Write about SubtleCrypto

Author: delan

_posts/2025-12-12-november-in-servo.md

@@ -7,6 +7,22 @@ summary:    ao!! wrrrrao!!
 categories:
 ---
 
+@kkoyung has landed some huge improvements in the [**SubtleCrypto API**](https://w3c.github.io/webcrypto/), including some of the more [modern algorithms in this WICG draft](https://wicg.github.io/webcrypto-modern-algos/), and a fix for constant-time base64 (#40334).
+We now have full support for **SHA3-256**, **SHA3-384**, **SHA3-512** (@kkoyung, #40765), **cSHAKE128**, **cSHAKE256** (@kkoyung, #40832), **Argon2d**, **Argon2i**, **Argon2id**, **ChaCha20-Poly1305**, **ECDH**, **ECDSA**, and **X25519**:
+
+<figure style="overflow-x: scroll;">
+
+| Algorithm | deriveBits | exportKey | generateKey | importKey | sign | verify |
+|---|---|---|---|---|---|---|
+| Argon2d | #40936 | n/a | n/a | #40932 | n/a | n/a |
+| Argon2i | #40936 | n/a | n/a | #40932 | n/a | n/a |
+| Argon2id | #40936 | n/a | n/a | #40932 | n/a | n/a |
+| ChaCha20-Poly1305 | n/a | #40948 | n/a | #40948 | n/a | n/a |
+| ECDH | #40333 | #40298 | #40305 | #40253 | n/a | n/a |
+| ECDSA | n/a | #40536 | #40553 | #40523 | #40591 | #40557 |
+| X25519 | #40497 | #40421 | #40480 | #40398 | n/a | n/a |
+</figure>
+
 <style>
     ._correction {
         max-width: 33em;

commits.txt

@@ -41,7 +41,7 @@ https://github.com/servo/servo/pull/40309	(@mukilan, @mrobinson, #40309)	composi
     # `Painter`. This allows us to post new frame notifications only to the painters that WebRender notified us about.
     # Testing: Should be covered by existing tests.
 +https://github.com/servo/servo/pull/40305	(@kkoyung, #40305)	script: Implement generate key operation of ECDH (#40305)
-    dom; crypto.subtle.generateKey("ECDH")
+    ;dom; crypto.subtle.generateKey("ECDH")
     # Continue on adding ECDH support to WebCrypto API. This patch implements generate key operation of ECDH.
     # Testing:
     # - Pass some WPT tests that were expected to fail.
@@ -142,7 +142,7 @@ https://github.com/servo/servo/pull/40128	(@aaron-wgd, #40128)	servoshell/deskto
     # Testing: Tested manually on linux/wayland.
     # Fixes: Intermittent panics on touch end events, see above.
 +https://github.com/servo/servo/pull/40298	(@kkoyung, #40298)	script: Implement export key operation of ECDH (#40298)
-    dom; crypto.subtle.exportKey() for ECDH keys
+    ;dom; crypto.subtle.exportKey() for ECDH keys
     # Continue on adding ECDH support to WebCrypto WPI. This patch implements export key operation of ECDH.
     # Testing:
     # - Pass some WPT tests that were expected to fail.
@@ -728,7 +728,7 @@ https://github.com/servo/servo/pull/40316	(@tharkum, #40316)	html: Support relea
     # Fixes (partially): https://github.com/servo/servo/issues/40265
     # Fixes: https://github.com/servo/servo/issues/37173
 +https://github.com/servo/servo/pull/40421	(@kkoyung, #40421)	script: Implement export key operation of X25519 (#40421)
-    dom; crypto.subtle.exportKey() for X25519 keys
+    ;dom; crypto.subtle.exportKey() for X25519 keys
     # Continue on adding X25519 support to WebCrypto API. This patch implements export key operation of X25519, using
     # X25519 implementation from the crate `x25519-dalek`.
     # Testing:
@@ -741,7 +741,7 @@ https://github.com/servo/servo/pull/40316	(@tharkum, #40316)	html: Support relea
     # remove the `ignore_malloc_size_of` annotation in the structs `CompressionStream` and `DecompressionStream`
     # Testing: Existing tests suffice.
 +https://github.com/servo/servo/pull/40333	(@kkoyung, #40333)	script: Implement derive bits operation of ECDH (#40333)
-    dom; crypto.subtle.deriveBits("ECDH")
+    ;dom; crypto.subtle.deriveBits("ECDH")
     # Finish adding ECDH support to WebCrypto API. This patch implements derive bits operation of ECDH.
     # Testing: Pass some WPT tests that were expected to fail.
     # Fixes: Part of #39060
@@ -851,7 +851,7 @@ https://github.com/servo/servo/pull/40411	(@simonwuelker, #40411)	xpath: Handle
     # Add CanGc argument to SafeFromJSValConvertible::safe_from_jsval
     # Fixes: #40392
 +https://github.com/servo/servo/pull/40398	(@kkoyung, #40398)	script: Implement import key operation of X25519 (#40398)
-    dom; crypto.subtle.importKey(,,"X25519")
+    ;dom; crypto.subtle.importKey(,,"X25519")
     # Start adding X25519 support to WebCrypto API. This patch implements import key operation of X25519, using X25519
     # implementation from the crate `x25519-dalek`.
     # Testing:
@@ -1051,7 +1051,7 @@ https://github.com/servo/servo/pull/40371	(@Gae24, #40371)	script: remove microt
     # Testing: Covered by existing tests
     # Fixes: #20908
 +https://github.com/servo/servo/pull/40334	(@kkoyung, #40334)	script: Use `base64ct` instead of `base64` in SubtleCrypto (#40334)
-    security dom
+    ;security dom
     # The `SubtleCrypto` interface of WebCrypto API needs to encode and decode keys in base64 alphabets when
     # exporting/importing keys in JsonWebKey format.
     # We currently use the `base64` crate to handle base64 encoding and decoding. This patch switches to use the `base64ct`
@@ -1152,7 +1152,7 @@ https://github.com/servo/servo/pull/40482	(@mukilan, @mrobinson, #40482)	composi
     # used and that will be handled in a follow-up patch.
     # Testing: Covered by existing tests.
 +https://github.com/servo/servo/pull/40480	(@kkoyung, #40480)	script: Implement generate key operation of X25519 (#40480)
-    dom; crypto.subtle.generateKey("X25519")
+    ;dom; crypto.subtle.generateKey("X25519")
     # Continue on adding X25519 support to WebCrypto API. This patch implements generate key operation of X25519, using
     # X25519 implementation from the crate `x25519-dalek`.
     # Testing: Pass some WPT tests that were expected to fail.
@@ -1271,7 +1271,7 @@ https://github.com/servo/servo/pull/40489	(@eerii, #40489)	tools: Remove wrapped
     # when inspecting one instance of Firefox from another.
     # Testing: Check with `mach test-scripts`
 +https://github.com/servo/servo/pull/40497	(@kkoyung, #40497)	script: Implement derive bits operation of X25519 (#40497)
-    dom; crypto.subtle.deriveBits("X25519")
+    ;dom; crypto.subtle.deriveBits("X25519")
     # Finish adding X25519 support to WebCrypto API. This patch implements derive bits operation of X25519, using X25519
     # implementation from the crate `x25519-dalek`.
     # Testing: Pass some WPT tests that were expected to fail.
@@ -1334,7 +1334,7 @@ https://github.com/servo/servo/pull/40489	(@eerii, #40489)	tools: Remove wrapped
     # Testing: No functional changes. Existing tests should test this.
     # Fixes: Part of #40530
 +https://github.com/servo/servo/pull/40536	(@kkoyung, #40536)	script: Implement export key operation of ECDSA (#40536)
-    dom; crypto.subtle.exportKey() for ECDSA keys
+    ;dom; crypto.subtle.exportKey() for ECDSA keys
     # Continue on adding ECDSA support to WebCrypto API. This patch implements export key operation of ECDSA, using
     # ECDSA implementation from the crates `p256`, `p384`, `p521` and `elliptic_curve`.
     # Testing:
@@ -1389,7 +1389,7 @@ https://github.com/servo/servo/pull/40527	(@tharkum, #40527)	dom: Add the attrib
     # Testing: Improvements in the following tests
     # - html/semantics/embedded-content/media-elements/user-interface/muted.html
 +https://github.com/servo/servo/pull/40523	(@kkoyung, #40523)	script: Implement import key operation of ECDSA (#40523)
-    dom; crypto.subtle.importKey(,,"ECDSA")
+    ;dom; crypto.subtle.importKey(,,"ECDSA")
     # Start adding ECDSA support to WebCrypto API. This patch implements import key operation of ECDSA, using ECDSA
     # implementation from the crates `p256`, `p384`, `p521` and `elliptic_curve`.
     # Testing:
@@ -1814,7 +1814,7 @@ https://github.com/servo/servo/pull/40541	(@simonwuelker, #40541)	tests: Import
     # Testing: 2 WPT are now passing
     # Fixes: #40550
 +https://github.com/servo/servo/pull/40557	(@kkoyung, #40557)	script: Implement verify operation of ECDSA (#40557)
-    dom; crypto.subtle.verify("ECDSA")
+    ;dom; crypto.subtle.verify("ECDSA")
     # Continue on adding ECDSA support to WebCrypto API. This patch implements verify operation of ECDSA, using ECDSA
     # implementation from the crates `ecdsa` for the operation, `p256`, `p384`, `p521`, and `elliptic_curve` for the key,
     # and `sha1`, `sha2` and `digest` for digesting messages.
@@ -1828,7 +1828,7 @@ https://github.com/servo/servo/pull/40541	(@simonwuelker, #40541)	tests: Import
 -https://github.com/servo/servo/pull/40551	(@yezhizhen, #40551)	Fix compilation warning for platforms other than Linux (#40551)
     # Testing: This only changes lint.
 +https://github.com/servo/servo/pull/40553	(@kkoyung, #40553)	script: Implement generate key operation of ECDSA (#40553)
-    dom; crypto.subtle.generateKey("ECDSA")
+    ;dom; crypto.subtle.generateKey("ECDSA")
     # Continue on adding ECDSA support to WebCrypto API. This patch implements generate key operation of ECDSA, using
     # ECDSA implementation from the crates `p256`, `p384`, `p521` and `elliptic_curve`.
     # Testing: Pass some WPT tests that were expected to fail.
@@ -1883,7 +1883,7 @@ https://github.com/servo/servo/pull/40590	(@mrobinson, #40590)	script: Use `Scri
     # under the wrong version number.
     # Testing: not required as the code is identical, only version numbers have changed.
 +https://github.com/servo/servo/pull/40591	(@kkoyung, #40591)	script: Implement sign operation of ECDSA (#40591)
-    dom; crypto.subtle.sign("ECDSA")
+    ;dom; crypto.subtle.sign("ECDSA")
     # Finish adding ECDSA support to WebCrypto API. This patch implements sign operation of ECDSA, using ECDSA implementation
     # from the crates `ecdsa` for the operation, `p256`, `p384`, `p521`, and `elliptic_curve` for the key, and `sha1`,
     # `sha2` and `digest` for digesting messages.
@@ -2873,7 +2873,7 @@ https://github.com/servo/servo/pull/40433	(@mrobinson, #40433)	paint: Do trigger
     # This PR avoids prints, which are controlled by a debugging option.
     # Testing: Only changes logging, no functional behavior change.
 +https://github.com/servo/servo/pull/40765	(@kkoyung, #40765)	script: Implement SHA-3 in WebCrypto API (#40765)
-    dom; crypto.subtle.digest("SHA3-256"), SHA3-384, SHA3-512; first among major engines!
+    ;dom; crypto.subtle.digest("SHA3-256"), SHA3-384, SHA3-512; first among major engines!
     # Implements digest operation of SHA-3, including `SHA3-256`, `SHA3-384` and `SHA3-512`, using the crate `sha3`
     # for the SHA-3 calculation.
     # Testing: Pass WPT tests that were expected to fail.
@@ -3963,7 +3963,7 @@ https://github.com/servo/servo/pull/40301	(@jdm, @uthmaniv, #40301)	fonts: Add W
     # Testing: Newly passing tests.
     # Fixes: #36590
 +https://github.com/servo/servo/pull/40832	(@kkoyung, #40832)	script: Implement CShake in WebCrypto API (#40832)
-    dom; crypto.subtle.digest("cSHAKE128"), cSHAKE256
+    ;dom; crypto.subtle.digest("cSHAKE128"), cSHAKE256
     # Implements digest operation of CShake, including `cSHAKE128` and `cSHAKE256`, using the crate `sha3` and `digest`
     # for the CShake calculation.
     # Testing: Pass WPT tests that were expected to fail.
@@ -4731,7 +4731,7 @@ https://github.com/servo/servo/pull/40661	(@janvarga, #40661)	storage: Introduce
     # Testing: This should not change observable behavior and tests are updated for the
     # new APIs.
 +https://github.com/servo/servo/pull/40936	(@kkoyung, #40936)	script: Finishing implementation of Argon2 in WebCrypto (#40936)
-    dom; full support for Argon2 including crypto.subtle.deriveBits("Argon2d"), Argon2i, Argon2id (get key length is an internal algorithm)
+    ;dom; full support for Argon2 including crypto.subtle.deriveBits("Argon2d"), Argon2i, Argon2id (get key length is an internal algorithm)
     # Finish adding Argon2 support to WebCrypto API, using the crate `argon2` to support the cryptographic calculation.
     # This patch implements "derive bits" operation and the "get key length" operation of Argon2. Actual error messages
     # are also provided for the existing "import key" operation of Argon2.
@@ -4751,7 +4751,7 @@ https://github.com/servo/servo/pull/40709	(@jdm, #40709)	servodriver: Clear cook
     # Fixes: #40695
     # Fixes: #40697
 +https://github.com/servo/servo/pull/40932	(@kkoyung, #40932)	script: Implement import key operation of Argon2 (#40932)
-    dom; roll this into the other Argon2 patch (import key is an internal algorithm)
+    ;dom; crypto.subtle.importKey("Argon2d"), Argon2i, Argon2id
     # Start adding Argon2 support to WebCrypto API.
     # This patch implements import key operation of Argon2.
     # Testing:
@@ -4809,7 +4809,7 @@ https://github.com/servo/servo/pull/40953	(@mrobinson, #40953)	servoshell: Alway
     # For instance, this fixes a crash when running WPT tests on some systems.
     # Testing: This fixes an issue when running WPT tests locally.
 +https://github.com/servo/servo/pull/40948	(@kkoyung, #40948)	script: Implement import/export key operation of ChaCha20-Poly1305 (#40948)
-    dom; crypto.subtle.importKey("ChaCha20-Poly1305") and exportKey() for ChaCha20-Poly1305 keys
+    ;dom; crypto.subtle.importKey("ChaCha20-Poly1305") and exportKey() for ChaCha20-Poly1305 keys
     # Start adding ChaCha20-Poly1305 support to WebCrypto API.
     # This patch implements "import key" operation and "export key" operation of ChaCha20-Poly1305, using the crate
     # `chacha20poly1305` to support the cryptographic calculation.