The spec never mentions the possibility for the `hash` member of
`RsaHashedKeyAlgorithm` to be a string, it should be a `KeyAlgorithm`
object containing a `name` string member.
Spec: https://w3c.github.io/webcrypto/#dfn-RsaHashedKeyAlgorithm
This replaces the old `OAEP` implementation with one backed by OpenSSL.
The changes also include some added modularity to the RSA class by
making the `RSA_EME` and `RSA_EMSE` for encryption/decryption and
signing/verifying respectively.
It used to be that the caller would supply a buffer to write the output
to. This created an anti-pattern in multiple places where the caller
would allocate a `ByteBuffer` and then use `.bytes()` to provide it to
the `PKSystem` method. Then the callee would resize the output buffer
and reassign it, but because the resize was on `Bytes` and not on
`ByteBuffer`, the caller using the latter would cause a bug.
Additionally, in pretty much all cases the buffer was pre-allocated
shortly before.
Make sure that `HashAlgorithmIdentifier` is passed through
`normalize_an_algorithm` to verify that the hash is valid and supported.
This is required by the spec, but we are not following it very strictly
in `normalize_an_algorithm` because it is pretty convoluted.
Fixes ~60 tests.
Fixes multiple slightly wrong behaviours of the `deriveBits` method
across various algorithms. Some of them might be due to a spec update.
Add tests related to fixes.
Add support for AES-KW for key wrapping/unwrapping. Very similar
implementation to other AES modes.
Added generic tests for symmetric import and specific AES-KW ones.
Adds ~400 test passes on WPT. Now we do better than Firefox in
`WebCryptoAPI/wrapKey_unwrapKey`!
We do not concern ourselves with small OOM handling any longer. But the
main point of this patch is that we are for some reason getting a build
error with clang-19 here about ignoring a nodiscard return type inside
JsonArray::try_for_each.
This implements the last WebCryptoAPI methods `wrapKey` and `unwrapKey`.
Most of the functionality is already there because they rely on
`encrypt` and `decrypt`. The only test failures are for `AES-GCM` which
is not implemented yet.
The ASN1 structure for PCKS#8 was wrong and missing one wrapping of the
key in a OctetString.
The issue was discovered while implementing `wrapKey` and `unwrapKey` in
the next commits.
The ASN1 structure for PCKS#8 was wrong and missing one wrapping of the
key in a OctetString.
The issue was discovered while implementing `wrapKey` and `unwrapKey` in
the next commits.
The presence of padding in the base64 fields made plenty of WPT tests
fail. Additionally, export was performed with the wrong public key.
The issue was discovered while implementing `wrapKey` and `unwrapKey` in
the next commits.
The presence of padding in the base64 fields made plenty of WPT tests
fail.
The issue was discovered while implementing `wrapKey` and `unwrapKey` in
the next commits.
Previously, if `nullptr` was passed as params for
`wrap_in_private_key_info` or `wrap_in_subject_public_key_info` an ASN1
null was serialized. This was not the intended behaviour for many.
The issue was discovered while implementing `wrapKey` and `unwrapKey` in
the next commits.
The ASN1 structure for PCKS#8 was wrong and missing one wrapping of the
key in a OctetString.
The issue was discovered while implementing `wrapKey` and `unwrapKey` in
the next commits.
The presence of padding in the base64 fields and the typo made plenty of
WPT tests fail.
The issue was discovered while implementing `wrapKey` and `unwrapKey` in
the next commits.
The property was not accessible because it was not exposed to JS.
The issue was discovered while implementing `wrapKey` and `unwrapKey` in
the next commits.
The validation of the key size and specified algorithm was out of spec.
It is now implemented correctly like in `AesCbc`.
The issue was discovered while implementing `wrapKey` and `unwrapKey` in
the next commits.
- Removed the constructor taking a (n, d, e) tuple and moved
it to `RSAPrivateKey`
- Removed default constructor with key generation because it was always
misused and the default key size is quite small
- Added utility constructors to accept a key pair, public key, private
key or both
- Made constructor parameters const
- Updated test to use generated random keys where possible
In order for public/private key serialization to work correctly we must
store the size of the key because P-521 cannot be stored as full words
inside `UnsignedBigInteger` and therefore is exported as the wrong
length (68 instead of 66).
This makes it also possible to refactor some methods and cleanup
constants scattered around.
Gets almost all import/export tests, expect the JWK ones that calculate
the public key on export. The `SECPxxxr1` implementation currently fails
to do calculations for P-521.
It is the responsibility of code that deals with TypedArrays to apply
the byte offset and byte length. Not doing this caused Unity Web to
crash, as they call getRandomValues with views into their full main
memory. Previously, it would fill their entire memory of about 33.5 MB
with random bytes.
Replicate what we are doing with RSA and parse both the private and
public key when parsing the ASN1.
The only thing that changed in the tests is the error message.
I have divided ANS1 constants by length so that they don't have
trailing zeros that need to be removed.
Also moved OIDs lists to the only place they are used for clarity.
Fixed a couple of WPT tests by adding SECP521r1 to the list of known
curves.
I dug through the code and the WebCryptoAPI spec to figure out the
reason for `... mixed case parameters` WPT tests and figured out that
our implementation was slightly wrong.
By being closer to the spec we can now pass those tests and also remove
a bunch of duplicated code.
Context: https://github.com/LadybirdBrowser/ladybird/pull/2598#discussion_r1859263798
