From d71bd185c693a9a122f75e43ad315cffbae852ca Mon Sep 17 00:00:00 2001 From: Andrew Kaster Date: Thu, 14 Mar 2024 22:47:06 -0600 Subject: [PATCH] LibWeb: Implement skeleton of SubtleCrypto.decrypt --- .../LibWeb/Crypto/CryptoAlgorithms.h | 5 ++ .../Libraries/LibWeb/Crypto/SubtleCrypto.cpp | 57 +++++++++++++++++++ .../Libraries/LibWeb/Crypto/SubtleCrypto.h | 1 + .../Libraries/LibWeb/Crypto/SubtleCrypto.idl | 2 +- 4 files changed, 64 insertions(+), 1 deletion(-) diff --git a/Userland/Libraries/LibWeb/Crypto/CryptoAlgorithms.h b/Userland/Libraries/LibWeb/Crypto/CryptoAlgorithms.h index f66072946ba..dbddd6a0f8c 100644 --- a/Userland/Libraries/LibWeb/Crypto/CryptoAlgorithms.h +++ b/Userland/Libraries/LibWeb/Crypto/CryptoAlgorithms.h @@ -111,6 +111,11 @@ public: return WebIDL::NotSupportedError::create(m_realm, "encrypt is not supported"_fly_string); } + virtual WebIDL::ExceptionOr> decrypt(AlgorithmParams const&, JS::NonnullGCPtr, ByteBuffer const&) + { + return WebIDL::NotSupportedError::create(m_realm, "decrypt is not supported"_fly_string); + } + virtual WebIDL::ExceptionOr> digest(AlgorithmParams const&, ByteBuffer const&) { return WebIDL::NotSupportedError::create(m_realm, "digest is not supported"_fly_string); diff --git a/Userland/Libraries/LibWeb/Crypto/SubtleCrypto.cpp b/Userland/Libraries/LibWeb/Crypto/SubtleCrypto.cpp index db14e38a8f6..950caae269d 100644 --- a/Userland/Libraries/LibWeb/Crypto/SubtleCrypto.cpp +++ b/Userland/Libraries/LibWeb/Crypto/SubtleCrypto.cpp @@ -176,6 +176,63 @@ JS::NonnullGCPtr SubtleCrypto::encrypt(AlgorithmIdentifier const& a return verify_cast(*promise->promise()); } +// https://w3c.github.io/webcrypto/#dfn-SubtleCrypto-method-decrypt +JS::NonnullGCPtr SubtleCrypto::decrypt(AlgorithmIdentifier const& algorithm, JS::NonnullGCPtr key, JS::Handle const& data_parameter) +{ + auto& realm = this->realm(); + auto& vm = this->vm(); + // 1. Let algorithm and key be the algorithm and key parameters passed to the decrypt() method, respectively. + + // 2. Let data be the result of getting a copy of the bytes held by the data parameter passed to the decrypt() method. + auto data_or_error = WebIDL::get_buffer_source_copy(*data_parameter->raw_object()); + if (data_or_error.is_error()) { + VERIFY(data_or_error.error().code() == ENOMEM); + return WebIDL::create_rejected_promise_from_exception(realm, vm.throw_completion(vm.error_message(JS::VM::ErrorMessage::OutOfMemory))); + } + auto data = data_or_error.release_value(); + + // 3. Let normalizedAlgorithm be the result of normalizing an algorithm, with alg set to algorithm and op set to "decrypt". + auto normalized_algorithm = normalize_an_algorithm(realm, algorithm, "decrypt"_string); + + // 4. If an error occurred, return a Promise rejected with normalizedAlgorithm. + if (normalized_algorithm.is_error()) + return WebIDL::create_rejected_promise_from_exception(realm, normalized_algorithm.release_error()); + + // 5. Let promise be a new Promise. + auto promise = WebIDL::create_promise(realm); + + // 6. Return promise and perform the remaining steps in parallel. + + Platform::EventLoopPlugin::the().deferred_invoke([&realm, normalized_algorithm = normalized_algorithm.release_value(), promise, key, data = move(data)]() -> void { + HTML::TemporaryExecutionContext context(Bindings::host_defined_environment_settings_object(realm), HTML::TemporaryExecutionContext::CallbacksEnabled::Yes); + // 7. If the following steps or referenced procedures say to throw an error, reject promise with the returned error and then terminate the algorithm. + + // 8. If the name member of normalizedAlgorithm is not equal to the name attribute of the [[algorithm]] internal slot of key then throw an InvalidAccessError. + if (normalized_algorithm.parameter->name != key->algorithm_name()) { + WebIDL::reject_promise(realm, promise, WebIDL::InvalidAccessError::create(realm, "Algorithm mismatch"_fly_string)); + return; + } + + // 9. If the [[usages]] internal slot of key does not contain an entry that is "decrypt", then throw an InvalidAccessError. + if (!key->internal_usages().contains_slow(Bindings::KeyUsage::Decrypt)) { + WebIDL::reject_promise(realm, promise, WebIDL::InvalidAccessError::create(realm, "Key does not support encryption"_fly_string)); + return; + } + + // 10. Let plaintext be the result of performing the decrypt operation specified by normalizedAlgorithm using algorithm and key and with data as ciphertext. + auto plain_text = normalized_algorithm.methods->decrypt(*normalized_algorithm.parameter, key, data); + if (plain_text.is_error()) { + WebIDL::reject_promise(realm, promise, Bindings::dom_exception_to_throw_completion(realm.vm(), plain_text.release_error()).release_value().value()); + return; + } + + // 9. Resolve promise with plaintext. + WebIDL::resolve_promise(realm, promise, plain_text.release_value()); + }); + + return verify_cast(*promise->promise()); +} + // https://w3c.github.io/webcrypto/#dfn-SubtleCrypto-method-digest JS::NonnullGCPtr SubtleCrypto::digest(AlgorithmIdentifier const& algorithm, JS::Handle const& data) { diff --git a/Userland/Libraries/LibWeb/Crypto/SubtleCrypto.h b/Userland/Libraries/LibWeb/Crypto/SubtleCrypto.h index d5dd04342fd..074be20e91b 100644 --- a/Userland/Libraries/LibWeb/Crypto/SubtleCrypto.h +++ b/Userland/Libraries/LibWeb/Crypto/SubtleCrypto.h @@ -28,6 +28,7 @@ public: virtual ~SubtleCrypto() override; JS::NonnullGCPtr encrypt(AlgorithmIdentifier const& algorithm, JS::NonnullGCPtr key, JS::Handle const& data_parameter); + JS::NonnullGCPtr decrypt(AlgorithmIdentifier const& algorithm, JS::NonnullGCPtr key, JS::Handle const& data_parameter); JS::NonnullGCPtr digest(AlgorithmIdentifier const& algorithm, JS::Handle const& data); diff --git a/Userland/Libraries/LibWeb/Crypto/SubtleCrypto.idl b/Userland/Libraries/LibWeb/Crypto/SubtleCrypto.idl index efd4e313031..9663a1e62e9 100644 --- a/Userland/Libraries/LibWeb/Crypto/SubtleCrypto.idl +++ b/Userland/Libraries/LibWeb/Crypto/SubtleCrypto.idl @@ -46,7 +46,7 @@ dictionary JsonWebKey [SecureContext,Exposed=(Window,Worker)] interface SubtleCrypto { Promise encrypt(AlgorithmIdentifier algorithm, CryptoKey key, BufferSource data); - // FIXME: Promise decrypt(AlgorithmIdentifier algorithm, CryptoKey key, BufferSource data); + Promise decrypt(AlgorithmIdentifier algorithm, CryptoKey key, BufferSource data); // FIXME: Promise sign(AlgorithmIdentifier algorithm, CryptoKey key, BufferSource data); // FIXME: Promise verify(AlgorithmIdentifier algorithm, CryptoKey key, BufferSource signature, BufferSource data);