script: Implement import key operation for ECDH (servo#40253)

Implement import key operation for ECDH, using cryptographic calculation
implementation from the crates `p256`, `p384` and `p521`.

Testing:
- Pass some WPT tests that were expected to fail.
- Some FAIL expectations are added. They are related to the
not-yet-implemented "derive bits" operation of ECDH. WPT skipped them
when "import key" operation for ECDH were not yet implemented.

Fixes: Part of servo#39060

---------

Signed-off-by: Kingsley Yung <[email protected]>

Author: kkoyung

Cargo.lock

@@ -57,6 +57,7 @@ data-url = "0.3"
 devtools_traits = { path = "components/shared/devtools" }
 dpi = "0.1"
 dwrote = "0.11.5"
+elliptic-curve = "0.13"
 embedder_traits = { path = "components/shared/embedder" }
 encoding_rs = "0.8"
 env_logger = "0.11"
@@ -110,9 +111,13 @@ nom-rfc8288 = "0.4.0"
 num-traits = "0.2"
 num_cpus = "1.17.0"
 openxr = "0.19"
+p256 = "0.13"
+p384 = "0.13"
+p521 = "0.13"
 parking_lot = "0.12"
 peniko = "0.5"
 percent-encoding = "2.3"
+pkcs8 = "0.10"
 proc-macro2 = "1"
 profile_traits = { path = "components/shared/profile" }
 quote = "1"
@@ -127,6 +132,7 @@ rustls = { version = "0.23", default-features = false, features = ["logging", "s
 rustls-pemfile = "2.0"
 rustls-pki-types = "1.13"
 script_traits = { path = "components/shared/script" }
+sec1 = "0.7"
 selectors = { git = "https://github.com/servo/stylo", branch = "2025-10-01" }
 serde = "1.0.228"
 serde_bytes = "0.11"

Cargo.toml

@@ -62,6 +62,7 @@ deny_public_fields = { path = "../deny_public_fields" }
 devtools_traits = { workspace = true }
 dom_struct = { path = "../dom_struct" }
 domobject_derive = { path = "../domobject_derive" }
+elliptic-curve = { workspace = true }
 embedder_traits = { workspace = true }
 encoding_rs = { workspace = true }
 euclid = { workspace = true }
@@ -96,17 +97,22 @@ nom = { workspace = true }
 nom-rfc8288 = { workspace = true }
 num-traits = { workspace = true }
 num_cpus = { workspace = true }
+p256 = { workspace = true }
+p384 = { workspace = true }
+p521 = { workspace = true }
 parking_lot = { workspace = true }
 percent-encoding = { workspace = true }
 phf = "0.11"
 pixels = { path = "../pixels" }
+pkcs8 = { workspace = true }
 profile_traits = { workspace = true }
 rand = { workspace = true }
 range = { path = "../range" }
 regex = { workspace = true }
 rustc-hash = { workspace = true }
 script_bindings = { path = "../script_bindings" }
 script_traits = { workspace = true }
+sec1 = { workspace = true }
 selectors = { workspace = true }
 serde = { workspace = true, features = ["derive"] }
 serde_json = { workspace = true }

components/script/Cargo.toml

@@ -7,6 +7,7 @@ use std::ptr::NonNull;
 
 use dom_struct::dom_struct;
 use js::jsapi::{Heap, JSObject, Value};
+use malloc_size_of::MallocSizeOf;
 use script_bindings::conversions::SafeToJSValConvertible;
 
 use crate::dom::bindings::cell::DomRefCell;
@@ -26,8 +27,13 @@ pub(crate) enum CryptoKeyOrCryptoKeyPair {
 
 /// The underlying cryptographic data this key represents
 #[allow(dead_code)]
-#[derive(MallocSizeOf)]
 pub(crate) enum Handle {
+    P256PrivateKey(p256::SecretKey),
+    P384PrivateKey(p384::SecretKey),
+    P521PrivateKey(p521::SecretKey),
+    P256PublicKey(p256::PublicKey),
+    P384PublicKey(p384::PublicKey),
+    P521PublicKey(p521::PublicKey),
     Aes128(Vec<u8>),
     Aes192(Vec<u8>),
     Aes256(Vec<u8>),
@@ -199,6 +205,27 @@ impl Handle {
             Self::Hkdf(bytes) => bytes,
             Self::Hmac(bytes) => bytes,
             Self::Ed25519(bytes) => bytes,
+            _ => unreachable!(),
+        }
+    }
+}
+
+impl MallocSizeOf for Handle {
+    fn size_of(&self, ops: &mut malloc_size_of::MallocSizeOfOps) -> usize {
+        match self {
+            Handle::P256PrivateKey(secret_key) => secret_key.size_of(ops),
+            Handle::P384PrivateKey(secret_key) => secret_key.size_of(ops),
+            Handle::P521PrivateKey(secret_key) => secret_key.size_of(ops),
+            Handle::P256PublicKey(public_key) => public_key.size_of(ops),
+            Handle::P384PublicKey(public_key) => public_key.size_of(ops),
+            Handle::P521PublicKey(public_key) => public_key.size_of(ops),
+            Handle::Aes128(bytes) => bytes.size_of(ops),
+            Handle::Aes192(bytes) => bytes.size_of(ops),
+            Handle::Aes256(bytes) => bytes.size_of(ops),
+            Handle::Pbkdf2(bytes) => bytes.size_of(ops),
+            Handle::Hkdf(bytes) => bytes.size_of(ops),
+            Handle::Hmac(bytes) => bytes.size_of(ops),
+            Handle::Ed25519(bytes) => bytes.size_of(ops),
         }
     }
 }

components/script/dom/cryptokey.rs

@@ -3,6 +3,7 @@
  * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
 
 mod aes_operation;
+mod ecdh_operation;
 mod ed25519_operation;
 mod hkdf_operation;
 mod hmac_operation;
@@ -27,9 +28,9 @@ use crate::dom::bindings::codegen::Bindings::CryptoKeyBinding::{
 };
 use crate::dom::bindings::codegen::Bindings::SubtleCryptoBinding::{
     AesCbcParams, AesCtrParams, AesDerivedKeyParams, AesGcmParams, AesKeyAlgorithm,
-    AesKeyGenParams, Algorithm, AlgorithmIdentifier, HkdfParams, HmacImportParams,
-    HmacKeyAlgorithm, HmacKeyGenParams, JsonWebKey, KeyAlgorithm, KeyFormat, Pbkdf2Params,
-    RsaOtherPrimesInfo, SubtleCryptoMethods,
+    AesKeyGenParams, Algorithm, AlgorithmIdentifier, EcKeyAlgorithm, EcKeyImportParams, HkdfParams,
+    HmacImportParams, HmacKeyAlgorithm, HmacKeyGenParams, JsonWebKey, KeyAlgorithm, KeyFormat,
+    Pbkdf2Params, RsaOtherPrimesInfo, SubtleCryptoMethods,
 };
 use crate::dom::bindings::codegen::UnionTypes::{
     ArrayBufferViewOrArrayBuffer, ArrayBufferViewOrArrayBufferOrJsonWebKey, ObjectOrString,
@@ -89,7 +90,7 @@ static SUPPORTED_ALGORITHMS: &[&str] = &[
 const NAMED_CURVE_P256: &str = "P-256";
 const NAMED_CURVE_P384: &str = "P-384";
 const NAMED_CURVE_P521: &str = "P-521";
-#[allow(dead_code)]
+
 static SUPPORTED_CURVES: &[&str] = &[NAMED_CURVE_P256, NAMED_CURVE_P384, NAMED_CURVE_P521];
 
 /// <https://w3c.github.io/webcrypto/#supported-operation>
@@ -1625,6 +1626,48 @@ impl SafeToJSValConvertible for SubtleKeyAlgorithm {
     }
 }
 
+/// <https://w3c.github.io/webcrypto/#dfn-EcKeyAlgorithm>
+#[derive(Clone, Debug, MallocSizeOf)]
+pub(crate) struct SubtleEcKeyAlgorithm {
+    /// <https://w3c.github.io/webcrypto/#dom-keyalgorithm-name>
+    name: String,
+
+    /// <https://w3c.github.io/webcrypto/#dfn-EcKeyAlgorithm-namedCurve>
+    named_curve: String,
+}
+
+impl SafeToJSValConvertible for SubtleEcKeyAlgorithm {
+    fn safe_to_jsval(&self, cx: JSContext, rval: MutableHandleValue, can_gc: CanGc) {
+        let parent = KeyAlgorithm {
+            name: self.name.clone().into(),
+        };
+        let dictionary = EcKeyAlgorithm {
+            parent,
+            namedCurve: self.named_curve.clone().into(),
+        };
+        dictionary.safe_to_jsval(cx, rval, can_gc);
+    }
+}
+
+/// <https://w3c.github.io/webcrypto/#dfn-EcKeyImportParams>
+#[derive(Clone, Debug, MallocSizeOf)]
+struct SubtleEcKeyImportParams {
+    /// <https://w3c.github.io/webcrypto/#dom-algorithm-name>
+    name: String,
+
+    /// <https://w3c.github.io/webcrypto/#dfn-EcKeyImportParams-namedCurve>
+    named_curve: String,
+}
+
+impl From<EcKeyImportParams> for SubtleEcKeyImportParams {
+    fn from(value: EcKeyImportParams) -> Self {
+        SubtleEcKeyImportParams {
+            name: value.parent.name.to_string(),
+            named_curve: value.namedCurve.to_string(),
+        }
+    }
+}
+
 #[derive(Clone, Debug, MallocSizeOf)]
 pub(crate) struct SubtleAesCbcParams {
     pub(crate) name: String,
@@ -1936,6 +1979,7 @@ pub(crate) enum ExportedKey {
 #[allow(clippy::enum_variant_names)]
 pub(crate) enum KeyAlgorithmAndDerivatives {
     KeyAlgorithm(SubtleKeyAlgorithm),
+    EcKeyAlgorithm(SubtleEcKeyAlgorithm),
     AesKeyAlgorithm(SubtleAesKeyAlgorithm),
     HmacKeyAlgorithm(SubtleHmacKeyAlgorithm),
 }
@@ -1944,6 +1988,7 @@ impl KeyAlgorithmAndDerivatives {
     fn name(&self) -> &str {
         match self {
             KeyAlgorithmAndDerivatives::KeyAlgorithm(algo) => &algo.name,
+            KeyAlgorithmAndDerivatives::EcKeyAlgorithm(algo) => &algo.name,
             KeyAlgorithmAndDerivatives::AesKeyAlgorithm(algo) => &algo.name,
             KeyAlgorithmAndDerivatives::HmacKeyAlgorithm(algo) => &algo.name,
         }
@@ -1962,6 +2007,9 @@ impl SafeToJSValConvertible for KeyAlgorithmAndDerivatives {
     fn safe_to_jsval(&self, cx: JSContext, rval: MutableHandleValue, can_gc: CanGc) {
         match self {
             KeyAlgorithmAndDerivatives::KeyAlgorithm(algo) => algo.safe_to_jsval(cx, rval, can_gc),
+            KeyAlgorithmAndDerivatives::EcKeyAlgorithm(algo) => {
+                algo.safe_to_jsval(cx, rval, can_gc)
+            },
             KeyAlgorithmAndDerivatives::AesKeyAlgorithm(algo) => {
                 algo.safe_to_jsval(cx, rval, can_gc)
             },
@@ -2129,6 +2177,7 @@ impl JsonWebKeyExt for JsonWebKey {
 #[derive(Clone, Debug, MallocSizeOf)]
 enum NormalizedAlgorithm {
     Algorithm(SubtleAlgorithm),
+    EcKeyImportParams(SubtleEcKeyImportParams),
     AesCtrParams(SubtleAesCtrParams),
     AesKeyGenParams(SubtleAesKeyGenParams),
     AesDerivedKeyParams(SubtleAesDerivedKeyParams),
@@ -2223,6 +2272,14 @@ fn normalize_algorithm(
             // NOTE: Step 10.1.3 is done by the `From` and `TryFrom` trait implementation of
             // "subtle" binding structs.
             let normalized_algorithm = match (alg_name, op) {
+                // <https://w3c.github.io/webcrypto/#ecdh-registration>
+                (ALG_ECDH, Operation::ImportKey) => {
+                    let mut params =
+                        dictionary_from_jsval::<EcKeyImportParams>(cx, value.handle())?;
+                    params.parent.name = DOMString::from(alg_name);
+                    NormalizedAlgorithm::EcKeyImportParams(params.into())
+                },
+
                 // <https://w3c.github.io/webcrypto/#ed25519-registration>
                 (ALG_ED25519, Operation::Sign) => {
                     let mut params = dictionary_from_jsval::<Algorithm>(cx, value.handle())?;
@@ -2517,6 +2574,7 @@ impl NormalizedAlgorithm {
     fn name(&self) -> &str {
         match self {
             NormalizedAlgorithm::Algorithm(algo) => &algo.name,
+            NormalizedAlgorithm::EcKeyImportParams(algo) => &algo.name,
             NormalizedAlgorithm::AesCtrParams(algo) => &algo.name,
             NormalizedAlgorithm::AesKeyGenParams(algo) => &algo.name,
             NormalizedAlgorithm::AesDerivedKeyParams(algo) => &algo.name,
@@ -2702,6 +2760,15 @@ impl NormalizedAlgorithm {
                 },
                 _ => Err(Error::NotSupported),
             },
+            NormalizedAlgorithm::EcKeyImportParams(algo) => ecdh_operation::import_key(
+                global,
+                algo,
+                format,
+                key_data,
+                extractable,
+                usages,
+                can_gc,
+            ),
             NormalizedAlgorithm::HmacImportParams(algo) => hmac_operation::import_key(
                 global,
                 algo,