details: https://hg.nginx.org/njs/rev/f1432043a6a4
branches:
changeset: 2103:f1432043a6a4
user: Dmitry Volyntsev <xei...@nginx.com>
date: Tue May 02 20:50:57 2023 -0700
description:
WebCrypto: module is rewritten using public API.
diffstat:
external/njs_webcrypto_module.c | 1227 +++++++++++++++++++-------------------
src/njs.h | 20 +
src/njs_iterator.h | 17 -
src/njs_vm.c | 8 +
test/harness/runTsuite.js | 2 +-
5 files changed, 647 insertions(+), 627 deletions(-)
diffs (truncated from 2564 to 1000 lines):
diff -r 18385a4a90ad -r f1432043a6a4 external/njs_webcrypto_module.c
--- a/external/njs_webcrypto_module.c Tue May 02 20:50:55 2023 -0700
+++ b/external/njs_webcrypto_module.c Tue May 02 20:50:57 2023 -0700
@@ -5,7 +5,9 @@
*/
-#include <njs_main.h>
+#include <njs.h>
+#include <njs_assert.h>
+#include <njs_string.h>
#include "njs_openssl.h"
typedef enum {
@@ -126,7 +128,8 @@ static njs_webcrypto_key_format_t njs_ke
static njs_str_t *njs_format_string(njs_webcrypto_key_format_t fmt);
static njs_int_t njs_key_usage(njs_vm_t *vm, njs_value_t *value,
unsigned *mask);
-static njs_int_t njs_key_ops(njs_vm_t *vm, njs_value_t *retval, unsigned mask);
+static njs_int_t njs_key_ops(njs_vm_t *vm, njs_opaque_value_t *retval,
+ unsigned mask);
static njs_webcrypto_algorithm_t *njs_key_algorithm(njs_vm_t *vm,
njs_value_t *value);
static njs_str_t *njs_algorithm_string(njs_webcrypto_algorithm_t *algorithm);
@@ -136,7 +139,7 @@ static const EVP_MD *njs_algorithm_hash_
static njs_int_t njs_algorithm_curve(njs_vm_t *vm, njs_value_t *value,
int *curve);
-static njs_int_t njs_webcrypto_result(njs_vm_t *vm, njs_value_t *result,
+static njs_int_t njs_webcrypto_result(njs_vm_t *vm, njs_opaque_value_t *result,
njs_int_t rc, njs_value_t *retval);
static njs_int_t njs_webcrypto_array_buffer(njs_vm_t *vm, njs_value_t *retval,
u_char *start, size_t length);
@@ -593,23 +596,23 @@ njs_module_t njs_webcrypto_module = {
};
-static const njs_value_t string_alg = njs_string("alg");
-static const njs_value_t string_d = njs_string("d");
-static const njs_value_t string_dp = njs_string("dp");
-static const njs_value_t string_dq = njs_string("dq");
-static const njs_value_t string_e = njs_string("e");
-static const njs_value_t string_k = njs_string("k");
-static const njs_value_t string_n = njs_string("n");
-static const njs_value_t string_p = njs_string("p");
-static const njs_value_t string_q = njs_string("q");
-static const njs_value_t string_qi = njs_string("qi");
-static const njs_value_t string_x = njs_string("x");
-static const njs_value_t string_y = njs_string("y");
-static const njs_value_t string_ext = njs_string("ext");
-static const njs_value_t string_crv = njs_string("crv");
-static const njs_value_t string_kty = njs_string("kty");
-static const njs_value_t key_ops = njs_string("key_ops");
-static const njs_value_t string_length = njs_string("length");
+static const njs_str_t string_alg = njs_str("alg");
+static const njs_str_t string_d = njs_str("d");
+static const njs_str_t string_dp = njs_str("dp");
+static const njs_str_t string_dq = njs_str("dq");
+static const njs_str_t string_e = njs_str("e");
+static const njs_str_t string_k = njs_str("k");
+static const njs_str_t string_n = njs_str("n");
+static const njs_str_t string_p = njs_str("p");
+static const njs_str_t string_q = njs_str("q");
+static const njs_str_t string_qi = njs_str("qi");
+static const njs_str_t string_x = njs_str("x");
+static const njs_str_t string_y = njs_str("y");
+static const njs_str_t string_ext = njs_str("ext");
+static const njs_str_t string_crv = njs_str("crv");
+static const njs_str_t string_kty = njs_str("kty");
+static const njs_str_t key_ops = njs_str("key_ops");
+static const njs_str_t string_length = njs_str("length");
static njs_int_t njs_webcrypto_crypto_key_proto_id;
@@ -622,7 +625,8 @@ njs_ext_cipher(njs_vm_t *vm, njs_value_t
unsigned mask;
njs_int_t ret;
njs_str_t data;
- njs_value_t *options, value;
+ njs_value_t *options;
+ njs_opaque_value_t result;
njs_webcrypto_key_t *key;
njs_webcrypto_algorithm_t *alg;
@@ -635,22 +639,22 @@ njs_ext_cipher(njs_vm_t *vm, njs_value_t
key = njs_vm_external(vm, njs_webcrypto_crypto_key_proto_id,
njs_arg(args, nargs, 2));
if (njs_slow_path(key == NULL)) {
- njs_type_error(vm, "\"key\" is not a CryptoKey object");
+ njs_vm_error(vm, "\"key\" is not a CryptoKey object");
goto fail;
}
mask = encrypt ? NJS_KEY_USAGE_ENCRYPT : NJS_KEY_USAGE_DECRYPT;
if (njs_slow_path(!(key->usage & mask))) {
- njs_type_error(vm, "provide key does not support %s operation",
- encrypt ? "encrypt" : "decrypt");
+ njs_vm_error(vm, "provide key does not support %s operation",
+ encrypt ? "encrypt" : "decrypt");
goto fail;
}
if (njs_slow_path(key->alg != alg)) {
- njs_type_error(vm, "cannot %s using \"%V\" with \"%V\" key",
- encrypt ? "encrypt" : "decrypt",
- njs_algorithm_string(key->alg),
- njs_algorithm_string(alg));
+ njs_vm_error(vm, "cannot %s using \"%V\" with \"%V\" key",
+ encrypt ? "encrypt" : "decrypt",
+ njs_algorithm_string(key->alg),
+ njs_algorithm_string(alg));
goto fail;
}
@@ -661,23 +665,26 @@ njs_ext_cipher(njs_vm_t *vm, njs_value_t
switch (alg->type) {
case NJS_ALGORITHM_RSA_OAEP:
- ret = njs_cipher_pkey(vm, &data, key, encrypt, &value);
+ ret = njs_cipher_pkey(vm, &data, key, encrypt, njs_value_arg(&result));
break;
case NJS_ALGORITHM_AES_GCM:
- ret = njs_cipher_aes_gcm(vm, &data, key, options, encrypt, &value);
+ ret = njs_cipher_aes_gcm(vm, &data, key, options, encrypt,
+ njs_value_arg(&result));
break;
case NJS_ALGORITHM_AES_CTR:
- ret = njs_cipher_aes_ctr(vm, &data, key, options, encrypt, &value);
+ ret = njs_cipher_aes_ctr(vm, &data, key, options, encrypt,
+ njs_value_arg(&result));
break;
case NJS_ALGORITHM_AES_CBC:
default:
- ret = njs_cipher_aes_cbc(vm, &data, key, options, encrypt, &value);
- }
-
- return njs_webcrypto_result(vm, &value, ret, retval);
+ ret = njs_cipher_aes_cbc(vm, &data, key, options, encrypt,
+ njs_value_arg(&result));
+ }
+
+ return njs_webcrypto_result(vm, &result, ret, retval);
fail:
@@ -736,7 +743,7 @@ njs_cipher_pkey(njs_vm_t *vm, njs_str_t
dst = njs_mp_alloc(njs_vm_memory_pool(vm), outlen);
if (njs_slow_path(dst == NULL)) {
- njs_memory_error(vm);
+ njs_vm_memory_error(vm);
ret = NJS_ERROR;
goto fail;
}
@@ -763,18 +770,19 @@ static njs_int_t
njs_cipher_aes_gcm(njs_vm_t *vm, njs_str_t *data, njs_webcrypto_key_t *key,
njs_value_t *options, njs_bool_t encrypt, njs_value_t *retval)
{
- int len, outlen, dstlen;
- u_char *dst, *p;
- int64_t taglen;
- njs_str_t iv, aad;
- njs_int_t ret;
- njs_value_t value;
- EVP_CIPHER_CTX *ctx;
- const EVP_CIPHER *cipher;
-
- static const njs_value_t string_iv = njs_string("iv");
- static const njs_value_t string_ad = njs_string("additionalData");
- static const njs_value_t string_tl = njs_string("tagLength");
+ int len, outlen, dstlen;
+ u_char *dst, *p;
+ int64_t taglen;
+ njs_str_t iv, aad;
+ njs_int_t ret;
+ njs_value_t *value;
+ EVP_CIPHER_CTX *ctx;
+ const EVP_CIPHER *cipher;
+ njs_opaque_value_t lvalue;
+
+ static const njs_str_t string_iv = njs_str("iv");
+ static const njs_str_t string_ad = njs_str("additionalData");
+ static const njs_str_t string_tl = njs_str("tagLength");
switch (key->raw.length) {
case 16:
@@ -790,33 +798,26 @@ njs_cipher_aes_gcm(njs_vm_t *vm, njs_str
break;
default:
- njs_type_error(vm, "AES-GCM Invalid key length");
+ njs_vm_error(vm, "AES-GCM Invalid key length");
return NJS_ERROR;
}
- ret = njs_value_property(vm, options, njs_value_arg(&string_iv), &value);
- if (njs_slow_path(ret != NJS_OK)) {
- if (ret == NJS_DECLINED) {
- njs_type_error(vm, "AES-GCM algorithm.iv is not provided");
- }
-
+ value = njs_vm_object_prop(vm, options, &string_iv, &lvalue);
+ if (value == NULL) {
+ njs_vm_error(vm, "AES-GCM algorithm.iv is not provided");
return NJS_ERROR;
}
- ret = njs_vm_value_to_bytes(vm, &iv, &value);
+ ret = njs_vm_value_to_bytes(vm, &iv, njs_value_arg(&lvalue));
if (njs_slow_path(ret != NJS_OK)) {
return NJS_ERROR;
}
taglen = 128;
- ret = njs_value_property(vm, options, njs_value_arg(&string_tl), &value);
- if (njs_slow_path(ret == NJS_ERROR)) {
- return NJS_ERROR;
- }
-
- if (njs_is_defined(&value)) {
- ret = njs_value_to_integer(vm, &value, &taglen);
+ value = njs_vm_object_prop(vm, options, &string_tl, &lvalue);
+ if (value != NULL && !njs_value_is_undefined(value)) {
+ ret = njs_value_to_integer(vm, value, &taglen);
if (njs_slow_path(ret != NJS_OK)) {
return NJS_ERROR;
}
@@ -830,14 +831,14 @@ njs_cipher_aes_gcm(njs_vm_t *vm, njs_str
&& taglen != 120
&& taglen != 128))
{
- njs_type_error(vm, "AES-GCM Invalid tagLength");
+ njs_vm_error(vm, "AES-GCM Invalid tagLength");
return NJS_ERROR;
}
taglen /= 8;
if (njs_slow_path(!encrypt && (data->length < (size_t) taglen))) {
- njs_type_error(vm, "AES-GCM data is too short");
+ njs_vm_error(vm, "AES-GCM data is too short");
return NJS_ERROR;
}
@@ -881,15 +882,11 @@ njs_cipher_aes_gcm(njs_vm_t *vm, njs_str
}
}
- ret = njs_value_property(vm, options, njs_value_arg(&string_ad), &value);
- if (njs_slow_path(ret == NJS_ERROR)) {
- return NJS_ERROR;
- }
-
aad.length = 0;
- if (njs_is_defined(&value)) {
- ret = njs_vm_value_to_bytes(vm, &aad, &value);
+ value = njs_vm_object_prop(vm, options, &string_ad, &lvalue);
+ if (value != NULL && !njs_value_is_undefined(value)) {
+ ret = njs_vm_value_to_bytes(vm, &aad, value);
if (njs_slow_path(ret != NJS_OK)) {
return NJS_ERROR;
}
@@ -908,7 +905,7 @@ njs_cipher_aes_gcm(njs_vm_t *vm, njs_str
dstlen = data->length + EVP_CIPHER_CTX_block_size(ctx) + taglen;
dst = njs_mp_alloc(njs_vm_memory_pool(vm), dstlen);
if (njs_slow_path(dst == NULL)) {
- njs_memory_error(vm);
+ njs_vm_memory_error(vm);
return NJS_ERROR;
}
@@ -1064,18 +1061,19 @@ static njs_int_t
njs_cipher_aes_ctr(njs_vm_t *vm, njs_str_t *data, njs_webcrypto_key_t *key,
njs_value_t *options, njs_bool_t encrypt, njs_value_t *retval)
{
- int len, len2;
- u_char *dst;
- int64_t length;
- BIGNUM *total, *blocks, *left, *ctr;
- njs_int_t ret;
- njs_str_t iv;
- njs_uint_t size1;
- njs_value_t value;
- const EVP_CIPHER *cipher;
- u_char iv2[16];
-
- static const njs_value_t string_counter = njs_string("counter");
+ int len, len2;
+ u_char *dst;
+ int64_t length;
+ BIGNUM *total, *blocks, *left, *ctr;
+ njs_int_t ret;
+ njs_str_t iv;
+ njs_uint_t size1;
+ njs_value_t *value;
+ const EVP_CIPHER *cipher;
+ njs_opaque_value_t lvalue;
+ u_char iv2[16];
+
+ static const njs_str_t string_counter = njs_str("counter");
switch (key->raw.length) {
case 16:
@@ -1091,48 +1089,39 @@ njs_cipher_aes_ctr(njs_vm_t *vm, njs_str
break;
default:
- njs_type_error(vm, "AES-CTR Invalid key length");
+ njs_vm_error(vm, "AES-CTR Invalid key length");
return NJS_ERROR;
}
- ret = njs_value_property(vm, options, njs_value_arg(&string_counter),
- &value);
- if (njs_slow_path(ret != NJS_OK)) {
- if (ret == NJS_DECLINED) {
- njs_type_error(vm, "AES-CTR algorithm.counter is not provided");
- }
-
+ value = njs_vm_object_prop(vm, options, &string_counter, &lvalue);
+ if (value == NULL) {
+ njs_vm_error(vm, "AES-CTR algorithm.counter is not provided");
return NJS_ERROR;
}
- ret = njs_vm_value_to_bytes(vm, &iv, &value);
+ ret = njs_vm_value_to_bytes(vm, &iv, value);
if (njs_slow_path(ret != NJS_OK)) {
return NJS_ERROR;
}
if (njs_slow_path(iv.length != 16)) {
- njs_type_error(vm, "AES-CTR algorithm.counter must be 16 bytes long");
+ njs_vm_error(vm, "AES-CTR algorithm.counter must be 16 bytes long");
return NJS_ERROR;
}
- ret = njs_value_property(vm, options, njs_value_arg(&string_length),
- &value);
- if (njs_slow_path(ret != NJS_OK)) {
- if (ret == NJS_DECLINED) {
- njs_type_error(vm, "AES-CTR algorithm.length is not provided");
- }
-
+ value = njs_vm_object_prop(vm, options, &string_length, &lvalue);
+ if (value == NULL) {
+ njs_vm_error(vm, "AES-CTR algorithm.length is not provided");
return NJS_ERROR;
}
- ret = njs_value_to_integer(vm, &value, &length);
+ ret = njs_value_to_integer(vm, value, &length);
if (njs_slow_path(ret != NJS_OK)) {
return NJS_ERROR;
}
if (njs_slow_path(length == 0 || length > 128)) {
- njs_type_error(vm, "AES-CTR algorithm.length "
- "must be between 1 and 128");
+ njs_vm_error(vm, "AES-CTR algorithm.length must be between 1 and 128");
return NJS_ERROR;
}
@@ -1175,7 +1164,7 @@ njs_cipher_aes_ctr(njs_vm_t *vm, njs_str
ret = BN_cmp(blocks, total);
if (njs_slow_path(ret > 0)) {
- njs_type_error(vm, "AES-CTR repeated counter");
+ njs_vm_error(vm, "AES-CTR repeated counter");
ret = NJS_ERROR;
goto fail;
}
@@ -1196,7 +1185,7 @@ njs_cipher_aes_ctr(njs_vm_t *vm, njs_str
dst = njs_mp_alloc(njs_vm_memory_pool(vm),
data->length + EVP_MAX_BLOCK_LENGTH);
if (njs_slow_path(dst == NULL)) {
- njs_memory_error(vm);
+ njs_vm_memory_error(vm);
return NJS_ERROR;
}
@@ -1271,16 +1260,17 @@ static njs_int_t
njs_cipher_aes_cbc(njs_vm_t *vm, njs_str_t *data, njs_webcrypto_key_t *key,
njs_value_t *options, njs_bool_t encrypt, njs_value_t *retval)
{
- int olen_max, olen, olen2;
- u_char *dst;
- unsigned remainder;
- njs_str_t iv;
- njs_int_t ret;
- njs_value_t value;
- EVP_CIPHER_CTX *ctx;
- const EVP_CIPHER *cipher;
-
- static const njs_value_t string_iv = njs_string("iv");
+ int olen_max, olen, olen2;
+ u_char *dst;
+ unsigned remainder;
+ njs_str_t iv;
+ njs_int_t ret;
+ njs_value_t *value;
+ EVP_CIPHER_CTX *ctx;
+ const EVP_CIPHER *cipher;
+ njs_opaque_value_t lvalue;
+
+ static const njs_str_t string_iv = njs_str("iv");
switch (key->raw.length) {
case 16:
@@ -1296,26 +1286,23 @@ njs_cipher_aes_cbc(njs_vm_t *vm, njs_str
break;
default:
- njs_type_error(vm, "AES-CBC Invalid key length");
+ njs_vm_error(vm, "AES-CBC Invalid key length");
return NJS_ERROR;
}
- ret = njs_value_property(vm, options, njs_value_arg(&string_iv), &value);
- if (njs_slow_path(ret != NJS_OK)) {
- if (ret == NJS_DECLINED) {
- njs_type_error(vm, "AES-CBC algorithm.iv is not provided");
- }
-
+ value = njs_vm_object_prop(vm, options, &string_iv, &lvalue);
+ if (value == NULL) {
+ njs_vm_error(vm, "AES-CBC algorithm.iv is not provided");
return NJS_ERROR;
}
- ret = njs_vm_value_to_bytes(vm, &iv, &value);
+ ret = njs_vm_value_to_bytes(vm, &iv, value);
if (njs_slow_path(ret != NJS_OK)) {
return NJS_ERROR;
}
if (njs_slow_path(iv.length != 16)) {
- njs_type_error(vm, "AES-CBC algorithm.iv must be 16 bytes long");
+ njs_vm_error(vm, "AES-CBC algorithm.iv must be 16 bytes long");
return NJS_ERROR;
}
@@ -1343,7 +1330,7 @@ njs_cipher_aes_cbc(njs_vm_t *vm, njs_str
dst = njs_mp_alloc(njs_vm_memory_pool(vm), olen_max);
if (njs_slow_path(dst == NULL)) {
- njs_memory_error(vm);
+ njs_vm_memory_error(vm);
ret = NJS_ERROR;
goto fail;
}
@@ -1386,16 +1373,17 @@ njs_ext_derive(njs_vm_t *vm, njs_value_t
unsigned usage, mask;
njs_int_t ret;
njs_str_t salt, info;
- njs_value_t value, *aobject, *dobject;
+ njs_value_t *value, *aobject, *dobject;
const EVP_MD *md;
EVP_PKEY_CTX *pctx;
njs_webcrypto_key_t *key, *dkey;
+ njs_opaque_value_t lvalue;
njs_webcrypto_hash_t hash;
njs_webcrypto_algorithm_t *alg, *dalg;
- static const njs_value_t string_info = njs_string("info");
- static const njs_value_t string_salt = njs_string("salt");
- static const njs_value_t string_iterations = njs_string("iterations");
+ static const njs_str_t string_info = njs_str("info");
+ static const njs_str_t string_salt = njs_str("salt");
+ static const njs_str_t string_iterations = njs_str("iterations");
aobject = njs_arg(args, nargs, 1);
alg = njs_key_algorithm(vm, aobject);
@@ -1406,22 +1394,22 @@ njs_ext_derive(njs_vm_t *vm, njs_value_t
key = njs_vm_external(vm, njs_webcrypto_crypto_key_proto_id,
njs_arg(args, nargs, 2));
if (njs_slow_path(key == NULL)) {
- njs_type_error(vm, "\"baseKey\" is not a CryptoKey object");
+ njs_vm_error(vm, "\"baseKey\" is not a CryptoKey object");
goto fail;
}
mask = derive_key ? NJS_KEY_USAGE_DERIVE_KEY : NJS_KEY_USAGE_DERIVE_BITS;
if (njs_slow_path(!(key->usage & mask))) {
- njs_type_error(vm, "provide key does not support \"%s\" operation",
- derive_key ? "deriveKey" : "deriveBits");
+ njs_vm_error(vm, "provide key does not support \"%s\" operation",
+ derive_key ? "deriveKey" : "deriveBits");
goto fail;
}
if (njs_slow_path(key->alg != alg)) {
- njs_type_error(vm, "cannot derive %s using \"%V\" with \"%V\" key",
- derive_key ? "key" : "bits",
- njs_algorithm_string(key->alg),
- njs_algorithm_string(alg));
+ njs_vm_error(vm, "cannot derive %s using \"%V\" with \"%V\" key",
+ derive_key ? "key" : "bits",
+ njs_algorithm_string(key->alg),
+ njs_algorithm_string(alg));
goto fail;
}
@@ -1433,22 +1421,18 @@ njs_ext_derive(njs_vm_t *vm, njs_value_t
goto fail;
}
- ret = njs_value_property(vm, dobject, njs_value_arg(&string_length),
- &value);
- if (njs_slow_path(ret != NJS_OK)) {
- if (ret == NJS_DECLINED) {
- njs_type_error(vm, "derivedKeyAlgorithm.length "
- "is not provided");
- goto fail;
- }
+ value = njs_vm_object_prop(vm, dobject, &string_length, &lvalue);
+ if (value == NULL) {
+ njs_vm_error(vm, "derivedKeyAlgorithm.length is not provided");
+ goto fail;
}
} else {
dalg = NULL;
- njs_value_assign(&value, dobject);
- }
-
- ret = njs_value_to_integer(vm, &value, &length);
+ value = dobject;
+ }
+
+ ret = njs_value_to_integer(vm, value, &length);
if (njs_slow_path(ret != NJS_OK)) {
goto fail;
}
@@ -1463,16 +1447,16 @@ njs_ext_derive(njs_vm_t *vm, njs_value_t
case NJS_ALGORITHM_AES_CBC:
if (length != 16 && length != 32) {
- njs_type_error(vm, "deriveKey \"%V\" length must be 128 or
256",
- njs_algorithm_string(dalg));
+ njs_vm_error(vm, "deriveKey \"%V\" length must be 128 or 256",
+ njs_algorithm_string(dalg));
goto fail;
}
break;
default:
- njs_internal_error(vm, "not implemented deriveKey: \"%V\"",
- njs_algorithm_string(dalg));
+ njs_vm_error(vm, "not implemented deriveKey: \"%V\"",
+ njs_algorithm_string(dalg));
goto fail;
}
@@ -1482,15 +1466,15 @@ njs_ext_derive(njs_vm_t *vm, njs_value_t
}
if (njs_slow_path(usage & ~dalg->usage)) {
- njs_type_error(vm, "unsupported key usage for \"%V\" key",
- njs_algorithm_string(alg));
+ njs_vm_error(vm, "unsupported key usage for \"%V\" key",
+ njs_algorithm_string(alg));
goto fail;
}
dkey = njs_mp_zalloc(njs_vm_memory_pool(vm),
sizeof(njs_webcrypto_key_t));
if (njs_slow_path(dkey == NULL)) {
- njs_memory_error(vm);
+ njs_vm_memory_error(vm);
goto fail;
}
@@ -1500,7 +1484,7 @@ njs_ext_derive(njs_vm_t *vm, njs_value_t
k = njs_mp_zalloc(njs_vm_memory_pool(vm), length);
if (njs_slow_path(k == NULL)) {
- njs_memory_error(vm);
+ njs_vm_memory_error(vm);
goto fail;
}
@@ -1511,39 +1495,30 @@ njs_ext_derive(njs_vm_t *vm, njs_value_t
goto fail;
}
- ret = njs_value_property(vm, aobject, njs_value_arg(&string_salt),
- &value);
- if (njs_slow_path(ret != NJS_OK)) {
- if (ret == NJS_DECLINED) {
- njs_type_error(vm, "PBKDF2 algorithm.salt is not provided");
- }
-
+ value = njs_vm_object_prop(vm, aobject, &string_salt, &lvalue);
+ if (value == NULL) {
+ njs_vm_error(vm, "PBKDF2 algorithm.salt is not provided");
goto fail;
}
- ret = njs_vm_value_to_bytes(vm, &salt, &value);
+ ret = njs_vm_value_to_bytes(vm, &salt, value);
if (njs_slow_path(ret != NJS_OK)) {
goto fail;
}
if (njs_slow_path(salt.length < 16)) {
- njs_type_error(vm, "PBKDF2 algorithm.salt must be "
- "at least 16 bytes long");
+ njs_vm_error(vm, "PBKDF2 algorithm.salt must be "
+ "at least 16 bytes long");
goto fail;
}
- ret = njs_value_property(vm, aobject,
njs_value_arg(&string_iterations),
- &value);
- if (njs_slow_path(ret != NJS_OK)) {
- if (ret == NJS_DECLINED) {
- njs_type_error(vm, "PBKDF2 algorithm.iterations "
- "is not provided");
- }
-
+ value = njs_vm_object_prop(vm, aobject, &string_iterations, &lvalue);
+ if (value == NULL) {
+ njs_vm_error(vm, "PBKDF2 algorithm.iterations is not provided");
goto fail;
}
- ret = njs_value_to_integer(vm, &value, &iterations);
+ ret = njs_value_to_integer(vm, value, &iterations);
if (njs_slow_path(ret != NJS_OK)) {
goto fail;
}
@@ -1566,32 +1541,24 @@ njs_ext_derive(njs_vm_t *vm, njs_value_t
goto fail;
}
- ret = njs_value_property(vm, aobject, njs_value_arg(&string_salt),
- &value);
- if (njs_slow_path(ret != NJS_OK)) {
- if (ret == NJS_DECLINED) {
- njs_type_error(vm, "HKDF algorithm.salt is not provided");
- }
-
+ value = njs_vm_object_prop(vm, aobject, &string_salt, &lvalue);
+ if (value == NULL) {
+ njs_vm_error(vm, "HKDF algorithm.salt is not provided");
goto fail;
}
- ret = njs_vm_value_to_bytes(vm, &salt, &value);
+ ret = njs_vm_value_to_bytes(vm, &salt, value);
if (njs_slow_path(ret != NJS_OK)) {
goto fail;
}
- ret = njs_value_property(vm, aobject, njs_value_arg(&string_info),
- &value);
- if (njs_slow_path(ret != NJS_OK)) {
- if (ret == NJS_DECLINED) {
- njs_type_error(vm, "HKDF algorithm.info is not provided");
- }
-
+ value = njs_vm_object_prop(vm, aobject, &string_info, &lvalue);
+ if (value == NULL) {
+ njs_vm_error(vm, "HKDF algorithm.info is not provided");
goto fail;
}
- ret = njs_vm_value_to_bytes(vm, &info, &value);
+ ret = njs_vm_value_to_bytes(vm, &info, value);
if (njs_slow_path(ret != NJS_OK)) {
goto fail;
}
@@ -1659,8 +1626,8 @@ free:
case NJS_ALGORITHM_ECDH:
default:
- njs_internal_error(vm, "not implemented deriveKey "
- "algorithm: \"%V\"", njs_algorithm_string(alg));
+ njs_vm_error(vm, "not implemented deriveKey "
+ "algorithm: \"%V\"", njs_algorithm_string(alg));
goto fail;
}
@@ -1675,18 +1642,19 @@ free:
dkey->raw.start = k;
dkey->raw.length = length;
- ret = njs_vm_external_create(vm, &value,
+ ret = njs_vm_external_create(vm, njs_value_arg(&lvalue),
njs_webcrypto_crypto_key_proto_id,
dkey, 0);
} else {
- ret = njs_vm_value_array_buffer_set(vm, &value, k, length);
+ ret = njs_vm_value_array_buffer_set(vm, njs_value_arg(&lvalue), k,
+ length);
}
if (njs_slow_path(ret != NJS_OK)) {
goto fail;
}
- return njs_webcrypto_result(vm, &value, NJS_OK, retval);
+ return njs_webcrypto_result(vm, &lvalue, NJS_OK, retval);
fail:
@@ -1702,8 +1670,8 @@ njs_ext_digest(njs_vm_t *vm, njs_value_t
u_char *dst;
njs_str_t data;
njs_int_t ret;
- njs_value_t value;
const EVP_MD *md;
+ njs_opaque_value_t result;
njs_webcrypto_hash_t hash;
ret = njs_algorithm_hash(vm, njs_arg(args, nargs, 1), &hash);
@@ -1721,7 +1689,7 @@ njs_ext_digest(njs_vm_t *vm, njs_value_t
dst = njs_mp_zalloc(njs_vm_memory_pool(vm), olen);
if (njs_slow_path(dst == NULL)) {
- njs_memory_error(vm);
+ njs_vm_memory_error(vm);
goto fail;
}
@@ -1731,12 +1699,12 @@ njs_ext_digest(njs_vm_t *vm, njs_value_t
goto fail;
}
- ret = njs_vm_value_array_buffer_set(vm, &value, dst, olen);
+ ret = njs_vm_value_array_buffer_set(vm, njs_value_arg(&result), dst, olen);
if (njs_slow_path(ret != NJS_OK)) {
goto fail;
}
- return njs_webcrypto_result(vm, &value, NJS_OK, retval);
+ return njs_webcrypto_result(vm, &result, NJS_OK, retval);
fail:
@@ -1745,8 +1713,8 @@ fail:
static njs_int_t
-njs_export_base64url_bignum(njs_vm_t *vm, njs_value_t *retval, const BIGNUM *v,
- size_t size)
+njs_export_base64url_bignum(njs_vm_t *vm, njs_opaque_value_t *retval,
+ const BIGNUM *v, size_t size)
{
njs_str_t src;
u_char buf[512];
@@ -1762,36 +1730,35 @@ njs_export_base64url_bignum(njs_vm_t *vm
src.start = buf;
src.length = size;
- return njs_string_base64url(vm, retval, &src);
+ return njs_string_base64url(vm, njs_value_arg(retval), &src);
}
static njs_int_t
-njs_base64url_bignum_set(njs_vm_t *vm, njs_value_t *jwk, njs_value_t *key,
+njs_base64url_bignum_set(njs_vm_t *vm, njs_value_t *jwk, const njs_str_t *key,
const BIGNUM *v, size_t size)
{
- njs_int_t ret;
- njs_value_t value;
+ njs_int_t ret;
+ njs_opaque_value_t value;
ret = njs_export_base64url_bignum(vm, &value, v, size);
if (ret != NJS_OK) {
return NJS_ERROR;
}
- return njs_value_property_set(vm, jwk, key, &value);
+ return njs_vm_object_prop_set(vm, jwk, key, &value);
}
static njs_int_t
njs_export_jwk_rsa(njs_vm_t *vm, njs_webcrypto_key_t *key, njs_value_t *retval)
{
- njs_int_t ret;
- const RSA *rsa;
- njs_str_t *nm;
- njs_value_t nvalue, evalue, alg;
- const BIGNUM *n_bn, *e_bn, *d_bn, *p_bn, *q_bn, *dp_bn, *dq_bn, *qi_bn;
-
- static const njs_value_t rsa_str = njs_string("RSA");
+ njs_int_t ret;
+ const RSA *rsa;
+ njs_str_t *nm;
+ const BIGNUM *n_bn, *e_bn, *d_bn, *p_bn, *q_bn, *dp_bn, *dq_bn,
+ *qi_bn;
+ njs_opaque_value_t nvalue, evalue, alg, rsa_s;
rsa = njs_pkey_get_rsa_key(key->pkey);
@@ -1807,8 +1774,24 @@ njs_export_jwk_rsa(njs_vm_t *vm, njs_web
return NJS_ERROR;
}
- ret = njs_vm_object_alloc(vm, retval, &string_kty, &rsa_str, &string_n,
- &nvalue, &string_e, &evalue, NULL);
+ ret = njs_vm_object_alloc(vm, retval, NULL);
+ if (ret != NJS_OK) {
+ return NJS_ERROR;
+ }
+
+ njs_vm_value_string_set(vm, njs_value_arg(&rsa_s), (u_char *) "RSA", 3);
+
+ ret = njs_vm_object_prop_set(vm, retval, &string_kty, &rsa_s);
+ if (ret != NJS_OK) {
+ return NJS_ERROR;
+ }
+
+ ret = njs_vm_object_prop_set(vm, retval, &string_n, &nvalue);
+ if (ret != NJS_OK) {
+ return NJS_ERROR;
+ }
+
+ ret = njs_vm_object_prop_set(vm, retval, &string_e, &evalue);
if (ret != NJS_OK) {
return NJS_ERROR;
}
@@ -1817,38 +1800,32 @@ njs_export_jwk_rsa(njs_vm_t *vm, njs_web
njs_rsa_get0_factors(rsa, &p_bn, &q_bn);
njs_rsa_get0_ctr_params(rsa, &dp_bn, &dq_bn, &qi_bn);
- ret = njs_base64url_bignum_set(vm, retval, njs_value_arg(&string_d),
- d_bn, 0);
+ ret = njs_base64url_bignum_set(vm, retval, &string_d, d_bn, 0);
if (ret != NJS_OK) {
return NJS_ERROR;
}
- ret = njs_base64url_bignum_set(vm, retval, njs_value_arg(&string_p),
- p_bn, 0);
+ ret = njs_base64url_bignum_set(vm, retval, &string_p, p_bn, 0);
if (ret != NJS_OK) {
return NJS_ERROR;
}
- ret = njs_base64url_bignum_set(vm, retval, njs_value_arg(&string_q),
- q_bn, 0);
+ ret = njs_base64url_bignum_set(vm, retval, &string_q, q_bn, 0);
if (ret != NJS_OK) {
return NJS_ERROR;
}
- ret = njs_base64url_bignum_set(vm, retval, njs_value_arg(&string_dp),
- dp_bn, 0);
+ ret = njs_base64url_bignum_set(vm, retval, &string_dp, dp_bn, 0);
if (ret != NJS_OK) {
return NJS_ERROR;
}
- ret = njs_base64url_bignum_set(vm, retval, njs_value_arg(&string_dq),
- dq_bn, 0);
+ ret = njs_base64url_bignum_set(vm, retval, &string_dq, dq_bn, 0);
if (ret != NJS_OK) {
return NJS_ERROR;
}
- ret = njs_base64url_bignum_set(vm, retval, njs_value_arg(&string_qi),
- qi_bn, 0);
+ ret = njs_base64url_bignum_set(vm, retval, &string_qi, qi_bn, 0);
if (ret != NJS_OK) {
return NJS_ERROR;
}
@@ -1856,9 +1833,10 @@ njs_export_jwk_rsa(njs_vm_t *vm, njs_web
nm = &njs_webcrypto_alg_name[key->alg->type][key->hash];
- (void) njs_vm_value_string_set(vm, &alg, nm->start, nm->length);
-
- return njs_value_property_set(vm, retval, njs_value_arg(&string_alg),
&alg);
+ (void) njs_vm_value_string_set(vm, njs_value_arg(&alg), nm->start,
+ nm->length);
+
+ return njs_vm_object_prop_set(vm, retval, &string_alg, &alg);
}
@@ -1868,15 +1846,13 @@ njs_export_jwk_ec(njs_vm_t *vm, njs_webc
int nid, group_bits, group_bytes;
BIGNUM *x_bn, *y_bn;
njs_int_t ret;
- njs_value_t xvalue, yvalue, dvalue, name;
const EC_KEY *ec;
const BIGNUM *d_bn;
const EC_POINT *pub;
const EC_GROUP *group;
+ njs_opaque_value_t xvalue, yvalue, dvalue, name, ec_s;
njs_webcrypto_entry_t *e;
- static const njs_value_t ec_str = njs_string("EC");
-
x_bn = NULL;
y_bn = NULL;
d_bn = NULL;
@@ -1924,24 +1900,44 @@ njs_export_jwk_ec(njs_vm_t *vm, njs_webc
for (e = &njs_webcrypto_curve[0]; e->name.length != 0; e++) {
if ((uintptr_t) nid == e->value) {
- (void) njs_vm_value_string_set(vm, &name, e->name.start,
- e->name.length);
+ (void) njs_vm_value_string_set(vm, njs_value_arg(&name),
+ e->name.start, e->name.length);
break;
}
}
if (e->name.length == 0) {
- njs_type_error(vm, "Unsupported JWK EC curve: %s", OBJ_nid2sn(nid));
+ njs_vm_error(vm, "Unsupported JWK EC curve: %s", OBJ_nid2sn(nid));
goto fail;
}
- ret = njs_vm_object_alloc(vm, retval, &string_kty, &ec_str, &string_x,
- &xvalue, &string_y, &yvalue, &string_crv, &name,
- NULL);
+ ret = njs_vm_object_alloc(vm, retval, NULL);
if (ret != NJS_OK) {
goto fail;
}
+ njs_vm_value_string_set(vm, njs_value_arg(&ec_s), (u_char *) "EC", 2);
+
+ ret = njs_vm_object_prop_set(vm, retval, &string_kty, &ec_s);
+ if (ret != NJS_OK) {
+ return NJS_ERROR;
+ }
+
+ ret = njs_vm_object_prop_set(vm, retval, &string_x, &xvalue);
+ if (ret != NJS_OK) {
+ return NJS_ERROR;
+ }
+
+ ret = njs_vm_object_prop_set(vm, retval, &string_y, &yvalue);
+ if (ret != NJS_OK) {
+ return NJS_ERROR;
+ }
+
+ ret = njs_vm_object_prop_set(vm, retval, &string_crv, &name);
+ if (ret != NJS_OK) {
+ return NJS_ERROR;
+ }
+
if (key->privat) {
d_bn = EC_KEY_get0_private_key(ec);
@@ -1950,8 +1946,7 @@ njs_export_jwk_ec(njs_vm_t *vm, njs_webc
goto fail;
}
- ret = njs_value_property_set(vm, retval, njs_value_arg(&string_d),
- &dvalue);
+ ret = njs_vm_object_prop_set(vm, retval, &string_d, &dvalue);
if (ret != NJS_OK) {
goto fail;
}
@@ -1986,8 +1981,8 @@ njs_export_raw_ec(njs_vm_t *vm, njs_webc
njs_assert(key->pkey != NULL);
if (key->privat) {
- njs_type_error(vm, "private key of \"%V\" cannot be exported "
- "in \"raw\" format", njs_algorithm_string(key->alg));
+ njs_vm_error(vm, "private key of \"%V\" cannot be exported "
+ "in \"raw\" format", njs_algorithm_string(key->alg));
return NJS_ERROR;
}
@@ -2022,8 +2017,8 @@ static njs_int_t
njs_export_jwk_asymmetric(njs_vm_t *vm, njs_webcrypto_key_t *key,
njs_value_t *retval)
{
- njs_int_t ret;
- njs_value_t ops, extractable;
+ njs_int_t ret;
+ njs_opaque_value_t ops, extractable;
njs_assert(key->pkey != NULL);
@@ -2048,7 +2043,7 @@ njs_export_jwk_asymmetric(njs_vm_t *vm,
break;
default:
- njs_type_error(vm, "provided key cannot be exported as JWK");
+ njs_vm_error(vm, "provided key cannot be exported as JWK");
return NJS_ERROR;
}
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
