void JSCryptoKeySerializationJWK::addJWKAlgorithmToJSON(ExecState* exec, JSObject* json, const CryptoKey& key)
{
String jwkAlgorithm;
switch (key.algorithmIdentifier()) {
case CryptoAlgorithmIdentifier::HMAC:
switch (toCryptoKeyHMAC(key).hashAlgorithmIdentifier()) {
case CryptoAlgorithmIdentifier::SHA_256:
if (toCryptoKeyHMAC(key).key().size() * 8 >= 256)
jwkAlgorithm = "HS256";
break;
case CryptoAlgorithmIdentifier::SHA_384:
if (toCryptoKeyHMAC(key).key().size() * 8 >= 384)
jwkAlgorithm = "HS384";
break;
case CryptoAlgorithmIdentifier::SHA_512:
if (toCryptoKeyHMAC(key).key().size() * 8 >= 512)
jwkAlgorithm = "HS512";
break;
default:
break;
}
break;
case CryptoAlgorithmIdentifier::AES_CBC:
switch (toCryptoKeyAES(key).key().size() * 8) {
case 128:
jwkAlgorithm = "A128CBC";
break;
case 192:
jwkAlgorithm = "A192CBC";
break;
case 256:
jwkAlgorithm = "A256CBC";
break;
}
break;
case CryptoAlgorithmIdentifier::RSASSA_PKCS1_v1_5: {
const CryptoKeyRSA& rsaKey = toCryptoKeyRSA(key);
CryptoAlgorithmIdentifier hash;
if (!rsaKey.isRestrictedToHash(hash))
break;
if (rsaKey.keySizeInBits() < 2048)
break;
switch (hash) {
case CryptoAlgorithmIdentifier::SHA_256:
jwkAlgorithm = "RS256";
break;
case CryptoAlgorithmIdentifier::SHA_384:
jwkAlgorithm = "RS384";
break;
case CryptoAlgorithmIdentifier::SHA_512:
jwkAlgorithm = "RS512";
break;
default:
break;
}
break;
}
default:
break;
}
if (jwkAlgorithm.isNull()) {
// The spec doesn't currently tell whether export should fail, or just skip "alg" (which is an optional key in JWK).
// Perhaps this should depend on whether the key is extractable?
throwTypeError(exec, "Key algorithm and size do not map to any JWK algorithm identifier");
return;
}
addToJSON(exec, json, "alg", jwkAlgorithm);
}
static void addJWKAlgorithmToJSON(ExecState* exec, JSObject* json, const CryptoKey& key)
{
String jwkAlgorithm;
switch (key.algorithmIdentifier()) {
case CryptoAlgorithmIdentifier::HMAC:
switch (toCryptoKeyHMAC(key).hashAlgorithmIdentifier()) {
case CryptoAlgorithmIdentifier::SHA_256:
if (toCryptoKeyHMAC(key).key().size() * 8 >= 256)
jwkAlgorithm = "HS256";
break;
case CryptoAlgorithmIdentifier::SHA_384:
if (toCryptoKeyHMAC(key).key().size() * 8 >= 384)
jwkAlgorithm = "HS384";
break;
case CryptoAlgorithmIdentifier::SHA_512:
if (toCryptoKeyHMAC(key).key().size() * 8 >= 512)
jwkAlgorithm = "HS512";
break;
default:
break;
}
break;
case CryptoAlgorithmIdentifier::AES_CBC:
switch (toCryptoKeyAES(key).key().size() * 8) {
case 128:
jwkAlgorithm = "A128CBC";
break;
case 192:
jwkAlgorithm = "A192CBC";
break;
case 256:
jwkAlgorithm = "A256CBC";
break;
}
break;
case CryptoAlgorithmIdentifier::AES_KW:
switch (toCryptoKeyAES(key).key().size() * 8) {
case 128:
jwkAlgorithm = "A128KW";
break;
case 192:
jwkAlgorithm = "A192KW";
break;
case 256:
jwkAlgorithm = "A256KW";
break;
}
break;
case CryptoAlgorithmIdentifier::RSASSA_PKCS1_v1_5: {
const CryptoKeyRSA& rsaKey = toCryptoKeyRSA(key);
CryptoAlgorithmIdentifier hash;
if (!rsaKey.isRestrictedToHash(hash))
break;
if (rsaKey.keySizeInBits() < 2048)
break;
switch (hash) {
case CryptoAlgorithmIdentifier::SHA_256:
jwkAlgorithm = "RS256";
break;
case CryptoAlgorithmIdentifier::SHA_384:
jwkAlgorithm = "RS384";
break;
case CryptoAlgorithmIdentifier::SHA_512:
jwkAlgorithm = "RS512";
break;
default:
break;
}
break;
}
case CryptoAlgorithmIdentifier::RSAES_PKCS1_v1_5: {
const CryptoKeyRSA& rsaKey = toCryptoKeyRSA(key);
if (rsaKey.keySizeInBits() < 2048)
break;
jwkAlgorithm = "RSA1_5";
break;
}
case CryptoAlgorithmIdentifier::RSA_OAEP: {
const CryptoKeyRSA& rsaKey = toCryptoKeyRSA(key);
CryptoAlgorithmIdentifier hash;
// WebCrypto RSA-OAEP keys are not tied to any particular hash, unless previously imported from JWK, which only supports SHA-1.
if (rsaKey.isRestrictedToHash(hash) && hash != CryptoAlgorithmIdentifier::SHA_1)
break;
if (rsaKey.keySizeInBits() < 2048)
break;
jwkAlgorithm = "RSA-OAEP";
break;
}
default:
break;
}
if (jwkAlgorithm.isNull()) {
// The spec doesn't currently tell whether export should fail, or just skip "alg" (which is an optional key in JWK).
throwTypeError(exec, "Key algorithm and size do not map to any JWK algorithm identifier");
return;
}
addToJSON(exec, json, "alg", jwkAlgorithm);
}
