
|
||||||
|
@ -395,11 +395,11 @@ ErrorOr<SubjectPublicKey> parse_subject_public_key_info(Crypto::ASN1::Decoder& d
|
||||||
// https://datatracker.ietf.org/doc/html/rfc8410#section-9
|
// https://datatracker.ietf.org/doc/html/rfc8410#section-9
|
||||||
// For all of the OIDs, the parameters MUST be absent.
|
// For all of the OIDs, the parameters MUST be absent.
|
||||||
constexpr static Array<Span<int const>, 5> no_parameter_algorithms = {
|
constexpr static Array<Span<int const>, 5> no_parameter_algorithms = {
|
||||||
ec_public_key_encryption_oid,
|
ASN1::ec_public_key_encryption_oid,
|
||||||
x25519_oid,
|
ASN1::x25519_oid,
|
||||||
x448_oid,
|
ASN1::x448_oid,
|
||||||
ed25519_oid,
|
ASN1::ed25519_oid,
|
||||||
ed448_oid
|
ASN1::ed448_oid
|
||||||
};
|
};
|
||||||
|
|
||||||
for (auto const& inner : no_parameter_algorithms) {
|
for (auto const& inner : no_parameter_algorithms) {
|
||||||
|
@ -439,7 +439,7 @@ ErrorOr<PrivateKey> parse_private_key_info(Crypto::ASN1::Decoder& decoder, Vecto
|
||||||
|
|
||||||
private_key.raw_key = TRY(ByteBuffer::copy(value.bytes()));
|
private_key.raw_key = TRY(ByteBuffer::copy(value.bytes()));
|
||||||
|
|
||||||
if (private_key.algorithm.identifier.span() == rsa_encryption_oid.span()) {
|
if (private_key.algorithm.identifier.span() == ASN1::rsa_encryption_oid.span()) {
|
||||||
auto key = Crypto::PK::RSA::parse_rsa_key(value.bytes());
|
auto key = Crypto::PK::RSA::parse_rsa_key(value.bytes());
|
||||||
if (key.private_key.length() == 0) {
|
if (key.private_key.length() == 0) {
|
||||||
ERROR_WITH_SCOPE(TRY(String::formatted("Invalid RSA key at {}", current_scope)));
|
ERROR_WITH_SCOPE(TRY(String::formatted("Invalid RSA key at {}", current_scope)));
|
||||||
|
@ -450,7 +450,7 @@ ErrorOr<PrivateKey> parse_private_key_info(Crypto::ASN1::Decoder& decoder, Vecto
|
||||||
EXIT_SCOPE();
|
EXIT_SCOPE();
|
||||||
return private_key;
|
return private_key;
|
||||||
}
|
}
|
||||||
if (private_key.algorithm.identifier.span() == ec_public_key_encryption_oid.span()) {
|
if (private_key.algorithm.identifier.span() == ASN1::ec_public_key_encryption_oid.span()) {
|
||||||
auto maybe_key = Crypto::PK::EC::parse_ec_key(value.bytes());
|
auto maybe_key = Crypto::PK::EC::parse_ec_key(value.bytes());
|
||||||
if (maybe_key.is_error()) {
|
if (maybe_key.is_error()) {
|
||||||
ERROR_WITH_SCOPE(TRY(String::formatted("Invalid EC key at {}: {}", current_scope, maybe_key.release_error())));
|
ERROR_WITH_SCOPE(TRY(String::formatted("Invalid EC key at {}: {}", current_scope, maybe_key.release_error())));
|
||||||
|
@ -465,11 +465,11 @@ ErrorOr<PrivateKey> parse_private_key_info(Crypto::ASN1::Decoder& decoder, Vecto
|
||||||
// https://datatracker.ietf.org/doc/html/rfc8410#section-9
|
// https://datatracker.ietf.org/doc/html/rfc8410#section-9
|
||||||
// For all of the OIDs, the parameters MUST be absent.
|
// For all of the OIDs, the parameters MUST be absent.
|
||||||
constexpr static Array<Span<int const>, 5> no_parameter_algorithms = {
|
constexpr static Array<Span<int const>, 5> no_parameter_algorithms = {
|
||||||
ec_public_key_encryption_oid,
|
ASN1::ec_public_key_encryption_oid,
|
||||||
x25519_oid,
|
ASN1::x25519_oid,
|
||||||
x448_oid,
|
ASN1::x448_oid,
|
||||||
ed25519_oid,
|
ASN1::ed25519_oid,
|
||||||
ed448_oid
|
ASN1::ed448_oid
|
||||||
};
|
};
|
||||||
|
|
||||||
for (auto const& inner : no_parameter_algorithms) {
|
for (auto const& inner : no_parameter_algorithms) {
|
||||||
|
@ -701,26 +701,26 @@ static ErrorOr<void> parse_extension(Crypto::ASN1::Decoder& decoder, Vector<Stri
|
||||||
|
|
||||||
Crypto::ASN1::Decoder extension_decoder { extension_value.bytes() };
|
Crypto::ASN1::Decoder extension_decoder { extension_value.bytes() };
|
||||||
Vector<StringView, 8> extension_scope {};
|
Vector<StringView, 8> extension_scope {};
|
||||||
if (extension_id == subject_alternative_name_oid) {
|
if (extension_id == ASN1::subject_alternative_name_oid) {
|
||||||
is_known_extension = true;
|
is_known_extension = true;
|
||||||
auto alternate_names = TRY(parse_subject_alternative_names(extension_decoder, extension_scope));
|
auto alternate_names = TRY(parse_subject_alternative_names(extension_decoder, extension_scope));
|
||||||
certificate.SAN = alternate_names;
|
certificate.SAN = alternate_names;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (extension_id == key_usage_oid) {
|
if (extension_id == ASN1::key_usage_oid) {
|
||||||
is_known_extension = true;
|
is_known_extension = true;
|
||||||
auto usage = TRY(parse_key_usage(extension_decoder, extension_scope));
|
auto usage = TRY(parse_key_usage(extension_decoder, extension_scope));
|
||||||
certificate.is_allowed_to_sign_certificate = usage.get(5);
|
certificate.is_allowed_to_sign_certificate = usage.get(5);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (extension_id == basic_constraints_oid) {
|
if (extension_id == ASN1::basic_constraints_oid) {
|
||||||
is_known_extension = true;
|
is_known_extension = true;
|
||||||
auto constraints = TRY(parse_basic_constraints(extension_decoder, extension_scope));
|
auto constraints = TRY(parse_basic_constraints(extension_decoder, extension_scope));
|
||||||
certificate.is_certificate_authority = constraints.is_certificate_authority;
|
certificate.is_certificate_authority = constraints.is_certificate_authority;
|
||||||
certificate.path_length_constraint = constraints.path_length_constraint.to_u64();
|
certificate.path_length_constraint = constraints.path_length_constraint.to_u64();
|
||||||
}
|
}
|
||||||
|
|
||||||
if (extension_id == issuer_alternative_name_oid) {
|
if (extension_id == ASN1::issuer_alternative_name_oid) {
|
||||||
is_known_extension = true;
|
is_known_extension = true;
|
||||||
auto alternate_names = TRY(parse_issuer_alternative_names(extension_decoder, extension_scope));
|
auto alternate_names = TRY(parse_issuer_alternative_names(extension_decoder, extension_scope));
|
||||||
certificate.IAN = alternate_names;
|
certificate.IAN = alternate_names;
|
||||||
|
@ -899,23 +899,23 @@ ErrorOr<String> RelativeDistinguishedName::to_string() const
|
||||||
StringBuilder cert_name;
|
StringBuilder cert_name;
|
||||||
|
|
||||||
for (auto const& [member_identifier, value] : m_members) {
|
for (auto const& [member_identifier, value] : m_members) {
|
||||||
ADD_IF_RECOGNIZED(enum_value(AttributeType::SerialNumber), "SERIALNUMBER");
|
ADD_IF_RECOGNIZED(enum_value(ASN1::AttributeType::SerialNumber), "SERIALNUMBER");
|
||||||
ADD_IF_RECOGNIZED(enum_value(AttributeType::Email), "MAIL");
|
ADD_IF_RECOGNIZED(enum_value(ASN1::AttributeType::Email), "MAIL");
|
||||||
ADD_IF_RECOGNIZED(enum_value(AttributeType::Title), "T");
|
ADD_IF_RECOGNIZED(enum_value(ASN1::AttributeType::Title), "T");
|
||||||
ADD_IF_RECOGNIZED(enum_value(AttributeType::PostalCode), "PC");
|
ADD_IF_RECOGNIZED(enum_value(ASN1::AttributeType::PostalCode), "PC");
|
||||||
ADD_IF_RECOGNIZED(enum_value(AttributeType::DnQualifier), "DNQ");
|
ADD_IF_RECOGNIZED(enum_value(ASN1::AttributeType::DnQualifier), "DNQ");
|
||||||
ADD_IF_RECOGNIZED(enum_value(AttributeType::GivenName), "GIVENNAME");
|
ADD_IF_RECOGNIZED(enum_value(ASN1::AttributeType::GivenName), "GIVENNAME");
|
||||||
ADD_IF_RECOGNIZED(enum_value(AttributeType::Surname), "SN");
|
ADD_IF_RECOGNIZED(enum_value(ASN1::AttributeType::Surname), "SN");
|
||||||
|
|
||||||
ADD_IF_RECOGNIZED(enum_value(AttributeType::Cn), "CN");
|
ADD_IF_RECOGNIZED(enum_value(ASN1::AttributeType::Cn), "CN");
|
||||||
ADD_IF_RECOGNIZED(enum_value(AttributeType::L), "L");
|
ADD_IF_RECOGNIZED(enum_value(ASN1::AttributeType::L), "L");
|
||||||
ADD_IF_RECOGNIZED(enum_value(AttributeType::St), "ST");
|
ADD_IF_RECOGNIZED(enum_value(ASN1::AttributeType::St), "ST");
|
||||||
ADD_IF_RECOGNIZED(enum_value(AttributeType::O), "O");
|
ADD_IF_RECOGNIZED(enum_value(ASN1::AttributeType::O), "O");
|
||||||
ADD_IF_RECOGNIZED(enum_value(AttributeType::Ou), "OU");
|
ADD_IF_RECOGNIZED(enum_value(ASN1::AttributeType::Ou), "OU");
|
||||||
ADD_IF_RECOGNIZED(enum_value(AttributeType::C), "C");
|
ADD_IF_RECOGNIZED(enum_value(ASN1::AttributeType::C), "C");
|
||||||
ADD_IF_RECOGNIZED(enum_value(AttributeType::Street), "STREET");
|
ADD_IF_RECOGNIZED(enum_value(ASN1::AttributeType::Street), "STREET");
|
||||||
ADD_IF_RECOGNIZED(enum_value(AttributeType::Dc), "DC");
|
ADD_IF_RECOGNIZED(enum_value(ASN1::AttributeType::Dc), "DC");
|
||||||
ADD_IF_RECOGNIZED(enum_value(AttributeType::Uid), "UID");
|
ADD_IF_RECOGNIZED(enum_value(ASN1::AttributeType::Uid), "UID");
|
||||||
|
|
||||||
cert_name.appendff("\\{}={}", member_identifier, value);
|
cert_name.appendff("\\{}={}", member_identifier, value);
|
||||||
}
|
}
|
||||||
|
|
|
@ -12,6 +12,7 @@
|
||||||
#include <AK/Time.h>
|
#include <AK/Time.h>
|
||||||
#include <AK/Types.h>
|
#include <AK/Types.h>
|
||||||
#include <LibCore/ConfigFile.h>
|
#include <LibCore/ConfigFile.h>
|
||||||
|
#include <LibCrypto/ASN1/Constants.h>
|
||||||
#include <LibCrypto/ASN1/DER.h>
|
#include <LibCrypto/ASN1/DER.h>
|
||||||
#include <LibCrypto/BigInt/UnsignedBigInteger.h>
|
#include <LibCrypto/BigInt/UnsignedBigInteger.h>
|
||||||
#include <LibCrypto/PK/EC.h>
|
#include <LibCrypto/PK/EC.h>
|
||||||
|
@ -19,148 +20,6 @@
|
||||||
|
|
||||||
namespace Crypto::Certificate {
|
namespace Crypto::Certificate {
|
||||||
|
|
||||||
constexpr static Array<int, 7>
|
|
||||||
rsa_encryption_oid { 1, 2, 840, 113549, 1, 1, 1 },
|
|
||||||
rsa_md5_encryption_oid { 1, 2, 840, 113549, 1, 1, 4 },
|
|
||||||
rsa_sha1_encryption_oid { 1, 2, 840, 113549, 1, 1, 5 },
|
|
||||||
rsa_sha256_encryption_oid { 1, 2, 840, 113549, 1, 1, 11 },
|
|
||||||
rsa_sha384_encryption_oid { 1, 2, 840, 113549, 1, 1, 12 },
|
|
||||||
rsa_sha512_encryption_oid { 1, 2, 840, 113549, 1, 1, 13 },
|
|
||||||
rsa_sha224_encryption_oid { 1, 2, 840, 113549, 1, 1, 14 },
|
|
||||||
ecdsa_with_sha224_encryption_oid { 1, 2, 840, 10045, 4, 3, 1 },
|
|
||||||
ecdsa_with_sha256_encryption_oid { 1, 2, 840, 10045, 4, 3, 2 },
|
|
||||||
ecdsa_with_sha384_encryption_oid { 1, 2, 840, 10045, 4, 3, 3 },
|
|
||||||
ecdsa_with_sha512_encryption_oid { 1, 2, 840, 10045, 4, 3, 4 },
|
|
||||||
secp256r1_oid { 1, 2, 840, 10045, 3, 1, 7 };
|
|
||||||
|
|
||||||
constexpr static Array<int, 6>
|
|
||||||
ec_public_key_encryption_oid { 1, 2, 840, 10045, 2, 1 };
|
|
||||||
|
|
||||||
constexpr static Array<int, 5>
|
|
||||||
secp384r1_oid { 1, 3, 132, 0, 34 },
|
|
||||||
secp521r1_oid { 1, 3, 132, 0, 35 };
|
|
||||||
|
|
||||||
constexpr static Array<int, 4>
|
|
||||||
x25519_oid { 1, 3, 101, 110 },
|
|
||||||
x448_oid { 1, 3, 101, 111 },
|
|
||||||
ed25519_oid { 1, 3, 101, 112 },
|
|
||||||
ed448_oid { 1, 3, 101, 113 },
|
|
||||||
key_usage_oid { 2, 5, 29, 15 },
|
|
||||||
subject_alternative_name_oid { 2, 5, 29, 17 },
|
|
||||||
issuer_alternative_name_oid { 2, 5, 29, 18 },
|
|
||||||
basic_constraints_oid { 2, 5, 29, 19 };
|
|
||||||
|
|
||||||
#define _ENUM(key, value) key,
|
|
||||||
|
|
||||||
#define __ENUM_OBJECT_CLASS \
|
|
||||||
_ENUM(ApplicationProcess, "2.5.6.11"sv) \
|
|
||||||
_ENUM(Country, "2.5.6.2"sv) \
|
|
||||||
_ENUM(DcObject, "1.3.6.1.4.1.1466.344"sv) \
|
|
||||||
_ENUM(Device, "2.5.6.14"sv) \
|
|
||||||
_ENUM(GroupOfNames, "2.5.6.9"sv) \
|
|
||||||
_ENUM(GroupOfUniqueNames, "2.5.6.17"sv) \
|
|
||||||
_ENUM(Locality, "2.5.6.3"sv) \
|
|
||||||
_ENUM(Organization, "2.5.6.4"sv) \
|
|
||||||
_ENUM(OrganizationalPerson, "2.5.6.7"sv) \
|
|
||||||
_ENUM(OrganizationalRole, "2.5.6.8"sv) \
|
|
||||||
_ENUM(OrganizationalUnit, "2.5.6.5"sv) \
|
|
||||||
_ENUM(Person, "2.5.6.6"sv) \
|
|
||||||
_ENUM(ResidentialPerson, "2.5.6.10"sv) \
|
|
||||||
_ENUM(UidObject, "1.3.6.1.1.3.1"sv)
|
|
||||||
|
|
||||||
// NOTE: Type = O
|
|
||||||
// NOTE: This list is not exhaustive. If more members are needed, find them at the link below.
|
|
||||||
// https://www.iana.org/assignments/ldap-parameters/ldap-parameters.xhtml#ldap-parameters-3
|
|
||||||
enum class ObjectClass {
|
|
||||||
__ENUM_OBJECT_CLASS
|
|
||||||
};
|
|
||||||
|
|
||||||
#define __ENUM_ATTRIBUTE_TYPE \
|
|
||||||
_ENUM(BusinessCategory, "2.5.4.15"sv) \
|
|
||||||
_ENUM(C, "2.5.4.6"sv) \
|
|
||||||
_ENUM(Cn, "2.5.4.3"sv) \
|
|
||||||
_ENUM(Dc, "0.9.2342.19200300.100.1.25"sv) \
|
|
||||||
_ENUM(Description, "2.5.4.13"sv) \
|
|
||||||
_ENUM(DestinationIndicator, "2.5.4.27"sv) \
|
|
||||||
_ENUM(DistinguishedName, "2.5.4.49"sv) \
|
|
||||||
_ENUM(DnQualifier, "2.5.4.46"sv) \
|
|
||||||
_ENUM(EnhancedSearchGuide, "2.5.4.47"sv) \
|
|
||||||
_ENUM(Email, "1.2.840.113549.1.9.1"sv) \
|
|
||||||
_ENUM(FacsimileTelephoneNumber, "2.5.4.23"sv) \
|
|
||||||
_ENUM(GenerationQualifier, "2.5.4.44"sv) \
|
|
||||||
_ENUM(GivenName, "2.5.4.42"sv) \
|
|
||||||
_ENUM(HouseIdentifier, "2.5.4.51"sv) \
|
|
||||||
_ENUM(Initials, "2.5.4.43"sv) \
|
|
||||||
_ENUM(InternationalISDNNumber, "2.5.4.25"sv) \
|
|
||||||
_ENUM(L, "2.5.4.7"sv) \
|
|
||||||
_ENUM(Member, "2.5.4.31"sv) \
|
|
||||||
_ENUM(Name, "2.5.4.41"sv) \
|
|
||||||
_ENUM(O, "2.5.4.10"sv) \
|
|
||||||
_ENUM(Ou, "2.5.4.11"sv) \
|
|
||||||
_ENUM(Owner, "2.5.4.32"sv) \
|
|
||||||
_ENUM(PhysicalDeliveryOfficeName, "2.5.4.19"sv) \
|
|
||||||
_ENUM(PostalAddress, "2.5.4.16"sv) \
|
|
||||||
_ENUM(PostalCode, "2.5.4.17"sv) \
|
|
||||||
_ENUM(PostOfficeBox, "2.5.4.18"sv) \
|
|
||||||
_ENUM(PreferredDeliveryMethod, "2.5.4.28"sv) \
|
|
||||||
_ENUM(RegisteredAddress, "2.5.4.26"sv) \
|
|
||||||
_ENUM(RoleOccupant, "2.5.4.33"sv) \
|
|
||||||
_ENUM(SearchGuide, "2.5.4.14"sv) \
|
|
||||||
_ENUM(SeeAlso, "2.5.4.34"sv) \
|
|
||||||
_ENUM(SerialNumber, "2.5.4.5"sv) \
|
|
||||||
_ENUM(Sn, "2.5.4.4"sv) \
|
|
||||||
_ENUM(St, "2.5.4.8"sv) \
|
|
||||||
_ENUM(Street, "2.5.4.9"sv) \
|
|
||||||
_ENUM(Surname, "2.5.4.4"sv) \
|
|
||||||
_ENUM(TelephoneNumber, "2.5.4.20"sv) \
|
|
||||||
_ENUM(TeletexTerminalIdentifier, "2.5.4.22"sv) \
|
|
||||||
_ENUM(TelexNumber, "2.5.4.21"sv) \
|
|
||||||
_ENUM(Title, "2.5.4.12"sv) \
|
|
||||||
_ENUM(Uid, "0.9.2342.19200300.100.1.1"sv) \
|
|
||||||
_ENUM(UniqueMember, "2.5.4.50"sv) \
|
|
||||||
_ENUM(UserPassword, "2.5.4.35"sv) \
|
|
||||||
_ENUM(X121Address, "2.5.4.24"sv) \
|
|
||||||
_ENUM(X500UniqueIdentifier, "2.5.4.45"sv)
|
|
||||||
|
|
||||||
// NOTE: Type = A
|
|
||||||
// NOTE: This list is not exhaustive. If more members are needed, find them at the link below.
|
|
||||||
// https://www.iana.org/assignments/ldap-parameters/ldap-parameters.xhtml#ldap-parameters-3
|
|
||||||
enum class AttributeType {
|
|
||||||
__ENUM_ATTRIBUTE_TYPE
|
|
||||||
};
|
|
||||||
|
|
||||||
#undef _ENUM
|
|
||||||
|
|
||||||
constexpr static StringView enum_value(ObjectClass object_class)
|
|
||||||
{
|
|
||||||
#define _ENUM(key, value) \
|
|
||||||
case ObjectClass::key: \
|
|
||||||
return value;
|
|
||||||
|
|
||||||
switch (object_class) {
|
|
||||||
__ENUM_OBJECT_CLASS
|
|
||||||
}
|
|
||||||
|
|
||||||
return "Unknown"sv;
|
|
||||||
#undef _ENUM
|
|
||||||
#undef __ENUM_OBJECT_CLASS
|
|
||||||
}
|
|
||||||
|
|
||||||
constexpr static StringView enum_value(AttributeType object_class)
|
|
||||||
{
|
|
||||||
#define _ENUM(key, value) \
|
|
||||||
case AttributeType::key: \
|
|
||||||
return value;
|
|
||||||
|
|
||||||
switch (object_class) {
|
|
||||||
__ENUM_ATTRIBUTE_TYPE
|
|
||||||
}
|
|
||||||
|
|
||||||
return "Unknown"sv;
|
|
||||||
#undef _ENUM
|
|
||||||
#undef __ENUM_ATTRIBUTE_TYPE
|
|
||||||
}
|
|
||||||
|
|
||||||
struct AlgorithmIdentifier {
|
struct AlgorithmIdentifier {
|
||||||
AlgorithmIdentifier()
|
AlgorithmIdentifier()
|
||||||
{
|
{
|
||||||
|
@ -196,19 +55,19 @@ public:
|
||||||
return m_members.get(key);
|
return m_members.get(key);
|
||||||
}
|
}
|
||||||
|
|
||||||
Optional<String> get(AttributeType key) const
|
Optional<String> get(ASN1::AttributeType key) const
|
||||||
{
|
{
|
||||||
return m_members.get(enum_value(key));
|
return m_members.get(enum_value(key));
|
||||||
}
|
}
|
||||||
|
|
||||||
Optional<String> get(ObjectClass key) const
|
Optional<String> get(ASN1::ObjectClass key) const
|
||||||
{
|
{
|
||||||
return m_members.get(enum_value(key));
|
return m_members.get(enum_value(key));
|
||||||
}
|
}
|
||||||
|
|
||||||
String common_name() const
|
String common_name() const
|
||||||
{
|
{
|
||||||
auto entry = get(AttributeType::Cn);
|
auto entry = get(ASN1::AttributeType::Cn);
|
||||||
if (entry.has_value()) {
|
if (entry.has_value()) {
|
||||||
return entry.value();
|
return entry.value();
|
||||||
}
|
}
|
||||||
|
@ -218,7 +77,7 @@ public:
|
||||||
|
|
||||||
String organizational_unit() const
|
String organizational_unit() const
|
||||||
{
|
{
|
||||||
return get(AttributeType::Ou).value_or({});
|
return get(ASN1::AttributeType::Ou).value_or({});
|
||||||
}
|
}
|
||||||
|
|
||||||
private:
|
private:
|
||||||
|
|
|
@ -95,7 +95,7 @@ RSA::KeyPairType RSA::parse_rsa_key(ReadonlyBytes der)
|
||||||
|
|
||||||
auto oid = oid_result.release_value();
|
auto oid = oid_result.release_value();
|
||||||
// Now let's check that the OID matches "RSA key"
|
// Now let's check that the OID matches "RSA key"
|
||||||
if (oid != Crypto::Certificate::rsa_encryption_oid) {
|
if (oid != Crypto::ASN1::rsa_encryption_oid) {
|
||||||
// Oh well. not an RSA key at all.
|
// Oh well. not an RSA key at all.
|
||||||
dbgln_if(RSA_PARSE_DEBUG, "RSA PKCS#8 public key parse failed: Not an RSA key");
|
dbgln_if(RSA_PARSE_DEBUG, "RSA PKCS#8 public key parse failed: Not an RSA key");
|
||||||
return false;
|
return false;
|
||||||
|
|
|
@ -13,6 +13,7 @@
|
||||||
#include <LibCore/StandardPaths.h>
|
#include <LibCore/StandardPaths.h>
|
||||||
#include <LibCore/Timer.h>
|
#include <LibCore/Timer.h>
|
||||||
#include <LibCrypto/ASN1/ASN1.h>
|
#include <LibCrypto/ASN1/ASN1.h>
|
||||||
|
#include <LibCrypto/ASN1/Constants.h>
|
||||||
#include <LibCrypto/ASN1/PEM.h>
|
#include <LibCrypto/ASN1/PEM.h>
|
||||||
#include <LibCrypto/Certificate/Certificate.h>
|
#include <LibCrypto/Certificate/Certificate.h>
|
||||||
#include <LibCrypto/Curves/Ed25519.h>
|
#include <LibCrypto/Curves/Ed25519.h>
|
||||||
|
@ -316,25 +317,25 @@ bool Context::verify_certificate_pair(Certificate const& subject, Certificate co
|
||||||
|
|
||||||
bool is_rsa = true;
|
bool is_rsa = true;
|
||||||
|
|
||||||
if (identifier == Crypto::Certificate::rsa_encryption_oid) {
|
if (identifier == Crypto::ASN1::rsa_encryption_oid) {
|
||||||
kind = Crypto::Hash::HashKind::None;
|
kind = Crypto::Hash::HashKind::None;
|
||||||
} else if (identifier == Crypto::Certificate::rsa_md5_encryption_oid) {
|
} else if (identifier == Crypto::ASN1::rsa_md5_encryption_oid) {
|
||||||
kind = Crypto::Hash::HashKind::MD5;
|
kind = Crypto::Hash::HashKind::MD5;
|
||||||
} else if (identifier == Crypto::Certificate::rsa_sha1_encryption_oid) {
|
} else if (identifier == Crypto::ASN1::rsa_sha1_encryption_oid) {
|
||||||
kind = Crypto::Hash::HashKind::SHA1;
|
kind = Crypto::Hash::HashKind::SHA1;
|
||||||
} else if (identifier == Crypto::Certificate::rsa_sha256_encryption_oid) {
|
} else if (identifier == Crypto::ASN1::rsa_sha256_encryption_oid) {
|
||||||
kind = Crypto::Hash::HashKind::SHA256;
|
kind = Crypto::Hash::HashKind::SHA256;
|
||||||
} else if (identifier == Crypto::Certificate::rsa_sha384_encryption_oid) {
|
} else if (identifier == Crypto::ASN1::rsa_sha384_encryption_oid) {
|
||||||
kind = Crypto::Hash::HashKind::SHA384;
|
kind = Crypto::Hash::HashKind::SHA384;
|
||||||
} else if (identifier == Crypto::Certificate::rsa_sha512_encryption_oid) {
|
} else if (identifier == Crypto::ASN1::rsa_sha512_encryption_oid) {
|
||||||
kind = Crypto::Hash::HashKind::SHA512;
|
kind = Crypto::Hash::HashKind::SHA512;
|
||||||
} else if (identifier == Crypto::Certificate::ecdsa_with_sha256_encryption_oid) {
|
} else if (identifier == Crypto::ASN1::ecdsa_with_sha256_encryption_oid) {
|
||||||
kind = Crypto::Hash::HashKind::SHA256;
|
kind = Crypto::Hash::HashKind::SHA256;
|
||||||
is_rsa = false;
|
is_rsa = false;
|
||||||
} else if (identifier == Crypto::Certificate::ecdsa_with_sha384_encryption_oid) {
|
} else if (identifier == Crypto::ASN1::ecdsa_with_sha384_encryption_oid) {
|
||||||
kind = Crypto::Hash::HashKind::SHA384;
|
kind = Crypto::Hash::HashKind::SHA384;
|
||||||
is_rsa = false;
|
is_rsa = false;
|
||||||
} else if (identifier == Crypto::Certificate::ecdsa_with_sha512_encryption_oid) {
|
} else if (identifier == Crypto::ASN1::ecdsa_with_sha512_encryption_oid) {
|
||||||
kind = Crypto::Hash::HashKind::SHA512;
|
kind = Crypto::Hash::HashKind::SHA512;
|
||||||
is_rsa = false;
|
is_rsa = false;
|
||||||
}
|
}
|
||||||
|
@ -597,9 +598,9 @@ ErrorOr<Vector<Certificate>> DefaultRootCACertificates::parse_pem_root_certifica
|
||||||
|
|
||||||
ErrorOr<SupportedGroup> oid_to_curve(Vector<int> curve)
|
ErrorOr<SupportedGroup> oid_to_curve(Vector<int> curve)
|
||||||
{
|
{
|
||||||
if (curve == Crypto::Certificate::secp384r1_oid)
|
if (curve == Crypto::ASN1::secp384r1_oid)
|
||||||
return SupportedGroup::SECP384R1;
|
return SupportedGroup::SECP384R1;
|
||||||
if (curve == Crypto::Certificate::secp256r1_oid)
|
if (curve == Crypto::ASN1::secp256r1_oid)
|
||||||
return SupportedGroup::SECP256R1;
|
return SupportedGroup::SECP256R1;
|
||||||
|
|
||||||
return AK::Error::from_string_literal("Unknown curve oid");
|
return AK::Error::from_string_literal("Unknown curve oid");
|
||||||
|
|
|
@ -11,6 +11,7 @@
|
||||||
#include <AK/HashTable.h>
|
#include <AK/HashTable.h>
|
||||||
#include <AK/QuickSort.h>
|
#include <AK/QuickSort.h>
|
||||||
#include <LibCrypto/ASN1/ASN1.h>
|
#include <LibCrypto/ASN1/ASN1.h>
|
||||||
|
#include <LibCrypto/ASN1/Constants.h>
|
||||||
#include <LibCrypto/ASN1/DER.h>
|
#include <LibCrypto/ASN1/DER.h>
|
||||||
#include <LibCrypto/Authentication/HMAC.h>
|
#include <LibCrypto/Authentication/HMAC.h>
|
||||||
#include <LibCrypto/Certificate/Certificate.h>
|
#include <LibCrypto/Certificate/Certificate.h>
|
||||||
|
@ -813,7 +814,7 @@ WebIDL::ExceptionOr<GC::Ref<CryptoKey>> RSAOAEP::import_key(Web::Crypto::Algorit
|
||||||
|
|
||||||
// 4. If the algorithm object identifier field of the algorithm AlgorithmIdentifier field of spki
|
// 4. If the algorithm object identifier field of the algorithm AlgorithmIdentifier field of spki
|
||||||
// is not equal to the rsaEncryption object identifier defined in [RFC3447], then throw a DataError.
|
// is not equal to the rsaEncryption object identifier defined in [RFC3447], then throw a DataError.
|
||||||
if (spki.algorithm.identifier != ::Crypto::Certificate::rsa_encryption_oid)
|
if (spki.algorithm.identifier != ::Crypto::ASN1::rsa_encryption_oid)
|
||||||
return WebIDL::DataError::create(m_realm, "Algorithm object identifier is not the rsaEncryption object identifier"_string);
|
return WebIDL::DataError::create(m_realm, "Algorithm object identifier is not the rsaEncryption object identifier"_string);
|
||||||
|
|
||||||
// 5. Let publicKey be the result of performing the parse an ASN.1 structure algorithm,
|
// 5. Let publicKey be the result of performing the parse an ASN.1 structure algorithm,
|
||||||
|
@ -850,7 +851,7 @@ WebIDL::ExceptionOr<GC::Ref<CryptoKey>> RSAOAEP::import_key(Web::Crypto::Algorit
|
||||||
|
|
||||||
// 4. If the algorithm object identifier field of the privateKeyAlgorithm PrivateKeyAlgorithm field of privateKeyInfo
|
// 4. If the algorithm object identifier field of the privateKeyAlgorithm PrivateKeyAlgorithm field of privateKeyInfo
|
||||||
// is not equal to the rsaEncryption object identifier defined in [RFC3447], then throw a DataError.
|
// is not equal to the rsaEncryption object identifier defined in [RFC3447], then throw a DataError.
|
||||||
if (private_key_info.algorithm.identifier != ::Crypto::Certificate::rsa_encryption_oid)
|
if (private_key_info.algorithm.identifier != ::Crypto::ASN1::rsa_encryption_oid)
|
||||||
return WebIDL::DataError::create(m_realm, "Algorithm object identifier is not the rsaEncryption object identifier"_string);
|
return WebIDL::DataError::create(m_realm, "Algorithm object identifier is not the rsaEncryption object identifier"_string);
|
||||||
|
|
||||||
// 5. Let rsaPrivateKey be the result of performing the parse an ASN.1 structure algorithm,
|
// 5. Let rsaPrivateKey be the result of performing the parse an ASN.1 structure algorithm,
|
||||||
|
@ -1071,7 +1072,7 @@ WebIDL::ExceptionOr<GC::Ref<JS::Object>> RSAOAEP::export_key(Bindings::KeyFormat
|
||||||
// that represents the RSA public key represented by the [[handle]] internal slot of key
|
// that represents the RSA public key represented by the [[handle]] internal slot of key
|
||||||
auto maybe_data = handle.visit(
|
auto maybe_data = handle.visit(
|
||||||
[&](::Crypto::PK::RSAPublicKey<> const& public_key) -> ErrorOr<ByteBuffer> {
|
[&](::Crypto::PK::RSAPublicKey<> const& public_key) -> ErrorOr<ByteBuffer> {
|
||||||
return TRY(::Crypto::PK::wrap_in_subject_public_key_info(public_key, Array { ::Crypto::Certificate::rsa_encryption_oid }, nullptr));
|
return TRY(::Crypto::PK::wrap_in_subject_public_key_info(public_key, ::Crypto::ASN1::rsa_encryption_oid, nullptr));
|
||||||
},
|
},
|
||||||
[](auto) -> ErrorOr<ByteBuffer> {
|
[](auto) -> ErrorOr<ByteBuffer> {
|
||||||
VERIFY_NOT_REACHED();
|
VERIFY_NOT_REACHED();
|
||||||
|
@ -1098,7 +1099,7 @@ WebIDL::ExceptionOr<GC::Ref<JS::Object>> RSAOAEP::export_key(Bindings::KeyFormat
|
||||||
// that represents the RSA private key represented by the [[handle]] internal slot of key
|
// that represents the RSA private key represented by the [[handle]] internal slot of key
|
||||||
auto maybe_data = handle.visit(
|
auto maybe_data = handle.visit(
|
||||||
[&](::Crypto::PK::RSAPrivateKey<> const& private_key) -> ErrorOr<ByteBuffer> {
|
[&](::Crypto::PK::RSAPrivateKey<> const& private_key) -> ErrorOr<ByteBuffer> {
|
||||||
return TRY(::Crypto::PK::wrap_in_private_key_info(private_key, Array { ::Crypto::Certificate::rsa_encryption_oid }, nullptr));
|
return TRY(::Crypto::PK::wrap_in_private_key_info(private_key, ::Crypto::ASN1::rsa_encryption_oid, nullptr));
|
||||||
},
|
},
|
||||||
[](auto) -> ErrorOr<ByteBuffer> {
|
[](auto) -> ErrorOr<ByteBuffer> {
|
||||||
VERIFY_NOT_REACHED();
|
VERIFY_NOT_REACHED();
|
||||||
|
@ -2707,7 +2708,7 @@ WebIDL::ExceptionOr<GC::Ref<CryptoKey>> ECDH::import_key(AlgorithmParams const&
|
||||||
|
|
||||||
// 4. If the algorithm object identifier field of the algorithm AlgorithmIdentifier field of spki
|
// 4. If the algorithm object identifier field of the algorithm AlgorithmIdentifier field of spki
|
||||||
// is not equal to the id-ecPublicKey object identifier defined in [RFC5480], then throw a DataError.
|
// is not equal to the id-ecPublicKey object identifier defined in [RFC5480], then throw a DataError.
|
||||||
if (spki.algorithm.identifier != ::Crypto::Certificate::ec_public_key_encryption_oid)
|
if (spki.algorithm.identifier != ::Crypto::ASN1::ec_public_key_encryption_oid)
|
||||||
return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
|
return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
|
||||||
|
|
||||||
// 5. If the parameters field of the algorithm AlgorithmIdentifier field of spki is absent, then throw a DataError.
|
// 5. If the parameters field of the algorithm AlgorithmIdentifier field of spki is absent, then throw a DataError.
|
||||||
|
@ -2722,17 +2723,17 @@ WebIDL::ExceptionOr<GC::Ref<CryptoKey>> ECDH::import_key(AlgorithmParams const&
|
||||||
String named_curve;
|
String named_curve;
|
||||||
|
|
||||||
// 9. If params is equivalent to the secp256r1 object identifier defined in [RFC5480]:
|
// 9. If params is equivalent to the secp256r1 object identifier defined in [RFC5480]:
|
||||||
if (ec_params == ::Crypto::Certificate::secp256r1_oid) {
|
if (ec_params == ::Crypto::ASN1::secp256r1_oid) {
|
||||||
// Set namedCurve to "P-256".
|
// Set namedCurve to "P-256".
|
||||||
named_curve = "P-256"_string;
|
named_curve = "P-256"_string;
|
||||||
}
|
}
|
||||||
// If params is equivalent to the secp384r1 object identifier defined in [RFC5480]:
|
// If params is equivalent to the secp384r1 object identifier defined in [RFC5480]:
|
||||||
else if (ec_params == ::Crypto::Certificate::secp384r1_oid) {
|
else if (ec_params == ::Crypto::ASN1::secp384r1_oid) {
|
||||||
// Set namedCurve to "P-384".
|
// Set namedCurve to "P-384".
|
||||||
named_curve = "P-384"_string;
|
named_curve = "P-384"_string;
|
||||||
}
|
}
|
||||||
// If params is equivalent to the secp521r1 object identifier defined in [RFC5480]:
|
// If params is equivalent to the secp521r1 object identifier defined in [RFC5480]:
|
||||||
else if (ec_params == ::Crypto::Certificate::secp521r1_oid) {
|
else if (ec_params == ::Crypto::ASN1::secp521r1_oid) {
|
||||||
// Set namedCurve to "P-521".
|
// Set namedCurve to "P-521".
|
||||||
named_curve = "P-521"_string;
|
named_curve = "P-521"_string;
|
||||||
}
|
}
|
||||||
|
@ -2810,7 +2811,7 @@ WebIDL::ExceptionOr<GC::Ref<CryptoKey>> ECDH::import_key(AlgorithmParams const&
|
||||||
|
|
||||||
// 4. If the algorithm object identifier field of the privateKeyAlgorithm PrivateKeyAlgorithm field of privateKeyInfo
|
// 4. If the algorithm object identifier field of the privateKeyAlgorithm PrivateKeyAlgorithm field of privateKeyInfo
|
||||||
// is not equal to the id-ecPublicKey object identifier defined in [RFC5480], then throw a DataError.
|
// is not equal to the id-ecPublicKey object identifier defined in [RFC5480], then throw a DataError.
|
||||||
if (private_key_info.algorithm.identifier != ::Crypto::Certificate::ec_public_key_encryption_oid)
|
if (private_key_info.algorithm.identifier != ::Crypto::ASN1::ec_public_key_encryption_oid)
|
||||||
return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
|
return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
|
||||||
|
|
||||||
// 5. If the parameters field of the privateKeyAlgorithm PrivateKeyAlgorithmIdentifier field
|
// 5. If the parameters field of the privateKeyAlgorithm PrivateKeyAlgorithmIdentifier field
|
||||||
|
@ -2826,17 +2827,17 @@ WebIDL::ExceptionOr<GC::Ref<CryptoKey>> ECDH::import_key(AlgorithmParams const&
|
||||||
String named_curve;
|
String named_curve;
|
||||||
|
|
||||||
// 9. If params is equivalent to the secp256r1 object identifier defined in [RFC5480]:
|
// 9. If params is equivalent to the secp256r1 object identifier defined in [RFC5480]:
|
||||||
if (ec_params == ::Crypto::Certificate::secp256r1_oid) {
|
if (ec_params == ::Crypto::ASN1::secp256r1_oid) {
|
||||||
// Set namedCurve to "P-256".
|
// Set namedCurve to "P-256".
|
||||||
named_curve = "P-256"_string;
|
named_curve = "P-256"_string;
|
||||||
}
|
}
|
||||||
// If params is equivalent to the secp384r1 object identifier defined in [RFC5480]:
|
// If params is equivalent to the secp384r1 object identifier defined in [RFC5480]:
|
||||||
else if (ec_params == ::Crypto::Certificate::secp384r1_oid) {
|
else if (ec_params == ::Crypto::ASN1::secp384r1_oid) {
|
||||||
// Set namedCurve to "P-384".
|
// Set namedCurve to "P-384".
|
||||||
named_curve = "P-384"_string;
|
named_curve = "P-384"_string;
|
||||||
}
|
}
|
||||||
// If params is equivalent to the secp521r1 object identifier defined in [RFC5480]:
|
// If params is equivalent to the secp521r1 object identifier defined in [RFC5480]:
|
||||||
else if (ec_params == ::Crypto::Certificate::secp521r1_oid) {
|
else if (ec_params == ::Crypto::ASN1::secp521r1_oid) {
|
||||||
// Set namedCurve to "P-521".
|
// Set namedCurve to "P-521".
|
||||||
named_curve = "P-521"_string;
|
named_curve = "P-521"_string;
|
||||||
}
|
}
|
||||||
|
@ -3146,15 +3147,15 @@ WebIDL::ExceptionOr<GC::Ref<JS::Object>> ECDH::export_key(Bindings::KeyFormat fo
|
||||||
|
|
||||||
Span<int const> ec_params;
|
Span<int const> ec_params;
|
||||||
if (algorithm.named_curve() == "P-256"sv)
|
if (algorithm.named_curve() == "P-256"sv)
|
||||||
ec_params = ::Crypto::Certificate::secp256r1_oid;
|
ec_params = ::Crypto::ASN1::secp256r1_oid;
|
||||||
else if (algorithm.named_curve() == "P-384"sv)
|
else if (algorithm.named_curve() == "P-384"sv)
|
||||||
ec_params = ::Crypto::Certificate::secp384r1_oid;
|
ec_params = ::Crypto::ASN1::secp384r1_oid;
|
||||||
else if (algorithm.named_curve() == "P-521"sv)
|
else if (algorithm.named_curve() == "P-521"sv)
|
||||||
ec_params = ::Crypto::Certificate::secp521r1_oid;
|
ec_params = ::Crypto::ASN1::secp521r1_oid;
|
||||||
else
|
else
|
||||||
VERIFY_NOT_REACHED();
|
VERIFY_NOT_REACHED();
|
||||||
|
|
||||||
return TRY(::Crypto::PK::wrap_in_subject_public_key_info(public_key_bytes, ::Crypto::Certificate::ec_public_key_encryption_oid, ec_params));
|
return TRY(::Crypto::PK::wrap_in_subject_public_key_info(public_key_bytes, ::Crypto::ASN1::ec_public_key_encryption_oid, ec_params));
|
||||||
},
|
},
|
||||||
[](auto) -> ErrorOr<ByteBuffer> {
|
[](auto) -> ErrorOr<ByteBuffer> {
|
||||||
VERIFY_NOT_REACHED();
|
VERIFY_NOT_REACHED();
|
||||||
|
@ -3213,15 +3214,15 @@ WebIDL::ExceptionOr<GC::Ref<JS::Object>> ECDH::export_key(Bindings::KeyFormat fo
|
||||||
[&](::Crypto::PK::ECPrivateKey<> const& private_key) -> ErrorOr<ByteBuffer> {
|
[&](::Crypto::PK::ECPrivateKey<> const& private_key) -> ErrorOr<ByteBuffer> {
|
||||||
Span<int const> ec_params;
|
Span<int const> ec_params;
|
||||||
if (algorithm.named_curve() == "P-256"sv)
|
if (algorithm.named_curve() == "P-256"sv)
|
||||||
ec_params = ::Crypto::Certificate::secp256r1_oid;
|
ec_params = ::Crypto::ASN1::secp256r1_oid;
|
||||||
else if (algorithm.named_curve() == "P-384"sv)
|
else if (algorithm.named_curve() == "P-384"sv)
|
||||||
ec_params = ::Crypto::Certificate::secp384r1_oid;
|
ec_params = ::Crypto::ASN1::secp384r1_oid;
|
||||||
else if (algorithm.named_curve() == "P-521"sv)
|
else if (algorithm.named_curve() == "P-521"sv)
|
||||||
ec_params = ::Crypto::Certificate::secp521r1_oid;
|
ec_params = ::Crypto::ASN1::secp521r1_oid;
|
||||||
else
|
else
|
||||||
VERIFY_NOT_REACHED();
|
VERIFY_NOT_REACHED();
|
||||||
|
|
||||||
return TRY(::Crypto::PK::wrap_in_private_key_info(private_key, ::Crypto::Certificate::ec_public_key_encryption_oid, ec_params));
|
return TRY(::Crypto::PK::wrap_in_private_key_info(private_key, ::Crypto::ASN1::ec_public_key_encryption_oid, ec_params));
|
||||||
},
|
},
|
||||||
[](auto) -> ErrorOr<ByteBuffer> {
|
[](auto) -> ErrorOr<ByteBuffer> {
|
||||||
VERIFY_NOT_REACHED();
|
VERIFY_NOT_REACHED();
|
||||||
|
@ -3502,7 +3503,7 @@ WebIDL::ExceptionOr<GC::Ref<CryptoKey>> ED25519::import_key(
|
||||||
|
|
||||||
// 4. If the algorithm object identifier field of the algorithm AlgorithmIdentifier field of spki
|
// 4. If the algorithm object identifier field of the algorithm AlgorithmIdentifier field of spki
|
||||||
// is not equal to the id-Ed25519 object identifier defined in [RFC8410], then throw a DataError.
|
// is not equal to the id-Ed25519 object identifier defined in [RFC8410], then throw a DataError.
|
||||||
if (spki.algorithm.identifier != ::Crypto::Certificate::ed25519_oid)
|
if (spki.algorithm.identifier != ::Crypto::ASN1::ed25519_oid)
|
||||||
return WebIDL::DataError::create(m_realm, "Invalid algorithm identifier"_string);
|
return WebIDL::DataError::create(m_realm, "Invalid algorithm identifier"_string);
|
||||||
|
|
||||||
// 5. If the parameters field of the algorithm AlgorithmIdentifier field of spki is present, then throw a DataError.
|
// 5. If the parameters field of the algorithm AlgorithmIdentifier field of spki is present, then throw a DataError.
|
||||||
|
@ -3544,7 +3545,7 @@ WebIDL::ExceptionOr<GC::Ref<CryptoKey>> ED25519::import_key(
|
||||||
|
|
||||||
// 4. If the algorithm object identifier field of the privateKeyAlgorithm PrivateKeyAlgorithm field
|
// 4. If the algorithm object identifier field of the privateKeyAlgorithm PrivateKeyAlgorithm field
|
||||||
// of privateKeyInfo is not equal to the id-Ed25519 object identifier defined in [RFC8410], then throw a DataError.
|
// of privateKeyInfo is not equal to the id-Ed25519 object identifier defined in [RFC8410], then throw a DataError.
|
||||||
if (private_key_info.algorithm.identifier != ::Crypto::Certificate::ed25519_oid)
|
if (private_key_info.algorithm.identifier != ::Crypto::ASN1::ed25519_oid)
|
||||||
return WebIDL::DataError::create(m_realm, "Invalid algorithm identifier"_string);
|
return WebIDL::DataError::create(m_realm, "Invalid algorithm identifier"_string);
|
||||||
|
|
||||||
// 5. If the parameters field of the privateKeyAlgorithm PrivateKeyAlgorithmIdentifier field of privateKeyInfo is present,
|
// 5. If the parameters field of the privateKeyAlgorithm PrivateKeyAlgorithmIdentifier field of privateKeyInfo is present,
|
||||||
|
@ -3752,7 +3753,7 @@ WebIDL::ExceptionOr<GC::Ref<JS::Object>> ED25519::export_key(Bindings::KeyFormat
|
||||||
// * Set the algorithm field to an AlgorithmIdentifier ASN.1 type with the following properties:
|
// * Set the algorithm field to an AlgorithmIdentifier ASN.1 type with the following properties:
|
||||||
// * Set the algorithm object identifier to the id-Ed25519 OID defined in [RFC8410].
|
// * Set the algorithm object identifier to the id-Ed25519 OID defined in [RFC8410].
|
||||||
// * Set the subjectPublicKey field to keyData.
|
// * Set the subjectPublicKey field to keyData.
|
||||||
auto ed25519_oid = ::Crypto::Certificate::ed25519_oid;
|
auto ed25519_oid = ::Crypto::ASN1::ed25519_oid;
|
||||||
auto data = TRY_OR_THROW_OOM(vm, ::Crypto::PK::wrap_in_subject_public_key_info(key_data, ed25519_oid, nullptr));
|
auto data = TRY_OR_THROW_OOM(vm, ::Crypto::PK::wrap_in_subject_public_key_info(key_data, ed25519_oid, nullptr));
|
||||||
|
|
||||||
// 3. Let result be a new ArrayBuffer associated with the relevant global object of this [HTML], and containing data.
|
// 3. Let result be a new ArrayBuffer associated with the relevant global object of this [HTML], and containing data.
|
||||||
|
@ -3771,7 +3772,7 @@ WebIDL::ExceptionOr<GC::Ref<JS::Object>> ED25519::export_key(Bindings::KeyFormat
|
||||||
// * Set the algorithm object identifier to the id-Ed25519 OID defined in [RFC8410].
|
// * Set the algorithm object identifier to the id-Ed25519 OID defined in [RFC8410].
|
||||||
// * Set the privateKey field to the result of DER-encoding a CurvePrivateKey ASN.1 type, as defined in Section 7 of [RFC8410], that represents the Ed25519 private key represented by the [[handle]] internal slot of key
|
// * Set the privateKey field to the result of DER-encoding a CurvePrivateKey ASN.1 type, as defined in Section 7 of [RFC8410], that represents the Ed25519 private key represented by the [[handle]] internal slot of key
|
||||||
|
|
||||||
auto ed25519_oid = ::Crypto::Certificate::ed25519_oid;
|
auto ed25519_oid = ::Crypto::ASN1::ed25519_oid;
|
||||||
auto data = TRY_OR_THROW_OOM(vm, ::Crypto::PK::wrap_in_private_key_info(key_data, ed25519_oid, nullptr));
|
auto data = TRY_OR_THROW_OOM(vm, ::Crypto::PK::wrap_in_private_key_info(key_data, ed25519_oid, nullptr));
|
||||||
|
|
||||||
// 3. Let result be a new ArrayBuffer associated with the relevant global object of this [HTML], and containing data.
|
// 3. Let result be a new ArrayBuffer associated with the relevant global object of this [HTML], and containing data.
|
||||||
|
@ -4195,7 +4196,7 @@ WebIDL::ExceptionOr<GC::Ref<CryptoKey>> X25519::import_key([[maybe_unused]] Web:
|
||||||
|
|
||||||
// 4. If the algorithm object identifier field of the algorithm AlgorithmIdentifier field of spki
|
// 4. If the algorithm object identifier field of the algorithm AlgorithmIdentifier field of spki
|
||||||
// is not equal to the id-X25519 object identifier defined in [RFC8410], then throw a DataError.
|
// is not equal to the id-X25519 object identifier defined in [RFC8410], then throw a DataError.
|
||||||
if (spki.algorithm.identifier != ::Crypto::Certificate::x25519_oid)
|
if (spki.algorithm.identifier != ::Crypto::ASN1::x25519_oid)
|
||||||
return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
|
return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
|
||||||
|
|
||||||
// 5. If the parameters field of the algorithm AlgorithmIdentifier field of spki is present, then throw a DataError.
|
// 5. If the parameters field of the algorithm AlgorithmIdentifier field of spki is present, then throw a DataError.
|
||||||
|
@ -4236,7 +4237,7 @@ WebIDL::ExceptionOr<GC::Ref<CryptoKey>> X25519::import_key([[maybe_unused]] Web:
|
||||||
|
|
||||||
// 4. If the algorithm object identifier field of the privateKeyAlgorithm PrivateKeyAlgorithm field of privateKeyInfo
|
// 4. If the algorithm object identifier field of the privateKeyAlgorithm PrivateKeyAlgorithm field of privateKeyInfo
|
||||||
// is not equal to the id-X25519 object identifier defined in [RFC8410], then throw a DataError.
|
// is not equal to the id-X25519 object identifier defined in [RFC8410], then throw a DataError.
|
||||||
if (private_key_info.algorithm.identifier != ::Crypto::Certificate::x25519_oid)
|
if (private_key_info.algorithm.identifier != ::Crypto::ASN1::x25519_oid)
|
||||||
return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
|
return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
|
||||||
|
|
||||||
// 5. If the parameters field of the privateKeyAlgorithm PrivateKeyAlgorithmIdentifier field of privateKeyInfo is present, then throw a DataError.
|
// 5. If the parameters field of the privateKeyAlgorithm PrivateKeyAlgorithmIdentifier field of privateKeyInfo is present, then throw a DataError.
|
||||||
|
@ -4441,7 +4442,7 @@ WebIDL::ExceptionOr<GC::Ref<JS::Object>> X25519::export_key(Bindings::KeyFormat
|
||||||
// Set the algorithm object identifier to the id-X25519 OID defined in [RFC8410].
|
// Set the algorithm object identifier to the id-X25519 OID defined in [RFC8410].
|
||||||
// Set the subjectPublicKey field to keyData.
|
// Set the subjectPublicKey field to keyData.
|
||||||
auto public_key = handle.get<ByteBuffer>();
|
auto public_key = handle.get<ByteBuffer>();
|
||||||
auto data = TRY_OR_THROW_OOM(vm, ::Crypto::PK::wrap_in_subject_public_key_info(public_key, Array { ::Crypto::Certificate::x25519_oid }, nullptr));
|
auto data = TRY_OR_THROW_OOM(vm, ::Crypto::PK::wrap_in_subject_public_key_info(public_key, ::Crypto::ASN1::x25519_oid, nullptr));
|
||||||
|
|
||||||
// 3. Let result be a new ArrayBuffer associated with the relevant global object of this [HTML], and containing data.
|
// 3. Let result be a new ArrayBuffer associated with the relevant global object of this [HTML], and containing data.
|
||||||
result = JS::ArrayBuffer::create(m_realm, data);
|
result = JS::ArrayBuffer::create(m_realm, data);
|
||||||
|
@ -4460,7 +4461,7 @@ WebIDL::ExceptionOr<GC::Ref<JS::Object>> X25519::export_key(Bindings::KeyFormat
|
||||||
// Set the privateKey field to the result of DER-encoding a CurvePrivateKey ASN.1 type, as defined in Section 7 of [RFC8410],
|
// Set the privateKey field to the result of DER-encoding a CurvePrivateKey ASN.1 type, as defined in Section 7 of [RFC8410],
|
||||||
// that represents the X25519 private key represented by the [[handle]] internal slot of key
|
// that represents the X25519 private key represented by the [[handle]] internal slot of key
|
||||||
auto private_key = handle.get<ByteBuffer>();
|
auto private_key = handle.get<ByteBuffer>();
|
||||||
auto data = TRY_OR_THROW_OOM(vm, ::Crypto::PK::wrap_in_private_key_info(private_key, Array { ::Crypto::Certificate::x25519_oid }, nullptr));
|
auto data = TRY_OR_THROW_OOM(vm, ::Crypto::PK::wrap_in_private_key_info(private_key, ::Crypto::ASN1::x25519_oid, nullptr));
|
||||||
|
|
||||||
// 3. Let result be a new ArrayBuffer associated with the relevant global object of this [HTML], and containing data.
|
// 3. Let result be a new ArrayBuffer associated with the relevant global object of this [HTML], and containing data.
|
||||||
result = JS::ArrayBuffer::create(m_realm, data);
|
result = JS::ArrayBuffer::create(m_realm, data);
|
||||||
|
@ -4684,7 +4685,7 @@ WebIDL::ExceptionOr<GC::Ref<JS::Object>> X448::export_key(Bindings::KeyFormat fo
|
||||||
// * Set the algorithm field to an AlgorithmIdentifier ASN.1 type with the following properties:
|
// * Set the algorithm field to an AlgorithmIdentifier ASN.1 type with the following properties:
|
||||||
// * Set the algorithm object identifier to the id-X448 OID defined in [RFC8410].
|
// * Set the algorithm object identifier to the id-X448 OID defined in [RFC8410].
|
||||||
// * Set the subjectPublicKey field to keyData.
|
// * Set the subjectPublicKey field to keyData.
|
||||||
auto x448_oid = ::Crypto::Certificate::x448_oid;
|
auto x448_oid = ::Crypto::ASN1::x448_oid;
|
||||||
auto data = TRY_OR_THROW_OOM(m_realm->vm(), ::Crypto::PK::wrap_in_subject_public_key_info(key_data, x448_oid, nullptr));
|
auto data = TRY_OR_THROW_OOM(m_realm->vm(), ::Crypto::PK::wrap_in_subject_public_key_info(key_data, x448_oid, nullptr));
|
||||||
|
|
||||||
// 3. Let result be a new ArrayBuffer associated with the relevant global object of this [HTML], and containing data.
|
// 3. Let result be a new ArrayBuffer associated with the relevant global object of this [HTML], and containing data.
|
||||||
|
@ -4702,7 +4703,7 @@ WebIDL::ExceptionOr<GC::Ref<JS::Object>> X448::export_key(Bindings::KeyFormat fo
|
||||||
// * Set the privateKeyAlgorithm field to a PrivateKeyAlgorithmIdentifier ASN.1 type with the following properties:
|
// * Set the privateKeyAlgorithm field to a PrivateKeyAlgorithmIdentifier ASN.1 type with the following properties:
|
||||||
// * Set the algorithm object identifier to the id-X448 OID defined in [RFC8410].
|
// * Set the algorithm object identifier to the id-X448 OID defined in [RFC8410].
|
||||||
// * Set the privateKey field to the result of DER-encoding a CurvePrivateKey ASN.1 type, as defined in Section 7 of [RFC8410], that represents the X448 private key represented by the [[handle]] internal slot of key
|
// * Set the privateKey field to the result of DER-encoding a CurvePrivateKey ASN.1 type, as defined in Section 7 of [RFC8410], that represents the X448 private key represented by the [[handle]] internal slot of key
|
||||||
auto x448_oid = ::Crypto::Certificate::x448_oid;
|
auto x448_oid = ::Crypto::ASN1::x448_oid;
|
||||||
auto data = TRY_OR_THROW_OOM(m_realm->vm(), ::Crypto::PK::wrap_in_private_key_info(key_data, x448_oid, nullptr));
|
auto data = TRY_OR_THROW_OOM(m_realm->vm(), ::Crypto::PK::wrap_in_private_key_info(key_data, x448_oid, nullptr));
|
||||||
|
|
||||||
// 3. Let result be a new ArrayBuffer associated with the relevant global object of this [HTML], and containing data.
|
// 3. Let result be a new ArrayBuffer associated with the relevant global object of this [HTML], and containing data.
|
||||||
|
@ -4780,7 +4781,7 @@ WebIDL::ExceptionOr<GC::Ref<CryptoKey>> X448::import_key(
|
||||||
auto spki = TRY(parse_a_subject_public_key_info(m_realm, key_data.get<ByteBuffer>()));
|
auto spki = TRY(parse_a_subject_public_key_info(m_realm, key_data.get<ByteBuffer>()));
|
||||||
|
|
||||||
// 4. If the algorithm object identifier field of the algorithm AlgorithmIdentifier field of spki is not equal to the id-X448 object identifier defined in [RFC8410], then throw a DataError.
|
// 4. If the algorithm object identifier field of the algorithm AlgorithmIdentifier field of spki is not equal to the id-X448 object identifier defined in [RFC8410], then throw a DataError.
|
||||||
if (spki.algorithm.identifier != ::Crypto::Certificate::x448_oid)
|
if (spki.algorithm.identifier != ::Crypto::ASN1::x448_oid)
|
||||||
return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
|
return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
|
||||||
|
|
||||||
// 5. If the parameters field of the algorithm AlgorithmIdentifier field of spki is present, then throw a DataError.
|
// 5. If the parameters field of the algorithm AlgorithmIdentifier field of spki is present, then throw a DataError.
|
||||||
|
@ -4823,7 +4824,7 @@ WebIDL::ExceptionOr<GC::Ref<CryptoKey>> X448::import_key(
|
||||||
auto private_key = private_key_info.raw_key;
|
auto private_key = private_key_info.raw_key;
|
||||||
|
|
||||||
// 4. If the algorithm object identifier field of the privateKeyAlgorithm PrivateKeyAlgorithm field of privateKeyInfo is not equal to the id-X448 object identifier defined in [RFC8410], then throw a DataError.
|
// 4. If the algorithm object identifier field of the privateKeyAlgorithm PrivateKeyAlgorithm field of privateKeyInfo is not equal to the id-X448 object identifier defined in [RFC8410], then throw a DataError.
|
||||||
if (private_key_info.algorithm.identifier != ::Crypto::Certificate::x448_oid)
|
if (private_key_info.algorithm.identifier != ::Crypto::ASN1::x448_oid)
|
||||||
return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
|
return WebIDL::DataError::create(m_realm, "Invalid algorithm"_string);
|
||||||
|
|
||||||
// 5. If the parameters field of the privateKeyAlgorithm PrivateKeyAlgorithmIdentifier field of privateKeyInfo is present, then throw a DataError.
|
// 5. If the parameters field of the privateKeyAlgorithm PrivateKeyAlgorithmIdentifier field of privateKeyInfo is present, then throw a DataError.
|
||||||
|
|
|
@ -33,7 +33,7 @@ TEST_CASE(test_private_key_info_decode)
|
||||||
Crypto::ASN1::Decoder decoder(decoded_keyder);
|
Crypto::ASN1::Decoder decoder(decoded_keyder);
|
||||||
auto private_key_info = TRY_OR_FAIL(Crypto::Certificate::parse_private_key_info(decoder));
|
auto private_key_info = TRY_OR_FAIL(Crypto::Certificate::parse_private_key_info(decoder));
|
||||||
|
|
||||||
EXPECT_EQ(private_key_info.algorithm.identifier, Crypto::Certificate::rsa_encryption_oid);
|
EXPECT_EQ(private_key_info.algorithm.identifier, Crypto::ASN1::rsa_encryption_oid);
|
||||||
auto& key = private_key_info.rsa;
|
auto& key = private_key_info.rsa;
|
||||||
|
|
||||||
EXPECT_EQ(key.length() * 8, 512u);
|
EXPECT_EQ(key.length() * 8, 512u);
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue