Commit graph

108 commits

Author SHA1 Message Date
Timothy Flynn
64abc6101d LibWeb+WebWorker: Use IPC mechanics for structured serialization
Our structured serialization implementation had its own bespoke encoder
and decoder to serialize JS values. It also used a u32 buffer under the
hood, which made using its structures a bit awkward. We had previously
worked around its data structures in transferable streams, which nested
transfers of MessagePort instances. We basically had to add hooks into
the MessagePort to route to the correct transfer receiving steps, and
we could not invoke the correct AOs directly as the spec dictates.

We now use IPC mechanics to encode and decode data. This works because,
although we are encoding JS values, we are only ultimately encoding
primitive and basic AK types. The resulting data structures actually
enforce that we implement transferable streams exactly as the spec is
worded (I had planned to do that in a separate commit, but the fallout
of this patch actually required that change).
2025-07-18 10:09:02 -04:00
Luke Wilde
d08d6b08d3 LibWeb: Use enum for serialization and reimplement interface exposure
Our currently implementation of structured serialization has a design
flaw, where if the serialized/transferred type was not used in the
destination realm, it would not be seen as exposed and thus we would
not re-create the type on the other side.

This is very common, for example, transferring a MessagePort to a just
inserted iframe, or the just inserted iframe transferring a MessagePort
to it's parent. This is what Google reCAPTCHA does.

This flaw occurred due to relying on lazily populated HashMaps of
constructors, namespaces and interfaces. This commit changes it so that
per-type "is exposed" implementations are generated.

Since it no longer relies on interface name strings, this commit
changes serializable types to indicate their type with an enum,
in line with how transferrable types indicate their type.

This makes Google reCAPTCHA work on https://www.google.com/recaptcha/api2/demo
It currently doesn't work on non-Google origins due to a separate
same-origin policy bug.
2025-07-15 09:20:02 -04:00
devgianlu
4e747f525a LibCrypto+LibWeb: Check RSA keys validity on SubtleCrypto import_key
Some checks are pending
CI / Linux, x86_64, Fuzzers_CI, Clang (push) Waiting to run
CI / macOS, arm64, Sanitizer_CI, Clang (push) Waiting to run
CI / Linux, x86_64, Sanitizer_CI, GNU (push) Waiting to run
CI / Linux, x86_64, Sanitizer_CI, Clang (push) Waiting to run
Package the js repl as a binary artifact / Linux, arm64 (push) Waiting to run
Package the js repl as a binary artifact / macOS, arm64 (push) Waiting to run
Package the js repl as a binary artifact / Linux, x86_64 (push) Waiting to run
Run test262 and test-wasm / run_and_update_results (push) Waiting to run
Lint Code / lint (push) Waiting to run
Label PRs with merge conflicts / auto-labeler (push) Waiting to run
Push notes / build (push) Waiting to run
Fix various TODO by checking the validity of RSA keys when they are
imported.

Also add some internal tests since WPT doesn't seem to provide them.
2025-06-25 12:21:28 +12:00
devgianlu
1bf4e712ec LibWeb/Crypto: Do not swap endianness when importing base64 keys
This is wrong and leads to invalid numbers. We've been kind of
unfortunate in not catching this earlier because we skipped the key
validation part.

Many tests would fail with the next commits if this wasn't fixed.
2025-06-25 12:21:28 +12:00
devgianlu
adaa8e418a LibWeb/Crypto: Replace noop errors with VERIFY_NOT_REACHED 2025-06-25 12:21:28 +12:00
devgianlu
289f2b24bf LibCrypto+LibWeb: De-templetize RSA and EC key types
There is no need to have `RSAPrivateKey`, `RSAPublicKey`, `ECPrivateKey`
and `ECPublicKey` to be templatize to utilize different implementation
of numbers.
2025-06-25 12:21:28 +12:00
devgianlu
7f44b88eea LibCrypto+LibWeb: Check EC keys validity on SubtleCrypto import_key
Fix various TODO by checking the validity of ECDSA and ECDH keys when
they are imported. There are no checks in place for raw import because
the spec doesn't contemplate them yet.

Also add some internal tests since WPT doesn't seem to provide them.
2025-06-25 12:21:28 +12:00
devgianlu
a90950cac7 LibWeb: Update AesCbc::decrypt after spec fix 2025-06-25 12:21:28 +12:00
devgianlu
23c9b94e7b LibWeb: Remove bogus FIXME in Crypto::get_random_values
This is not supposed to support SharedArrayBuffers since they don't
implement ArrayBufferView.
2025-06-25 12:21:28 +12:00
devgianlu
4b3715ccba LibCrypto: Replace {Unsigned,Signed}BigInteger impl with LibTomMath
Some checks are pending
CI / Lagom (arm64, Sanitizer_CI, false, macos-15, macOS, Clang) (push) Waiting to run
CI / Lagom (x86_64, Fuzzers_CI, false, ubuntu-24.04, Linux, Clang) (push) Waiting to run
CI / Lagom (x86_64, Sanitizer_CI, false, ubuntu-24.04, Linux, GNU) (push) Waiting to run
CI / Lagom (x86_64, Sanitizer_CI, true, ubuntu-24.04, Linux, Clang) (push) Waiting to run
Build Dev Container Image / build (push) Waiting to run
Package the js repl as a binary artifact / build-and-package (arm64, macos-15, macOS, macOS-universal2) (push) Waiting to run
Package the js repl as a binary artifact / build-and-package (x86_64, ubuntu-24.04, Linux, Linux-x86_64) (push) Waiting to run
Run test262 and test-wasm / run_and_update_results (push) Waiting to run
Lint Code / lint (push) Waiting to run
Label PRs with merge conflicts / auto-labeler (push) Waiting to run
Push notes / build (push) Waiting to run
Replace the implementation of maths in `UnsignedBigInteger`
and `SignedBigInteger` with LibTomMath. This gives benefits in terms of
less code to maintain, correctness and speed.

These changes also remove now-unsued methods and improve the error
propagation for functions allocating lots of memory. Additionally, the
new implementation is always trimmed and won't have dangling zeros when
exporting it.
2025-05-23 11:57:21 +02:00
Timothy Flynn
7280ed6312 Meta: Enforce newlines around namespaces
This has come up several times during code review, so let's just enforce
it using a new clang-format 20 option.
2025-05-14 02:01:59 -06:00
Andreas Kling
a6dfc74e93 LibWeb: Only set prototype once for object with IDL interface
Before this change, we were going through the chain of base classes for
each IDL interface object and having them set the prototype to their
prototype.

Instead of doing that, reorder things so that we set the right prototype
immediately in Foo::initialize(), and then don't bother in all the base
class overrides.

This knocks off a ~1% profile item on Speedometer 3.
2025-04-20 18:43:11 +02:00
Andreas Kling
938b1e91fe LibJS: Inline the fast path of Value::to_i32() and simplify to_u32()
The fast path of to_i32() can be neatly inlined everywhere, and we still
have to_i32_slow_case() for non-trivial conversions.

For to_u32(), it really can just be implemented as a static cast to i32!
2025-04-09 22:06:49 +02:00
Andreas Kling
de424d6879 LibJS: Make Completion.[[Value]] non-optional
Instead, just use js_undefined() whenever the [[Value]] field is unused.
This avoids a whole bunch of presence checks.
2025-04-05 11:20:26 +02:00
Andreas Kling
53da8893ac LibJS: Replace PropertyKey(char[]) with PropertyKey(FlyString)
...and deal with the fallout.
2025-03-24 22:27:17 +00:00
Andreas Kling
d7908dbff5 LibJS: Change PropertyKey(ByteString) to PropertyKey(String)
...and deal with the fallout.
2025-03-24 22:27:17 +00:00
devgianlu
05f3b1f361 LibCrypto+LibWeb: Refactor AES implementation with OpenSSL 2025-03-02 15:11:38 +01:00
devgianlu
80fe259dab LibCrypto: Refactor HMAC implementations with OpenSSL 2025-03-02 15:11:38 +01:00
devgianlu
e90d2a5713 LibCrypto+LibWeb: Refactor HKDF and PBKDF2 classes with OpenSSL 2025-02-24 11:11:05 +01:00
devgianlu
60dcf3e023 LibCrypto: Refactor Edwards-curves implementation with OpenSSL 2025-02-24 11:11:05 +01:00
Timothy Flynn
2c03de60da AK+Everywhere: Remove now-unecessary use of ByteString with JSON types
This removes JsonObject::get_byte_string and JsonObject::to_byte_string.
2025-02-20 19:27:51 -05:00
Timothy Flynn
bc54c0cdfb AK+Everywhere: Store JSON strings as String 2025-02-20 19:27:51 -05:00
devgianlu
f630ca7cd0 LibCrypto: Rename and remove unused methods from SECPxxxr1 class 2025-02-18 00:02:26 +01:00
devgianlu
048d6b8012 LibCrypto: Remove unused constructors from RSA class 2025-02-18 00:02:26 +01:00
devgianlu
8ae01f81c9 LibCrypto: Remove unused MGF class 2025-02-18 00:02:26 +01:00
devgianlu
718d338d68 LibWeb: Remove useless JS::ThrowCompletionOr return types
All `SubtleCrypto` methods except `import_key` do not require
`JS::ThrowCompletionOr` as they return only rejected promises.
2025-02-12 00:40:17 +01:00
devgianlu
f2e530ec14 LibCrypto: Make SECPxxxr1Signature carry the scalar size
Our `UnsignedBigInteger` implementation cannot handle numbers whose
size is not a multiple of 4. For this reason we need to carry the real
size around for P-521 support.
2025-01-27 12:24:48 +01:00
Timothy Flynn
85b424464a AK+Everywhere: Rename verify_cast to as
Follow-up to fc20e61e72.
2025-01-21 11:34:06 -05:00
devgianlu
991cb8942d LibWeb: Always return a KeyAlgorithm from RsaHashedKeyAlgorithm
The spec never mentions the possibility for the `hash` member of
`RsaHashedKeyAlgorithm` to be a string, it should be a `KeyAlgorithm`
object containing a `name` string member.

Spec: https://w3c.github.io/webcrypto/#dfn-RsaHashedKeyAlgorithm
2025-01-17 12:43:03 +01:00
devgianlu
999f456ba4 LibWeb: Support RSASSA-PKCS1-v1_5 in WebCryptoAPI 2025-01-17 12:43:03 +01:00
devgianlu
e05ee9d297 LibWeb: Support RSA-PSS in WebCryptoAPI 2025-01-17 12:43:03 +01:00
devgianlu
a59b48cffc LibCrypto+LibWeb: Replace RSA_OAEP-EME implementation
This replaces the old `OAEP` implementation with one backed by OpenSSL.
The changes also include some added modularity to the RSA class by
making the `RSA_EME` and `RSA_EMSE` for encryption/decryption and
signing/verifying respectively.
2025-01-13 17:00:18 +01:00
devgianlu
0fc02d4d00 LibCrypto: Make PKSystem methods return a ByteBuffer directly
It used to be that the caller would supply a buffer to write the output
to. This created an anti-pattern in multiple places where the caller
would allocate a `ByteBuffer` and then use `.bytes()` to provide it to
the `PKSystem` method. Then the callee would resize the output buffer
and reassign it, but because the resize was on `Bytes` and not on
`ByteBuffer`, the caller using the latter would cause a bug.

Additionally, in pretty much all cases the buffer was pre-allocated
shortly before.
2025-01-13 17:00:18 +01:00
devgianlu
df05cc8478 LibCrypto: Make PKSystem methods return ErrorOr
Make `encrypt`, `decrypt`, `sign` and `verify` return `ErrorOr` for
better error propagation.
2025-01-12 01:13:19 +01:00
devgianlu
9e08f71fd9 LibCrypto: Make RSA::generate_key_pair return ErrorOr
Not currently needed as it cannot fail, but useful for future commits.
2025-01-12 01:13:19 +01:00
devgianlu
b9ba1b3f72 LibWeb: Add Ed448 support in WebCryptoAPI
Add full support for Ed448 and import relevant tests.
2025-01-11 11:13:06 +01:00
devgianlu
819178a49e LibWeb: Use correct default key size for HMAC
When the default key size was requested it was expressed in bytes
(instead of bits) and from the digest size instead of the block size.
2025-01-02 11:33:43 +01:00
devgianlu
f5d3d6a7d4 LibWeb: Set algorithm length for HMAC key generation
This assignment was missing from the spec, but has been fixed since
https://github.com/w3c/webcrypto/pull/394.

Also add relevant WPT tests.
2025-01-02 11:33:43 +01:00
devgianlu
ac0036d184 LibWeb: Remove spec error comments for RSAOAEP
The spec has been fixed since https://github.com/w3c/webcrypto/pull/391.
2025-01-02 11:33:43 +01:00
rmg-x
ceb7f5f017 LibWeb: Use Crypto::fill_with_secure_random instead of PRNG 2024-12-24 17:54:52 +01:00
devgianlu
637f934f69 LibWeb: Correctly normalize HashAlgorithmIdentifier
Make sure that `HashAlgorithmIdentifier` is passed through
`normalize_an_algorithm` to verify that the hash is valid and supported.

This is required by the spec, but we are not following it very strictly
in `normalize_an_algorithm` because it is pretty convoluted.

Fixes ~60 tests.
2024-12-18 12:45:06 -08:00
devgianlu
f3a9bb0a91 LibWeb: Correct WebCryptoAPI derive length behaviour
Fixes multiple slightly wrong behaviours of the `deriveBits` method
across various algorithms. Some of them might be due to a spec update.

Add tests related to fixes.
2024-12-18 13:18:40 +01:00
devgianlu
4b87467fc2 LibWeb: Update SubtleCrypto IDL according to latest spec
I suppose the IDL definition for `deriveBits` changed to make the
last parameter optional.
2024-12-18 13:18:40 +01:00
devgianlu
94374f0d19 LibWeb: Implement AES-KW in WebCryptoAPI
Add support for AES-KW for key wrapping/unwrapping. Very similar
implementation to other AES modes.

Added generic tests for symmetric import and specific AES-KW ones.

Adds ~400 test passes on WPT. Now we do better than Firefox in
`WebCryptoAPI/wrapKey_unwrapKey`!
2024-12-17 11:00:14 +01:00
Timothy Flynn
203267fcc2 LibWeb: Do not worry about small OOM in JsonWebKey::parse
We do not concern ourselves with small OOM handling any longer. But the
main point of this patch is that we are for some reason getting a build
error with clang-19 here about ignoring a nodiscard return type inside
JsonArray::try_for_each.
2024-12-16 06:46:36 -08:00
devgianlu
6ef8b54d21 LibWeb: Add support for AES-GCM encrypt and decrypt
Adds ~400 WPT test passes.
2024-12-16 13:27:53 +01:00
devgianlu
584cbcf3ef LibWeb: Implement wrapKey and unwrapKey methods
This implements the last WebCryptoAPI methods `wrapKey` and `unwrapKey`.
Most of the functionality is already there because they rely on
`encrypt` and `decrypt`. The only test failures are for `AES-GCM` which
is not implemented yet.
2024-12-16 11:35:00 +01:00
devgianlu
c1a65f3d53 LibWeb: Parse JsonWebKey from string
Add the ability to parse a `JsonWebKey` structure from a raw string.
2024-12-16 11:35:00 +01:00
devgianlu
06733bea48 LibWeb: Fix X448 PCKS#8 key export format
The ASN1 structure for PCKS#8 was wrong and missing one wrapping of the
key in a OctetString.

The issue was discovered while implementing `wrapKey` and `unwrapKey` in
the next commits.
2024-12-16 11:35:00 +01:00
devgianlu
89f1f3f31c LibWeb: Fix X25519 PCKS#8 key export format
The ASN1 structure for PCKS#8 was wrong and missing one wrapping of the
key in a OctetString.

The issue was discovered while implementing `wrapKey` and `unwrapKey` in
the next commits.
2024-12-16 11:35:00 +01:00