fixup! implement a subset of "Modern Algorithms in the Web Cryptography API"

panva · panva · commit deabcf7ba201 · 2026-03-26T09:15:48.000+01:00
diff --git a/src/workerd/api/crypto/chacha20.c++ b/src/workerd/api/crypto/chacha20.c++
@@ -136,7 +136,7 @@ class ChaCha20Poly1305Key final: public CryptoKey::Impl {
   }
 
   kj::StringPtr jsgGetMemoryName() const override {
-    return "ChaCha20Poly1305Key"_kjc;
+    return "ChaCha20Poly1305Key";
   }
   size_t jsgGetMemorySelfSize() const override {
     return sizeof(ChaCha20Poly1305Key);
diff --git a/src/workerd/api/crypto/crypto.h b/src/workerd/api/crypto/crypto.h
@@ -727,6 +727,28 @@ class SubtleCrypto: public jsg::Object {
               plainText: ArrayBuffer | ArrayBufferView)
               : Promise<ArrayBuffer>;
       exportKey(format: string, key: CryptoKey) : Promise<ArrayBuffer | JsonWebKey>;
+      encapsulateKey(encapsulationAlgorithm: string | SubtleCryptoImportKeyAlgorithm,
+                     encapsulationKey: CryptoKey,
+                     sharedKeyAlgorithm: string | SubtleCryptoImportKeyAlgorithm,
+                     extractable: boolean,
+                     keyUsages: string[])
+                     : Promise<SubtleCryptoEncapsulatedKey>;
+      encapsulateBits(encapsulationAlgorithm: string | SubtleCryptoImportKeyAlgorithm,
+                      encapsulationKey: CryptoKey)
+                      : Promise<SubtleCryptoEncapsulatedBits>;
+      decapsulateKey(decapsulationAlgorithm: string | SubtleCryptoImportKeyAlgorithm,
+                     decapsulationKey: CryptoKey,
+                     ciphertext: ArrayBuffer | ArrayBufferView,
+                     sharedKeyAlgorithm: string | SubtleCryptoImportKeyAlgorithm,
+                     extractable: boolean,
+                     keyUsages: string[])
+                     : Promise<CryptoKey>;
+      decapsulateBits(decapsulationAlgorithm: string | SubtleCryptoImportKeyAlgorithm,
+                      decapsulationKey: CryptoKey,
+                      ciphertext: ArrayBuffer | ArrayBufferView)
+                      : Promise<ArrayBuffer>;
+      getPublicKey(key: CryptoKey, keyUsages: string[])
+                   : Promise<CryptoKey>;
     });
   }
 };
diff --git a/src/workerd/api/crypto/mldsa.c++ b/src/workerd/api/crypto/mldsa.c++
@@ -153,6 +153,8 @@ std::pair<const uint8_t*, size_t> getContext(
     auto ctxData = ctx.getHandle(js).asArrayPtr();
     return {ctxData.begin(), ctxData.size()};
   }
+  // BoringSSL treats (nullptr, 0) as an empty context, equivalent to a zero-length byte string
+  // per FIPS 204 §5.2.
   return {nullptr, 0};
 }
 
@@ -185,6 +187,12 @@ class MlDsaKey final: public CryptoKey::Impl {
         publicKey(kj::mv(publicKey)),
         publicKeyBytes(kj::mv(publicKeyBytes)) {}
 
+  ~MlDsaKey() noexcept(false) {
+    KJ_IF_SOME(s, seed) {
+      OPENSSL_cleanse(s.begin(), s.size());
+    }
+  }
+
   jsg::JsArrayBuffer sign(jsg::Lock& js,
       SubtleCrypto::SignAlgorithm&& algorithm,
       kj::ArrayPtr<const kj::byte> data) const override {
@@ -275,6 +283,12 @@ class MlDsaKey final: public CryptoKey::Impl {
   size_t jsgGetMemorySelfSize() const override {
     return sizeof(MlDsaKey<P>);
   }
+  void jsgGetMemoryInfo(jsg::MemoryTracker& tracker) const override {
+    tracker.trackFieldWithSize("publicKeyBytes", publicKeyBytes.size());
+    KJ_IF_SOME(s, seed) {
+      tracker.trackFieldWithSize("seed", s.size());
+    }
+  }
 
   kj::Own<CryptoKey::Impl> getPublicKey(jsg::Lock& js, CryptoKeyUsageSet usages) const override {
     JSG_REQUIRE(
@@ -598,31 +612,31 @@ class MlDsaKey final: public CryptoKey::Impl {
     auto oid = getOid<P>();
 
     // Manually build the SPKI
-    bssl::ScopedCBB cbb2;
-    CBB spki2, algId2, oidCbb, bitString;
-    JSG_REQUIRE(CBB_init(cbb2.get(), P::PUBLIC_KEY_BYTES + 64), InternalDOMOperationError,
+    bssl::ScopedCBB cbb;
+    CBB spki, algId, oidCbb, bitString;
+    JSG_REQUIRE(CBB_init(cbb.get(), P::PUBLIC_KEY_BYTES + 64), InternalDOMOperationError,
         "Failed to init SPKI CBB.");
-    JSG_REQUIRE(CBB_add_asn1(cbb2.get(), &spki2, CBS_ASN1_SEQUENCE), InternalDOMOperationError,
+    JSG_REQUIRE(CBB_add_asn1(cbb.get(), &spki, CBS_ASN1_SEQUENCE), InternalDOMOperationError,
         "Failed to add SPKI SEQUENCE.");
-    JSG_REQUIRE(CBB_add_asn1(&spki2, &algId2, CBS_ASN1_SEQUENCE), InternalDOMOperationError,
+    JSG_REQUIRE(CBB_add_asn1(&spki, &algId, CBS_ASN1_SEQUENCE), InternalDOMOperationError,
         "Failed to add AlgorithmIdentifier SEQUENCE.");
-    JSG_REQUIRE(CBB_add_asn1(&algId2, &oidCbb, CBS_ASN1_OBJECT), InternalDOMOperationError,
+    JSG_REQUIRE(CBB_add_asn1(&algId, &oidCbb, CBS_ASN1_OBJECT), InternalDOMOperationError,
         "Failed to add OID.");
     JSG_REQUIRE(CBB_add_bytes(&oidCbb, oid.begin(), oid.size()), InternalDOMOperationError,
         "Failed to add OID bytes.");
     JSG_REQUIRE(
-        CBB_flush(&algId2), InternalDOMOperationError, "Failed to flush AlgorithmIdentifier.");
-    JSG_REQUIRE(CBB_add_asn1(&spki2, &bitString, CBS_ASN1_BITSTRING), InternalDOMOperationError,
+        CBB_flush(&algId), InternalDOMOperationError, "Failed to flush AlgorithmIdentifier.");
+    JSG_REQUIRE(CBB_add_asn1(&spki, &bitString, CBS_ASN1_BITSTRING), InternalDOMOperationError,
         "Failed to add BIT STRING.");
     JSG_REQUIRE(
         CBB_add_u8(&bitString, 0), InternalDOMOperationError, "Failed to add unused bits byte.");
     JSG_REQUIRE(CBB_add_bytes(&bitString, publicKeyBytes.begin(), publicKeyBytes.size()),
         InternalDOMOperationError, "Failed to add public key bytes.");
-    JSG_REQUIRE(CBB_flush(cbb2.get()), InternalDOMOperationError, "Failed to flush SPKI.");
+    JSG_REQUIRE(CBB_flush(cbb.get()), InternalDOMOperationError, "Failed to flush SPKI.");
 
     uint8_t* der = nullptr;
     size_t derLen;
-    JSG_REQUIRE(CBB_finish(cbb2.get(), &der, &derLen), InternalDOMOperationError,
+    JSG_REQUIRE(CBB_finish(cbb.get(), &der, &derLen), InternalDOMOperationError,
         "Failed to finish SPKI encoding.");
     KJ_DEFER(OPENSSL_free(der));
 
diff --git a/src/workerd/api/crypto/mlkem.c++ b/src/workerd/api/crypto/mlkem.c++
@@ -122,6 +122,12 @@ class MlKemKey final: public CryptoKey::Impl {
         publicKey(kj::mv(publicKey)),
         publicKeyBytes(kj::mv(publicKeyBytes)) {}
 
+  ~MlKemKey() noexcept(false) {
+    KJ_IF_SOME(s, seed) {
+      OPENSSL_cleanse(s.begin(), s.size());
+    }
+  }
+
   std::pair<jsg::JsArrayBuffer, jsg::JsArrayBuffer> encapsulate(jsg::Lock& js) const override {
     JSG_REQUIRE(
         keyType == KeyType::PUBLIC, DOMInvalidAccessError, "Encapsulation requires a public key.");
@@ -209,6 +215,12 @@ class MlKemKey final: public CryptoKey::Impl {
   size_t jsgGetMemorySelfSize() const override {
     return sizeof(MlKemKey<P>);
   }
+  void jsgGetMemoryInfo(jsg::MemoryTracker& tracker) const override {
+    tracker.trackFieldWithSize("publicKeyBytes", publicKeyBytes.size());
+    KJ_IF_SOME(s, seed) {
+      tracker.trackFieldWithSize("seed", s.size());
+    }
+  }
 
   kj::Own<CryptoKey::Impl> getPublicKey(jsg::Lock& js, CryptoKeyUsageSet usages) const override {
     JSG_REQUIRE(
diff --git a/src/wpt/WebCryptoAPI-test.ts b/src/wpt/WebCryptoAPI-test.ts

Original file line number	Diff line number	Diff line change
`@@ -136,7 +136,7 @@ class ChaCha20Poly1305Key final: public CryptoKey::Impl {`
`136`	`136`	`}`
`137`	`137`
`138`	`138`	`kj::StringPtr jsgGetMemoryName() const override {`
`139`		`- return "ChaCha20Poly1305Key"_kjc;`
	`139`	`+ return "ChaCha20Poly1305Key";`
`140`	`140`	`}`
`141`	`141`	`size_t jsgGetMemorySelfSize() const override {`
`142`	`142`	`return sizeof(ChaCha20Poly1305Key);`