diff options
Diffstat (limited to 'src/bun.js/bindings/KeyObject.cpp')
| -rw-r--r-- | src/bun.js/bindings/KeyObject.cpp | 2389 |
1 files changed, 2389 insertions, 0 deletions
diff --git a/src/bun.js/bindings/KeyObject.cpp b/src/bun.js/bindings/KeyObject.cpp new file mode 100644 index 000000000..d5782779d --- /dev/null +++ b/src/bun.js/bindings/KeyObject.cpp @@ -0,0 +1,2389 @@ +// Attribution: Some parts of of this module are derived from code originating from the Node.js +// crypto module which is licensed under an MIT license: +// +// Copyright Node.js contributors. All rights reserved. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to +// deal in the Software without restriction, including without limitation the +// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or +// sell copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: + +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. + +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +// FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS +// IN THE SOFTWARE. + +#include "KeyObject.h" +#include "webcrypto/JSCryptoKey.h" +#include "webcrypto/JSSubtleCrypto.h" +#include "webcrypto/CryptoKeyOKP.h" +#include "webcrypto/CryptoKeyEC.h" +#include "webcrypto/CryptoKeyRSA.h" +#include "webcrypto/CryptoKeyAES.h" +#include "webcrypto/CryptoKeyHMAC.h" +#include "webcrypto/CryptoKeyRaw.h" +#include "webcrypto/CryptoKeyUsage.h" +#include "webcrypto/JsonWebKey.h" +#include "webcrypto/JSJsonWebKey.h" +#include "JavaScriptCore/JSObject.h" +#include "JavaScriptCore/ObjectConstructor.h" +#include "headers-handwritten.h" +#include <openssl/evp.h> +#include <openssl/mem.h> +#include <openssl/x509.h> +#include <openssl/pem.h> +#include <openssl/curve25519.h> +#include "JSBuffer.h" + +using namespace JSC; +using namespace Bun; +using JSGlobalObject + = JSC::JSGlobalObject; +using Exception = JSC::Exception; +using JSValue = JSC::JSValue; +using JSString = JSC::JSString; +using JSModuleLoader = JSC::JSModuleLoader; +using JSModuleRecord = JSC::JSModuleRecord; +using Identifier = JSC::Identifier; +using SourceOrigin = JSC::SourceOrigin; +using JSObject = JSC::JSObject; +using JSNonFinalObject = JSC::JSNonFinalObject; + +namespace WebCore { + +static bool KeyObject__IsASN1Sequence(const unsigned char* data, size_t size, + size_t* data_offset, size_t* data_size) +{ + if (size < 2 || data[0] != 0x30) + return false; + + if (data[1] & 0x80) { + // Long form. + size_t n_bytes = data[1] & ~0x80; + if (n_bytes + 2 > size || n_bytes > sizeof(size_t)) + return false; + size_t length = 0; + for (size_t i = 0; i < n_bytes; i++) + length = (length << 8) | data[i + 2]; + *data_offset = 2 + n_bytes; + *data_size = std::min(size - 2 - n_bytes, length); + } else { + // Short form. + *data_offset = 2; + *data_size = std::min<size_t>(size - 2, data[1]); + } + + return true; +} +static bool KeyObject__IsRSAPrivateKey(const unsigned char* data, size_t size) +{ + // Both RSAPrivateKey and RSAPublicKey structures start with a SEQUENCE. + size_t offset, len; + if (!KeyObject__IsASN1Sequence(data, size, &offset, &len)) + return false; + + // An RSAPrivateKey sequence always starts with a single-byte integer whose + // value is either 0 or 1, whereas an RSAPublicKey starts with the modulus + // (which is the product of two primes and therefore at least 4), so we can + // decide the type of the structure based on the first three bytes of the + // sequence. + return len >= 3 && data[offset] == 2 && data[offset + 1] == 1 && !(data[offset + 2] & 0xfe); +} + +static bool KeyObject__IsEncryptedPrivateKeyInfo(const unsigned char* data, size_t size) +{ + // Both PrivateKeyInfo and EncryptedPrivateKeyInfo start with a SEQUENCE. + size_t offset, len; + if (!KeyObject__IsASN1Sequence(data, size, &offset, &len)) + return false; + + // A PrivateKeyInfo sequence always starts with an integer whereas an + // EncryptedPrivateKeyInfo starts with an AlgorithmIdentifier. + return len >= 1 && data[offset] != 2; +} + +struct AsymmetricKeyValue { + EVP_PKEY* key; + bool owned; +}; + +struct AsymmetricKeyValueWithDER { + EVP_PKEY* key; + unsigned char* der_data; + long der_len; +}; + +struct PrivateKeyPassphrase { + char* passphrase; + size_t passphrase_len; +}; + +int PasswordCallback(char* buf, int size, int rwflag, void* u) +{ + auto result = static_cast<PrivateKeyPassphrase*>(u); + if (result != nullptr && size > 0 && result->passphrase != nullptr) { + size_t buflen = static_cast<size_t>(size); + size_t len = result->passphrase_len; + if (buflen < len) + return -1; + memcpy(buf, result->passphrase, buflen); + return len; + } + + return -1; +} + +AsymmetricKeyValueWithDER KeyObject__ParsePublicKeyPEM(const char* key_pem, + size_t key_pem_len) +{ + auto bp = BIOPtr(BIO_new_mem_buf(const_cast<char*>(key_pem), key_pem_len)); + auto result = (AsymmetricKeyValueWithDER) { .key = nullptr, .der_data = nullptr, .der_len = 0 }; + + if (!bp) { + ERR_clear_error(); + return result; + } + + // Try parsing as a SubjectPublicKeyInfo first. + if (PEM_bytes_read_bio(&result.der_data, &result.der_len, nullptr, "PUBLIC KEY", bp.get(), nullptr, nullptr) == 1) { + // OpenSSL might modify the pointer, so we need to make a copy before parsing. + const unsigned char* p = result.der_data; + result.key = d2i_PUBKEY(nullptr, &p, result.der_len); + if (result.key) { + return result; + } + } + + ERR_clear_error(); + BIO_reset(bp.get()); + + // Maybe it is PKCS#1. + if (PEM_bytes_read_bio(&result.der_data, &result.der_len, nullptr, "RSA PUBLIC KEY", bp.get(), nullptr, nullptr) == 1) { + const unsigned char* p = result.der_data; + result.key = d2i_PublicKey(EVP_PKEY_RSA, nullptr, &p, result.der_len); + if (result.key) { + return result; + } + } + ERR_clear_error(); + BIO_reset(bp.get()); + + // X.509 fallback. + if (PEM_bytes_read_bio(&result.der_data, &result.der_len, nullptr, "CERTIFICATE", bp.get(), nullptr, nullptr) == 1) { + const unsigned char* p = result.der_data; + X509Ptr x509(d2i_X509(nullptr, &p, result.der_len)); + result.key = x509 ? X509_get_pubkey(x509.get()) : nullptr; + if (result.key) { + return result; + } + OPENSSL_clear_free(result.der_data, result.der_len); + ERR_clear_error(); + result.der_data = nullptr; + result.der_len = 0; + } else { + OPENSSL_clear_free(result.der_data, result.der_len); + ERR_clear_error(); + result.der_data = nullptr; + result.der_len = 0; + } + return result; +} + +JSC::EncodedJSValue KeyObject__createPrivateKey(JSC::JSGlobalObject* globalObject, JSC::CallFrame* callFrame) +{ + + auto count = callFrame->argumentCount(); + auto& vm = globalObject->vm(); + auto scope = DECLARE_THROW_SCOPE(vm); + + if (count < 1) { + JSC::throwTypeError(globalObject, scope, "createPrivateKey requires 1 arguments"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + + auto* options = jsDynamicCast<JSC::JSObject*>(callFrame->argument(0)); + if (!options) { + JSC::throwTypeError(globalObject, scope, "expected options to be a object"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + + JSValue keyJSValue = options->getIfPropertyExists(globalObject, PropertyName(Identifier::fromString(vm, "key"_s))); + if (keyJSValue.isUndefinedOrNull() || keyJSValue.isEmpty()) { + JSC::throwTypeError(globalObject, scope, "key is required"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + if (!keyJSValue.isCell()) { + JSC::throwTypeError(globalObject, scope, "key must be a Buffer, Array-like or object"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + + JSValue formatJSValue = options->getIfPropertyExists(globalObject, PropertyName(Identifier::fromString(vm, "format"_s))); + if (formatJSValue.isUndefinedOrNull() || formatJSValue.isEmpty()) { + JSC::throwTypeError(globalObject, scope, "format is required"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + + if (!formatJSValue.isString()) { + JSC::throwTypeError(globalObject, scope, "format must be a string"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + auto format = formatJSValue.toWTFString(globalObject); + RETURN_IF_EXCEPTION(scope, encodedJSValue()); + + Zig::GlobalObject* zigGlobalObject = reinterpret_cast<Zig::GlobalObject*>(globalObject); + auto* structure = zigGlobalObject->JSCryptoKeyStructure(); + + void* data; + size_t byteLength; + + auto keyJSValueCell = keyJSValue.asCell(); + auto type = keyJSValueCell->type(); + + switch (type) { + + case DataViewType: + case Uint8ArrayType: + case Uint8ClampedArrayType: + case Uint16ArrayType: + case Uint32ArrayType: + case Int8ArrayType: + case Int16ArrayType: + case Int32ArrayType: + case Float32ArrayType: + case Float64ArrayType: + case BigInt64ArrayType: + case BigUint64ArrayType: { + JSC::JSArrayBufferView* view = jsCast<JSC::JSArrayBufferView*>(keyJSValueCell); + + data = view->vector(); + byteLength = view->length(); + break; + } + case ArrayBufferType: { + auto* jsBuffer = jsDynamicCast<JSC::JSArrayBuffer*>(keyJSValueCell); + if (UNLIKELY(!jsBuffer)) { + throwException(globalObject, scope, createTypeError(globalObject, "ERR_INVALID_ARG_TYPE: expected key to be Buffer or array-like object"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + auto* buffer = jsBuffer->impl(); + data = buffer->data(); + byteLength = buffer->byteLength(); + break; + } + default: { + if (auto* keyObj = jsDynamicCast<JSC::JSObject*>(keyJSValue)) { + if (format != "jwk"_s) { + JSC::throwTypeError(globalObject, scope, "format should be 'jwk' when key type is 'object'"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + auto jwk = WebCore::convertDictionary<JsonWebKey>(*globalObject, keyJSValue); + RETURN_IF_EXCEPTION(scope, encodedJSValue()); + if (jwk.kty == "OKP"_s) { + if (jwk.crv == "Ed25519"_s) { + auto result = CryptoKeyOKP::importJwk(CryptoAlgorithmIdentifier::Ed25519, CryptoKeyOKP::NamedCurve::Ed25519, WTFMove(jwk), true, CryptoKeyUsageSign); + if (UNLIKELY(result == nullptr)) { + throwException(globalObject, scope, createTypeError(globalObject, "Invalid Ed25519 private key"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + auto impl = result.releaseNonNull(); + if (impl->type() != CryptoKeyType::Private) { + throwException(globalObject, scope, createTypeError(globalObject, "Invalid private key"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + return JSC::JSValue::encode(JSCryptoKey::create(structure, zigGlobalObject, WTFMove(impl))); + } else if (jwk.crv == "X25519"_s) { + auto result = CryptoKeyOKP::importJwk(CryptoAlgorithmIdentifier::Ed25519, CryptoKeyOKP::NamedCurve::X25519, WTFMove(jwk), true, CryptoKeyUsageSign); + if (UNLIKELY(result == nullptr)) { + throwException(globalObject, scope, createTypeError(globalObject, "Invalid X25519 private key"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + auto impl = result.releaseNonNull(); + if (impl->type() != CryptoKeyType::Private) { + throwException(globalObject, scope, createTypeError(globalObject, "Invalid private key"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + return JSC::JSValue::encode(JSCryptoKey::create(structure, zigGlobalObject, WTFMove(impl))); + } else { + throwException(globalObject, scope, createTypeError(globalObject, "Unsupported OKP curve"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + } else if (jwk.kty == "EC"_s) { + auto result = CryptoKeyEC::importJwk(CryptoAlgorithmIdentifier::ECDSA, jwk.crv, WTFMove(jwk), true, jwk.usages); + if (UNLIKELY(result == nullptr)) { + throwException(globalObject, scope, createTypeError(globalObject, "Invalid EC private key"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + auto impl = result.releaseNonNull(); + if (impl->type() != CryptoKeyType::Private) { + throwException(globalObject, scope, createTypeError(globalObject, "Invalid private key"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + return JSC::JSValue::encode(JSCryptoKey::create(structure, zigGlobalObject, WTFMove(impl))); + } else if (jwk.kty == "RSA"_s) { + auto result = CryptoKeyRSA::importJwk(CryptoAlgorithmIdentifier::RSA_OAEP, std::nullopt, WTFMove(jwk), true, jwk.usages); + if (UNLIKELY(result == nullptr)) { + throwException(globalObject, scope, createTypeError(globalObject, "Invalid RSA private key"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + auto impl = result.releaseNonNull(); + if (impl->type() != CryptoKeyType::Private) { + throwException(globalObject, scope, createTypeError(globalObject, "Invalid private key"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + return JSC::JSValue::encode(JSCryptoKey::create(structure, zigGlobalObject, WTFMove(impl))); + } else { + throwException(globalObject, scope, createTypeError(globalObject, "Unsupported private key"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + } + JSC::throwTypeError(globalObject, scope, "The \"key\" property must be of type object"_s); + return JSValue::encode(JSC::jsUndefined()); + } + } + + if (format == "jwk"_s) { + JSC::throwTypeError(globalObject, scope, "The \"key\" property must be of type object"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + + if (UNLIKELY(!data) || UNLIKELY(!byteLength)) { + throwException(globalObject, scope, createTypeError(globalObject, "ERR_INVALID_ARG_TYPE: expected key to be Buffer or array-like object"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + + JSValue passphraseJSValue = options->getIfPropertyExists(globalObject, PropertyName(Identifier::fromString(vm, "passphrase"_s))); + PrivateKeyPassphrase passphrase = { nullptr, 0 }; + + auto hasPassphrase = !passphraseJSValue.isUndefinedOrNull() && !passphraseJSValue.isEmpty(); + + if (hasPassphrase) { + if (passphraseJSValue.isString()) { + auto passphrase_wtfstr = passphraseJSValue.toWTFString(globalObject); + RETURN_IF_EXCEPTION(scope, encodedJSValue()); + if (!passphrase_wtfstr.isNull()) { + if (auto pass = passphrase_wtfstr.tryGetUTF8()) { + if (pass.has_value()) { + auto value = pass.value(); + passphrase.passphrase = const_cast<char*>(value.data()); + passphrase.passphrase_len = value.length(); + } + } + } + } else if (auto* passphraseBuffer = jsDynamicCast<JSUint8Array*>(passphraseJSValue)) { + passphrase.passphrase = (char*)passphraseBuffer->vector(); + passphrase.passphrase_len = passphraseBuffer->byteLength(); + } else { + JSC::throwTypeError(globalObject, scope, "passphrase must be a Buffer or String"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + } + + if (format == "pem"_s) { + auto bio = BIOPtr(BIO_new_mem_buf(const_cast<char*>((char*)data), byteLength)); + auto pkey = EvpPKeyPtr(PEM_read_bio_PrivateKey(bio.get(), nullptr, PasswordCallback, &passphrase)); + + if (!pkey) { + throwException(globalObject, scope, createTypeError(globalObject, "Invalid private key pem file"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + auto pKeyID = EVP_PKEY_id(pkey.get()); + + if (pKeyID == EVP_PKEY_RSA || pKeyID == EVP_PKEY_RSA_PSS) { + auto impl = CryptoKeyRSA::create(pKeyID == EVP_PKEY_RSA_PSS ? CryptoAlgorithmIdentifier::RSA_PSS : CryptoAlgorithmIdentifier::RSA_OAEP, CryptoAlgorithmIdentifier::SHA_1, false, CryptoKeyType::Private, WTFMove(pkey), true, CryptoKeyUsageDecrypt); + return JSC::JSValue::encode(JSCryptoKey::create(structure, zigGlobalObject, WTFMove(impl))); + } else if (pKeyID == EVP_PKEY_ED25519 || pKeyID == EVP_PKEY_X25519) { + size_t out_len = 0; + if (!EVP_PKEY_get_raw_private_key(pkey.get(), nullptr, &out_len)) { + throwException(globalObject, scope, createTypeError(globalObject, "Invalid private key"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + Vector<uint8_t> out(out_len); + if (!EVP_PKEY_get_raw_private_key(pkey.get(), out.data(), &out_len) || out_len != out.size()) { + throwException(globalObject, scope, createTypeError(globalObject, "Invalid private key"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + auto result = CryptoKeyOKP::create(CryptoAlgorithmIdentifier::Ed25519, pKeyID == EVP_PKEY_ED25519 ? CryptoKeyOKP::NamedCurve::Ed25519 : CryptoKeyOKP::NamedCurve::X25519, CryptoKeyType::Private, WTFMove(out), true, CryptoKeyUsageSign); + if (UNLIKELY(result == nullptr)) { + throwException(globalObject, scope, createTypeError(globalObject, "Invalid private key"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + auto impl = result.releaseNonNull(); + return JSC::JSValue::encode(JSCryptoKey::create(structure, zigGlobalObject, WTFMove(impl))); + } else if (pKeyID == EVP_PKEY_EC) { + EC_KEY* ec_key = EVP_PKEY_get1_EC_KEY(pkey.get()); + if (UNLIKELY(ec_key == nullptr)) { + throwException(globalObject, scope, createTypeError(globalObject, "Invalid EC private key"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + const EC_GROUP* ec_group = EC_KEY_get0_group(ec_key); + // Get the curve name + int curve_name = EC_GROUP_get_curve_name(ec_group); + if (curve_name == NID_undef) { + EC_KEY_free(ec_key); + throwException(globalObject, scope, createTypeError(globalObject, "Unable to identify EC curve"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + CryptoKeyEC::NamedCurve curve; + if (curve_name == NID_X9_62_prime256v1) + curve = CryptoKeyEC::NamedCurve::P256; + else if (curve_name == NID_secp384r1) + curve = CryptoKeyEC::NamedCurve::P384; + else if (curve_name == NID_secp521r1) + curve = CryptoKeyEC::NamedCurve::P521; + else { + EC_KEY_free(ec_key); + throwException(globalObject, scope, createTypeError(globalObject, "Unsupported EC curve"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + EC_KEY_free(ec_key); + auto impl = CryptoKeyEC::create(CryptoAlgorithmIdentifier::ECDH, curve, CryptoKeyType::Private, WTFMove(pkey), true, CryptoKeyUsageSign); + return JSC::JSValue::encode(JSCryptoKey::create(structure, zigGlobalObject, WTFMove(impl))); + } else { + throwException(globalObject, scope, createTypeError(globalObject, "Unsupported private key"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + } + if (format == "der"_s) { + JSValue typeJSValue = options->getIfPropertyExists(globalObject, PropertyName(Identifier::fromString(vm, "type"_s))); + WTF::String type = "pkcs8"_s; + if (!typeJSValue.isUndefinedOrNull() && !typeJSValue.isEmpty()) { + if (!typeJSValue.isString()) { + JSC::throwTypeError(globalObject, scope, "type must be a string"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + type = typeJSValue.toWTFString(globalObject); + RETURN_IF_EXCEPTION(scope, encodedJSValue()); + } + + if (type == "pkcs1"_s) { + // must be RSA + const unsigned char* p = reinterpret_cast<const unsigned char*>(data); + auto pkey = EvpPKeyPtr(d2i_PrivateKey(EVP_PKEY_RSA, nullptr, &p, byteLength)); + if (!pkey) { + throwException(globalObject, scope, createTypeError(globalObject, "Invalid use of PKCS#1 as private key"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + auto pKeyID = EVP_PKEY_id(pkey.get()); + auto impl = CryptoKeyRSA::create(pKeyID == EVP_PKEY_RSA_PSS ? CryptoAlgorithmIdentifier::RSASSA_PKCS1_v1_5 : CryptoAlgorithmIdentifier::RSAES_PKCS1_v1_5, CryptoAlgorithmIdentifier::SHA_1, false, CryptoKeyType::Private, WTFMove(pkey), true, CryptoKeyUsageDecrypt); + return JSC::JSValue::encode(JSCryptoKey::create(structure, zigGlobalObject, WTFMove(impl))); + } else if (type == "pkcs8"_s) { + + auto bio = BIOPtr(BIO_new_mem_buf(const_cast<char*>((char*)data), byteLength)); + WebCore::EvpPKeyPtr pkey; + if (KeyObject__IsEncryptedPrivateKeyInfo(const_cast<unsigned char*>((unsigned char*)data), byteLength)) { + pkey = EvpPKeyPtr(d2i_PKCS8PrivateKey_bio(bio.get(), + nullptr, + PasswordCallback, + &passphrase)); + } else { + auto* p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(bio.get(), nullptr); + if (!p8inf) { + throwException(globalObject, scope, createTypeError(globalObject, "Invalid PKCS8 data"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + pkey = EvpPKeyPtr(EVP_PKCS82PKEY(p8inf)); + } + if (!pkey) { + throwException(globalObject, scope, createTypeError(globalObject, "Invalid private key"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + auto pKeyID = EVP_PKEY_id(pkey.get()); + + if (pKeyID == EVP_PKEY_RSA || pKeyID == EVP_PKEY_RSA_PSS) { + auto impl = CryptoKeyRSA::create(pKeyID == EVP_PKEY_RSA_PSS ? CryptoAlgorithmIdentifier::RSA_PSS : CryptoAlgorithmIdentifier::RSA_OAEP, CryptoAlgorithmIdentifier::SHA_1, false, CryptoKeyType::Private, WTFMove(pkey), true, CryptoKeyUsageDecrypt); + return JSC::JSValue::encode(JSCryptoKey::create(structure, zigGlobalObject, WTFMove(impl))); + } else if (pKeyID == EVP_PKEY_ED25519) { + auto result = CryptoKeyOKP::importPkcs8(CryptoAlgorithmIdentifier::Ed25519, CryptoKeyOKP::NamedCurve::Ed25519, Vector<uint8_t>((uint8_t*)data, byteLength), true, CryptoKeyUsageSign); + if (UNLIKELY(result == nullptr)) { + throwException(globalObject, scope, createTypeError(globalObject, "Invalid Ed25519 private key"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + auto impl = result.releaseNonNull(); + return JSC::JSValue::encode(JSCryptoKey::create(structure, zigGlobalObject, WTFMove(impl))); + } else if (pKeyID == EVP_PKEY_X25519) { + auto result = CryptoKeyOKP::importPkcs8(CryptoAlgorithmIdentifier::Ed25519, CryptoKeyOKP::NamedCurve::X25519, Vector<uint8_t>((uint8_t*)data, byteLength), true, CryptoKeyUsageSign); + if (UNLIKELY(result == nullptr)) { + throwException(globalObject, scope, createTypeError(globalObject, "Invalid Ed25519 private key"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + auto impl = result.releaseNonNull(); + return JSC::JSValue::encode(JSCryptoKey::create(structure, zigGlobalObject, WTFMove(impl))); + } else if (pKeyID == EVP_PKEY_EC) { + EC_KEY* ec_key = EVP_PKEY_get1_EC_KEY(pkey.get()); + if (UNLIKELY(ec_key == nullptr)) { + throwException(globalObject, scope, createTypeError(globalObject, "Invalid EC private key"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + const EC_GROUP* ec_group = EC_KEY_get0_group(ec_key); + // Get the curve name + int curve_name = EC_GROUP_get_curve_name(ec_group); + if (curve_name == NID_undef) { + EC_KEY_free(ec_key); + throwException(globalObject, scope, createTypeError(globalObject, "Unable to identify EC curve"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + CryptoKeyEC::NamedCurve curve; + if (curve_name == NID_X9_62_prime256v1) + curve = CryptoKeyEC::NamedCurve::P256; + else if (curve_name == NID_secp384r1) + curve = CryptoKeyEC::NamedCurve::P384; + else if (curve_name == NID_secp521r1) + curve = CryptoKeyEC::NamedCurve::P521; + else { + EC_KEY_free(ec_key); + throwException(globalObject, scope, createTypeError(globalObject, "Unsupported EC curve"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + auto result = CryptoKeyEC::platformImportPkcs8(CryptoAlgorithmIdentifier::ECDH, curve, Vector<uint8_t>((uint8_t*)data, byteLength), true, CryptoKeyUsageSign); + if (UNLIKELY(result == nullptr)) { + result = CryptoKeyEC::platformImportPkcs8(CryptoAlgorithmIdentifier::ECDSA, curve, Vector<uint8_t>((uint8_t*)data, byteLength), true, CryptoKeyUsageSign); + } + EC_KEY_free(ec_key); + if (UNLIKELY(result == nullptr)) { + throwException(globalObject, scope, createTypeError(globalObject, "Invalid EC private key"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + auto impl = result.releaseNonNull(); + return JSC::JSValue::encode(JSCryptoKey::create(structure, zigGlobalObject, WTFMove(impl))); + } else { + throwException(globalObject, scope, createTypeError(globalObject, "Unsupported private key"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + } else if (type == "sec1"_s) { + const unsigned char* p = reinterpret_cast<const unsigned char*>(data); + auto pkey = EvpPKeyPtr(d2i_PrivateKey(EVP_PKEY_EC, nullptr, &p, byteLength)); + auto pKeyID = EVP_PKEY_id(pkey.get()); + + if (pKeyID == EVP_PKEY_EC) { + EC_KEY* ec_key = EVP_PKEY_get1_EC_KEY(pkey.get()); + if (UNLIKELY(ec_key == nullptr)) { + throwException(globalObject, scope, createTypeError(globalObject, "Invalid EC private key"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + const EC_GROUP* ec_group = EC_KEY_get0_group(ec_key); + // Get the curve name + int curve_name = EC_GROUP_get_curve_name(ec_group); + if (curve_name == NID_undef) { + EC_KEY_free(ec_key); + throwException(globalObject, scope, createTypeError(globalObject, "Unable to identify EC curve"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + CryptoKeyEC::NamedCurve curve; + if (curve_name == NID_X9_62_prime256v1) + curve = CryptoKeyEC::NamedCurve::P256; + else if (curve_name == NID_secp384r1) + curve = CryptoKeyEC::NamedCurve::P384; + else if (curve_name == NID_secp521r1) + curve = CryptoKeyEC::NamedCurve::P521; + else { + EC_KEY_free(ec_key); + throwException(globalObject, scope, createTypeError(globalObject, "Unsupported EC curve"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + EC_KEY_free(ec_key); + auto impl = CryptoKeyEC::create(CryptoAlgorithmIdentifier::ECDH, curve, CryptoKeyType::Private, WTFMove(pkey), true, CryptoKeyUsageSign); + return JSC::JSValue::encode(JSCryptoKey::create(structure, zigGlobalObject, WTFMove(impl))); + } else { + throwException(globalObject, scope, createTypeError(globalObject, "Invalid EC private key"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + } + + JSC::throwTypeError(globalObject, scope, "type should be 'pkcs1', 'pkcs8' or 'sec1'"_s); + return JSValue::encode(JSC::jsUndefined()); + } + + JSC::throwTypeError(globalObject, scope, "format should be 'pem' or 'der'"_s); + return JSValue::encode(JSC::jsUndefined()); +} + +static JSC::EncodedJSValue KeyObject__createRSAFromPrivate(JSC::JSGlobalObject* globalObject, EVP_PKEY* pkey, WebCore::CryptoAlgorithmIdentifier alg) +{ + auto& vm = globalObject->vm(); + auto scope = DECLARE_THROW_SCOPE(vm); + const RSA* rsa_key = EVP_PKEY_get0_RSA(pkey); + + auto publicRSA = RSAPtr(RSAPublicKey_dup(rsa_key)); + if (!publicRSA) { + JSC::throwTypeError(globalObject, scope, "ERR_CRYPTO_INVALID_KEY_OBJECT_TYPE: Failed to create a public key from private"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + auto publicPKey = EvpPKeyPtr(EVP_PKEY_new()); + if (EVP_PKEY_set1_RSA(publicPKey.get(), publicRSA.get()) <= 0) { + JSC::throwTypeError(globalObject, scope, "ERR_CRYPTO_INVALID_KEY_OBJECT_TYPE: Failed to create a public key from private"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + auto impl = CryptoKeyRSA::create(alg, CryptoAlgorithmIdentifier::SHA_1, false, CryptoKeyType::Public, WTFMove(publicPKey), true, CryptoKeyUsageVerify); + Zig::GlobalObject* zigGlobalObject = reinterpret_cast<Zig::GlobalObject*>(globalObject); + auto* structure = zigGlobalObject->JSCryptoKeyStructure(); + + return JSC::JSValue::encode(JSCryptoKey::create(structure, zigGlobalObject, WTFMove(impl))); +} + +static JSC::EncodedJSValue KeyObject__createECFromPrivate(JSC::JSGlobalObject* globalObject, EVP_PKEY* pkey, CryptoKeyEC::NamedCurve namedCurve, WebCore::CryptoAlgorithmIdentifier alg) +{ + auto& vm = globalObject->vm(); + auto scope = DECLARE_THROW_SCOPE(vm); + + EC_KEY* ec_key = EVP_PKEY_get0_EC_KEY(pkey); + auto point = ECPointPtr(EC_POINT_dup(EC_KEY_get0_public_key(ec_key), EC_KEY_get0_group(ec_key))); + if (!point) { + JSC::throwTypeError(globalObject, scope, "ERR_CRYPTO_INVALID_KEY_OBJECT_TYPE: Failed to create a public key from private 1"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + auto curve = NID_undef; + + switch (namedCurve) { + case CryptoKeyEC::NamedCurve::P256: + curve = NID_X9_62_prime256v1; + break; + case CryptoKeyEC::NamedCurve::P384: + curve = NID_secp384r1; + break; + case CryptoKeyEC::NamedCurve::P521: + curve = NID_secp521r1; + break; + } + auto publicECKey = ECKeyPtr(EC_KEY_new_by_curve_name(curve)); + if (!publicECKey) { + JSC::throwTypeError(globalObject, scope, "ERR_CRYPTO_INVALID_KEY_OBJECT_TYPE: Failed to create a public key from private 2"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + // OPENSSL_EC_NAMED_CURVE needs to be set to export the key with the curve name, not with the curve parameters. + EC_KEY_set_asn1_flag(publicECKey.get(), OPENSSL_EC_NAMED_CURVE); + if (EC_KEY_set_public_key(publicECKey.get(), point.get()) <= 0) { + JSC::throwTypeError(globalObject, scope, "ERR_CRYPTO_INVALID_KEY_OBJECT_TYPE: Failed to create a public key from private 3"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + auto publicPKey = EvpPKeyPtr(EVP_PKEY_new()); + if (EVP_PKEY_set1_EC_KEY(publicPKey.get(), publicECKey.get()) <= 0) { + JSC::throwTypeError(globalObject, scope, "ERR_CRYPTO_INVALID_KEY_OBJECT_TYPE: Failed to create a public key from private 4"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + auto impl = CryptoKeyEC::create(alg, namedCurve, CryptoKeyType::Public, WTFMove(publicPKey), true, CryptoKeyUsageVerify); + + Zig::GlobalObject* zigGlobalObject = reinterpret_cast<Zig::GlobalObject*>(globalObject); + auto* structure = zigGlobalObject->JSCryptoKeyStructure(); + + return JSC::JSValue::encode(JSCryptoKey::create(structure, zigGlobalObject, WTFMove(impl))); +} + +static JSC::EncodedJSValue KeyObject__createOKPFromPrivate(JSC::JSGlobalObject* globalObject, const WebCore::CryptoKeyOKP::KeyMaterial keyData, CryptoKeyOKP::NamedCurve namedCurve, WebCore::CryptoAlgorithmIdentifier alg) +{ + auto& vm = globalObject->vm(); + auto scope = DECLARE_THROW_SCOPE(vm); + + uint8_t public_key[ED25519_PUBLIC_KEY_LEN]; + + if (namedCurve == CryptoKeyOKP::NamedCurve::Ed25519) { + memcpy(public_key, keyData.data() + ED25519_PRIVATE_KEY_LEN, ED25519_PUBLIC_KEY_LEN); + } else { + X25519_public_from_private(public_key, keyData.data()); + } + auto result = CryptoKeyOKP::create(alg, namedCurve, CryptoKeyType::Public, Vector<uint8_t>(public_key), true, CryptoKeyUsageVerify); + if (UNLIKELY(result == nullptr)) { + JSC::throwTypeError(globalObject, scope, "ERR_CRYPTO_INVALID_KEY_OBJECT_TYPE: Failed to create a public key from private"_s); + return JSValue::encode(JSC::jsUndefined()); + } + auto impl = result.releaseNonNull(); + + Zig::GlobalObject* zigGlobalObject = reinterpret_cast<Zig::GlobalObject*>(globalObject); + auto* structure = zigGlobalObject->JSCryptoKeyStructure(); + + return JSC::JSValue::encode(JSCryptoKey::create(structure, zigGlobalObject, WTFMove(impl))); +} + +static JSC::EncodedJSValue KeyObject__createPublicFromPrivate(JSC::JSGlobalObject* globalObject, EVP_PKEY* pkey) +{ + auto& vm = globalObject->vm(); + auto scope = DECLARE_THROW_SCOPE(vm); + + auto pKeyID = EVP_PKEY_id(pkey); + if (pKeyID == EVP_PKEY_RSA || pKeyID == EVP_PKEY_RSA_PSS) { + return KeyObject__createRSAFromPrivate(globalObject, pkey, pKeyID == EVP_PKEY_RSA_PSS ? CryptoAlgorithmIdentifier::RSA_PSS : CryptoAlgorithmIdentifier::RSA_OAEP); + } else if (pKeyID == EVP_PKEY_EC) { + + EC_KEY* ec_key = EVP_PKEY_get1_EC_KEY(pkey); + if (UNLIKELY(ec_key == nullptr)) { + throwException(globalObject, scope, createTypeError(globalObject, "Invalid EC key"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + const EC_GROUP* ec_group = EC_KEY_get0_group(ec_key); + // Get the curve name + int curve_name = EC_GROUP_get_curve_name(ec_group); + if (curve_name == NID_undef) { + EC_KEY_free(ec_key); + throwException(globalObject, scope, createTypeError(globalObject, "Unable to identify EC curve"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + CryptoKeyEC::NamedCurve curve; + if (curve_name == NID_X9_62_prime256v1) + curve = CryptoKeyEC::NamedCurve::P256; + else if (curve_name == NID_secp384r1) + curve = CryptoKeyEC::NamedCurve::P384; + else if (curve_name == NID_secp521r1) + curve = CryptoKeyEC::NamedCurve::P521; + else { + EC_KEY_free(ec_key); + throwException(globalObject, scope, createTypeError(globalObject, "Unsupported EC curve"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + EC_KEY_free(ec_key); + return KeyObject__createECFromPrivate(globalObject, pkey, curve, CryptoAlgorithmIdentifier::ECDSA); + } else if (pKeyID == EVP_PKEY_ED25519 || pKeyID == EVP_PKEY_X25519) { + size_t out_len = 0; + auto& vm = globalObject->vm(); + if (!EVP_PKEY_get_raw_private_key(pkey, nullptr, &out_len)) { + throwException(globalObject, scope, createTypeError(globalObject, "Invalid private key"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + Vector<uint8_t> out(out_len); + if (!EVP_PKEY_get_raw_private_key(pkey, out.data(), &out_len) || out_len != out.size()) { + throwException(globalObject, scope, createTypeError(globalObject, "Invalid private key"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + return KeyObject__createOKPFromPrivate(globalObject, out, pKeyID == EVP_PKEY_ED25519 ? CryptoKeyOKP::NamedCurve::Ed25519 : CryptoKeyOKP::NamedCurve::X25519, CryptoAlgorithmIdentifier::Ed25519); + } else { + throwException(globalObject, scope, createTypeError(globalObject, "Invalid private key type"_s)); + return JSValue::encode(JSC::jsUndefined()); + } +} + +JSC::EncodedJSValue KeyObject__createPublicKey(JSC::JSGlobalObject* globalObject, JSC::CallFrame* callFrame) +{ + + auto count = callFrame->argumentCount(); + auto& vm = globalObject->vm(); + + auto scope = DECLARE_THROW_SCOPE(vm); + + if (count < 1) { + auto scope = DECLARE_THROW_SCOPE(vm); + JSC::throwTypeError(globalObject, scope, "createPublicKey requires 1 arguments"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + auto* options = jsDynamicCast<JSC::JSObject*>(callFrame->argument(0)); + if (!options) { + JSC::throwTypeError(globalObject, scope, "expected options to be a object"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + JSValue keyJSValue = options->getIfPropertyExists(globalObject, PropertyName(Identifier::fromString(vm, "key"_s))); + if (keyJSValue.isUndefinedOrNull() || keyJSValue.isEmpty()) { + JSC::throwTypeError(globalObject, scope, "key is required"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + Zig::GlobalObject* zigGlobalObject = reinterpret_cast<Zig::GlobalObject*>(globalObject); + auto* structure = zigGlobalObject->JSCryptoKeyStructure(); + + void* data; + size_t byteLength; + if (auto* key = jsDynamicCast<JSCryptoKey*>(keyJSValue)) { + auto& wrapped = key->wrapped(); + auto key_type = wrapped.type(); + if (key_type != CryptoKeyType::Private) { + JSC::throwTypeError(globalObject, scope, "ERR_CRYPTO_INVALID_KEY_OBJECT_TYPE: Invalid key object type, expected private"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + auto id = wrapped.keyClass(); + + switch (id) { + case CryptoKeyClass::RSA: { + return KeyObject__createRSAFromPrivate(globalObject, downcast<WebCore::CryptoKeyRSA>(wrapped).platformKey(), wrapped.algorithmIdentifier()); + } + case CryptoKeyClass::EC: { + auto& impl = downcast<WebCore::CryptoKeyEC>(wrapped); + return KeyObject__createECFromPrivate(globalObject, impl.platformKey(), impl.namedCurve(), wrapped.algorithmIdentifier()); + } + case CryptoKeyClass::OKP: { + auto& impl = downcast<WebCore::CryptoKeyOKP>(wrapped); + return KeyObject__createOKPFromPrivate(globalObject, impl.exportKey(), impl.namedCurve(), wrapped.algorithmIdentifier()); + } + default: { + JSC::throwTypeError(globalObject, scope, "ERR_CRYPTO_INVALID_KEY_OBJECT_TYPE: Invalid key object type, expected private"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + } + } + if (!keyJSValue.isCell()) { + JSC::throwTypeError(globalObject, scope, "expected options to be a object"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + + JSValue formatJSValue = options->getIfPropertyExists(globalObject, PropertyName(Identifier::fromString(vm, "format"_s))); + if (formatJSValue.isUndefinedOrNull() || formatJSValue.isEmpty()) { + JSC::throwTypeError(globalObject, scope, "format is required"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + if (!formatJSValue.isString()) { + JSC::throwTypeError(globalObject, scope, "format must be a string"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + auto format = formatJSValue.toWTFString(globalObject); + RETURN_IF_EXCEPTION(scope, encodedJSValue()); + + auto keyJSValueCell = keyJSValue.asCell(); + auto type = keyJSValueCell->type(); + + switch (type) { + + case DataViewType: + case Uint8ArrayType: + case Uint8ClampedArrayType: + case Uint16ArrayType: + case Uint32ArrayType: + case Int8ArrayType: + case Int16ArrayType: + case Int32ArrayType: + case Float32ArrayType: + case Float64ArrayType: + case BigInt64ArrayType: + case BigUint64ArrayType: { + JSC::JSArrayBufferView* view = jsCast<JSC::JSArrayBufferView*>(keyJSValueCell); + + data = view->vector(); + byteLength = view->length(); + break; + } + case ArrayBufferType: { + auto* jsBuffer = jsDynamicCast<JSC::JSArrayBuffer*>(keyJSValueCell); + if (UNLIKELY(!jsBuffer)) { + auto scope = DECLARE_THROW_SCOPE(vm); + throwException(globalObject, scope, createTypeError(globalObject, "ERR_INVALID_ARG_TYPE: expected key to be Buffer or array-like object"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + auto* buffer = jsBuffer->impl(); + data = buffer->data(); + byteLength = buffer->byteLength(); + break; + } + default: { + if (auto* keyObj = jsDynamicCast<JSC::JSObject*>(keyJSValue)) { + if (format != "jwk"_s) { + JSC::throwTypeError(globalObject, scope, "format should be 'jwk' when key type is 'object'"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + auto jwk = WebCore::convertDictionary<JsonWebKey>(*globalObject, keyJSValue); + RETURN_IF_EXCEPTION(scope, encodedJSValue()); + if (jwk.kty == "OKP"_s) { + if (jwk.crv == "Ed25519"_s) { + auto result = CryptoKeyOKP::importPublicJwk(CryptoAlgorithmIdentifier::Ed25519, CryptoKeyOKP::NamedCurve::Ed25519, WTFMove(jwk), true, CryptoKeyUsageVerify); + if (UNLIKELY(result == nullptr)) { + throwException(globalObject, scope, createTypeError(globalObject, "Invalid Ed25519 public key"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + auto impl = result.releaseNonNull(); + if (impl->type() == CryptoKeyType::Private) { + return KeyObject__createOKPFromPrivate(globalObject, impl.get().exportKey(), CryptoKeyOKP::NamedCurve::Ed25519, CryptoAlgorithmIdentifier::Ed25519); + } + return JSC::JSValue::encode(JSCryptoKey::create(structure, zigGlobalObject, WTFMove(impl))); + } else if (jwk.crv == "X25519"_s) { + auto result = CryptoKeyOKP::importPublicJwk(CryptoAlgorithmIdentifier::Ed25519, CryptoKeyOKP::NamedCurve::X25519, WTFMove(jwk), true, CryptoKeyUsageVerify); + if (UNLIKELY(result == nullptr)) { + throwException(globalObject, scope, createTypeError(globalObject, "Invalid X25519 public key"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + auto impl = result.releaseNonNull(); + if (impl->type() == CryptoKeyType::Private) { + return KeyObject__createOKPFromPrivate(globalObject, impl.get().exportKey(), CryptoKeyOKP::NamedCurve::X25519, CryptoAlgorithmIdentifier::Ed25519); + } + return JSC::JSValue::encode(JSCryptoKey::create(structure, zigGlobalObject, WTFMove(impl))); + } else { + throwException(globalObject, scope, createTypeError(globalObject, "Unsupported OKP curve"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + } else if (jwk.kty == "EC"_s) { + auto result = CryptoKeyEC::importJwk(CryptoAlgorithmIdentifier::ECDSA, jwk.crv, WTFMove(jwk), true, jwk.usages); + if (UNLIKELY(result == nullptr)) { + throwException(globalObject, scope, createTypeError(globalObject, "Invalid EC public key"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + auto impl = result.releaseNonNull(); + if (impl->type() == CryptoKeyType::Private) { + return KeyObject__createECFromPrivate(globalObject, impl.get().platformKey(), impl.get().namedCurve(), CryptoAlgorithmIdentifier::ECDSA); + } + return JSC::JSValue::encode(JSCryptoKey::create(structure, zigGlobalObject, WTFMove(impl))); + } else if (jwk.kty == "RSA"_s) { + auto result = CryptoKeyRSA::importJwk(CryptoAlgorithmIdentifier::RSA_OAEP, std::nullopt, WTFMove(jwk), true, jwk.usages); + if (UNLIKELY(result == nullptr)) { + throwException(globalObject, scope, createTypeError(globalObject, "Invalid RSA public key"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + auto impl = result.releaseNonNull(); + if (impl->type() == CryptoKeyType::Private) { + return KeyObject__createRSAFromPrivate(globalObject, impl.get().platformKey(), CryptoAlgorithmIdentifier::RSA_OAEP); + } + return JSC::JSValue::encode(JSCryptoKey::create(structure, zigGlobalObject, WTFMove(impl))); + } else { + throwException(globalObject, scope, createTypeError(globalObject, "Unsupported public key"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + } + } + } + + if (format == "jwk"_s) { + JSC::throwTypeError(globalObject, scope, "The \"key\" property must be of type object"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + + if (UNLIKELY(!data) || UNLIKELY(!byteLength)) { + throwException(globalObject, scope, createTypeError(globalObject, "ERR_INVALID_ARG_TYPE: expected key to be Buffer or array-like object"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + + if (format == "pem"_s) { + auto pem = KeyObject__ParsePublicKeyPEM((const char*)data, byteLength); + if (!pem.key) { + // maybe is a private pem + auto bio = BIOPtr(BIO_new_mem_buf(const_cast<char*>((char*)data), byteLength)); + JSValue passphraseJSValue = options->getIfPropertyExists(globalObject, PropertyName(Identifier::fromString(vm, "passphrase"_s))); + PrivateKeyPassphrase passphrase = { nullptr, 0 }; + + auto hasPassphrase = !passphraseJSValue.isUndefinedOrNull() && !passphraseJSValue.isEmpty(); + + if (hasPassphrase) { + if (passphraseJSValue.isString()) { + auto passphrase_wtfstr = passphraseJSValue.toWTFString(globalObject); + RETURN_IF_EXCEPTION(scope, encodedJSValue()); + if (!passphrase_wtfstr.isNull()) { + if (auto pass = passphrase_wtfstr.tryGetUTF8()) { + if (pass.has_value()) { + auto value = pass.value(); + passphrase.passphrase = const_cast<char*>(value.data()); + passphrase.passphrase_len = value.length(); + } + } + } + } else if (auto* passphraseBuffer = jsDynamicCast<JSUint8Array*>(passphraseJSValue)) { + passphrase.passphrase = (char*)passphraseBuffer->vector(); + passphrase.passphrase_len = passphraseBuffer->byteLength(); + } else { + JSC::throwTypeError(globalObject, scope, "passphrase must be a Buffer or String"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + } + + auto pkey = EvpPKeyPtr(PEM_read_bio_PrivateKey(bio.get(), nullptr, PasswordCallback, &passphrase)); + if (!pkey) { + throwException(globalObject, scope, createTypeError(globalObject, "Invalid PEM data"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + return KeyObject__createPublicFromPrivate(globalObject, pkey.get()); + } + auto pkey = EvpPKeyPtr(pem.key); + auto pKeyID = EVP_PKEY_id(pem.key); + if (pKeyID == EVP_PKEY_RSA || pKeyID == EVP_PKEY_RSA_PSS) { + if (pem.der_data) { + OPENSSL_clear_free(pem.der_data, pem.der_len); + } + auto impl = CryptoKeyRSA::create(pKeyID == EVP_PKEY_RSA_PSS ? CryptoAlgorithmIdentifier::RSA_PSS : CryptoAlgorithmIdentifier::RSA_OAEP, CryptoAlgorithmIdentifier::SHA_1, false, CryptoKeyType::Public, WTFMove(pkey), true, CryptoKeyUsageEncrypt); + return JSC::JSValue::encode(JSCryptoKey::create(structure, zigGlobalObject, WTFMove(impl))); + } else if (pKeyID == EVP_PKEY_ED25519) { + auto result = CryptoKeyOKP::importSpki(CryptoAlgorithmIdentifier::Ed25519, CryptoKeyOKP::NamedCurve::Ed25519, Vector<uint8_t>((uint8_t*)pem.der_data, (size_t)pem.der_len), true, CryptoKeyUsageVerify); + if (pem.der_data) { + OPENSSL_clear_free(pem.der_data, pem.der_len); + } + if (UNLIKELY(result == nullptr)) { + throwException(globalObject, scope, createTypeError(globalObject, "Invalid Ed25519 public key"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + auto impl = result.releaseNonNull(); + return JSC::JSValue::encode(JSCryptoKey::create(structure, zigGlobalObject, WTFMove(impl))); + } else if (pKeyID == EVP_PKEY_X25519) { + auto result = CryptoKeyOKP::importSpki(CryptoAlgorithmIdentifier::Ed25519, CryptoKeyOKP::NamedCurve::X25519, Vector<uint8_t>((uint8_t*)pem.der_data, (size_t)pem.der_len), true, CryptoKeyUsageVerify); + if (pem.der_data) { + OPENSSL_clear_free(pem.der_data, pem.der_len); + } + if (UNLIKELY(result == nullptr)) { + throwException(globalObject, scope, createTypeError(globalObject, "Invalid Ed25519 public key"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + auto impl = result.releaseNonNull(); + return JSC::JSValue::encode(JSCryptoKey::create(structure, zigGlobalObject, WTFMove(impl))); + } else if (pKeyID == EVP_PKEY_EC) { + EC_KEY* ec_key = EVP_PKEY_get1_EC_KEY(pkey.get()); + if (UNLIKELY(ec_key == nullptr)) { + if (pem.der_data) { + OPENSSL_clear_free(pem.der_data, pem.der_len); + } + throwException(globalObject, scope, createTypeError(globalObject, "Invalid EC public key"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + const EC_GROUP* ec_group = EC_KEY_get0_group(ec_key); + // Get the curve name + int curve_name = EC_GROUP_get_curve_name(ec_group); + if (curve_name == NID_undef) { + if (pem.der_data) { + OPENSSL_clear_free(pem.der_data, pem.der_len); + } + EC_KEY_free(ec_key); + throwException(globalObject, scope, createTypeError(globalObject, "Unable to identify EC curve"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + CryptoKeyEC::NamedCurve curve; + if (curve_name == NID_X9_62_prime256v1) + curve = CryptoKeyEC::NamedCurve::P256; + else if (curve_name == NID_secp384r1) + curve = CryptoKeyEC::NamedCurve::P384; + else if (curve_name == NID_secp521r1) + curve = CryptoKeyEC::NamedCurve::P521; + else { + if (pem.der_data) { + OPENSSL_clear_free(pem.der_data, pem.der_len); + } + EC_KEY_free(ec_key); + throwException(globalObject, scope, createTypeError(globalObject, "Unsupported EC curve"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + auto result = CryptoKeyEC::platformImportSpki(CryptoAlgorithmIdentifier::ECDH, curve, Vector<uint8_t>((uint8_t*)pem.der_data, (size_t)pem.der_len), true, CryptoKeyUsageVerify); + if (UNLIKELY(result == nullptr)) { + result = CryptoKeyEC::platformImportSpki(CryptoAlgorithmIdentifier::ECDSA, curve, Vector<uint8_t>((uint8_t*)pem.der_data, (size_t)pem.der_len), true, CryptoKeyUsageVerify); + } + if (pem.der_data) { + OPENSSL_clear_free(pem.der_data, pem.der_len); + } + if (UNLIKELY(result == nullptr)) { + throwException(globalObject, scope, createTypeError(globalObject, "Invalid EC public key"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + auto impl = result.releaseNonNull(); + return JSC::JSValue::encode(JSCryptoKey::create(structure, zigGlobalObject, WTFMove(impl))); + } else { + if (pem.der_data) { + OPENSSL_clear_free(pem.der_data, pem.der_len); + } + throwException(globalObject, scope, createTypeError(globalObject, "Unsupported public key"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + } + if (format == "der"_s) { + JSValue typeJSValue = options->getIfPropertyExists(globalObject, PropertyName(Identifier::fromString(vm, "type"_s))); + WTF::String type = "spki"_s; + if (!typeJSValue.isUndefinedOrNull() && !typeJSValue.isEmpty()) { + if (!typeJSValue.isString()) { + JSC::throwTypeError(globalObject, scope, "type must be a string"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + type = typeJSValue.toWTFString(globalObject); + RETURN_IF_EXCEPTION(scope, encodedJSValue()); + } + + if (type == "pkcs1"_s) { + // must be RSA + const unsigned char* p = reinterpret_cast<const unsigned char*>(data); + auto pkey = EvpPKeyPtr(d2i_PublicKey(EVP_PKEY_RSA, nullptr, &p, byteLength)); + if (!pkey) { + // maybe is a private RSA key + const unsigned char* p = reinterpret_cast<const unsigned char*>(data); + pkey = EvpPKeyPtr(d2i_PrivateKey(EVP_PKEY_RSA, nullptr, &p, byteLength)); + if (!pkey) { + throwException(globalObject, scope, createTypeError(globalObject, "Invalid PKCS#1"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + + auto pKeyID = EVP_PKEY_id(pkey.get()); + return KeyObject__createRSAFromPrivate(globalObject, pkey.get(), pKeyID == EVP_PKEY_RSA_PSS ? CryptoAlgorithmIdentifier::RSASSA_PKCS1_v1_5 : CryptoAlgorithmIdentifier::RSAES_PKCS1_v1_5); + } + + auto pKeyID = EVP_PKEY_id(pkey.get()); + auto impl = CryptoKeyRSA::create(pKeyID == EVP_PKEY_RSA_PSS ? CryptoAlgorithmIdentifier::RSASSA_PKCS1_v1_5 : CryptoAlgorithmIdentifier::RSAES_PKCS1_v1_5, CryptoAlgorithmIdentifier::SHA_1, false, CryptoKeyType::Public, WTFMove(pkey), true, CryptoKeyUsageEncrypt); + return JSC::JSValue::encode(JSCryptoKey::create(structure, zigGlobalObject, WTFMove(impl))); + } else if (type == "spki"_s) { + // We use d2i_PUBKEY() to import a public key. + const uint8_t* ptr = reinterpret_cast<const uint8_t*>(data); + auto pkey = EvpPKeyPtr(d2i_PUBKEY(nullptr, &ptr, byteLength)); + if (!pkey) { + throwException(globalObject, scope, createTypeError(globalObject, "Invalid public key"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + auto pKeyID = EVP_PKEY_id(pkey.get()); + + if (pKeyID == EVP_PKEY_RSA || pKeyID == EVP_PKEY_RSA_PSS) { + auto impl = CryptoKeyRSA::create(pKeyID == EVP_PKEY_RSA_PSS ? CryptoAlgorithmIdentifier::RSA_PSS : CryptoAlgorithmIdentifier::RSA_OAEP, CryptoAlgorithmIdentifier::SHA_1, false, CryptoKeyType::Public, WTFMove(pkey), true, CryptoKeyUsageEncrypt); + return JSC::JSValue::encode(JSCryptoKey::create(structure, zigGlobalObject, WTFMove(impl))); + } else if (pKeyID == EVP_PKEY_ED25519) { + auto result = CryptoKeyOKP::importSpki(CryptoAlgorithmIdentifier::Ed25519, CryptoKeyOKP::NamedCurve::Ed25519, Vector<uint8_t>((uint8_t*)data, byteLength), true, CryptoKeyUsageVerify); + if (UNLIKELY(result == nullptr)) { + throwException(globalObject, scope, createTypeError(globalObject, "Invalid Ed25519 public key"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + auto impl = result.releaseNonNull(); + return JSC::JSValue::encode(JSCryptoKey::create(structure, zigGlobalObject, WTFMove(impl))); + } else if (pKeyID == EVP_PKEY_X25519) { + auto result = CryptoKeyOKP::importSpki(CryptoAlgorithmIdentifier::Ed25519, CryptoKeyOKP::NamedCurve::X25519, Vector<uint8_t>((uint8_t*)data, byteLength), true, CryptoKeyUsageVerify); + if (UNLIKELY(result == nullptr)) { + throwException(globalObject, scope, createTypeError(globalObject, "Invalid Ed25519 public key"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + auto impl = result.releaseNonNull(); + return JSC::JSValue::encode(JSCryptoKey::create(structure, zigGlobalObject, WTFMove(impl))); + } else if (pKeyID == EVP_PKEY_EC) { + EC_KEY* ec_key = EVP_PKEY_get1_EC_KEY(pkey.get()); + if (UNLIKELY(ec_key == nullptr)) { + throwException(globalObject, scope, createTypeError(globalObject, "Invalid EC public key"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + const EC_GROUP* ec_group = EC_KEY_get0_group(ec_key); + // Get the curve name + int curve_name = EC_GROUP_get_curve_name(ec_group); + if (curve_name == NID_undef) { + EC_KEY_free(ec_key); + throwException(globalObject, scope, createTypeError(globalObject, "Unable to identify EC curve"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + CryptoKeyEC::NamedCurve curve; + if (curve_name == NID_X9_62_prime256v1) + curve = CryptoKeyEC::NamedCurve::P256; + else if (curve_name == NID_secp384r1) + curve = CryptoKeyEC::NamedCurve::P384; + else if (curve_name == NID_secp521r1) + curve = CryptoKeyEC::NamedCurve::P521; + else { + EC_KEY_free(ec_key); + throwException(globalObject, scope, createTypeError(globalObject, "Unsupported EC curve"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + auto alg = CryptoAlgorithmIdentifier::ECDH; + auto result = CryptoKeyEC::platformImportSpki(alg, curve, Vector<uint8_t>((uint8_t*)data, byteLength), true, CryptoKeyUsageVerify); + if (UNLIKELY(result == nullptr)) { + alg = CryptoAlgorithmIdentifier::ECDSA; + result = CryptoKeyEC::platformImportSpki(CryptoAlgorithmIdentifier::ECDSA, curve, Vector<uint8_t>((uint8_t*)data, byteLength), true, CryptoKeyUsageVerify); + } + if (UNLIKELY(result == nullptr)) { + throwException(globalObject, scope, createTypeError(globalObject, "Invalid EC public key"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + auto impl = result.releaseNonNull(); + return JSC::JSValue::encode(JSCryptoKey::create(structure, zigGlobalObject, WTFMove(impl))); + } else { + throwException(globalObject, scope, createTypeError(globalObject, "Unsupported public key"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + } + + JSC::throwTypeError(globalObject, scope, "type should be 'pkcs1' or 'spki'"_s); + return JSValue::encode(JSC::jsUndefined()); + } + JSC::throwTypeError(globalObject, scope, "format should be 'pem' or 'der'"_s); + return JSValue::encode(JSC::jsUndefined()); +} + +JSC::EncodedJSValue KeyObject__createSecretKey(JSC::JSGlobalObject* lexicalGlobalObject, JSC::CallFrame* callFrame) +{ + + JSValue bufferArg = callFrame->uncheckedArgument(0); + auto& vm = lexicalGlobalObject->vm(); + auto scope = DECLARE_THROW_SCOPE(vm); + Zig::GlobalObject* globalObject = reinterpret_cast<Zig::GlobalObject*>(lexicalGlobalObject); + auto* structure = globalObject->JSCryptoKeyStructure(); + + if (!bufferArg.isCell()) { + throwException(lexicalGlobalObject, scope, createTypeError(lexicalGlobalObject, "ERR_INVALID_ARG_TYPE: expected Buffer or array-like object"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + + auto bufferArgCell = bufferArg.asCell(); + auto type = bufferArgCell->type(); + + switch (type) { + + case DataViewType: + case Uint8ArrayType: + case Uint8ClampedArrayType: + case Uint16ArrayType: + case Uint32ArrayType: + case Int8ArrayType: + case Int16ArrayType: + case Int32ArrayType: + case Float32ArrayType: + case Float64ArrayType: + case BigInt64ArrayType: + case BigUint64ArrayType: { + JSC::JSArrayBufferView* view = jsCast<JSC::JSArrayBufferView*>(bufferArgCell); + + void* data = view->vector(); + size_t byteLength = view->length(); + if (UNLIKELY(!data)) { + break; + } + auto impl = CryptoKeyHMAC::generateFromBytes(data, byteLength, CryptoAlgorithmIdentifier::HMAC, true, CryptoKeyUsageSign | CryptoKeyUsageVerify).releaseNonNull(); + return JSC::JSValue::encode(JSCryptoKey::create(structure, globalObject, WTFMove(impl))); + } + case ArrayBufferType: { + auto* jsBuffer = jsDynamicCast<JSC::JSArrayBuffer*>(bufferArgCell); + if (UNLIKELY(!jsBuffer)) { + break; + } + auto* buffer = jsBuffer->impl(); + void* data = buffer->data(); + size_t byteLength = buffer->byteLength(); + if (UNLIKELY(!data)) { + break; + } + Zig::GlobalObject* globalObject = reinterpret_cast<Zig::GlobalObject*>(lexicalGlobalObject); + auto impl = CryptoKeyHMAC::generateFromBytes(data, byteLength, CryptoAlgorithmIdentifier::HMAC, true, CryptoKeyUsageSign | CryptoKeyUsageVerify).releaseNonNull(); + return JSC::JSValue::encode(JSCryptoKey::create(structure, globalObject, WTFMove(impl))); + } + default: + throwException(lexicalGlobalObject, scope, createTypeError(lexicalGlobalObject, "ERR_INVALID_ARG_TYPE: expected Buffer or array-like object"_s)); + return JSValue::encode(JSC::jsUndefined()); + } +} + +JSC::EncodedJSValue KeyObject__Exports(JSC::JSGlobalObject* globalObject, JSC::CallFrame* callFrame) +{ + + auto count = callFrame->argumentCount(); + auto& vm = globalObject->vm(); + auto scope = DECLARE_THROW_SCOPE(vm); + + if (count < 2) { + JSC::throwTypeError(globalObject, scope, "exports requires 2 arguments"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + + auto* key = jsDynamicCast<JSCryptoKey*>(callFrame->argument(0)); + if (!key) { + // No JSCryptoKey instance + JSC::throwTypeError(globalObject, scope, "expected CryptoKey as first argument"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + + auto& wrapped = key->wrapped(); + auto key_type = wrapped.type(); + auto id = wrapped.keyClass(); + if (auto* options = jsDynamicCast<JSC::JSObject*>(callFrame->argument(1))) { + JSValue formatJSValue = options->getIfPropertyExists(globalObject, PropertyName(Identifier::fromString(vm, "format"_s))); + JSValue typeJSValue = options->getIfPropertyExists(globalObject, PropertyName(Identifier::fromString(vm, "type"_s))); + JSValue passphraseJSValue = options->getIfPropertyExists(globalObject, PropertyName(Identifier::fromString(vm, "passphrase"_s))); + auto hasPassphrase = !passphraseJSValue.isUndefinedOrNull() && !passphraseJSValue.isEmpty(); + if (formatJSValue.isUndefinedOrNull() || formatJSValue.isEmpty()) { + JSC::throwTypeError(globalObject, scope, "format is expected to be a string"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + + auto string = formatJSValue.toWTFString(globalObject); + RETURN_IF_EXCEPTION(scope, encodedJSValue()); + if (string == "jwk"_s && hasPassphrase) { + JSC::throwTypeError(globalObject, scope, "encryption is not supported for jwk format"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + + switch (id) { + case CryptoKeyClass::HMAC: { + const auto& hmac = downcast<WebCore::CryptoKeyHMAC>(wrapped); + if (string == "buffer"_s) { + auto keyData = hmac.key(); + auto size = keyData.size(); + auto* buffer = jsCast<JSUint8Array*>(JSValue::decode(JSBuffer__bufferFromLength(globalObject, size))); + if (size > 0) + memcpy(buffer->vector(), keyData.data(), size); + + return JSC::JSValue::encode(buffer); + } else if (string == "jwk"_s) { + const JsonWebKey& jwkValue = hmac.exportJwk(); + Zig::GlobalObject* domGlobalObject = reinterpret_cast<Zig::GlobalObject*>(globalObject); + return JSC::JSValue::encode(WebCore::convertDictionaryToJS(*globalObject, *domGlobalObject, jwkValue, true)); + } + break; + } + case CryptoKeyClass::AES: { + const auto& aes = downcast<WebCore::CryptoKeyAES>(wrapped); + if (string == "buffer"_s) { + auto keyData = aes.key(); + auto size = keyData.size(); + auto* buffer = jsCast<JSUint8Array*>(JSValue::decode(JSBuffer__bufferFromLength(globalObject, size))); + if (size > 0) + memcpy(buffer->vector(), keyData.data(), size); + + return JSC::JSValue::encode(buffer); + } else if (string == "jwk"_s) { + const JsonWebKey& jwkValue = aes.exportJwk(); + Zig::GlobalObject* domGlobalObject = reinterpret_cast<Zig::GlobalObject*>(globalObject); + return JSC::JSValue::encode(WebCore::convertDictionaryToJS(*globalObject, *domGlobalObject, jwkValue, true)); + } + break; + } + case CryptoKeyClass::RSA: { + const auto& rsa = downcast<WebCore::CryptoKeyRSA>(wrapped); + if (string == "jwk"_s) { + const JsonWebKey& jwkValue = rsa.exportJwk(); + Zig::GlobalObject* domGlobalObject = reinterpret_cast<Zig::GlobalObject*>(globalObject); + return JSC::JSValue::encode(WebCore::convertDictionaryToJS(*globalObject, *domGlobalObject, jwkValue, true)); + } else { + WTF::String type = "pkcs1"_s; + if (!typeJSValue.isUndefinedOrNull() && !typeJSValue.isEmpty()) { + if (!typeJSValue.isString()) { + JSC::throwTypeError(globalObject, scope, "type must be a string"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + type = typeJSValue.toWTFString(globalObject); + RETURN_IF_EXCEPTION(scope, encodedJSValue()); + } + + auto* bio = BIO_new(BIO_s_mem()); + auto* rsaKey = rsa.platformKey(); + auto* rsa_ptr = EVP_PKEY_get0_RSA(rsaKey); + + if (key_type == CryptoKeyType::Public) { + if (string == "pem"_s) { + if (type == "pkcs1"_s) { + if (PEM_write_bio_RSAPublicKey(bio, rsa_ptr) != 1) { + JSC::throwTypeError(globalObject, scope, "Failed to write public key"_s); + BIO_free(bio); + return JSC::JSValue::encode(JSC::JSValue {}); + } + } else if (type == "spki"_s) { + if (PEM_write_bio_PUBKEY(bio, rsaKey) != 1) { + JSC::throwTypeError(globalObject, scope, "Failed to write public key"_s); + BIO_free(bio); + return JSC::JSValue::encode(JSC::JSValue {}); + } + } else { + JSC::throwTypeError(globalObject, scope, "type should be 'pkcs1' or 'spki'"_s); + BIO_free(bio); + return JSC::JSValue::encode(JSC::JSValue {}); + } + + } else if (string == "der"_s) { + if (type == "pkcs1"_s) { + if (i2d_RSAPublicKey_bio(bio, rsa_ptr) != 1) { + JSC::throwTypeError(globalObject, scope, "Failed to write public key"_s); + BIO_free(bio); + return JSC::JSValue::encode(JSC::JSValue {}); + } + } else if (type == "spki"_s) { + if (i2d_PUBKEY_bio(bio, rsaKey) != 1) { + JSC::throwTypeError(globalObject, scope, "Failed to write public key"_s); + BIO_free(bio); + return JSC::JSValue::encode(JSC::JSValue {}); + } + } else { + JSC::throwTypeError(globalObject, scope, "type should be 'pkcs1' or 'spki'"_s); + BIO_free(bio); + return JSC::JSValue::encode(JSC::JSValue {}); + } + } else { + JSC::throwTypeError(globalObject, scope, "format expected to be 'der', 'pem' or 'jwk'"_s); + BIO_free(bio); + return JSC::JSValue::encode(JSC::JSValue {}); + } + } else { + JSValue cipherJSValue = options->getIfPropertyExists(globalObject, PropertyName(Identifier::fromString(vm, "cipher"_s))); + + const EVP_CIPHER* cipher = nullptr; + if (!cipherJSValue.isUndefinedOrNull() && !cipherJSValue.isEmpty() && cipherJSValue.isString()) { + auto cipher_wtfstr = cipherJSValue.toWTFString(globalObject); + RETURN_IF_EXCEPTION(scope, encodedJSValue()); + if (!cipher_wtfstr.isNull()) { + auto cipherOrError = cipher_wtfstr.tryGetUTF8(); + if (!cipherOrError.has_value()) { + JSC::throwTypeError(globalObject, scope, "invalid cipher name"_s); + BIO_free(bio); + return JSC::JSValue::encode(JSC::JSValue {}); + } else { + auto value = cipherOrError.value(); + auto cipher_str = value.data(); + if (cipher_str != nullptr) { + cipher = EVP_get_cipherbyname(cipher_str); + } + } + } + } + void* passphrase = nullptr; + size_t passphrase_len = 0; + if (hasPassphrase) { + if (!cipher) { + JSC::throwTypeError(globalObject, scope, "cipher is required when passphrase is specified"_s); + BIO_free(bio); + return JSC::JSValue::encode(JSC::JSValue {}); + } + if (passphraseJSValue.isString()) { + auto passphrase_wtfstr = passphraseJSValue.toWTFString(globalObject); + RETURN_IF_EXCEPTION(scope, encodedJSValue()); + if (!passphrase_wtfstr.isNull()) { + if (auto pass = passphrase_wtfstr.tryGetUTF8()) { + if (pass.has_value()) { + auto value = pass.value(); + passphrase = const_cast<char*>(value.data()); + passphrase_len = value.length(); + } + } + } + } else if (auto* passphraseBuffer = jsDynamicCast<JSUint8Array*>(passphraseJSValue)) { + passphrase = passphraseBuffer->vector(); + passphrase_len = passphraseBuffer->byteLength(); + } else { + JSC::throwTypeError(globalObject, scope, "passphrase must be a Buffer or String"_s); + BIO_free(bio); + return JSC::JSValue::encode(JSC::JSValue {}); + } + } + + if (string == "pem"_s) { + if (type == "pkcs1"_s) { + if (PEM_write_bio_RSAPrivateKey(bio, rsa_ptr, cipher, (unsigned char*)passphrase, passphrase_len, nullptr, nullptr) != 1) { + JSC::throwTypeError(globalObject, scope, "Failed to write private key"_s); + BIO_free(bio); + return JSC::JSValue::encode(JSC::JSValue {}); + } + } else if (type == "pkcs8"_s) { + if (PEM_write_bio_PKCS8PrivateKey(bio, rsaKey, cipher, (char*)passphrase, passphrase_len, nullptr, nullptr) != 1) { + JSC::throwTypeError(globalObject, scope, "Failed to write private key"_s); + BIO_free(bio); + return JSC::JSValue::encode(JSC::JSValue {}); + } + } else { + JSC::throwTypeError(globalObject, scope, "type should be 'pkcs1' or 'pkcs8'"_s); + BIO_free(bio); + return JSC::JSValue::encode(JSC::JSValue {}); + } + } else if (string == "der"_s) { + if (type == "pkcs1"_s) { + if (i2d_RSAPrivateKey_bio(bio, rsa_ptr) != 1) { + JSC::throwTypeError(globalObject, scope, "Failed to write private key"_s); + BIO_free(bio); + return JSC::JSValue::encode(JSC::JSValue {}); + } + } else if (type == "pkcs8"_s) { + if (i2d_PKCS8PrivateKey_bio(bio, rsaKey, cipher, (char*)passphrase, passphrase_len, nullptr, nullptr) != 1) { + JSC::throwTypeError(globalObject, scope, "Failed to write private key"_s); + BIO_free(bio); + return JSC::JSValue::encode(JSC::JSValue {}); + } + } else { + JSC::throwTypeError(globalObject, scope, "type should be 'pkcs1' or 'pkcs8'"_s); + BIO_free(bio); + return JSC::JSValue::encode(JSC::JSValue {}); + } + } else { + JSC::throwTypeError(globalObject, scope, "format expected to be 'der', 'pem' or 'jwk'"_s); + BIO_free(bio); + return JSC::JSValue::encode(JSC::JSValue {}); + } + } + + BUF_MEM* bptr; + BIO_get_mem_ptr(bio, &bptr); + auto length = bptr->length; + if (string == "pem"_s) { + auto str = WTF::String::fromUTF8(bptr->data, length); + return JSValue::encode(JSC::jsString(vm, str)); + } + + auto* buffer = jsCast<JSUint8Array*>(JSValue::decode(JSBuffer__bufferFromLength(globalObject, length))); + if (length > 0) + memcpy(buffer->vector(), bptr->data, length); + + BIO_free(bio); + return JSC::JSValue::encode(buffer); + } + } + case CryptoKeyClass::EC: { + const auto& ec = downcast<WebCore::CryptoKeyEC>(wrapped); + if (string == "jwk"_s) { + auto result = ec.exportJwk(); + if (result.hasException()) { + WebCore::propagateException(*globalObject, scope, result.releaseException()); + return JSC::JSValue::encode(JSC::JSValue {}); + } + const JsonWebKey& jwkValue = result.releaseReturnValue(); + Zig::GlobalObject* domGlobalObject = reinterpret_cast<Zig::GlobalObject*>(globalObject); + return JSC::JSValue::encode(WebCore::convertDictionaryToJS(*globalObject, *domGlobalObject, jwkValue, true)); + } else { + WTF::String type = "spki"_s; + if (!typeJSValue.isUndefinedOrNull() && !typeJSValue.isEmpty()) { + if (!typeJSValue.isString()) { + JSC::throwTypeError(globalObject, scope, "type must be a string"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + type = typeJSValue.toWTFString(globalObject); + RETURN_IF_EXCEPTION(scope, encodedJSValue()); + } + + auto* bio = BIO_new(BIO_s_mem()); + auto* ecKey = ec.platformKey(); + auto* ec_ptr = EVP_PKEY_get1_EC_KEY(ecKey); + + if (key_type == CryptoKeyType::Public) { + if (string == "pem"_s) { + if (type == "spki"_s) { + if (PEM_write_bio_PUBKEY(bio, ecKey) != 1) { + JSC::throwTypeError(globalObject, scope, "Failed to write public key"_s); + BIO_free(bio); + return JSC::JSValue::encode(JSC::JSValue {}); + } + } else { + JSC::throwTypeError(globalObject, scope, "type should be 'spki'"_s); + BIO_free(bio); + return JSC::JSValue::encode(JSC::JSValue {}); + } + + } else if (string == "der"_s) { + if (type == "spki"_s) { + if (i2d_PUBKEY_bio(bio, ecKey) != 1) { + JSC::throwTypeError(globalObject, scope, "Failed to write public key"_s); + BIO_free(bio); + return JSC::JSValue::encode(JSC::JSValue {}); + } + } else { + JSC::throwTypeError(globalObject, scope, "type should be 'spki'"_s); + BIO_free(bio); + return JSC::JSValue::encode(JSC::JSValue {}); + } + } else { + JSC::throwTypeError(globalObject, scope, "format expected to be 'der', 'pem' or 'jwk'"_s); + BIO_free(bio); + return JSC::JSValue::encode(JSC::JSValue {}); + } + } else { + JSValue passphraseJSValue = options->getIfPropertyExists(globalObject, PropertyName(Identifier::fromString(vm, "passphrase"_s))); + JSValue cipherJSValue = options->getIfPropertyExists(globalObject, PropertyName(Identifier::fromString(vm, "cipher"_s))); + + const EVP_CIPHER* cipher = nullptr; + if (!cipherJSValue.isUndefinedOrNull() && !cipherJSValue.isEmpty()) { + auto cipher_wtfstr = cipherJSValue.toWTFString(globalObject); + RETURN_IF_EXCEPTION(scope, encodedJSValue()); + if (!cipher_wtfstr.isNull()) { + auto cipherOrError = cipher_wtfstr.tryGetUTF8(); + if (!cipherOrError.has_value()) { + JSC::throwTypeError(globalObject, scope, "invalid cipher name"_s); + BIO_free(bio); + return JSC::JSValue::encode(JSC::JSValue {}); + } else { + auto value = cipherOrError.value(); + auto cipher_str = value.data(); + if (cipher_str != nullptr) { + cipher = EVP_get_cipherbyname(cipher_str); + } + } + } + } + void* passphrase = nullptr; + size_t passphrase_len = 0; + auto hasPassphrase = !passphraseJSValue.isUndefinedOrNull() && !passphraseJSValue.isEmpty(); + + if (hasPassphrase) { + if (!cipher) { + JSC::throwTypeError(globalObject, scope, "cipher is required when passphrase is specified"_s); + BIO_free(bio); + return JSC::JSValue::encode(JSC::JSValue {}); + } + if (passphraseJSValue.isString()) { + auto passphrase_wtfstr = passphraseJSValue.toWTFString(globalObject); + RETURN_IF_EXCEPTION(scope, encodedJSValue()); + if (!passphrase_wtfstr.isNull()) { + if (auto pass = passphrase_wtfstr.tryGetUTF8()) { + if (pass.has_value()) { + auto value = pass.value(); + passphrase = const_cast<char*>(value.data()); + passphrase_len = value.length(); + } + } + } + } else if (auto* passphraseBuffer = jsDynamicCast<JSUint8Array*>(passphraseJSValue)) { + passphrase = passphraseBuffer->vector(); + passphrase_len = passphraseBuffer->byteLength(); + } else { + JSC::throwTypeError(globalObject, scope, "passphrase must be a Buffer or String"_s); + BIO_free(bio); + return JSC::JSValue::encode(JSC::JSValue {}); + } + } + + if (string == "pem"_s) { + if (type == "sec1"_s) { + if (PEM_write_bio_ECPrivateKey(bio, ec_ptr, cipher, (unsigned char*)passphrase, passphrase_len, nullptr, nullptr) != 1) { + JSC::throwTypeError(globalObject, scope, "Failed to write private key"_s); + BIO_free(bio); + return JSC::JSValue::encode(JSC::JSValue {}); + } + } else if (type == "pkcs8"_s) { + if (PEM_write_bio_PKCS8PrivateKey(bio, ecKey, cipher, (char*)passphrase, passphrase_len, nullptr, nullptr) != 1) { + JSC::throwTypeError(globalObject, scope, "Failed to write private key"_s); + BIO_free(bio); + return JSC::JSValue::encode(JSC::JSValue {}); + } + } else { + JSC::throwTypeError(globalObject, scope, "type should be 'sec1' or 'pkcs8'"_s); + BIO_free(bio); + return JSC::JSValue::encode(JSC::JSValue {}); + } + } else if (string == "der"_s) { + if (type == "sec1"_s) { + if (i2d_ECPrivateKey_bio(bio, ec_ptr) != 1) { + JSC::throwTypeError(globalObject, scope, "Failed to write private key"_s); + BIO_free(bio); + return JSC::JSValue::encode(JSC::JSValue {}); + } + } else if (type == "pkcs8"_s) { + if (i2d_PKCS8PrivateKey_bio(bio, ecKey, cipher, (char*)passphrase, passphrase_len, nullptr, nullptr) != 1) { + JSC::throwTypeError(globalObject, scope, "Failed to write private key"_s); + BIO_free(bio); + return JSC::JSValue::encode(JSC::JSValue {}); + } + } else { + JSC::throwTypeError(globalObject, scope, "type should be 'sec1' or 'pkcs8'"_s); + BIO_free(bio); + return JSC::JSValue::encode(JSC::JSValue {}); + } + } else { + JSC::throwTypeError(globalObject, scope, "format expected to be 'der', 'pem' or 'jwk'"_s); + BIO_free(bio); + return JSC::JSValue::encode(JSC::JSValue {}); + } + } + + BUF_MEM* bptr; + BIO_get_mem_ptr(bio, &bptr); + auto length = bptr->length; + if (string == "pem"_s) { + auto str = WTF::String::fromUTF8(bptr->data, length); + return JSValue::encode(JSC::jsString(vm, str)); + } + + auto* buffer = jsCast<JSUint8Array*>(JSValue::decode(JSBuffer__bufferFromLength(globalObject, length))); + if (length > 0) + memcpy(buffer->vector(), bptr->data, length); + + BIO_free(bio); + return JSC::JSValue::encode(buffer); + } + } + case CryptoKeyClass::OKP: { + const auto& okpKey = downcast<WebCore::CryptoKeyOKP>(wrapped); + if (string == "jwk"_s) { + auto result = okpKey.exportJwk(); + if (result.hasException()) { + WebCore::propagateException(*globalObject, scope, result.releaseException()); + return JSC::JSValue::encode(JSC::JSValue {}); + } + const JsonWebKey& jwkValue = result.releaseReturnValue(); + Zig::GlobalObject* domGlobalObject = reinterpret_cast<Zig::GlobalObject*>(globalObject); + return JSC::JSValue::encode(WebCore::convertDictionaryToJS(*globalObject, *domGlobalObject, jwkValue, true)); + } else { + WTF::String type = "pkcs8"_s; + if (!typeJSValue.isUndefinedOrNull() && !typeJSValue.isEmpty()) { + if (!typeJSValue.isString()) { + JSC::throwTypeError(globalObject, scope, "type must be a string"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + type = typeJSValue.toWTFString(globalObject); + RETURN_IF_EXCEPTION(scope, encodedJSValue()); + } + + auto keyData = okpKey.exportKey(); + auto* bio = BIO_new(BIO_s_mem()); + + EVP_PKEY* evpKey; + // TODO: CHECK THIS WHEN X488 AND ED448 ARE ADDED + if (okpKey.type() == CryptoKeyType::Private) { + evpKey = EVP_PKEY_new_raw_private_key(okpKey.namedCurve() == CryptoKeyOKP::NamedCurve::X25519 ? EVP_PKEY_X25519 : EVP_PKEY_ED25519, nullptr, keyData.data(), keyData.size()); + JSValue passphraseJSValue = options->getIfPropertyExists(globalObject, PropertyName(Identifier::fromString(vm, "passphrase"_s))); + JSValue cipherJSValue = options->getIfPropertyExists(globalObject, PropertyName(Identifier::fromString(vm, "cipher"_s))); + + const EVP_CIPHER* cipher = nullptr; + if (!cipherJSValue.isUndefinedOrNull() && !cipherJSValue.isEmpty() && cipherJSValue.isString()) { + auto cipher_wtfstr = cipherJSValue.toWTFString(globalObject); + RETURN_IF_EXCEPTION(scope, encodedJSValue()); + if (!cipher_wtfstr.isNull()) { + auto cipherOrError = cipher_wtfstr.tryGetUTF8(); + if (!cipherOrError.has_value()) { + JSC::throwTypeError(globalObject, scope, "invalid cipher name"_s); + BIO_free(bio); + EVP_PKEY_free(evpKey); + return JSC::JSValue::encode(JSC::JSValue {}); + } else { + auto value = cipherOrError.value(); + auto cipher_str = value.data(); + if (cipher_str != nullptr) { + cipher = EVP_get_cipherbyname(cipher_str); + } + } + } + } + void* passphrase = nullptr; + size_t passphrase_len = 0; + auto hasPassphrase = !passphraseJSValue.isUndefinedOrNull() && !passphraseJSValue.isEmpty(); + + if (hasPassphrase) { + if (!cipher) { + JSC::throwTypeError(globalObject, scope, "cipher is required when passphrase is specified"_s); + BIO_free(bio); + return JSC::JSValue::encode(JSC::JSValue {}); + } + if (passphraseJSValue.isString()) { + auto passphrase_wtfstr = passphraseJSValue.toWTFString(globalObject); + RETURN_IF_EXCEPTION(scope, encodedJSValue()); + if (!passphrase_wtfstr.isNull()) { + if (auto pass = passphrase_wtfstr.tryGetUTF8()) { + if (pass.has_value()) { + auto value = pass.value(); + passphrase = const_cast<char*>(value.data()); + passphrase_len = value.length(); + } + } + } + } else if (auto* passphraseBuffer = jsDynamicCast<JSUint8Array*>(passphraseJSValue)) { + passphrase = passphraseBuffer->vector(); + passphrase_len = passphraseBuffer->byteLength(); + } else { + JSC::throwTypeError(globalObject, scope, "passphrase must be a Buffer or String"_s); + BIO_free(bio); + return JSC::JSValue::encode(JSC::JSValue {}); + } + } + + if (string == "pem"_s) { + if (type == "pkcs8"_s) { + if (PEM_write_bio_PKCS8PrivateKey(bio, evpKey, cipher, (char*)passphrase, passphrase_len, nullptr, nullptr) != 1) { + JSC::throwTypeError(globalObject, scope, "Failed to write private key"_s); + BIO_free(bio); + EVP_PKEY_free(evpKey); + return JSC::JSValue::encode(JSC::JSValue {}); + } + } else { + JSC::throwTypeError(globalObject, scope, "type should be 'pkcs8'"_s); + BIO_free(bio); + EVP_PKEY_free(evpKey); + return JSC::JSValue::encode(JSC::JSValue {}); + } + } else if (string == "der"_s) { + if (type == "pkcs8"_s) { + if (i2d_PKCS8PrivateKey_bio(bio, evpKey, cipher, (char*)passphrase, passphrase_len, nullptr, nullptr) != 1) { + JSC::throwTypeError(globalObject, scope, "Failed to write private key"_s); + BIO_free(bio); + EVP_PKEY_free(evpKey); + return JSC::JSValue::encode(JSC::JSValue {}); + } + } else { + JSC::throwTypeError(globalObject, scope, "type should be 'pkcs8'"_s); + BIO_free(bio); + EVP_PKEY_free(evpKey); + return JSC::JSValue::encode(JSC::JSValue {}); + } + } else { + JSC::throwTypeError(globalObject, scope, "format expected to be 'der', 'pem' or 'jwk'"_s); + BIO_free(bio); + EVP_PKEY_free(evpKey); + return JSC::JSValue::encode(JSC::JSValue {}); + } + } else { + evpKey = EVP_PKEY_new_raw_public_key(okpKey.namedCurve() == CryptoKeyOKP::NamedCurve::X25519 ? EVP_PKEY_X25519 : EVP_PKEY_ED25519, nullptr, keyData.data(), keyData.size()); + if (string == "pem"_s) { + if (type == "spki"_s) { + if (PEM_write_bio_PUBKEY(bio, evpKey) != 1) { + JSC::throwTypeError(globalObject, scope, "Failed to write public key"_s); + BIO_free(bio); + EVP_PKEY_free(evpKey); + return JSC::JSValue::encode(JSC::JSValue {}); + } + } else { + JSC::throwTypeError(globalObject, scope, "type should be 'spki'"_s); + BIO_free(bio); + EVP_PKEY_free(evpKey); + return JSC::JSValue::encode(JSC::JSValue {}); + } + + } else if (string == "der"_s) { + if (type == "spki"_s) { + if (i2d_PUBKEY_bio(bio, evpKey) != 1) { + JSC::throwTypeError(globalObject, scope, "Failed to write public key"_s); + BIO_free(bio); + EVP_PKEY_free(evpKey); + return JSC::JSValue::encode(JSC::JSValue {}); + } + } else { + JSC::throwTypeError(globalObject, scope, "type should be 'spki'"_s); + BIO_free(bio); + EVP_PKEY_free(evpKey); + return JSC::JSValue::encode(JSC::JSValue {}); + } + } else { + JSC::throwTypeError(globalObject, scope, "format expected to be 'der', 'pem' or 'jwk'"_s); + BIO_free(bio); + EVP_PKEY_free(evpKey); + return JSC::JSValue::encode(JSC::JSValue {}); + } + } + + BUF_MEM* bptr; + BIO_get_mem_ptr(bio, &bptr); + auto length = bptr->length; + if (string == "pem"_s) { + auto str = WTF::String::fromUTF8(bptr->data, length); + EVP_PKEY_free(evpKey); + return JSValue::encode(JSC::jsString(vm, str)); + } + + auto* buffer = jsCast<JSUint8Array*>(JSValue::decode(JSBuffer__bufferFromLength(globalObject, length))); + if (length > 0) + memcpy(buffer->vector(), bptr->data, length); + + BIO_free(bio); + EVP_PKEY_free(evpKey); + return JSC::JSValue::encode(buffer); + } + } + case CryptoKeyClass::Raw: { + const auto& raw = downcast<WebCore::CryptoKeyRaw>(wrapped); + if (string == "buffer"_s) { + auto keyData = raw.key(); + auto size = keyData.size(); + auto* buffer = jsCast<JSUint8Array*>(JSValue::decode(JSBuffer__bufferFromLength(globalObject, size))); + if (size > 0) + memcpy(buffer->vector(), keyData.data(), size); + + return JSC::JSValue::encode(buffer); + } + + JSC::throwTypeError(globalObject, scope, "format is expected to be 'buffer'"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + default: { + JSC::throwTypeError(globalObject, scope, "Invalid Operation"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + } + JSC::throwTypeError(globalObject, scope, "format is expected to be 'buffer' or 'jwk'"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } else { + JSC::throwTypeError(globalObject, scope, "expected options to be a object"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } +} + +static char* bignum_to_string(const BIGNUM* bn) +{ + char *tmp, *ret; + size_t len; + + // Display large numbers in hex and small numbers in decimal. Converting to + // decimal takes quadratic time and is no more useful than hex for large + // numbers. + if (BN_num_bits(bn) < 32) { + return BN_bn2dec(bn); + } + + tmp = BN_bn2hex(bn); + if (tmp == NULL) { + return NULL; + } + + len = strlen(tmp) + 3; + ret = (char*)OPENSSL_malloc(len); + if (ret == NULL) { + OPENSSL_free(tmp); + return NULL; + } + + // Prepend "0x", but place it after the "-" if negative. + if (tmp[0] == '-') { + OPENSSL_strlcpy(ret, "-0x", len); + OPENSSL_strlcat(ret, tmp + 1, len); + } else { + OPENSSL_strlcpy(ret, "0x", len); + OPENSSL_strlcat(ret, tmp, len); + } + OPENSSL_free(tmp); + return ret; +} + +JSC::EncodedJSValue KeyObject_AsymmetricKeyDetails(JSC::JSGlobalObject* lexicalGlobalObject, JSC::CallFrame* callFrame) +{ + + if (auto* key = jsDynamicCast<JSCryptoKey*>(callFrame->argument(0))) { + auto id = key->wrapped().algorithmIdentifier(); + auto& vm = lexicalGlobalObject->vm(); + switch (id) { + case CryptoAlgorithmIdentifier::RSAES_PKCS1_v1_5: + case CryptoAlgorithmIdentifier::RSASSA_PKCS1_v1_5: + case CryptoAlgorithmIdentifier::RSA_OAEP: + case CryptoAlgorithmIdentifier::RSA_PSS: { + auto* obj = JSC::constructEmptyObject(lexicalGlobalObject); + + auto& wrapped = key->wrapped(); + const auto& rsa = downcast<WebCore::CryptoKeyRSA>(wrapped); + auto* platformKey = rsa.platformKey(); + const BIGNUM* e; // Public Exponent + const BIGNUM* n; // Modulus + const RSA* rsa_key = EVP_PKEY_get0_RSA(platformKey); + if (rsa_key == nullptr) { + return JSValue::encode(JSC::jsUndefined()); + } + + RSA_get0_key(rsa_key, &n, &e, nullptr); + + auto modulus_length = BN_num_bits(n); + obj->putDirect(vm, JSC::PropertyName(JSC::Identifier::fromString(vm, "modulusLength"_s)), jsNumber(modulus_length), 0); + + auto str = bignum_to_string(e); + obj->putDirect(vm, JSC::PropertyName(JSC::Identifier::fromString(vm, "publicExponent"_s)), JSC::JSBigInt::stringToBigInt(lexicalGlobalObject, StringView::fromLatin1(str)), 0); + OPENSSL_free(str); + + if (id == CryptoAlgorithmIdentifier::RSA_PSS) { + // Due to the way ASN.1 encoding works, default values are omitted when + // encoding the data structure. However, there are also RSA-PSS keys for + // which no parameters are set. In that case, the ASN.1 RSASSA-PSS-params + // sequence will be missing entirely and RSA_get0_pss_params will return + // nullptr. If parameters are present but all parameters are set to their + // default values, an empty sequence will be stored in the ASN.1 structure. + // In that case, RSA_get0_pss_params does not return nullptr but all fields + // of the returned RSA_PSS_PARAMS will be set to nullptr. + + auto* params = RSA_get0_pss_params(rsa_key); + if (params != nullptr) { + int hash_nid = NID_sha1; + int mgf_nid = NID_mgf1; + int mgf1_hash_nid = NID_sha1; + int64_t salt_length = 20; + + if (params->hashAlgorithm != nullptr) { + hash_nid = OBJ_obj2nid(params->hashAlgorithm->algorithm); + } + auto* hash_srt = OBJ_nid2ln(hash_nid); + obj->putDirect(vm, JSC::PropertyName(JSC::Identifier::fromString(vm, "hashAlgorithm"_s)), Bun::toJS(lexicalGlobalObject, Bun::toString(hash_srt, strlen(hash_srt))), 0); + if (params->maskGenAlgorithm != nullptr) { + mgf_nid = OBJ_obj2nid(params->maskGenAlgorithm->algorithm); + if (mgf_nid == NID_mgf1) { + mgf1_hash_nid = OBJ_obj2nid(params->maskHash->algorithm); + } + } + + // If, for some reason, the MGF is not MGF1, then the MGF1 hash function + // is intentionally not added to the object. + if (mgf_nid == NID_mgf1) { + auto* mgf1_hash_srt = OBJ_nid2ln(mgf1_hash_nid); + obj->putDirect(vm, JSC::PropertyName(JSC::Identifier::fromString(vm, "mgf1HashAlgorithm"_s)), Bun::toJS(lexicalGlobalObject, Bun::toString(mgf1_hash_srt, strlen(mgf1_hash_srt))), 0); + } + + if (params->saltLength != nullptr) { + if (ASN1_INTEGER_get_int64(&salt_length, params->saltLength) != 1) { + auto scope = DECLARE_THROW_SCOPE(vm); + throwException(lexicalGlobalObject, scope, createTypeError(lexicalGlobalObject, "Failed to get saltLenght"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + } + obj->putDirect(vm, JSC::PropertyName(JSC::Identifier::fromString(vm, "saltLength"_s)), jsNumber(salt_length), 0); + } + } + return JSC::JSValue::encode(obj); + } + case CryptoAlgorithmIdentifier::ECDSA: + case CryptoAlgorithmIdentifier::ECDH: { + auto* obj = JSC::constructEmptyObject(lexicalGlobalObject, lexicalGlobalObject->objectPrototype(), 1); + + auto& wrapped = key->wrapped(); + const auto& ec = downcast<WebCore::CryptoKeyEC>(wrapped); + static const NeverDestroyed<String> values[] = { + MAKE_STATIC_STRING_IMPL("prime256v1"), + MAKE_STATIC_STRING_IMPL("secp384r1"), + MAKE_STATIC_STRING_IMPL("secp521r1"), + }; + + WTF::String named_curve; + switch (ec.namedCurve()) { + case CryptoKeyEC::NamedCurve::P256: + named_curve = values[0]; + break; + case CryptoKeyEC::NamedCurve::P384: + named_curve = values[1]; + break; + case CryptoKeyEC::NamedCurve::P521: + named_curve = values[2]; + break; + default: + ASSERT_NOT_REACHED(); + named_curve = WTF::emptyString(); + } + + obj->putDirect(vm, JSC::PropertyName(JSC::Identifier::fromString(vm, "namedCurve"_s)), JSC::jsString(vm, named_curve), 0); + return JSC::JSValue::encode(obj); + } + case CryptoAlgorithmIdentifier::Ed25519: { + auto* obj = JSC::constructEmptyObject(lexicalGlobalObject, lexicalGlobalObject->objectPrototype(), 1); + auto& wrapped = key->wrapped(); + const auto& okp = downcast<WebCore::CryptoKeyOKP>(wrapped); + obj->putDirect(vm, JSC::PropertyName(JSC::Identifier::fromString(vm, "namedCurve"_s)), JSC::jsString(vm, okp.namedCurveString()), 0); + return JSC::JSValue::encode(obj); + } + default: + return JSC::JSValue::encode(JSC::jsUndefined()); + } + } + return JSC::JSValue::encode(JSC::jsUndefined()); +} + +JSC::EncodedJSValue KeyObject__generateKeyPairSync(JSC::JSGlobalObject* lexicalGlobalObject, JSC::CallFrame* callFrame) +{ + auto count = callFrame->argumentCount(); + auto& vm = lexicalGlobalObject->vm(); + auto scope = DECLARE_THROW_SCOPE(vm); + + if (count < 1) { + JSC::throwTypeError(lexicalGlobalObject, scope, "generateKeyPairSync requires 1 arguments"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + + auto type = callFrame->argument(0); + if (type.isUndefinedOrNull() || type.isEmpty() || !type.isString()) { + JSC::throwTypeError(lexicalGlobalObject, scope, "type is expected to be a string"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + auto type_str = type.toWTFString(lexicalGlobalObject); + RETURN_IF_EXCEPTION(scope, encodedJSValue()); + + Zig::GlobalObject* zigGlobalObject = reinterpret_cast<Zig::GlobalObject*>(lexicalGlobalObject); + auto* structure = zigGlobalObject->JSCryptoKeyStructure(); + // TODO: rsa-pss + if (type_str == "rsa"_s) { + if (count == 1) { + JSC::throwTypeError(lexicalGlobalObject, scope, "options.modulusLength are required for rsa"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + auto* options = jsDynamicCast<JSC::JSObject*>(callFrame->argument(1)); + if (options == nullptr) { + JSC::throwTypeError(lexicalGlobalObject, scope, "options is expected to be a object"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + auto modulusLengthJS = options->getIfPropertyExists(lexicalGlobalObject, PropertyName(Identifier::fromString(vm, "modulusLength"_s))); + if (!modulusLengthJS.isNumber()) { + JSC::throwTypeError(lexicalGlobalObject, scope, "options.modulusLength is expected to be a number"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + auto publicExponentJS = options->getIfPropertyExists(lexicalGlobalObject, PropertyName(Identifier::fromString(vm, "publicExponent"_s))); + uint32_t publicExponent = 0x10001; + if (publicExponentJS.isNumber()) { + publicExponent = publicExponentJS.toUInt32(lexicalGlobalObject); + } else if (!publicExponentJS.isUndefinedOrNull() && !publicExponentJS.isEmpty()) { + JSC::throwTypeError(lexicalGlobalObject, scope, "options.publicExponent is expected to be a number"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + uint8_t publicExponentArray[4]; + publicExponentArray[0] = (uint8_t)(publicExponent >> 24); + publicExponentArray[1] = (uint8_t)(publicExponent >> 16); + publicExponentArray[2] = (uint8_t)(publicExponent >> 8); + publicExponentArray[3] = (uint8_t)publicExponent; + + int modulusLength = modulusLengthJS.toUInt32(lexicalGlobalObject); + auto returnValue = JSC::JSValue {}; + auto keyPairCallback = [&](CryptoKeyPair&& pair) { + pair.publicKey->setUsagesBitmap(pair.publicKey->usagesBitmap() & CryptoKeyUsageVerify); + pair.privateKey->setUsagesBitmap(pair.privateKey->usagesBitmap() & CryptoKeyUsageSign); + + auto obj = JSC::constructEmptyObject(lexicalGlobalObject, lexicalGlobalObject->objectPrototype(), 2); + obj->putDirect(vm, JSC::PropertyName(JSC::Identifier::fromString(vm, "publicKey"_s)), JSCryptoKey::create(structure, zigGlobalObject, pair.publicKey.releaseNonNull()), 0); + obj->putDirect(vm, JSC::PropertyName(JSC::Identifier::fromString(vm, "privateKey"_s)), JSCryptoKey::create(structure, zigGlobalObject, pair.privateKey.releaseNonNull()), 0); + returnValue = obj; + }; + auto failureCallback = [&]() { + throwException(lexicalGlobalObject, scope, createTypeError(lexicalGlobalObject, "Failed to generate key pair"_s)); + }; + // this is actually sync + CryptoKeyRSA::generatePair(CryptoAlgorithmIdentifier::RSA_OAEP, CryptoAlgorithmIdentifier::SHA_1, false, modulusLength, Vector<uint8_t>((uint8_t*)&publicExponentArray, 4), true, CryptoKeyUsageEncrypt | CryptoKeyUsageDecrypt, WTFMove(keyPairCallback), WTFMove(failureCallback), zigGlobalObject->scriptExecutionContext()); + return JSValue::encode(returnValue); + } else if (type_str == "ec"_s) { + if (count == 1) { + JSC::throwTypeError(lexicalGlobalObject, scope, "options.namedCurve is required for ec"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + auto* options = jsDynamicCast<JSC::JSObject*>(callFrame->argument(1)); + if (options == nullptr) { + JSC::throwTypeError(lexicalGlobalObject, scope, "options is expected to be a object"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + auto namedCurveJS = options->getIfPropertyExists(lexicalGlobalObject, PropertyName(Identifier::fromString(vm, "namedCurve"_s))); + if (namedCurveJS.isUndefinedOrNull() || namedCurveJS.isEmpty() || !namedCurveJS.isString()) { + JSC::throwTypeError(lexicalGlobalObject, scope, "namedCurve is expected to be a string"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + auto namedCurve = namedCurveJS.toWTFString(lexicalGlobalObject); + RETURN_IF_EXCEPTION(scope, encodedJSValue()); + if(namedCurve == "P-384"_s || namedCurve == "p384"_s || namedCurve == "secp384r1"_s) { + namedCurve = "P-384"_s; + } else if(namedCurve == "P-256"_s || namedCurve == "p256"_s || namedCurve == "prime256v1"_s) { + namedCurve = "P-256"_s; + } else if(namedCurve == "P-521"_s || namedCurve == "p521"_s || namedCurve == "secp521r1"_s) { + namedCurve = "P-521"_s; + }else { + throwException(lexicalGlobalObject, scope, createTypeError(lexicalGlobalObject, "curve not supported"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + + auto result = CryptoKeyEC::generatePair(CryptoAlgorithmIdentifier::ECDSA, namedCurve, true, CryptoKeyUsageSign | CryptoKeyUsageVerify); + if (result.hasException()) { + WebCore::propagateException(*lexicalGlobalObject, scope, result.releaseException()); + return JSC::JSValue::encode(JSC::JSValue {}); + } + auto pair = result.releaseReturnValue(); + auto obj = JSC::constructEmptyObject(lexicalGlobalObject, lexicalGlobalObject->objectPrototype(), 2); + obj->putDirect(vm, JSC::PropertyName(JSC::Identifier::fromString(vm, "publicKey"_s)), JSCryptoKey::create(structure, zigGlobalObject, pair.publicKey.releaseNonNull()), 0); + obj->putDirect(vm, JSC::PropertyName(JSC::Identifier::fromString(vm, "privateKey"_s)), JSCryptoKey::create(structure, zigGlobalObject, pair.privateKey.releaseNonNull()), 0); + return JSValue::encode(obj); + } else if (type_str == "ed25519"_s) { + auto result = CryptoKeyOKP::generatePair(CryptoAlgorithmIdentifier::Ed25519, CryptoKeyOKP::NamedCurve::Ed25519, true, CryptoKeyUsageSign | CryptoKeyUsageVerify); + if (result.hasException()) { + WebCore::propagateException(*lexicalGlobalObject, scope, result.releaseException()); + return JSC::JSValue::encode(JSC::JSValue {}); + } + auto pair = result.releaseReturnValue(); + auto obj = JSC::constructEmptyObject(lexicalGlobalObject, lexicalGlobalObject->objectPrototype(), 2); + obj->putDirect(vm, JSC::PropertyName(JSC::Identifier::fromString(vm, "publicKey"_s)), JSCryptoKey::create(structure, zigGlobalObject, pair.publicKey.releaseNonNull()), 0); + obj->putDirect(vm, JSC::PropertyName(JSC::Identifier::fromString(vm, "privateKey"_s)), JSCryptoKey::create(structure, zigGlobalObject, pair.privateKey.releaseNonNull()), 0); + return JSValue::encode(obj); + } else if (type_str == "x25519"_s) { + auto result = CryptoKeyOKP::generatePair(CryptoAlgorithmIdentifier::Ed25519, CryptoKeyOKP::NamedCurve::X25519, true, CryptoKeyUsageSign | CryptoKeyUsageVerify); + if (result.hasException()) { + WebCore::propagateException(*lexicalGlobalObject, scope, result.releaseException()); + return JSC::JSValue::encode(JSC::JSValue {}); + } + auto pair = result.releaseReturnValue(); + auto obj = JSC::constructEmptyObject(lexicalGlobalObject, lexicalGlobalObject->objectPrototype(), 2); + obj->putDirect(vm, JSC::PropertyName(JSC::Identifier::fromString(vm, "publicKey"_s)), JSCryptoKey::create(structure, zigGlobalObject, pair.publicKey.releaseNonNull()), 0); + obj->putDirect(vm, JSC::PropertyName(JSC::Identifier::fromString(vm, "privateKey"_s)), JSCryptoKey::create(structure, zigGlobalObject, pair.privateKey.releaseNonNull()), 0); + return JSValue::encode(obj); + } else { + throwException(lexicalGlobalObject, scope, createTypeError(lexicalGlobalObject, "algorithm should be 'rsa', 'ec', 'x25519' or 'ed25519'"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + return JSValue::encode(JSC::jsUndefined()); +} +JSC::EncodedJSValue KeyObject__generateKeySync(JSC::JSGlobalObject* lexicalGlobalObject, JSC::CallFrame* callFrame) +{ + auto count = callFrame->argumentCount(); + auto& vm = lexicalGlobalObject->vm(); + auto scope = DECLARE_THROW_SCOPE(vm); + if (count < 2) { + JSC::throwTypeError(lexicalGlobalObject, scope, "generateKeySync requires 2 arguments"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + + auto type = callFrame->argument(0); + if (type.isUndefinedOrNull() || type.isEmpty() || !type.isString()) { + JSC::throwTypeError(lexicalGlobalObject, scope, "type is expected to be a string"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + + auto type_str = type.toWTFString(lexicalGlobalObject); + RETURN_IF_EXCEPTION(scope, encodedJSValue()); + + if (type_str == "hmac"_s) { + Zig::GlobalObject* zigGlobalObject = reinterpret_cast<Zig::GlobalObject*>(lexicalGlobalObject); + auto* structure = zigGlobalObject->JSCryptoKeyStructure(); + size_t lengthBits = 0; + auto length = callFrame->argument(1); + if (!length.isNumber()) { + JSC::throwTypeError(lexicalGlobalObject, scope, "length is expected to be a number"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + lengthBits = length.toUInt32(lexicalGlobalObject); + auto result = CryptoKeyHMAC::generate(lengthBits, WebCore::CryptoAlgorithmIdentifier::HMAC, true, CryptoKeyUsageSign | CryptoKeyUsageVerify); + if (UNLIKELY(result == nullptr)) { + throwException(lexicalGlobalObject, scope, createTypeError(lexicalGlobalObject, "Invalid length"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + return JSC::JSValue::encode(JSCryptoKey::create(structure, zigGlobalObject, WTFMove(result.releaseNonNull()))); + } else if (type_str == "aes"_s) { + Zig::GlobalObject* zigGlobalObject = reinterpret_cast<Zig::GlobalObject*>(lexicalGlobalObject); + auto* structure = zigGlobalObject->JSCryptoKeyStructure(); + size_t lengthBits = 0; + if (count > 1) { + auto length = callFrame->argument(1); + if (!length.isNumber()) { + JSC::throwTypeError(lexicalGlobalObject, scope, "length is expected to be a number"_s); + return JSC::JSValue::encode(JSC::JSValue {}); + } + lengthBits = length.toUInt32(lexicalGlobalObject); + } + + auto result = CryptoKeyAES::generate(WebCore::CryptoAlgorithmIdentifier::AES_CBC, lengthBits, true, CryptoKeyUsageSign | CryptoKeyUsageVerify); + if (UNLIKELY(result == nullptr)) { + throwException(lexicalGlobalObject, scope, createTypeError(lexicalGlobalObject, "Invalid length"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + return JSC::JSValue::encode(JSCryptoKey::create(structure, zigGlobalObject, WTFMove(result.releaseNonNull()))); + } else { + throwException(lexicalGlobalObject, scope, createTypeError(lexicalGlobalObject, "algorithm should be 'aes' or 'hmac'"_s)); + return JSValue::encode(JSC::jsUndefined()); + } +} + +JSC::EncodedJSValue KeyObject__AsymmetricKeyType(JSC::JSGlobalObject* lexicalGlobalObject, JSC::CallFrame* callFrame) +{ + static const NeverDestroyed<String> values[] = { + MAKE_STATIC_STRING_IMPL("rsa"), + MAKE_STATIC_STRING_IMPL("rsa-pss"), + MAKE_STATIC_STRING_IMPL("ec"), + MAKE_STATIC_STRING_IMPL("x25519"), + MAKE_STATIC_STRING_IMPL("ed25519"), + }; + + // TODO: Look into DSA and DH + if (auto* key = jsDynamicCast<JSCryptoKey*>(callFrame->argument(0))) { + auto id = key->wrapped().algorithmIdentifier(); + switch (id) { + case CryptoAlgorithmIdentifier::RSAES_PKCS1_v1_5: + case CryptoAlgorithmIdentifier::RSASSA_PKCS1_v1_5: + case CryptoAlgorithmIdentifier::RSA_OAEP: + return JSC::JSValue::encode(JSC::jsStringWithCache(lexicalGlobalObject->vm(), values[0])); + case CryptoAlgorithmIdentifier::RSA_PSS: + return JSC::JSValue::encode(JSC::jsStringWithCache(lexicalGlobalObject->vm(), values[1])); + case CryptoAlgorithmIdentifier::ECDSA: + case CryptoAlgorithmIdentifier::ECDH: + return JSC::JSValue::encode(JSC::jsStringWithCache(lexicalGlobalObject->vm(), values[2])); + case CryptoAlgorithmIdentifier::Ed25519: { + const auto& okpKey = downcast<WebCore::CryptoKeyOKP>(key->wrapped()); + // TODO: CHECK THIS WHEN X488 AND ED448 ARE ADDED + return JSC::JSValue::encode(JSC::jsStringWithCache(lexicalGlobalObject->vm(), String(okpKey.namedCurve() == CryptoKeyOKP::NamedCurve::X25519 ? values[3] : values[4]))); + } + default: + return JSC::JSValue::encode(JSC::jsUndefined()); + } + } + return JSC::JSValue::encode(JSC::jsUndefined()); +} + +static Vector<uint8_t> GetRawKeyFromSecret(WebCore::CryptoKey& key) +{ + auto id = key.keyClass(); + switch (id) { + case CryptoKeyClass::HMAC: { + const auto& hmac = downcast<WebCore::CryptoKeyHMAC>(key); + return hmac.key(); + } + case CryptoKeyClass::AES: { + const auto& aes = downcast<WebCore::CryptoKeyAES>(key); + return aes.key(); + } + case CryptoKeyClass::Raw: { + const auto& raw = downcast<WebCore::CryptoKeyRaw>(key); + return raw.key(); + } + default: { + Vector<uint8_t> empty; + return empty; + } + } +} +static AsymmetricKeyValue GetInternalAsymmetricKey(WebCore::CryptoKey& key) +{ + auto id = key.algorithmIdentifier(); + switch (id) { + case CryptoAlgorithmIdentifier::RSAES_PKCS1_v1_5: + case CryptoAlgorithmIdentifier::RSASSA_PKCS1_v1_5: + case CryptoAlgorithmIdentifier::RSA_OAEP: + case CryptoAlgorithmIdentifier::RSA_PSS: + return (AsymmetricKeyValue) { .key = downcast<WebCore::CryptoKeyRSA>(key).platformKey(), .owned = false }; + case CryptoAlgorithmIdentifier::ECDSA: + case CryptoAlgorithmIdentifier::ECDH: + return (AsymmetricKeyValue) { .key = downcast<WebCore::CryptoKeyEC>(key).platformKey(), .owned = false }; + case CryptoAlgorithmIdentifier::Ed25519: { + const auto& okpKey = downcast<WebCore::CryptoKeyOKP>(key); + auto keyData = okpKey.exportKey(); + if (okpKey.type() == CryptoKeyType::Private) { + auto* evp_key = EVP_PKEY_new_raw_private_key(okpKey.namedCurve() == CryptoKeyOKP::NamedCurve::X25519 ? EVP_PKEY_X25519 : EVP_PKEY_ED25519, nullptr, keyData.data(), keyData.size()); + return (AsymmetricKeyValue) { .key = evp_key, .owned = true }; + } else { + auto* evp_key = EVP_PKEY_new_raw_public_key(okpKey.namedCurve() == CryptoKeyOKP::NamedCurve::X25519 ? EVP_PKEY_X25519 : EVP_PKEY_ED25519, nullptr, keyData.data(), keyData.size()); + return (AsymmetricKeyValue) { .key = evp_key, .owned = true }; + } + } + default: + return (AsymmetricKeyValue) { .key = NULL, .owned = false }; + } +} + +JSC::EncodedJSValue KeyObject__Equals(JSC::JSGlobalObject* lexicalGlobalObject, JSC::CallFrame* callFrame) +{ + if (auto* key = jsDynamicCast<JSCryptoKey*>(callFrame->argument(0))) { + if (auto* key2 = jsDynamicCast<JSCryptoKey*>(callFrame->argument(1))) { + auto& wrapped = key->wrapped(); + auto& wrapped2 = key2->wrapped(); + auto key_type = wrapped.type(); + auto key_class = wrapped.keyClass(); + if (key_type != wrapped2.type()) { + return JSC::JSValue::encode(jsBoolean(false)); + } + + if (key_type == CryptoKeyType::Secret) { + auto keyData = GetRawKeyFromSecret(wrapped); + auto keyData2 = GetRawKeyFromSecret(wrapped2); + auto size = keyData.size(); + + if (size != keyData2.size()) { + return JSC::JSValue::encode(jsBoolean(false)); + } + return JSC::JSValue::encode(jsBoolean(CRYPTO_memcmp(keyData.data(), keyData2.data(), size) == 0)); + } + auto evp_key = GetInternalAsymmetricKey(wrapped); + auto evp_key2 = GetInternalAsymmetricKey(wrapped2); + + int ok = !evp_key.key || !evp_key2.key ? -2 : EVP_PKEY_cmp(evp_key.key, evp_key2.key); + + if (evp_key.key && evp_key.owned) { + EVP_PKEY_free(evp_key.key); + } + if (evp_key2.key && evp_key2.owned) { + EVP_PKEY_free(evp_key2.key); + } + if (ok == -2) { + auto& vm = lexicalGlobalObject->vm(); + auto scope = DECLARE_THROW_SCOPE(vm); + throwException(lexicalGlobalObject, scope, createTypeError(lexicalGlobalObject, "ERR_CRYPTO_UNSUPPORTED_OPERATION"_s)); + return JSValue::encode(JSC::jsUndefined()); + } + return JSC::JSValue::encode(jsBoolean(ok == 1)); + } + } + return JSC::JSValue::encode(jsBoolean(false)); +} + +JSC::EncodedJSValue KeyObject__SymmetricKeySize(JSC::JSGlobalObject* globalObject, JSC::CallFrame* callFrame) +{ + if (auto* key = jsDynamicCast<JSCryptoKey*>(callFrame->argument(0))) { + auto& wrapped = key->wrapped(); + auto id = wrapped.keyClass(); + size_t size = 0; + switch (id) { + case CryptoKeyClass::HMAC: { + const auto& hmac = downcast<WebCore::CryptoKeyHMAC>(wrapped); + auto keyData = hmac.key(); + size = keyData.size(); + break; + } + case CryptoKeyClass::AES: { + const auto& aes = downcast<WebCore::CryptoKeyAES>(wrapped); + auto keyData = aes.key(); + size = keyData.size(); + break; + } + case CryptoKeyClass::Raw: { + const auto& raw = downcast<WebCore::CryptoKeyRaw>(wrapped); + auto keyData = raw.key(); + size = keyData.size(); + break; + } + default: { + return JSC::JSValue::encode(JSC::jsUndefined()); + } + } + + if (!size) { + return JSC::JSValue::encode(JSC::jsUndefined()); + } + + return JSC::JSValue::encode(JSC::jsNumber(size)); + } + + return JSC::JSValue::encode(JSC::jsUndefined()); +} + +}
\ No newline at end of file |