[njs] WebCrypto: module is rewritten using public API.

Dmitry Volyntsev xeioex at nginx.com
Wed May 3 04:13:35 UTC 2023


details:   https://hg.nginx.org/njs/rev/f1432043a6a4
branches:  
changeset: 2103:f1432043a6a4
user:      Dmitry Volyntsev <xeioex at nginx.com>
date:      Tue May 02 20:50:57 2023 -0700
description:
WebCrypto: module is rewritten using public API.

diffstat:

 external/njs_webcrypto_module.c |  1227 +++++++++++++++++++-------------------
 src/njs.h                       |    20 +
 src/njs_iterator.h              |    17 -
 src/njs_vm.c                    |     8 +
 test/harness/runTsuite.js       |     2 +-
 5 files changed, 647 insertions(+), 627 deletions(-)

diffs (truncated from 2564 to 1000 lines):

diff -r 18385a4a90ad -r f1432043a6a4 external/njs_webcrypto_module.c
--- a/external/njs_webcrypto_module.c	Tue May 02 20:50:55 2023 -0700
+++ b/external/njs_webcrypto_module.c	Tue May 02 20:50:57 2023 -0700
@@ -5,7 +5,9 @@
  */
 
 
-#include <njs_main.h>
+#include <njs.h>
+#include <njs_assert.h>
+#include <njs_string.h>
 #include "njs_openssl.h"
 
 typedef enum {
@@ -126,7 +128,8 @@ static njs_webcrypto_key_format_t njs_ke
 static njs_str_t *njs_format_string(njs_webcrypto_key_format_t fmt);
 static njs_int_t njs_key_usage(njs_vm_t *vm, njs_value_t *value,
     unsigned *mask);
-static njs_int_t njs_key_ops(njs_vm_t *vm, njs_value_t *retval, unsigned mask);
+static njs_int_t njs_key_ops(njs_vm_t *vm, njs_opaque_value_t *retval,
+    unsigned mask);
 static njs_webcrypto_algorithm_t *njs_key_algorithm(njs_vm_t *vm,
     njs_value_t *value);
 static njs_str_t *njs_algorithm_string(njs_webcrypto_algorithm_t *algorithm);
@@ -136,7 +139,7 @@ static const EVP_MD *njs_algorithm_hash_
 static njs_int_t njs_algorithm_curve(njs_vm_t *vm, njs_value_t *value,
     int *curve);
 
-static njs_int_t njs_webcrypto_result(njs_vm_t *vm, njs_value_t *result,
+static njs_int_t njs_webcrypto_result(njs_vm_t *vm, njs_opaque_value_t *result,
     njs_int_t rc, njs_value_t *retval);
 static njs_int_t njs_webcrypto_array_buffer(njs_vm_t *vm, njs_value_t *retval,
     u_char *start, size_t length);
@@ -593,23 +596,23 @@ njs_module_t  njs_webcrypto_module = {
 };
 
 
-static const njs_value_t  string_alg = njs_string("alg");
-static const njs_value_t  string_d = njs_string("d");
-static const njs_value_t  string_dp = njs_string("dp");
-static const njs_value_t  string_dq = njs_string("dq");
-static const njs_value_t  string_e = njs_string("e");
-static const njs_value_t  string_k = njs_string("k");
-static const njs_value_t  string_n = njs_string("n");
-static const njs_value_t  string_p = njs_string("p");
-static const njs_value_t  string_q = njs_string("q");
-static const njs_value_t  string_qi = njs_string("qi");
-static const njs_value_t  string_x = njs_string("x");
-static const njs_value_t  string_y = njs_string("y");
-static const njs_value_t  string_ext = njs_string("ext");
-static const njs_value_t  string_crv = njs_string("crv");
-static const njs_value_t  string_kty = njs_string("kty");
-static const njs_value_t  key_ops = njs_string("key_ops");
-static const njs_value_t  string_length = njs_string("length");
+static const njs_str_t  string_alg = njs_str("alg");
+static const njs_str_t  string_d = njs_str("d");
+static const njs_str_t  string_dp = njs_str("dp");
+static const njs_str_t  string_dq = njs_str("dq");
+static const njs_str_t  string_e = njs_str("e");
+static const njs_str_t  string_k = njs_str("k");
+static const njs_str_t  string_n = njs_str("n");
+static const njs_str_t  string_p = njs_str("p");
+static const njs_str_t  string_q = njs_str("q");
+static const njs_str_t  string_qi = njs_str("qi");
+static const njs_str_t  string_x = njs_str("x");
+static const njs_str_t  string_y = njs_str("y");
+static const njs_str_t  string_ext = njs_str("ext");
+static const njs_str_t  string_crv = njs_str("crv");
+static const njs_str_t  string_kty = njs_str("kty");
+static const njs_str_t  key_ops = njs_str("key_ops");
+static const njs_str_t  string_length = njs_str("length");
 
 
 static njs_int_t    njs_webcrypto_crypto_key_proto_id;
@@ -622,7 +625,8 @@ njs_ext_cipher(njs_vm_t *vm, njs_value_t
     unsigned                   mask;
     njs_int_t                  ret;
     njs_str_t                  data;
-    njs_value_t                *options, value;
+    njs_value_t                *options;
+    njs_opaque_value_t         result;
     njs_webcrypto_key_t        *key;
     njs_webcrypto_algorithm_t  *alg;
 
@@ -635,22 +639,22 @@ njs_ext_cipher(njs_vm_t *vm, njs_value_t
     key = njs_vm_external(vm, njs_webcrypto_crypto_key_proto_id,
                           njs_arg(args, nargs, 2));
     if (njs_slow_path(key == NULL)) {
-        njs_type_error(vm, "\"key\" is not a CryptoKey object");
+        njs_vm_error(vm, "\"key\" is not a CryptoKey object");
         goto fail;
     }
 
     mask = encrypt ? NJS_KEY_USAGE_ENCRYPT : NJS_KEY_USAGE_DECRYPT;
     if (njs_slow_path(!(key->usage & mask))) {
-        njs_type_error(vm, "provide key does not support %s operation",
-                       encrypt ? "encrypt" : "decrypt");
+        njs_vm_error(vm, "provide key does not support %s operation",
+                     encrypt ? "encrypt" : "decrypt");
         goto fail;
     }
 
     if (njs_slow_path(key->alg != alg)) {
-        njs_type_error(vm, "cannot %s using \"%V\" with \"%V\" key",
-                       encrypt ? "encrypt" : "decrypt",
-                       njs_algorithm_string(key->alg),
-                       njs_algorithm_string(alg));
+        njs_vm_error(vm, "cannot %s using \"%V\" with \"%V\" key",
+                     encrypt ? "encrypt" : "decrypt",
+                     njs_algorithm_string(key->alg),
+                     njs_algorithm_string(alg));
         goto fail;
     }
 
@@ -661,23 +665,26 @@ njs_ext_cipher(njs_vm_t *vm, njs_value_t
 
     switch (alg->type) {
     case NJS_ALGORITHM_RSA_OAEP:
-        ret = njs_cipher_pkey(vm, &data, key, encrypt, &value);
+        ret = njs_cipher_pkey(vm, &data, key, encrypt, njs_value_arg(&result));
         break;
 
     case NJS_ALGORITHM_AES_GCM:
-        ret = njs_cipher_aes_gcm(vm, &data, key, options, encrypt, &value);
+        ret = njs_cipher_aes_gcm(vm, &data, key, options, encrypt,
+                                 njs_value_arg(&result));
         break;
 
     case NJS_ALGORITHM_AES_CTR:
-        ret = njs_cipher_aes_ctr(vm, &data, key, options, encrypt, &value);
+        ret = njs_cipher_aes_ctr(vm, &data, key, options, encrypt,
+                                 njs_value_arg(&result));
         break;
 
     case NJS_ALGORITHM_AES_CBC:
     default:
-        ret = njs_cipher_aes_cbc(vm, &data, key, options, encrypt, &value);
-    }
-
-    return njs_webcrypto_result(vm, &value, ret, retval);
+        ret = njs_cipher_aes_cbc(vm, &data, key, options, encrypt,
+                                 njs_value_arg(&result));
+    }
+
+    return njs_webcrypto_result(vm, &result, ret, retval);
 
 fail:
 
@@ -736,7 +743,7 @@ njs_cipher_pkey(njs_vm_t *vm, njs_str_t 
 
     dst = njs_mp_alloc(njs_vm_memory_pool(vm), outlen);
     if (njs_slow_path(dst == NULL)) {
-        njs_memory_error(vm);
+        njs_vm_memory_error(vm);
         ret = NJS_ERROR;
         goto fail;
     }
@@ -763,18 +770,19 @@ static njs_int_t
 njs_cipher_aes_gcm(njs_vm_t *vm, njs_str_t *data, njs_webcrypto_key_t *key,
     njs_value_t *options, njs_bool_t encrypt, njs_value_t *retval)
 {
-    int               len, outlen, dstlen;
-    u_char            *dst, *p;
-    int64_t           taglen;
-    njs_str_t         iv, aad;
-    njs_int_t         ret;
-    njs_value_t       value;
-    EVP_CIPHER_CTX    *ctx;
-    const EVP_CIPHER  *cipher;
-
-    static const njs_value_t  string_iv = njs_string("iv");
-    static const njs_value_t  string_ad = njs_string("additionalData");
-    static const njs_value_t  string_tl = njs_string("tagLength");
+    int                 len, outlen, dstlen;
+    u_char              *dst, *p;
+    int64_t             taglen;
+    njs_str_t           iv, aad;
+    njs_int_t           ret;
+    njs_value_t         *value;
+    EVP_CIPHER_CTX      *ctx;
+    const EVP_CIPHER    *cipher;
+    njs_opaque_value_t  lvalue;
+
+    static const njs_str_t  string_iv = njs_str("iv");
+    static const njs_str_t  string_ad = njs_str("additionalData");
+    static const njs_str_t  string_tl = njs_str("tagLength");
 
     switch (key->raw.length) {
     case 16:
@@ -790,33 +798,26 @@ njs_cipher_aes_gcm(njs_vm_t *vm, njs_str
         break;
 
     default:
-        njs_type_error(vm, "AES-GCM Invalid key length");
+        njs_vm_error(vm, "AES-GCM Invalid key length");
         return NJS_ERROR;
     }
 
-    ret = njs_value_property(vm, options, njs_value_arg(&string_iv), &value);
-    if (njs_slow_path(ret != NJS_OK)) {
-        if (ret == NJS_DECLINED) {
-            njs_type_error(vm, "AES-GCM algorithm.iv is not provided");
-        }
-
+    value = njs_vm_object_prop(vm, options, &string_iv, &lvalue);
+    if (value == NULL) {
+        njs_vm_error(vm, "AES-GCM algorithm.iv is not provided");
         return NJS_ERROR;
     }
 
-    ret = njs_vm_value_to_bytes(vm, &iv, &value);
+    ret = njs_vm_value_to_bytes(vm, &iv, njs_value_arg(&lvalue));
     if (njs_slow_path(ret != NJS_OK)) {
         return NJS_ERROR;
     }
 
     taglen = 128;
 
-    ret = njs_value_property(vm, options, njs_value_arg(&string_tl), &value);
-    if (njs_slow_path(ret == NJS_ERROR)) {
-        return NJS_ERROR;
-    }
-
-    if (njs_is_defined(&value)) {
-        ret = njs_value_to_integer(vm, &value, &taglen);
+    value = njs_vm_object_prop(vm, options, &string_tl, &lvalue);
+    if (value != NULL && !njs_value_is_undefined(value)) {
+        ret = njs_value_to_integer(vm, value, &taglen);
         if (njs_slow_path(ret != NJS_OK)) {
             return NJS_ERROR;
         }
@@ -830,14 +831,14 @@ njs_cipher_aes_gcm(njs_vm_t *vm, njs_str
                       && taglen != 120
                       && taglen != 128))
     {
-        njs_type_error(vm, "AES-GCM Invalid tagLength");
+        njs_vm_error(vm, "AES-GCM Invalid tagLength");
         return NJS_ERROR;
     }
 
     taglen /= 8;
 
     if (njs_slow_path(!encrypt && (data->length < (size_t) taglen))) {
-        njs_type_error(vm, "AES-GCM data is too short");
+        njs_vm_error(vm, "AES-GCM data is too short");
         return NJS_ERROR;
     }
 
@@ -881,15 +882,11 @@ njs_cipher_aes_gcm(njs_vm_t *vm, njs_str
         }
     }
 
-    ret = njs_value_property(vm, options, njs_value_arg(&string_ad), &value);
-    if (njs_slow_path(ret == NJS_ERROR)) {
-        return NJS_ERROR;
-    }
-
     aad.length = 0;
 
-    if (njs_is_defined(&value)) {
-        ret = njs_vm_value_to_bytes(vm, &aad, &value);
+    value = njs_vm_object_prop(vm, options, &string_ad, &lvalue);
+    if (value != NULL && !njs_value_is_undefined(value)) {
+        ret = njs_vm_value_to_bytes(vm, &aad, value);
         if (njs_slow_path(ret != NJS_OK)) {
             return NJS_ERROR;
         }
@@ -908,7 +905,7 @@ njs_cipher_aes_gcm(njs_vm_t *vm, njs_str
     dstlen = data->length + EVP_CIPHER_CTX_block_size(ctx) + taglen;
     dst = njs_mp_alloc(njs_vm_memory_pool(vm), dstlen);
     if (njs_slow_path(dst == NULL)) {
-        njs_memory_error(vm);
+        njs_vm_memory_error(vm);
         return NJS_ERROR;
     }
 
@@ -1064,18 +1061,19 @@ static njs_int_t
 njs_cipher_aes_ctr(njs_vm_t *vm, njs_str_t *data, njs_webcrypto_key_t *key,
     njs_value_t *options, njs_bool_t encrypt, njs_value_t *retval)
 {
-    int               len, len2;
-    u_char            *dst;
-    int64_t           length;
-    BIGNUM            *total, *blocks, *left, *ctr;
-    njs_int_t         ret;
-    njs_str_t         iv;
-    njs_uint_t        size1;
-    njs_value_t       value;
-    const EVP_CIPHER  *cipher;
-    u_char            iv2[16];
-
-    static const njs_value_t  string_counter = njs_string("counter");
+    int                 len, len2;
+    u_char              *dst;
+    int64_t             length;
+    BIGNUM              *total, *blocks, *left, *ctr;
+    njs_int_t           ret;
+    njs_str_t           iv;
+    njs_uint_t          size1;
+    njs_value_t         *value;
+    const EVP_CIPHER    *cipher;
+    njs_opaque_value_t  lvalue;
+    u_char              iv2[16];
+
+    static const njs_str_t  string_counter = njs_str("counter");
 
     switch (key->raw.length) {
     case 16:
@@ -1091,48 +1089,39 @@ njs_cipher_aes_ctr(njs_vm_t *vm, njs_str
         break;
 
     default:
-        njs_type_error(vm, "AES-CTR Invalid key length");
+        njs_vm_error(vm, "AES-CTR Invalid key length");
         return NJS_ERROR;
     }
 
-    ret = njs_value_property(vm, options, njs_value_arg(&string_counter),
-                             &value);
-    if (njs_slow_path(ret != NJS_OK)) {
-        if (ret == NJS_DECLINED) {
-            njs_type_error(vm, "AES-CTR algorithm.counter is not provided");
-        }
-
+    value = njs_vm_object_prop(vm, options, &string_counter, &lvalue);
+    if (value == NULL) {
+        njs_vm_error(vm, "AES-CTR algorithm.counter is not provided");
         return NJS_ERROR;
     }
 
-    ret = njs_vm_value_to_bytes(vm, &iv, &value);
+    ret = njs_vm_value_to_bytes(vm, &iv, value);
     if (njs_slow_path(ret != NJS_OK)) {
         return NJS_ERROR;
     }
 
     if (njs_slow_path(iv.length != 16)) {
-        njs_type_error(vm, "AES-CTR algorithm.counter must be 16 bytes long");
+        njs_vm_error(vm, "AES-CTR algorithm.counter must be 16 bytes long");
         return NJS_ERROR;
     }
 
-    ret = njs_value_property(vm, options, njs_value_arg(&string_length),
-                             &value);
-    if (njs_slow_path(ret != NJS_OK)) {
-        if (ret == NJS_DECLINED) {
-            njs_type_error(vm, "AES-CTR algorithm.length is not provided");
-        }
-
+    value = njs_vm_object_prop(vm, options, &string_length, &lvalue);
+    if (value == NULL) {
+        njs_vm_error(vm, "AES-CTR algorithm.length is not provided");
         return NJS_ERROR;
     }
 
-    ret = njs_value_to_integer(vm, &value, &length);
+    ret = njs_value_to_integer(vm, value, &length);
     if (njs_slow_path(ret != NJS_OK)) {
         return NJS_ERROR;
     }
 
     if (njs_slow_path(length == 0 || length > 128)) {
-        njs_type_error(vm, "AES-CTR algorithm.length "
-                       "must be between 1 and 128");
+        njs_vm_error(vm, "AES-CTR algorithm.length must be between 1 and 128");
         return NJS_ERROR;
     }
 
@@ -1175,7 +1164,7 @@ njs_cipher_aes_ctr(njs_vm_t *vm, njs_str
 
     ret = BN_cmp(blocks, total);
     if (njs_slow_path(ret > 0)) {
-        njs_type_error(vm, "AES-CTR repeated counter");
+        njs_vm_error(vm, "AES-CTR repeated counter");
         ret = NJS_ERROR;
         goto fail;
     }
@@ -1196,7 +1185,7 @@ njs_cipher_aes_ctr(njs_vm_t *vm, njs_str
     dst = njs_mp_alloc(njs_vm_memory_pool(vm),
                        data->length + EVP_MAX_BLOCK_LENGTH);
     if (njs_slow_path(dst == NULL)) {
-        njs_memory_error(vm);
+        njs_vm_memory_error(vm);
         return NJS_ERROR;
     }
 
@@ -1271,16 +1260,17 @@ static njs_int_t
 njs_cipher_aes_cbc(njs_vm_t *vm, njs_str_t *data, njs_webcrypto_key_t *key,
     njs_value_t *options, njs_bool_t encrypt, njs_value_t *retval)
 {
-    int               olen_max, olen, olen2;
-    u_char            *dst;
-    unsigned          remainder;
-    njs_str_t         iv;
-    njs_int_t         ret;
-    njs_value_t       value;
-    EVP_CIPHER_CTX    *ctx;
-    const EVP_CIPHER  *cipher;
-
-    static const njs_value_t  string_iv = njs_string("iv");
+    int                 olen_max, olen, olen2;
+    u_char              *dst;
+    unsigned            remainder;
+    njs_str_t           iv;
+    njs_int_t           ret;
+    njs_value_t         *value;
+    EVP_CIPHER_CTX      *ctx;
+    const EVP_CIPHER    *cipher;
+    njs_opaque_value_t  lvalue;
+
+    static const njs_str_t  string_iv = njs_str("iv");
 
     switch (key->raw.length) {
     case 16:
@@ -1296,26 +1286,23 @@ njs_cipher_aes_cbc(njs_vm_t *vm, njs_str
         break;
 
     default:
-        njs_type_error(vm, "AES-CBC Invalid key length");
+        njs_vm_error(vm, "AES-CBC Invalid key length");
         return NJS_ERROR;
     }
 
-    ret = njs_value_property(vm, options, njs_value_arg(&string_iv), &value);
-    if (njs_slow_path(ret != NJS_OK)) {
-        if (ret == NJS_DECLINED) {
-            njs_type_error(vm, "AES-CBC algorithm.iv is not provided");
-        }
-
+    value = njs_vm_object_prop(vm, options, &string_iv, &lvalue);
+    if (value == NULL) {
+        njs_vm_error(vm, "AES-CBC algorithm.iv is not provided");
         return NJS_ERROR;
     }
 
-    ret = njs_vm_value_to_bytes(vm, &iv, &value);
+    ret = njs_vm_value_to_bytes(vm, &iv, value);
     if (njs_slow_path(ret != NJS_OK)) {
         return NJS_ERROR;
     }
 
     if (njs_slow_path(iv.length != 16)) {
-        njs_type_error(vm, "AES-CBC algorithm.iv must be 16 bytes long");
+        njs_vm_error(vm, "AES-CBC algorithm.iv must be 16 bytes long");
         return NJS_ERROR;
     }
 
@@ -1343,7 +1330,7 @@ njs_cipher_aes_cbc(njs_vm_t *vm, njs_str
 
     dst = njs_mp_alloc(njs_vm_memory_pool(vm), olen_max);
     if (njs_slow_path(dst == NULL)) {
-        njs_memory_error(vm);
+        njs_vm_memory_error(vm);
         ret = NJS_ERROR;
         goto fail;
     }
@@ -1386,16 +1373,17 @@ njs_ext_derive(njs_vm_t *vm, njs_value_t
     unsigned                   usage, mask;
     njs_int_t                  ret;
     njs_str_t                  salt, info;
-    njs_value_t                value, *aobject, *dobject;
+    njs_value_t                *value, *aobject, *dobject;
     const EVP_MD               *md;
     EVP_PKEY_CTX               *pctx;
     njs_webcrypto_key_t        *key, *dkey;
+    njs_opaque_value_t         lvalue;
     njs_webcrypto_hash_t       hash;
     njs_webcrypto_algorithm_t  *alg, *dalg;
 
-    static const njs_value_t  string_info = njs_string("info");
-    static const njs_value_t  string_salt = njs_string("salt");
-    static const njs_value_t  string_iterations = njs_string("iterations");
+    static const njs_str_t  string_info = njs_str("info");
+    static const njs_str_t  string_salt = njs_str("salt");
+    static const njs_str_t  string_iterations = njs_str("iterations");
 
     aobject = njs_arg(args, nargs, 1);
     alg = njs_key_algorithm(vm, aobject);
@@ -1406,22 +1394,22 @@ njs_ext_derive(njs_vm_t *vm, njs_value_t
     key = njs_vm_external(vm, njs_webcrypto_crypto_key_proto_id,
                           njs_arg(args, nargs, 2));
     if (njs_slow_path(key == NULL)) {
-        njs_type_error(vm, "\"baseKey\" is not a CryptoKey object");
+        njs_vm_error(vm, "\"baseKey\" is not a CryptoKey object");
         goto fail;
     }
 
     mask = derive_key ? NJS_KEY_USAGE_DERIVE_KEY : NJS_KEY_USAGE_DERIVE_BITS;
     if (njs_slow_path(!(key->usage & mask))) {
-        njs_type_error(vm, "provide key does not support \"%s\" operation",
-                       derive_key ? "deriveKey" : "deriveBits");
+        njs_vm_error(vm, "provide key does not support \"%s\" operation",
+                     derive_key ? "deriveKey" : "deriveBits");
         goto fail;
     }
 
     if (njs_slow_path(key->alg != alg)) {
-        njs_type_error(vm, "cannot derive %s using \"%V\" with \"%V\" key",
-                       derive_key ? "key" : "bits",
-                       njs_algorithm_string(key->alg),
-                       njs_algorithm_string(alg));
+        njs_vm_error(vm, "cannot derive %s using \"%V\" with \"%V\" key",
+                     derive_key ? "key" : "bits",
+                     njs_algorithm_string(key->alg),
+                     njs_algorithm_string(alg));
         goto fail;
     }
 
@@ -1433,22 +1421,18 @@ njs_ext_derive(njs_vm_t *vm, njs_value_t
             goto fail;
         }
 
-        ret = njs_value_property(vm, dobject, njs_value_arg(&string_length),
-                                 &value);
-        if (njs_slow_path(ret != NJS_OK)) {
-                if (ret == NJS_DECLINED) {
-                    njs_type_error(vm, "derivedKeyAlgorithm.length "
-                                   "is not provided");
-                    goto fail;
-                }
+        value = njs_vm_object_prop(vm, dobject, &string_length, &lvalue);
+        if (value == NULL) {
+            njs_vm_error(vm, "derivedKeyAlgorithm.length is not provided");
+            goto fail;
         }
 
     } else {
         dalg = NULL;
-        njs_value_assign(&value, dobject);
-    }
-
-    ret = njs_value_to_integer(vm, &value, &length);
+        value = dobject;
+    }
+
+    ret = njs_value_to_integer(vm, value, &length);
     if (njs_slow_path(ret != NJS_OK)) {
         goto fail;
     }
@@ -1463,16 +1447,16 @@ njs_ext_derive(njs_vm_t *vm, njs_value_t
         case NJS_ALGORITHM_AES_CBC:
 
             if (length != 16 && length != 32) {
-                njs_type_error(vm, "deriveKey \"%V\" length must be 128 or 256",
-                               njs_algorithm_string(dalg));
+                njs_vm_error(vm, "deriveKey \"%V\" length must be 128 or 256",
+                             njs_algorithm_string(dalg));
                 goto fail;
             }
 
             break;
 
         default:
-            njs_internal_error(vm, "not implemented deriveKey: \"%V\"",
-                               njs_algorithm_string(dalg));
+            njs_vm_error(vm, "not implemented deriveKey: \"%V\"",
+                         njs_algorithm_string(dalg));
             goto fail;
         }
 
@@ -1482,15 +1466,15 @@ njs_ext_derive(njs_vm_t *vm, njs_value_t
         }
 
         if (njs_slow_path(usage & ~dalg->usage)) {
-            njs_type_error(vm, "unsupported key usage for \"%V\" key",
-                           njs_algorithm_string(alg));
+            njs_vm_error(vm, "unsupported key usage for \"%V\" key",
+                         njs_algorithm_string(alg));
             goto fail;
         }
 
         dkey = njs_mp_zalloc(njs_vm_memory_pool(vm),
                              sizeof(njs_webcrypto_key_t));
         if (njs_slow_path(dkey == NULL)) {
-            njs_memory_error(vm);
+            njs_vm_memory_error(vm);
             goto fail;
         }
 
@@ -1500,7 +1484,7 @@ njs_ext_derive(njs_vm_t *vm, njs_value_t
 
     k = njs_mp_zalloc(njs_vm_memory_pool(vm), length);
     if (njs_slow_path(k == NULL)) {
-        njs_memory_error(vm);
+        njs_vm_memory_error(vm);
         goto fail;
     }
 
@@ -1511,39 +1495,30 @@ njs_ext_derive(njs_vm_t *vm, njs_value_t
             goto fail;
         }
 
-        ret = njs_value_property(vm, aobject, njs_value_arg(&string_salt),
-                                 &value);
-        if (njs_slow_path(ret != NJS_OK)) {
-            if (ret == NJS_DECLINED) {
-                njs_type_error(vm, "PBKDF2 algorithm.salt is not provided");
-            }
-
+        value = njs_vm_object_prop(vm, aobject, &string_salt, &lvalue);
+        if (value == NULL) {
+            njs_vm_error(vm, "PBKDF2 algorithm.salt is not provided");
             goto fail;
         }
 
-        ret = njs_vm_value_to_bytes(vm, &salt, &value);
+        ret = njs_vm_value_to_bytes(vm, &salt, value);
         if (njs_slow_path(ret != NJS_OK)) {
             goto fail;
         }
 
         if (njs_slow_path(salt.length < 16)) {
-            njs_type_error(vm, "PBKDF2 algorithm.salt must be "
-                           "at least 16 bytes long");
+            njs_vm_error(vm, "PBKDF2 algorithm.salt must be "
+                         "at least 16 bytes long");
             goto fail;
         }
 
-        ret = njs_value_property(vm, aobject, njs_value_arg(&string_iterations),
-                                 &value);
-        if (njs_slow_path(ret != NJS_OK)) {
-            if (ret == NJS_DECLINED) {
-                njs_type_error(vm, "PBKDF2 algorithm.iterations "
-                               "is not provided");
-            }
-
+        value = njs_vm_object_prop(vm, aobject, &string_iterations, &lvalue);
+        if (value == NULL) {
+            njs_vm_error(vm, "PBKDF2 algorithm.iterations is not provided");
             goto fail;
         }
 
-        ret = njs_value_to_integer(vm, &value, &iterations);
+        ret = njs_value_to_integer(vm, value, &iterations);
         if (njs_slow_path(ret != NJS_OK)) {
             goto fail;
         }
@@ -1566,32 +1541,24 @@ njs_ext_derive(njs_vm_t *vm, njs_value_t
             goto fail;
         }
 
-        ret = njs_value_property(vm, aobject, njs_value_arg(&string_salt),
-                                 &value);
-        if (njs_slow_path(ret != NJS_OK)) {
-            if (ret == NJS_DECLINED) {
-                njs_type_error(vm, "HKDF algorithm.salt is not provided");
-            }
-
+        value = njs_vm_object_prop(vm, aobject, &string_salt, &lvalue);
+        if (value == NULL) {
+            njs_vm_error(vm, "HKDF algorithm.salt is not provided");
             goto fail;
         }
 
-        ret = njs_vm_value_to_bytes(vm, &salt, &value);
+        ret = njs_vm_value_to_bytes(vm, &salt, value);
         if (njs_slow_path(ret != NJS_OK)) {
             goto fail;
         }
 
-        ret = njs_value_property(vm, aobject, njs_value_arg(&string_info),
-                                 &value);
-        if (njs_slow_path(ret != NJS_OK)) {
-            if (ret == NJS_DECLINED) {
-                njs_type_error(vm, "HKDF algorithm.info is not provided");
-            }
-
+        value = njs_vm_object_prop(vm, aobject, &string_info, &lvalue);
+        if (value == NULL) {
+            njs_vm_error(vm, "HKDF algorithm.info is not provided");
             goto fail;
         }
 
-        ret = njs_vm_value_to_bytes(vm, &info, &value);
+        ret = njs_vm_value_to_bytes(vm, &info, value);
         if (njs_slow_path(ret != NJS_OK)) {
             goto fail;
         }
@@ -1659,8 +1626,8 @@ free:
 
     case NJS_ALGORITHM_ECDH:
     default:
-        njs_internal_error(vm, "not implemented deriveKey "
-                           "algorithm: \"%V\"", njs_algorithm_string(alg));
+        njs_vm_error(vm, "not implemented deriveKey "
+                     "algorithm: \"%V\"", njs_algorithm_string(alg));
         goto fail;
     }
 
@@ -1675,18 +1642,19 @@ free:
         dkey->raw.start = k;
         dkey->raw.length = length;
 
-        ret = njs_vm_external_create(vm, &value,
+        ret = njs_vm_external_create(vm, njs_value_arg(&lvalue),
                                      njs_webcrypto_crypto_key_proto_id,
                                      dkey, 0);
     } else {
-        ret = njs_vm_value_array_buffer_set(vm, &value, k, length);
+        ret = njs_vm_value_array_buffer_set(vm, njs_value_arg(&lvalue), k,
+                                            length);
     }
 
     if (njs_slow_path(ret != NJS_OK)) {
         goto fail;
     }
 
-    return njs_webcrypto_result(vm, &value, NJS_OK, retval);
+    return njs_webcrypto_result(vm, &lvalue, NJS_OK, retval);
 
 fail:
 
@@ -1702,8 +1670,8 @@ njs_ext_digest(njs_vm_t *vm, njs_value_t
     u_char                *dst;
     njs_str_t             data;
     njs_int_t             ret;
-    njs_value_t           value;
     const EVP_MD          *md;
+    njs_opaque_value_t    result;
     njs_webcrypto_hash_t  hash;
 
     ret = njs_algorithm_hash(vm, njs_arg(args, nargs, 1), &hash);
@@ -1721,7 +1689,7 @@ njs_ext_digest(njs_vm_t *vm, njs_value_t
 
     dst = njs_mp_zalloc(njs_vm_memory_pool(vm), olen);
     if (njs_slow_path(dst == NULL)) {
-        njs_memory_error(vm);
+        njs_vm_memory_error(vm);
         goto fail;
     }
 
@@ -1731,12 +1699,12 @@ njs_ext_digest(njs_vm_t *vm, njs_value_t
         goto fail;
     }
 
-    ret = njs_vm_value_array_buffer_set(vm, &value, dst, olen);
+    ret = njs_vm_value_array_buffer_set(vm, njs_value_arg(&result), dst, olen);
     if (njs_slow_path(ret != NJS_OK)) {
         goto fail;
     }
 
-    return njs_webcrypto_result(vm, &value, NJS_OK, retval);
+    return njs_webcrypto_result(vm, &result, NJS_OK, retval);
 
 fail:
 
@@ -1745,8 +1713,8 @@ fail:
 
 
 static njs_int_t
-njs_export_base64url_bignum(njs_vm_t *vm, njs_value_t *retval, const BIGNUM *v,
-    size_t size)
+njs_export_base64url_bignum(njs_vm_t *vm, njs_opaque_value_t *retval,
+    const BIGNUM *v, size_t size)
 {
     njs_str_t  src;
     u_char     buf[512];
@@ -1762,36 +1730,35 @@ njs_export_base64url_bignum(njs_vm_t *vm
     src.start = buf;
     src.length = size;
 
-    return njs_string_base64url(vm, retval, &src);
+    return njs_string_base64url(vm, njs_value_arg(retval), &src);
 }
 
 
 static njs_int_t
-njs_base64url_bignum_set(njs_vm_t *vm, njs_value_t *jwk, njs_value_t *key,
+njs_base64url_bignum_set(njs_vm_t *vm, njs_value_t *jwk, const njs_str_t *key,
     const BIGNUM *v, size_t size)
 {
-    njs_int_t    ret;
-    njs_value_t  value;
+    njs_int_t           ret;
+    njs_opaque_value_t  value;
 
     ret = njs_export_base64url_bignum(vm, &value, v, size);
     if (ret != NJS_OK) {
         return NJS_ERROR;
     }
 
-    return njs_value_property_set(vm, jwk, key, &value);
+    return njs_vm_object_prop_set(vm, jwk, key, &value);
 }
 
 
 static njs_int_t
 njs_export_jwk_rsa(njs_vm_t *vm, njs_webcrypto_key_t *key, njs_value_t *retval)
 {
-    njs_int_t     ret;
-    const RSA     *rsa;
-    njs_str_t     *nm;
-    njs_value_t   nvalue, evalue, alg;
-    const BIGNUM  *n_bn, *e_bn, *d_bn, *p_bn, *q_bn, *dp_bn, *dq_bn, *qi_bn;
-
-    static const njs_value_t  rsa_str = njs_string("RSA");
+    njs_int_t           ret;
+    const RSA           *rsa;
+    njs_str_t           *nm;
+    const BIGNUM        *n_bn, *e_bn, *d_bn, *p_bn, *q_bn, *dp_bn, *dq_bn,
+                        *qi_bn;
+    njs_opaque_value_t  nvalue, evalue, alg, rsa_s;
 
     rsa = njs_pkey_get_rsa_key(key->pkey);
 
@@ -1807,8 +1774,24 @@ njs_export_jwk_rsa(njs_vm_t *vm, njs_web
         return NJS_ERROR;
     }
 
-    ret = njs_vm_object_alloc(vm, retval, &string_kty, &rsa_str, &string_n,
-                              &nvalue, &string_e, &evalue, NULL);
+    ret = njs_vm_object_alloc(vm, retval, NULL);
+    if (ret != NJS_OK) {
+        return NJS_ERROR;
+    }
+
+    njs_vm_value_string_set(vm, njs_value_arg(&rsa_s), (u_char *) "RSA", 3);
+
+    ret = njs_vm_object_prop_set(vm, retval, &string_kty, &rsa_s);
+    if (ret != NJS_OK) {
+        return NJS_ERROR;
+    }
+
+    ret = njs_vm_object_prop_set(vm, retval, &string_n, &nvalue);
+    if (ret != NJS_OK) {
+        return NJS_ERROR;
+    }
+
+    ret = njs_vm_object_prop_set(vm, retval, &string_e, &evalue);
     if (ret != NJS_OK) {
         return NJS_ERROR;
     }
@@ -1817,38 +1800,32 @@ njs_export_jwk_rsa(njs_vm_t *vm, njs_web
         njs_rsa_get0_factors(rsa, &p_bn, &q_bn);
         njs_rsa_get0_ctr_params(rsa, &dp_bn, &dq_bn, &qi_bn);
 
-        ret = njs_base64url_bignum_set(vm, retval, njs_value_arg(&string_d),
-                                       d_bn, 0);
+        ret = njs_base64url_bignum_set(vm, retval, &string_d, d_bn, 0);
         if (ret != NJS_OK) {
             return NJS_ERROR;
         }
 
-        ret = njs_base64url_bignum_set(vm, retval, njs_value_arg(&string_p),
-                                       p_bn, 0);
+        ret = njs_base64url_bignum_set(vm, retval, &string_p, p_bn, 0);
         if (ret != NJS_OK) {
             return NJS_ERROR;
         }
 
-        ret = njs_base64url_bignum_set(vm, retval, njs_value_arg(&string_q),
-                                       q_bn, 0);
+        ret = njs_base64url_bignum_set(vm, retval, &string_q, q_bn, 0);
         if (ret != NJS_OK) {
             return NJS_ERROR;
         }
 
-        ret = njs_base64url_bignum_set(vm, retval, njs_value_arg(&string_dp),
-                                       dp_bn, 0);
+        ret = njs_base64url_bignum_set(vm, retval, &string_dp, dp_bn, 0);
         if (ret != NJS_OK) {
             return NJS_ERROR;
         }
 
-        ret = njs_base64url_bignum_set(vm, retval, njs_value_arg(&string_dq),
-                                       dq_bn, 0);
+        ret = njs_base64url_bignum_set(vm, retval, &string_dq, dq_bn, 0);
         if (ret != NJS_OK) {
             return NJS_ERROR;
         }
 
-        ret = njs_base64url_bignum_set(vm, retval, njs_value_arg(&string_qi),
-                                       qi_bn, 0);
+        ret = njs_base64url_bignum_set(vm, retval, &string_qi, qi_bn, 0);
         if (ret != NJS_OK) {
             return NJS_ERROR;
         }
@@ -1856,9 +1833,10 @@ njs_export_jwk_rsa(njs_vm_t *vm, njs_web
 
     nm = &njs_webcrypto_alg_name[key->alg->type][key->hash];
 
-    (void) njs_vm_value_string_set(vm, &alg, nm->start, nm->length);
-
-    return njs_value_property_set(vm, retval, njs_value_arg(&string_alg), &alg);
+    (void) njs_vm_value_string_set(vm, njs_value_arg(&alg), nm->start,
+                                   nm->length);
+
+    return njs_vm_object_prop_set(vm, retval, &string_alg, &alg);
 }
 
 
@@ -1868,15 +1846,13 @@ njs_export_jwk_ec(njs_vm_t *vm, njs_webc
     int                    nid, group_bits, group_bytes;
     BIGNUM                 *x_bn, *y_bn;
     njs_int_t              ret;
-    njs_value_t            xvalue, yvalue, dvalue, name;
     const EC_KEY           *ec;
     const BIGNUM           *d_bn;
     const EC_POINT         *pub;
     const EC_GROUP         *group;
+    njs_opaque_value_t     xvalue, yvalue, dvalue, name, ec_s;
     njs_webcrypto_entry_t  *e;
 
-    static const njs_value_t  ec_str = njs_string("EC");
-
     x_bn = NULL;
     y_bn = NULL;
     d_bn = NULL;
@@ -1924,24 +1900,44 @@ njs_export_jwk_ec(njs_vm_t *vm, njs_webc
 
     for (e = &njs_webcrypto_curve[0]; e->name.length != 0; e++) {
         if ((uintptr_t) nid == e->value) {
-            (void) njs_vm_value_string_set(vm, &name, e->name.start,
-                                           e->name.length);
+            (void) njs_vm_value_string_set(vm, njs_value_arg(&name),
+                                           e->name.start, e->name.length);
             break;
         }
     }
 
     if (e->name.length == 0) {
-        njs_type_error(vm, "Unsupported JWK EC curve: %s", OBJ_nid2sn(nid));
+        njs_vm_error(vm, "Unsupported JWK EC curve: %s", OBJ_nid2sn(nid));
         goto fail;
     }
 
-    ret = njs_vm_object_alloc(vm, retval, &string_kty, &ec_str, &string_x,
-                              &xvalue, &string_y, &yvalue, &string_crv, &name,
-                              NULL);
+    ret = njs_vm_object_alloc(vm, retval, NULL);
     if (ret != NJS_OK) {
         goto fail;
     }
 
+    njs_vm_value_string_set(vm, njs_value_arg(&ec_s), (u_char *) "EC", 2);
+
+    ret = njs_vm_object_prop_set(vm, retval, &string_kty, &ec_s);
+    if (ret != NJS_OK) {
+        return NJS_ERROR;
+    }
+
+    ret = njs_vm_object_prop_set(vm, retval, &string_x, &xvalue);
+    if (ret != NJS_OK) {
+        return NJS_ERROR;
+    }
+
+    ret = njs_vm_object_prop_set(vm, retval, &string_y, &yvalue);
+    if (ret != NJS_OK) {
+        return NJS_ERROR;
+    }
+
+    ret = njs_vm_object_prop_set(vm, retval, &string_crv, &name);
+    if (ret != NJS_OK) {
+        return NJS_ERROR;
+    }
+
     if (key->privat) {
         d_bn = EC_KEY_get0_private_key(ec);
 
@@ -1950,8 +1946,7 @@ njs_export_jwk_ec(njs_vm_t *vm, njs_webc
             goto fail;
         }
 
-        ret = njs_value_property_set(vm, retval, njs_value_arg(&string_d),
-                                     &dvalue);
+        ret = njs_vm_object_prop_set(vm, retval, &string_d, &dvalue);
         if (ret != NJS_OK) {
             goto fail;
         }
@@ -1986,8 +1981,8 @@ njs_export_raw_ec(njs_vm_t *vm, njs_webc
     njs_assert(key->pkey != NULL);
 
     if (key->privat) {
-        njs_type_error(vm, "private key of \"%V\" cannot be exported "
-                       "in \"raw\" format", njs_algorithm_string(key->alg));
+        njs_vm_error(vm, "private key of \"%V\" cannot be exported "
+                     "in \"raw\" format", njs_algorithm_string(key->alg));
         return NJS_ERROR;
     }
 
@@ -2022,8 +2017,8 @@ static njs_int_t
 njs_export_jwk_asymmetric(njs_vm_t *vm, njs_webcrypto_key_t *key,
     njs_value_t *retval)
 {
-    njs_int_t    ret;
-    njs_value_t  ops, extractable;
+    njs_int_t           ret;
+    njs_opaque_value_t  ops, extractable;
 
     njs_assert(key->pkey != NULL);
 
@@ -2048,7 +2043,7 @@ njs_export_jwk_asymmetric(njs_vm_t *vm, 
         break;
 
     default:
-        njs_type_error(vm, "provided key cannot be exported as JWK");
+        njs_vm_error(vm, "provided key cannot be exported as JWK");
         return NJS_ERROR;
     }


More information about the nginx-devel mailing list