Changeset 214074 in webkit

Timestamp:

Mar 16, 2017 3:32:20 PM (7 years ago)

Author:

jiewen_tan@apple.com

Message:

[WebCrypto] Support SPKI/PKCS8 for Elliptic Curve
​https://bugs.webkit.org/show_bug.cgi?id=169318
<rdar://problem/31081956>

Reviewed by Brent Fulgham.

LayoutTests/imported/w3c:

• web-platform-tests/WebCryptoAPI/import_export/ec_importKey.worker-expected.txt:
• web-platform-tests/WebCryptoAPI/import_export/test_ec_importKey-expected.txt:

Source/WebCore:

This patch adds SPKI/PKCS8 support for Elliptic Curve cryptos. We can now import/export
SPKI/PKCS8 Elliptic Curve keys after this change. Few things to note: 1) This patch
implements a loose DER encoder/decoder for hacking the underlying CommonCrypto library.
2) It only permits id-ecPublicKey as the AlgorithmIdentifier following OpenSSL/Chrome(BoringSSL).
3) It follows OpenSSL/Chrome(BoringSSL) to replace ECParameters in ECPrivateKey with custom
tags. Hence, we should fully comply with OpenSSL/Chrome(BoringSSL).

Tests: crypto/subtle/ec-import-jwk-key-export-pkcs8-key.html

crypto/subtle/ec-import-jwk-key-export-spki-key.html
crypto/subtle/ec-import-pkcs8-key-export-jwk-key.html
crypto/subtle/ec-import-pkcs8-key-export-pkcs8-key-p256.html
crypto/subtle/ec-import-pkcs8-key-export-pkcs8-key-p384.html
crypto/subtle/ec-import-raw-key-export-spki-key.html
crypto/subtle/ec-import-spki-key-export-jwk-key.html
crypto/subtle/ec-import-spki-key-export-raw-key.html
crypto/subtle/ec-import-spki-key-export-spki-key-p256.html
crypto/subtle/ec-import-spki-key-export-spki-key-p384.html
crypto/subtle/ecdh-generate-export-key-spki-p256.html
crypto/subtle/ecdh-generate-export-key-spki-p384.html
crypto/subtle/ecdh-generate-export-pkcs8-p256.html
crypto/subtle/ecdh-generate-export-pkcs8-p384.html
crypto/subtle/ecdh-import-pkcs8-key-p256.html
crypto/subtle/ecdh-import-pkcs8-key-p384.html
crypto/subtle/ecdh-import-spki-key-p256.html
crypto/subtle/ecdh-import-spki-key-p384.html
crypto/workers/subtle/ec-generate-export-pkcs8-key.html
crypto/workers/subtle/ec-generate-export-spki-key.html
crypto/workers/subtle/ec-import-pkcs8-key.html
crypto/workers/subtle/ec-import-spki-key.html

• WebCore.xcodeproj/project.pbxproj:
• crypto/algorithms/CryptoAlgorithmECDH.cpp:

(WebCore::CryptoAlgorithmECDH::importKey):
(WebCore::CryptoAlgorithmECDH::exportKey):

• crypto/gnutls/CryptoKeyECGnuTLS.cpp:

(WebCore::CryptoKeyEC::platformExportRaw):
(WebCore::CryptoKeyEC::platformImportSpki):
(WebCore::CryptoKeyEC::platformExportSpki):
(WebCore::CryptoKeyEC::platformImportPkcs8):
(WebCore::CryptoKeyEC::platformExportPkcs8):
(WebCore::CryptoKeyEC::exportRaw): Deleted.

• crypto/keys/CryptoKeyEC.cpp:

(WebCore::CryptoKeyEC::importSpki):
(WebCore::CryptoKeyEC::importPkcs8):
(WebCore::CryptoKeyEC::exportRaw):
(WebCore::CryptoKeyEC::exportSpki):
(WebCore::CryptoKeyEC::exportPkcs8):

• crypto/keys/CryptoKeyEC.h:
• crypto/mac/CommonCryptoDERUtilities.h: Added.

(WebCore::bytesUsedToEncodedLength):
(WebCore::extraBytesNeededForEncodedLength):
(WebCore::addEncodedASN1Length):
(WebCore::bytesNeededForEncodedLength):

• crypto/mac/CryptoKeyECMac.cpp:

(WebCore::compareBytes):
(WebCore::CryptoKeyEC::platformExportRaw):
(WebCore::CryptoKeyEC::platformImportJWKPrivate):
(WebCore::getOID):
(WebCore::CryptoKeyEC::platformImportSpki):
(WebCore::CryptoKeyEC::platformExportSpki):
(WebCore::CryptoKeyEC::platformImportPkcs8):
(WebCore::CryptoKeyEC::platformExportPkcs8):
(WebCore::CryptoKeyEC::exportRaw): Deleted.
Enlarge the robust of exportRaw.

• crypto/mac/CryptoKeyRSAMac.cpp:

(WebCore::CryptoKeyRSA::exportSpki):
(WebCore::CryptoKeyRSA::exportPkcs8):
Enhance the implementation.
(WebCore::bytesUsedToEncodedLength): Deleted.
(WebCore::bytesNeededForEncodedLength): Deleted.
(WebCore::addEncodedASN1Length): Deleted.
Moved to CommonCryptoDERUtilities.h.

LayoutTests:

• crypto/subtle/ec-export-key-malformed-parameters-expected.txt:
• crypto/subtle/ec-export-key-malformed-parameters.html:
• crypto/subtle/ec-import-jwk-key-export-jwk-key-private-expected.txt:
• crypto/subtle/ec-import-jwk-key-export-jwk-key-private.html:
• crypto/subtle/ec-import-jwk-key-export-pkcs8-key-expected.txt: Added.
• crypto/subtle/ec-import-jwk-key-export-pkcs8-key.html: Added.
• crypto/subtle/ec-import-jwk-key-export-spki-key-expected.txt: Added.
• crypto/subtle/ec-import-jwk-key-export-spki-key.html: Added.
• crypto/subtle/ec-import-key-malformed-parameters-expected.txt:
• crypto/subtle/ec-import-key-malformed-parameters.html:
• crypto/subtle/ec-import-pkcs8-key-export-jwk-key-expected.txt: Added.
• crypto/subtle/ec-import-pkcs8-key-export-jwk-key.html: Added.
• crypto/subtle/ec-import-pkcs8-key-export-pkcs8-key-p256-expected.txt: Added.
• crypto/subtle/ec-import-pkcs8-key-export-pkcs8-key-p256.html: Added.
• crypto/subtle/ec-import-pkcs8-key-export-pkcs8-key-p384-expected.txt: Added.
• crypto/subtle/ec-import-pkcs8-key-export-pkcs8-key-p384.html: Added.
• crypto/subtle/ec-import-raw-key-export-spki-key-expected.txt: Added.
• crypto/subtle/ec-import-raw-key-export-spki-key.html: Added.
• crypto/subtle/ec-import-spki-key-export-jwk-key-expected.txt: Added.
• crypto/subtle/ec-import-spki-key-export-jwk-key.html: Added.
• crypto/subtle/ec-import-spki-key-export-raw-key-expected.txt: Added.
• crypto/subtle/ec-import-spki-key-export-raw-key.html: Added.
• crypto/subtle/ec-import-spki-key-export-spki-key-p256-expected.txt: Added.
• crypto/subtle/ec-import-spki-key-export-spki-key-p256.html: Added.
• crypto/subtle/ec-import-spki-key-export-spki-key-p384-expected.txt: Added.
• crypto/subtle/ec-import-spki-key-export-spki-key-p384.html: Added.
• crypto/subtle/ecdh-generate-export-key-spki-p256-expected.txt: Added.
• crypto/subtle/ecdh-generate-export-key-spki-p256.html: Added.
• crypto/subtle/ecdh-generate-export-key-spki-p384-expected.txt: Added.
• crypto/subtle/ecdh-generate-export-key-spki-p384.html: Added.
• crypto/subtle/ecdh-generate-export-pkcs8-p256-expected.txt: Added.
• crypto/subtle/ecdh-generate-export-pkcs8-p256.html: Added.
• crypto/subtle/ecdh-generate-export-pkcs8-p384-expected.txt: Added.
• crypto/subtle/ecdh-generate-export-pkcs8-p384.html: Added.
• crypto/subtle/ecdh-import-pkcs8-key-p256-expected.txt: Added.
• crypto/subtle/ecdh-import-pkcs8-key-p256.html: Added.
• crypto/subtle/ecdh-import-pkcs8-key-p384-expected.txt: Added.
• crypto/subtle/ecdh-import-pkcs8-key-p384.html: Added.
• crypto/subtle/ecdh-import-spki-key-p256-expected.txt: Added.
• crypto/subtle/ecdh-import-spki-key-p256.html: Added.
• crypto/subtle/ecdh-import-spki-key-p384-expected.txt: Added.
• crypto/subtle/ecdh-import-spki-key-p384.html: Added.
• crypto/workers/subtle/ec-generate-export-pkcs8-key-expected.txt: Added.
• crypto/workers/subtle/ec-generate-export-pkcs8-key.html: Added.
• crypto/workers/subtle/ec-generate-export-spki-key-expected.txt: Added.
• crypto/workers/subtle/ec-generate-export-spki-key.html: Added.
• crypto/workers/subtle/ec-import-pkcs8-key-expected.txt: Added.
• crypto/workers/subtle/ec-import-pkcs8-key.html: Added.
• crypto/workers/subtle/ec-import-spki-key-expected.txt: Added.
• crypto/workers/subtle/ec-import-spki-key.html: Added.
• crypto/workers/subtle/resources/ec-generate-export-pkcs8-key.js: Added.
• crypto/workers/subtle/resources/ec-generate-export-spki-key.js: Added.
• crypto/workers/subtle/resources/ec-import-pkcs8-key.js: Added.
• crypto/workers/subtle/resources/ec-import-spki-key.js: Added.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/crypto/subtle/ec-export-key-malformed-parameters-expected.txt (modified) (1 diff)
• LayoutTests/crypto/subtle/ec-export-key-malformed-parameters.html (modified) (1 diff)
• LayoutTests/crypto/subtle/ec-import-jwk-key-export-jwk-key-private-expected.txt (modified) (1 diff)
• LayoutTests/crypto/subtle/ec-import-jwk-key-export-jwk-key-private.html (modified) (1 diff)
• LayoutTests/crypto/subtle/ec-import-jwk-key-export-pkcs8-key-expected.txt (added)
• LayoutTests/crypto/subtle/ec-import-jwk-key-export-pkcs8-key.html (copied) (copied from trunk/LayoutTests/crypto/subtle/ec-import-jwk-key-export-jwk-key-private.html) (2 diffs)
• LayoutTests/crypto/subtle/ec-import-jwk-key-export-spki-key-expected.txt (added)
• LayoutTests/crypto/subtle/ec-import-jwk-key-export-spki-key.html (copied) (copied from trunk/LayoutTests/crypto/subtle/ec-import-jwk-key-export-jwk-key-private.html) (2 diffs)
• LayoutTests/crypto/subtle/ec-import-key-malformed-parameters-expected.txt (modified) (1 diff)
• LayoutTests/crypto/subtle/ec-import-key-malformed-parameters.html (modified) (2 diffs)
• LayoutTests/crypto/subtle/ec-import-pkcs8-key-export-jwk-key-expected.txt (added)
• LayoutTests/crypto/subtle/ec-import-pkcs8-key-export-jwk-key.html (added)
• LayoutTests/crypto/subtle/ec-import-pkcs8-key-export-pkcs8-key-p256-expected.txt (added)
• LayoutTests/crypto/subtle/ec-import-pkcs8-key-export-pkcs8-key-p256.html (added)
• LayoutTests/crypto/subtle/ec-import-pkcs8-key-export-pkcs8-key-p384-expected.txt (added)
• LayoutTests/crypto/subtle/ec-import-pkcs8-key-export-pkcs8-key-p384.html (added)
• LayoutTests/crypto/subtle/ec-import-raw-key-export-spki-key-expected.txt (added)
• LayoutTests/crypto/subtle/ec-import-raw-key-export-spki-key.html (added)
• LayoutTests/crypto/subtle/ec-import-spki-key-export-jwk-key-expected.txt (added)
• LayoutTests/crypto/subtle/ec-import-spki-key-export-jwk-key.html (added)
• LayoutTests/crypto/subtle/ec-import-spki-key-export-raw-key-expected.txt (added)
• LayoutTests/crypto/subtle/ec-import-spki-key-export-raw-key.html (added)
• LayoutTests/crypto/subtle/ec-import-spki-key-export-spki-key-p256-expected.txt (added)
• LayoutTests/crypto/subtle/ec-import-spki-key-export-spki-key-p256.html (added)
• LayoutTests/crypto/subtle/ec-import-spki-key-export-spki-key-p384-expected.txt (added)
• LayoutTests/crypto/subtle/ec-import-spki-key-export-spki-key-p384.html (added)
• LayoutTests/crypto/subtle/ecdh-generate-export-key-spki-p256-expected.txt (added)
• LayoutTests/crypto/subtle/ecdh-generate-export-key-spki-p256.html (copied) (copied from trunk/LayoutTests/crypto/subtle/ec-export-key-malformed-parameters.html) (2 diffs)
• LayoutTests/crypto/subtle/ecdh-generate-export-key-spki-p384-expected.txt (added)
• LayoutTests/crypto/subtle/ecdh-generate-export-key-spki-p384.html (copied) (copied from trunk/LayoutTests/crypto/subtle/ec-export-key-malformed-parameters.html) (2 diffs)
• LayoutTests/crypto/subtle/ecdh-generate-export-pkcs8-p256-expected.txt (added)
• LayoutTests/crypto/subtle/ecdh-generate-export-pkcs8-p256.html (copied) (copied from trunk/LayoutTests/crypto/subtle/ec-export-key-malformed-parameters.html) (2 diffs)
• LayoutTests/crypto/subtle/ecdh-generate-export-pkcs8-p384-expected.txt (added)
• LayoutTests/crypto/subtle/ecdh-generate-export-pkcs8-p384.html (copied) (copied from trunk/LayoutTests/crypto/subtle/ec-export-key-malformed-parameters.html) (2 diffs)
• LayoutTests/crypto/subtle/ecdh-import-pkcs8-key-p256-expected.txt (added)
• LayoutTests/crypto/subtle/ecdh-import-pkcs8-key-p256.html (added)
• LayoutTests/crypto/subtle/ecdh-import-pkcs8-key-p384-expected.txt (added)
• LayoutTests/crypto/subtle/ecdh-import-pkcs8-key-p384.html (added)
• LayoutTests/crypto/subtle/ecdh-import-spki-key-p256-expected.txt (added)
• LayoutTests/crypto/subtle/ecdh-import-spki-key-p256.html (added)
• LayoutTests/crypto/subtle/ecdh-import-spki-key-p384-expected.txt (added)
• LayoutTests/crypto/subtle/ecdh-import-spki-key-p384.html (added)
• LayoutTests/crypto/workers/subtle/ec-generate-export-pkcs8-key-expected.txt (added)
• LayoutTests/crypto/workers/subtle/ec-generate-export-pkcs8-key.html (added)
• LayoutTests/crypto/workers/subtle/ec-generate-export-spki-key-expected.txt (added)
• LayoutTests/crypto/workers/subtle/ec-generate-export-spki-key.html (added)
• LayoutTests/crypto/workers/subtle/ec-import-pkcs8-key-expected.txt (added)
• LayoutTests/crypto/workers/subtle/ec-import-pkcs8-key.html (added)
• LayoutTests/crypto/workers/subtle/ec-import-spki-key-expected.txt (added)
• LayoutTests/crypto/workers/subtle/ec-import-spki-key.html (added)
• LayoutTests/crypto/workers/subtle/resources/ec-generate-export-pkcs8-key.js (added)
• LayoutTests/crypto/workers/subtle/resources/ec-generate-export-spki-key.js (added)
• LayoutTests/crypto/workers/subtle/resources/ec-import-pkcs8-key.js (added)
• LayoutTests/crypto/workers/subtle/resources/ec-import-spki-key.js (added)
• LayoutTests/imported/w3c/ChangeLog (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/WebCryptoAPI/import_export/ec_importKey.worker-expected.txt (modified) (1 diff)
• LayoutTests/imported/w3c/web-platform-tests/WebCryptoAPI/import_export/test_ec_importKey-expected.txt (modified) (1 diff)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/WebCore.xcodeproj/project.pbxproj (modified) (4 diffs)
• Source/WebCore/crypto/algorithms/CryptoAlgorithmECDH.cpp (modified) (2 diffs)
• Source/WebCore/crypto/gnutls/CryptoKeyECGnuTLS.cpp (modified) (2 diffs)
• Source/WebCore/crypto/keys/CryptoKeyEC.cpp (modified) (2 diffs)
• Source/WebCore/crypto/keys/CryptoKeyEC.h (modified) (2 diffs)
• Source/WebCore/crypto/mac/CommonCryptoDERUtilities.h (added)
• Source/WebCore/crypto/mac/CryptoKeyECMac.cpp (modified) (5 diffs)
• Source/WebCore/crypto/mac/CryptoKeyRSAMac.cpp (modified) (5 diffs)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2017-03-16  Jiewen Tan  <jiewen_tan@apple.com>
+
+        [WebCrypto] Support SPKI/PKCS8 for Elliptic Curve
+        https://bugs.webkit.org/show_bug.cgi?id=169318
+        <rdar://problem/31081956>
+
+        Reviewed by Brent Fulgham.
+
+        * crypto/subtle/ec-export-key-malformed-parameters-expected.txt:
+        * crypto/subtle/ec-export-key-malformed-parameters.html:
+        * crypto/subtle/ec-import-jwk-key-export-jwk-key-private-expected.txt:
+        * crypto/subtle/ec-import-jwk-key-export-jwk-key-private.html:
+        * crypto/subtle/ec-import-jwk-key-export-pkcs8-key-expected.txt: Added.
+        * crypto/subtle/ec-import-jwk-key-export-pkcs8-key.html: Added.
+        * crypto/subtle/ec-import-jwk-key-export-spki-key-expected.txt: Added.
+        * crypto/subtle/ec-import-jwk-key-export-spki-key.html: Added.
+        * crypto/subtle/ec-import-key-malformed-parameters-expected.txt:
+        * crypto/subtle/ec-import-key-malformed-parameters.html:
+        * crypto/subtle/ec-import-pkcs8-key-export-jwk-key-expected.txt: Added.
+        * crypto/subtle/ec-import-pkcs8-key-export-jwk-key.html: Added.
+        * crypto/subtle/ec-import-pkcs8-key-export-pkcs8-key-p256-expected.txt: Added.
+        * crypto/subtle/ec-import-pkcs8-key-export-pkcs8-key-p256.html: Added.
+        * crypto/subtle/ec-import-pkcs8-key-export-pkcs8-key-p384-expected.txt: Added.
+        * crypto/subtle/ec-import-pkcs8-key-export-pkcs8-key-p384.html: Added.
+        * crypto/subtle/ec-import-raw-key-export-spki-key-expected.txt: Added.
+        * crypto/subtle/ec-import-raw-key-export-spki-key.html: Added.
+        * crypto/subtle/ec-import-spki-key-export-jwk-key-expected.txt: Added.
+        * crypto/subtle/ec-import-spki-key-export-jwk-key.html: Added.
+        * crypto/subtle/ec-import-spki-key-export-raw-key-expected.txt: Added.
+        * crypto/subtle/ec-import-spki-key-export-raw-key.html: Added.
+        * crypto/subtle/ec-import-spki-key-export-spki-key-p256-expected.txt: Added.
+        * crypto/subtle/ec-import-spki-key-export-spki-key-p256.html: Added.
+        * crypto/subtle/ec-import-spki-key-export-spki-key-p384-expected.txt: Added.
+        * crypto/subtle/ec-import-spki-key-export-spki-key-p384.html: Added.
+        * crypto/subtle/ecdh-generate-export-key-spki-p256-expected.txt: Added.
+        * crypto/subtle/ecdh-generate-export-key-spki-p256.html: Added.
+        * crypto/subtle/ecdh-generate-export-key-spki-p384-expected.txt: Added.
+        * crypto/subtle/ecdh-generate-export-key-spki-p384.html: Added.
+        * crypto/subtle/ecdh-generate-export-pkcs8-p256-expected.txt: Added.
+        * crypto/subtle/ecdh-generate-export-pkcs8-p256.html: Added.
+        * crypto/subtle/ecdh-generate-export-pkcs8-p384-expected.txt: Added.
+        * crypto/subtle/ecdh-generate-export-pkcs8-p384.html: Added.
+        * crypto/subtle/ecdh-import-pkcs8-key-p256-expected.txt: Added.
+        * crypto/subtle/ecdh-import-pkcs8-key-p256.html: Added.
+        * crypto/subtle/ecdh-import-pkcs8-key-p384-expected.txt: Added.
+        * crypto/subtle/ecdh-import-pkcs8-key-p384.html: Added.
+        * crypto/subtle/ecdh-import-spki-key-p256-expected.txt: Added.
+        * crypto/subtle/ecdh-import-spki-key-p256.html: Added.
+        * crypto/subtle/ecdh-import-spki-key-p384-expected.txt: Added.
+        * crypto/subtle/ecdh-import-spki-key-p384.html: Added.
+        * crypto/workers/subtle/ec-generate-export-pkcs8-key-expected.txt: Added.
+        * crypto/workers/subtle/ec-generate-export-pkcs8-key.html: Added.
+        * crypto/workers/subtle/ec-generate-export-spki-key-expected.txt: Added.
+        * crypto/workers/subtle/ec-generate-export-spki-key.html: Added.
+        * crypto/workers/subtle/ec-import-pkcs8-key-expected.txt: Added.
+        * crypto/workers/subtle/ec-import-pkcs8-key.html: Added.
+        * crypto/workers/subtle/ec-import-spki-key-expected.txt: Added.
+        * crypto/workers/subtle/ec-import-spki-key.html: Added.
+        * crypto/workers/subtle/resources/ec-generate-export-pkcs8-key.js: Added.
+        * crypto/workers/subtle/resources/ec-generate-export-spki-key.js: Added.
+        * crypto/workers/subtle/resources/ec-import-pkcs8-key.js: Added.
+        * crypto/workers/subtle/resources/ec-import-spki-key.js: Added.
+
 2017-03-16  Zalan Bujtas  <zalan@apple.com>
 

trunk/LayoutTests/crypto/subtle/ec-export-key-malformed-parameters-expected.txt

@@ -5 +5 @@
 
 PASS crypto.subtle.exportKey("raw", privateKey) rejected promise  with InvalidAccessError (DOM Exception 15): The requested operation is not valid for the provided key.
+PASS crypto.subtle.exportKey("spki", privateKey) rejected promise  with InvalidAccessError (DOM Exception 15): The requested operation is not valid for the provided key.
+PASS crypto.subtle.exportKey("pkcs8", publicKey) rejected promise  with InvalidAccessError (DOM Exception 15): The requested operation is not valid for the provided key.
 PASS successfullyParsed is true
 

trunk/LayoutTests/crypto/subtle/ec-export-key-malformed-parameters.html

@@ -22 +22 @@
 crypto.subtle.generateKey(algorithmKeyGen, extractable, ["deriveKey", "deriveBits"]).then(function(result) {
     privateKey = result.privateKey;
+    publicKey = result.publicKey;
 
     // Wrong key and format.
     return shouldReject('crypto.subtle.exportKey("raw", privateKey)');
+}).then(function() {
+    // Wrong key and format.
+    return shouldReject('crypto.subtle.exportKey("spki", privateKey)');
+}).then(function() {
+    // Wrong key and format.
+    return shouldReject('crypto.subtle.exportKey("pkcs8", publicKey)');
 }).then(finishJSTest, finishJSTest);
 

trunk/LayoutTests/crypto/subtle/ec-import-jwk-key-export-jwk-key-private-expected.txt

@@ -5 +5 @@
 
 Importing a key...
-PASS publicKey.kty is jwkKey.kty
-PASS publicKey.crv is jwkKey.crv
-PASS publicKey.x is jwkKey.x
-PASS publicKey.y is jwkKey.y
-PASS publicKey.d is jwkKey.d
-PASS publicKey.key_ops is jwkKey.key_ops
-PASS publicKey.ext is jwkKey.ext
+PASS privateKey.kty is jwkKey.kty
+PASS privateKey.crv is jwkKey.crv
+PASS privateKey.x is jwkKey.x
+PASS privateKey.y is jwkKey.y
+PASS privateKey.d is jwkKey.d
+PASS privateKey.key_ops is jwkKey.key_ops
+PASS privateKey.ext is jwkKey.ext
 PASS successfullyParsed is true
 

trunk/LayoutTests/crypto/subtle/ec-import-jwk-key-export-jwk-key-private.html

@@ -29 +29 @@
     return crypto.subtle.exportKey("jwk", result);
 }).then(function(result) {
-    publicKey = result;
+    privateKey = result;
 
-    shouldBe("publicKey.kty", "jwkKey.kty");
-    shouldBe("publicKey.crv", "jwkKey.crv");
-    shouldBe("publicKey.x", "jwkKey.x");
-    shouldBe("publicKey.y", "jwkKey.y");
-    shouldBe("publicKey.d", "jwkKey.d");
-    shouldBe("publicKey.key_ops", "jwkKey.key_ops");
-    shouldBe("publicKey.ext", "jwkKey.ext");
+    shouldBe("privateKey.kty", "jwkKey.kty");
+    shouldBe("privateKey.crv", "jwkKey.crv");
+    shouldBe("privateKey.x", "jwkKey.x");
+    shouldBe("privateKey.y", "jwkKey.y");
+    shouldBe("privateKey.d", "jwkKey.d");
+    shouldBe("privateKey.key_ops", "jwkKey.key_ops");
+    shouldBe("privateKey.ext", "jwkKey.ext");
 
     finishJSTest();

trunk/LayoutTests/crypto/subtle/ec-import-jwk-key-export-pkcs8-key.html

@@ -10 +10 @@
 
 <script>
-description("Test importing a jwk private ECDH key and then export it in jwk format");
+description("Test importing a jwk private ECDH key and then export it in PKCS8 format");
 
 jsTestIsAsync = true;
@@ -23 +23 @@
     d: "ppxBSov3N8_AUcisAuvmLV4yE8e_L_BLE8bZb9Z1Xjg",
 };
+var expectedPkcs8KeyHex = "308187020100301306072a8648ce3d020106082a8648ce3d030107046d306b0201010420a69c414a8bf737cfc051c8ac02ebe62d5e3213c7bf2ff04b13c6d96fd6755e38a14403420004d454955a2793be2905906d4d3b286450268c6dd421c701fa682bb8133fac46d0f6398d4cba8ce1c8c185d0271dc348f58415dcef0b166a3e11d65693c9ed01a2";
 var extractable = true;
 
 debug("Importing a key...");
 crypto.subtle.importKey("jwk", jwkKey, { name: "ECDH", namedCurve: "P-256" }, extractable, ["deriveKey", "deriveBits"]).then(function(result) {
-    return crypto.subtle.exportKey("jwk", result);
+    return crypto.subtle.exportKey("pkcs8", result);
 }).then(function(result) {
-    publicKey = result;
+    privateKey = result;
 
-    shouldBe("publicKey.kty", "jwkKey.kty");
-    shouldBe("publicKey.crv", "jwkKey.crv");
-    shouldBe("publicKey.x", "jwkKey.x");
-    shouldBe("publicKey.y", "jwkKey.y");
-    shouldBe("publicKey.d", "jwkKey.d");
-    shouldBe("publicKey.key_ops", "jwkKey.key_ops");
-    shouldBe("publicKey.ext", "jwkKey.ext");
+    shouldBe("bytesToHexString(privateKey)", "expectedPkcs8KeyHex");
 
     finishJSTest();

trunk/LayoutTests/crypto/subtle/ec-import-jwk-key-export-spki-key.html

@@ -10 +10 @@
 
 <script>
-description("Test importing a jwk private ECDH key and then export it in jwk format");
+description("Test importing a JWK ECDH public key and export it in SPKI format");
 
 jsTestIsAsync = true;
@@ -16 +16 @@
 var jwkKey = {
     kty: "EC",
-    ext: true,
-    key_ops: ["deriveBits", "deriveKey"],
     crv: "P-256",
     x: "1FSVWieTvikFkG1NOyhkUCaMbdQhxwH6aCu4Ez-sRtA",
     y: "9jmNTLqM4cjBhdAnHcNI9YQV3O8LFmo-EdZWk8ntAaI",
-    d: "ppxBSov3N8_AUcisAuvmLV4yE8e_L_BLE8bZb9Z1Xjg",
 };
+var expectedSpkiKey = "3059301306072a8648ce3d020106082a8648ce3d03010703420004d454955a2793be2905906d4d3b286450268c6dd421c701fa682bb8133fac46d0f6398d4cba8ce1c8c185d0271dc348f58415dcef0b166a3e11d65693c9ed01a2";
 var extractable = true;
 
 debug("Importing a key...");
-crypto.subtle.importKey("jwk", jwkKey, { name: "ECDH", namedCurve: "P-256" }, extractable, ["deriveKey", "deriveBits"]).then(function(result) {
-    return crypto.subtle.exportKey("jwk", result);
+crypto.subtle.importKey("jwk", jwkKey, { name: "ECDH", namedCurve: "P-256" }, extractable, [ ]).then(function(key) {
+    return crypto.subtle.exportKey("spki", key);
 }).then(function(result) {
     publicKey = result;
 
-    shouldBe("publicKey.kty", "jwkKey.kty");
-    shouldBe("publicKey.crv", "jwkKey.crv");
-    shouldBe("publicKey.x", "jwkKey.x");
-    shouldBe("publicKey.y", "jwkKey.y");
-    shouldBe("publicKey.d", "jwkKey.d");
-    shouldBe("publicKey.key_ops", "jwkKey.key_ops");
-    shouldBe("publicKey.ext", "jwkKey.ext");
+    shouldBe("bytesToHexString(publicKey)", "expectedSpkiKey");
 
     finishJSTest();

trunk/LayoutTests/crypto/subtle/ec-import-key-malformed-parameters-expected.txt

@@ -28 +28 @@
 PASS crypto.subtle.importKey("jwk", {kty: "EC", crv: "P-384", x:x, y:y384}, { name: "ECDH", namedCurve: "P-384" }, extractable, [ ]) rejected promise  with DataError (DOM Exception 30): Data provided to an operation does not meet requirements.
 PASS crypto.subtle.importKey("jwk", {kty: "EC", crv: "P-384", x:x384, y:y384, d:d}, { name: "ECDH", namedCurve: "P-384" }, extractable, [ ]) rejected promise  with DataError (DOM Exception 30): Data provided to an operation does not meet requirements.
+PASS crypto.subtle.importKey("spki", spkiP256Key, { name: "ECDH", namedCurve: "P-256" }, extractable, ["deriveBits"]) rejected promise  with SyntaxError (DOM Exception 12): A required parameter was missing or out-of-range.
+PASS crypto.subtle.importKey("spki", truncatedSpkiP256Key1, { name: "ECDH", namedCurve: "P-256" }, extractable, [ ]) rejected promise  with DataError (DOM Exception 30): Data provided to an operation does not meet requirements.
+PASS crypto.subtle.importKey("spki", truncatedSpkiP256Key2, { name: "ECDH", namedCurve: "P-256" }, extractable, [ ]) rejected promise  with DataError (DOM Exception 30): Data provided to an operation does not meet requirements.
+PASS crypto.subtle.importKey("spki", truncatedSpkiP256Key3, { name: "ECDH", namedCurve: "P-256" }, extractable, [ ]) rejected promise  with DataError (DOM Exception 30): Data provided to an operation does not meet requirements.
+PASS crypto.subtle.importKey("spki", truncatedSpkiP256Key4, { name: "ECDH", namedCurve: "P-256" }, extractable, [ ]) rejected promise  with DataError (DOM Exception 30): Data provided to an operation does not meet requirements.
+PASS crypto.subtle.importKey("spki", truncatedSpkiP256Key5, { name: "ECDH", namedCurve: "P-256" }, extractable, [ ]) rejected promise  with DataError (DOM Exception 30): Data provided to an operation does not meet requirements.
+PASS crypto.subtle.importKey("spki", truncatedSpkiP256Key6, { name: "ECDH", namedCurve: "P-256" }, extractable, [ ]) rejected promise  with DataError (DOM Exception 30): Data provided to an operation does not meet requirements.
+PASS crypto.subtle.importKey("spki", truncatedSpkiP256Key7, { name: "ECDH", namedCurve: "P-256" }, extractable, [ ]) rejected promise  with DataError (DOM Exception 30): Data provided to an operation does not meet requirements.
+PASS crypto.subtle.importKey("spki", truncatedSpkiP256Key8, { name: "ECDH", namedCurve: "P-256" }, extractable, [ ]) rejected promise  with DataError (DOM Exception 30): Data provided to an operation does not meet requirements.
+PASS crypto.subtle.importKey("spki", truncatedSpkiP384Key1, { name: "ECDH", namedCurve: "P-384" }, extractable, [ ]) rejected promise  with DataError (DOM Exception 30): Data provided to an operation does not meet requirements.
+PASS crypto.subtle.importKey("spki", truncatedSpkiP384Key2, { name: "ECDH", namedCurve: "P-384" }, extractable, [ ]) rejected promise  with DataError (DOM Exception 30): Data provided to an operation does not meet requirements.
+PASS crypto.subtle.importKey("spki", truncatedSpkiP384Key3, { name: "ECDH", namedCurve: "P-384" }, extractable, [ ]) rejected promise  with DataError (DOM Exception 30): Data provided to an operation does not meet requirements.
+PASS crypto.subtle.importKey("spki", spkiP256Key, { name: "ECDH", namedCurve: "P-384" }, extractable, [ ]) rejected promise  with DataError (DOM Exception 30): Data provided to an operation does not meet requirements.
+PASS crypto.subtle.importKey("spki", spkiP384Key, { name: "ECDH", namedCurve: "P-256" }, extractable, [ ]) rejected promise  with DataError (DOM Exception 30): Data provided to an operation does not meet requirements.
+PASS crypto.subtle.importKey("spki", corruptedSpkiP256Key, { name: "ECDH", namedCurve: "P-256" }, extractable, [ ]) rejected promise  with DataError (DOM Exception 30): Data provided to an operation does not meet requirements.
+PASS crypto.subtle.importKey("pkcs8", pkcs8P256Key, { name: "ECDH", namedCurve: "P-256" }, extractable, ["encrypt"]) rejected promise  with SyntaxError (DOM Exception 12): A required parameter was missing or out-of-range.
+PASS crypto.subtle.importKey("pkcs8", pkcs8P256Key, { name: "ECDH", namedCurve: "P-256" }, extractable, ["decrypt"]) rejected promise  with SyntaxError (DOM Exception 12): A required parameter was missing or out-of-range.
+PASS crypto.subtle.importKey("pkcs8", pkcs8P256Key, { name: "ECDH", namedCurve: "P-256" }, extractable, ["sign"]) rejected promise  with SyntaxError (DOM Exception 12): A required parameter was missing or out-of-range.
+PASS crypto.subtle.importKey("pkcs8", pkcs8P256Key, { name: "ECDH", namedCurve: "P-256" }, extractable, ["verify"]) rejected promise  with SyntaxError (DOM Exception 12): A required parameter was missing or out-of-range.
+PASS crypto.subtle.importKey("pkcs8", pkcs8P256Key, { name: "ECDH", namedCurve: "P-256" }, extractable, ["wrapKey"]) rejected promise  with SyntaxError (DOM Exception 12): A required parameter was missing or out-of-range.
+PASS crypto.subtle.importKey("pkcs8", pkcs8P256Key, { name: "ECDH", namedCurve: "P-256" }, extractable, ["unwrapKey"]) rejected promise  with SyntaxError (DOM Exception 12): A required parameter was missing or out-of-range.
+PASS crypto.subtle.importKey("pkcs8", truncatedPkcs8P256Key1, { name: "ECDH", namedCurve: "P-256" }, extractable, ["deriveKey"]) rejected promise  with DataError (DOM Exception 30): Data provided to an operation does not meet requirements.
+PASS crypto.subtle.importKey("pkcs8", truncatedPkcs8P256Key2, { name: "ECDH", namedCurve: "P-256" }, extractable, ["deriveKey"]) rejected promise  with DataError (DOM Exception 30): Data provided to an operation does not meet requirements.
+PASS crypto.subtle.importKey("pkcs8", truncatedPkcs8P256Key3, { name: "ECDH", namedCurve: "P-256" }, extractable, ["deriveKey"]) rejected promise  with DataError (DOM Exception 30): Data provided to an operation does not meet requirements.
+PASS crypto.subtle.importKey("pkcs8", truncatedPkcs8P256Key4, { name: "ECDH", namedCurve: "P-256" }, extractable, ["deriveKey"]) rejected promise  with DataError (DOM Exception 30): Data provided to an operation does not meet requirements.
+PASS crypto.subtle.importKey("pkcs8", truncatedPkcs8P256Key5, { name: "ECDH", namedCurve: "P-256" }, extractable, ["deriveKey"]) rejected promise  with DataError (DOM Exception 30): Data provided to an operation does not meet requirements.
+PASS crypto.subtle.importKey("pkcs8", truncatedPkcs8P256Key6, { name: "ECDH", namedCurve: "P-256" }, extractable, ["deriveKey"]) rejected promise  with DataError (DOM Exception 30): Data provided to an operation does not meet requirements.
+PASS crypto.subtle.importKey("pkcs8", truncatedPkcs8P256Key7, { name: "ECDH", namedCurve: "P-256" }, extractable, ["deriveKey"]) rejected promise  with DataError (DOM Exception 30): Data provided to an operation does not meet requirements.
+PASS crypto.subtle.importKey("pkcs8", truncatedPkcs8P256Key8, { name: "ECDH", namedCurve: "P-256" }, extractable, ["deriveKey"]) rejected promise  with DataError (DOM Exception 30): Data provided to an operation does not meet requirements.
+PASS crypto.subtle.importKey("pkcs8", truncatedPkcs8P256Key9, { name: "ECDH", namedCurve: "P-256" }, extractable, ["deriveKey"]) rejected promise  with DataError (DOM Exception 30): Data provided to an operation does not meet requirements.
+PASS crypto.subtle.importKey("pkcs8", truncatedPkcs8P256Key10, { name: "ECDH", namedCurve: "P-256" }, extractable, ["deriveKey"]) rejected promise  with DataError (DOM Exception 30): Data provided to an operation does not meet requirements.
+PASS crypto.subtle.importKey("pkcs8", truncatedPkcs8P256Key11, { name: "ECDH", namedCurve: "P-256" }, extractable, ["deriveKey"]) rejected promise  with DataError (DOM Exception 30): Data provided to an operation does not meet requirements.
+PASS crypto.subtle.importKey("pkcs8", truncatedPkcs8P384Key1, { name: "ECDH", namedCurve: "P-384" }, extractable, ["deriveKey"]) rejected promise  with DataError (DOM Exception 30): Data provided to an operation does not meet requirements.
+PASS crypto.subtle.importKey("pkcs8", truncatedPkcs8P384Key2, { name: "ECDH", namedCurve: "P-384" }, extractable, ["deriveKey"]) rejected promise  with DataError (DOM Exception 30): Data provided to an operation does not meet requirements.
+PASS crypto.subtle.importKey("pkcs8", longPkcs8P256Key, { name: "ECDH", namedCurve: "P-256" }, extractable, ["deriveKey"]) rejected promise  with DataError (DOM Exception 30): Data provided to an operation does not meet requirements.
+PASS crypto.subtle.importKey("pkcs8", corruptedPkcs8P256Key, { name: "ECDH", namedCurve: "P-256" }, extractable, ["deriveKey"]) rejected promise  with DataError (DOM Exception 30): Data provided to an operation does not meet requirements.
 PASS successfullyParsed is true
 

trunk/LayoutTests/crypto/subtle/ec-import-key-malformed-parameters.html

@@ -20 +20 @@
 var x384 = "1bHwFrsaPRjYq-zFOyLXK8Ugv3EqbVF075ct7ouTl_pwyhjeBu03JHjKTsyVbNWK";
 var y384 = "1bHwFrsaPRjYq-zFOyLXK8Ugv3EqbVF075ct7ouTl_pwyhjeBu03JHjKTsyVbNWK";
+var spkiP256Key = hexStringToUint8Array("3059301306072a8648ce3d020106082a8648ce3d03010703420004c3ee3a2c3380072b9b2a59fed2cada65121806e22c4f4f8a25e740fc3e54d75d86c200298e6dfc1611d185eedbdb3c2661b0eb0441f7fd57c90d08112e9ae71c");
+var spkiP384Key = hexStringToUint8Array("3076301006072a8648ce3d020106052b8104002203620004478f6119747475f94b742654be32ab6ebbdc371afa34fbee6d12c32fe2d586231262b17d13a1f271f19c8008c034d8716b7df0ce1d987990c5b175ecae1aa40f2fb89e4778528e1234e56d69638db135d103fa68448fee2b4f58ecc86d7f4b7a");
+var truncatedSpkiP256Key1 = hexStringToUint8Array("30");
+var truncatedSpkiP256Key2 = hexStringToUint8Array("305930");
+var truncatedSpkiP256Key3 = hexStringToUint8Array("305930130607");
+var truncatedSpkiP256Key4 = hexStringToUint8Array("3059301306072b8648ce3d0201");
+var truncatedSpkiP256Key5 = hexStringToUint8Array("3059301306072a8648ce3d02010608");
+var truncatedSpkiP256Key6 = hexStringToUint8Array("3059301306072a8648ce3d020106082a8648ce3d030108");
+var truncatedSpkiP256Key7 = hexStringToUint8Array("3059301306072a8648ce3d020106082a8648ce3d030107034200");
+var truncatedSpkiP256Key8 = hexStringToUint8Array("3059301306072a8648ce3d020106082a8648ce3d03010703420004c3ee3a2c3380072b9b2a59fed2cada65121806e22c4f4f8a25e740fc3e54d75d86c200298e6dfc1611d185eedbdb3c2661b0eb0441f7fd57c90d08112e9ae7");
+var truncatedSpkiP384Key1 = hexStringToUint8Array("3076301006072a8648ce3d02010605");
+var truncatedSpkiP384Key2 = hexStringToUint8Array("3076301006072a8648ce3d020106052b81040022");
+var truncatedSpkiP384Key3 = hexStringToUint8Array("3076301006072a8648ce3d020106052b8104002203620004478f6119747475f94b742654be32ab6ebbdc371afa34fbee6d12c32fe2d586231262b17d13a1f271f19c8008c034d8716b7df0ce1d987990c5b175ecae1aa40f2fb89e4778528e1234e56d69638db135d103fa68448fee2b4f58ecc86d7f4b");
+var corruptedSpkiP256Key = hexStringToUint8Array("3059301306072a8648ce3d020106082a8648ce3d03010703420000c3ee3a2c3380072b9b2a59fed2cada65121806e22c4f4f8a25e740fc3e54d75d86c200298e6dfc1611d185eedbdb3c2661b0eb0441f7fd57c90d08112e9ae71c");
+var pkcs8P256Key = hexStringToUint8Array("308187020100301306072a8648ce3d020106082a8648ce3d030107046d306b02010104200a21f3f048b893b0f2b5a8459bd6d2bc112614aa86437f8fa2496a0e27f5b0a8a14403420004d726bd565878f24ee3616890d3668503334b84da3434b2774a44d6e4b9c536dd60e9181e1d1469ba3e6aba8987225f6e797d01a0dc400a4a298c902bae66abe2");
+var pkcs8P384Key = hexStringToUint8Array("3081b6020100301006072a8648ce3d020106052b8104002204819e30819b0201010430c38e34a7cd58961c8deda9c9118548724945d3f3b3bd71f03c93247304c1f7d86b8507501e4e05a0fbae76e44bbe8cc2a16403620004cb75013d8ba42edd022e9de8dfe856a2ee3f48ec28a666c4a73cf3d16e09c7d5747e6c5b5795a656e175c71feed01ec5e282b19e6650f6ea31970114f3e1e6e2275dd6811f87e7f7128c48806a9763785ac31bd345436e57eae23a1151355ef2");
+var truncatedPkcs8P256Key1 = hexStringToUint8Array("30");
+var truncatedPkcs8P256Key2 = hexStringToUint8Array("30818702010030");
+var truncatedPkcs8P256Key3 = hexStringToUint8Array("3081870201003013");
+var truncatedPkcs8P256Key4 = hexStringToUint8Array("308187020100301306072b8648ce3d0201");
+var truncatedPkcs8P256Key5 = hexStringToUint8Array("308187020100301306072a8648ce3d0201");
+var truncatedPkcs8P256Key6 = hexStringToUint8Array("308187020100301306072a8648ce3d020106082b8648ce3d030107");
+var truncatedPkcs8P256Key7 = hexStringToUint8Array("308187020100301306072a8648ce3d020106082a8648ce3d03010704");
+var truncatedPkcs8P256Key8 = hexStringToUint8Array("308187020100301306072a8648ce3d020106082a8648ce3d030107046d30");
+var truncatedPkcs8P256Key9 = hexStringToUint8Array("308187020100301306072a8648ce3d020106082a8648ce3d030107046d306b02010104");
+var truncatedPkcs8P256Key10 = hexStringToUint8Array("308187020100301306072a8648ce3d020106082a8648ce3d030107046d306b0201010420");
+var truncatedPkcs8P256Key11 = hexStringToUint8Array("308187020100301306072a8648ce3d020106082a8648ce3d030107046d306b02010104200a21f3f048b893b0f2b5a8459bd6d2bc112614aa86437f8fa2496a0e27f5b0a8a14403");
+var longPkcs8P256Key = hexStringToUint8Array("308187020100301306072a8648ce3d020106082a8648ce3d030107046d306b02010104200a21f3f048b893b0f2b5a8459bd6d2bc112614aa86437f8fa2496a0e27f5b0a8a14403420004d726bd565878f24ee3616890d3668503334b84da3434b2774a44d6e4b9c536dd60e9181e1d1469ba3e6aba8987225f6e797d01a0dc400a4a298c902bae66abe2badbad");
+var corruptedPkcs8P256Key = hexStringToUint8Array("308187020100301306072a8648ce3d020106082a8648ce3d030107046d306b02010104200a21f3f048b893b0f2b5a8459bd6d2bc112614aa86437f8fa2496a0e27f5b0a8a14403420005d726bd565878f24ee3616890d3668503334b84da3434b2774a44d6e4b9c536dd60e9181e1d1469ba3e6aba8987225f6e797d01a0dc400a4a298c902bae66abe2");
+var truncatedPkcs8P384Key1 = hexStringToUint8Array("3081b6020100301006072a8648ce3d0201");
+var truncatedPkcs8P384Key2 = hexStringToUint8Array("3081b6020100301006072a8648ce3d020106052b81040023");
 
 // Named curves mismatch raw keys
@@ -58 +89 @@
 shouldReject('crypto.subtle.importKey("jwk", {kty: "EC", crv: "P-384", x:x, y:y384}, { name: "ECDH", namedCurve: "P-384" }, extractable, [ ])');
 shouldReject('crypto.subtle.importKey("jwk", {kty: "EC", crv: "P-384", x:x384, y:y384, d:d}, { name: "ECDH", namedCurve: "P-384" }, extractable, [ ])');
+// Spki: Non-empty usages
+shouldReject('crypto.subtle.importKey("spki", spkiP256Key, { name: "ECDH", namedCurve: "P-256" }, extractable, ["deriveBits"])');
+// Spki: Truncated keys
+shouldReject('crypto.subtle.importKey("spki", truncatedSpkiP256Key1, { name: "ECDH", namedCurve: "P-256" }, extractable, [ ])');
+shouldReject('crypto.subtle.importKey("spki", truncatedSpkiP256Key2, { name: "ECDH", namedCurve: "P-256" }, extractable, [ ])');
+shouldReject('crypto.subtle.importKey("spki", truncatedSpkiP256Key3, { name: "ECDH", namedCurve: "P-256" }, extractable, [ ])');
+shouldReject('crypto.subtle.importKey("spki", truncatedSpkiP256Key4, { name: "ECDH", namedCurve: "P-256" }, extractable, [ ])');
+shouldReject('crypto.subtle.importKey("spki", truncatedSpkiP256Key5, { name: "ECDH", namedCurve: "P-256" }, extractable, [ ])');
+shouldReject('crypto.subtle.importKey("spki", truncatedSpkiP256Key6, { name: "ECDH", namedCurve: "P-256" }, extractable, [ ])');
+shouldReject('crypto.subtle.importKey("spki", truncatedSpkiP256Key7, { name: "ECDH", namedCurve: "P-256" }, extractable, [ ])');
+shouldReject('crypto.subtle.importKey("spki", truncatedSpkiP256Key8, { name: "ECDH", namedCurve: "P-256" }, extractable, [ ])');
+shouldReject('crypto.subtle.importKey("spki", truncatedSpkiP384Key1, { name: "ECDH", namedCurve: "P-384" }, extractable, [ ])');
+shouldReject('crypto.subtle.importKey("spki", truncatedSpkiP384Key2, { name: "ECDH", namedCurve: "P-384" }, extractable, [ ])');
+shouldReject('crypto.subtle.importKey("spki", truncatedSpkiP384Key3, { name: "ECDH", namedCurve: "P-384" }, extractable, [ ])');
+// Spki: Missmatched Curves
+shouldReject('crypto.subtle.importKey("spki", spkiP256Key, { name: "ECDH", namedCurve: "P-384" }, extractable, [ ])');
+shouldReject('crypto.subtle.importKey("spki", spkiP384Key, { name: "ECDH", namedCurve: "P-256" }, extractable, [ ])');
+// Spki: Corrupted Key Data
+shouldReject('crypto.subtle.importKey("spki", corruptedSpkiP256Key, { name: "ECDH", namedCurve: "P-256" }, extractable, [ ])');
+// Pkcs8: Wrong usages
+shouldReject('crypto.subtle.importKey("pkcs8", pkcs8P256Key, { name: "ECDH", namedCurve: "P-256" }, extractable, ["encrypt"])');
+shouldReject('crypto.subtle.importKey("pkcs8", pkcs8P256Key, { name: "ECDH", namedCurve: "P-256" }, extractable, ["decrypt"])');
+shouldReject('crypto.subtle.importKey("pkcs8", pkcs8P256Key, { name: "ECDH", namedCurve: "P-256" }, extractable, ["sign"])');
+shouldReject('crypto.subtle.importKey("pkcs8", pkcs8P256Key, { name: "ECDH", namedCurve: "P-256" }, extractable, ["verify"])');
+shouldReject('crypto.subtle.importKey("pkcs8", pkcs8P256Key, { name: "ECDH", namedCurve: "P-256" }, extractable, ["wrapKey"])');
+shouldReject('crypto.subtle.importKey("pkcs8", pkcs8P256Key, { name: "ECDH", namedCurve: "P-256" }, extractable, ["unwrapKey"])');
+// Pkcs8: Truncated keys
+shouldReject('crypto.subtle.importKey("pkcs8", truncatedPkcs8P256Key1, { name: "ECDH", namedCurve: "P-256" }, extractable, ["deriveKey"])');
+shouldReject('crypto.subtle.importKey("pkcs8", truncatedPkcs8P256Key2, { name: "ECDH", namedCurve: "P-256" }, extractable, ["deriveKey"])');
+shouldReject('crypto.subtle.importKey("pkcs8", truncatedPkcs8P256Key3, { name: "ECDH", namedCurve: "P-256" }, extractable, ["deriveKey"])');
+shouldReject('crypto.subtle.importKey("pkcs8", truncatedPkcs8P256Key4, { name: "ECDH", namedCurve: "P-256" }, extractable, ["deriveKey"])');
+shouldReject('crypto.subtle.importKey("pkcs8", truncatedPkcs8P256Key5, { name: "ECDH", namedCurve: "P-256" }, extractable, ["deriveKey"])');
+shouldReject('crypto.subtle.importKey("pkcs8", truncatedPkcs8P256Key6, { name: "ECDH", namedCurve: "P-256" }, extractable, ["deriveKey"])');
+shouldReject('crypto.subtle.importKey("pkcs8", truncatedPkcs8P256Key7, { name: "ECDH", namedCurve: "P-256" }, extractable, ["deriveKey"])');
+shouldReject('crypto.subtle.importKey("pkcs8", truncatedPkcs8P256Key8, { name: "ECDH", namedCurve: "P-256" }, extractable, ["deriveKey"])');
+shouldReject('crypto.subtle.importKey("pkcs8", truncatedPkcs8P256Key9, { name: "ECDH", namedCurve: "P-256" }, extractable, ["deriveKey"])');
+shouldReject('crypto.subtle.importKey("pkcs8", truncatedPkcs8P256Key10, { name: "ECDH", namedCurve: "P-256" }, extractable, ["deriveKey"])');
+shouldReject('crypto.subtle.importKey("pkcs8", truncatedPkcs8P256Key11, { name: "ECDH", namedCurve: "P-256" }, extractable, ["deriveKey"])');
+shouldReject('crypto.subtle.importKey("pkcs8", truncatedPkcs8P384Key1, { name: "ECDH", namedCurve: "P-384" }, extractable, ["deriveKey"])');
+shouldReject('crypto.subtle.importKey("pkcs8", truncatedPkcs8P384Key2, { name: "ECDH", namedCurve: "P-384" }, extractable, ["deriveKey"])');
+// Pkcs8: Long key
+shouldReject('crypto.subtle.importKey("pkcs8", longPkcs8P256Key, { name: "ECDH", namedCurve: "P-256" }, extractable, ["deriveKey"])');
+// Pkcs8: Corrupted Key Data
+shouldReject('crypto.subtle.importKey("pkcs8", corruptedPkcs8P256Key, { name: "ECDH", namedCurve: "P-256" }, extractable, ["deriveKey"])');
 </script>
 

trunk/LayoutTests/crypto/subtle/ecdh-generate-export-key-spki-p256.html

@@ -10 +10 @@
 
 <script>
-description("Test exporting an EC key with malformed parameters");
+description("Test exporting a P-256 ECDH public key with SPKI format.");
 
 jsTestIsAsync = true;
@@ -20 +20 @@
 var extractable = true;
 
+var keyPair;
+debug("Generating a key pair...");
 crypto.subtle.generateKey(algorithmKeyGen, extractable, ["deriveKey", "deriveBits"]).then(function(result) {
-    privateKey = result.privateKey;
+    keyPair = result;
+    debug("Exporting the public key...");
+    return crypto.subtle.exportKey("spki", keyPair.publicKey);
+}).then(function(result) {
+    publicKey = result;
 
-    // Wrong key and format.
-    return shouldReject('crypto.subtle.exportKey("raw", privateKey)');
-}).then(finishJSTest, finishJSTest);
+    shouldBe("publicKey.byteLength", "91");
 
+    finishJSTest();
+});
 </script>
 

trunk/LayoutTests/crypto/subtle/ecdh-generate-export-key-spki-p384.html

@@ -10 +10 @@
 
 <script>
-description("Test exporting an EC key with malformed parameters");
+description("Test exporting a P-384 ECDH public key with SPKI format.");
 
 jsTestIsAsync = true;
@@ -16 +16 @@
 var algorithmKeyGen = {
     name: "ECDH",
-    namedCurve: "P-256"
+    namedCurve: "P-384"
 };
 var extractable = true;
 
+var keyPair;
+debug("Generating a key pair...");
 crypto.subtle.generateKey(algorithmKeyGen, extractable, ["deriveKey", "deriveBits"]).then(function(result) {
-    privateKey = result.privateKey;
+    keyPair = result;
+    debug("Exporting the public key...");
+    return crypto.subtle.exportKey("spki", keyPair.publicKey);
+}).then(function(result) {
+    publicKey = result;
 
-    // Wrong key and format.
-    return shouldReject('crypto.subtle.exportKey("raw", privateKey)');
-}).then(finishJSTest, finishJSTest);
+    shouldBe("publicKey.byteLength", "120");
 
+    finishJSTest();
+});
 </script>
 

trunk/LayoutTests/crypto/subtle/ecdh-generate-export-pkcs8-p256.html

@@ -10 +10 @@
 
 <script>
-description("Test exporting an EC key with malformed parameters");
+description("Test exporting a P-256 ECDH private key with PKCS8 format.");
 
 jsTestIsAsync = true;
@@ -20 +20 @@
 var extractable = true;
 
+var keyPair;
+debug("Generating a key pair...");
 crypto.subtle.generateKey(algorithmKeyGen, extractable, ["deriveKey", "deriveBits"]).then(function(result) {
-    privateKey = result.privateKey;
+    keyPair = result;
+    debug("Exporting the public key...");
+    return crypto.subtle.exportKey("pkcs8", keyPair.privateKey);
+}).then(function(result) {
+    privateKey = result;
 
-    // Wrong key and format.
-    return shouldReject('crypto.subtle.exportKey("raw", privateKey)');
-}).then(finishJSTest, finishJSTest);
+    shouldBe("privateKey.byteLength", "138");
 
+    finishJSTest();
+});
 </script>
 

trunk/LayoutTests/crypto/subtle/ecdh-generate-export-pkcs8-p384.html

@@ -10 +10 @@
 
 <script>
-description("Test exporting an EC key with malformed parameters");
+description("Test exporting a P-384 ECDH private key with PKCS8 format.");
 
 jsTestIsAsync = true;
@@ -16 +16 @@
 var algorithmKeyGen = {
     name: "ECDH",
-    namedCurve: "P-256"
+    namedCurve: "P-384"
 };
 var extractable = true;
 
+var keyPair;
+debug("Generating a key pair...");
 crypto.subtle.generateKey(algorithmKeyGen, extractable, ["deriveKey", "deriveBits"]).then(function(result) {
-    privateKey = result.privateKey;
+    keyPair = result;
+    debug("Exporting the public key...");
+    return crypto.subtle.exportKey("pkcs8", keyPair.privateKey);
+}).then(function(result) {
+    privateKey = result;
 
-    // Wrong key and format.
-    return shouldReject('crypto.subtle.exportKey("raw", privateKey)');
-}).then(finishJSTest, finishJSTest);
+    shouldBe("privateKey.byteLength", "185");
 
+    finishJSTest();
+});
 </script>
 

trunk/LayoutTests/imported/w3c/ChangeLog

@@ +1 @@
+2017-03-16  Jiewen Tan  <jiewen_tan@apple.com>
+
+        [WebCrypto] Support SPKI/PKCS8 for Elliptic Curve
+        https://bugs.webkit.org/show_bug.cgi?id=169318
+        <rdar://problem/31081956>
+
+        Reviewed by Brent Fulgham.
+
+        * web-platform-tests/WebCryptoAPI/import_export/ec_importKey.worker-expected.txt:
+        * web-platform-tests/WebCryptoAPI/import_export/test_ec_importKey-expected.txt:
+
 2017-03-14  Youenn Fablet  <youenn@apple.com>
 

trunk/LayoutTests/imported/w3c/web-platform-tests/WebCryptoAPI/import_export/ec_importKey.worker-expected.txt

@@ -24 +24 @@
 FAIL Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDSA, namedCurve: P-521}, false, [sign]) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The operation is not supported. Reached unreachable code
 FAIL Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-521}, false, [sign]) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The operation is not supported. Reached unreachable code
-FAIL Good parameters: P-256 bits (spki, buffer(91), {name: ECDH, namedCurve: P-256}, true, []) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+PASS Good parameters: P-256 bits (spki, buffer(91), {name: ECDH, namedCurve: P-256}, true, []) 
 PASS Good parameters: P-256 bits (jwk, object(kty, crv, x, y), {name: ECDH, namedCurve: P-256}, true, []) 
-FAIL Good parameters: P-256 bits (pkcs8, buffer(138), {name: ECDH, namedCurve: P-256}, true, [deriveKey]) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+PASS Good parameters: P-256 bits (pkcs8, buffer(138), {name: ECDH, namedCurve: P-256}, true, [deriveKey]) 
 PASS Good parameters: P-256 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-256}, true, [deriveKey]) 
-FAIL Good parameters: P-256 bits (pkcs8, buffer(138), {name: ECDH, namedCurve: P-256}, true, [deriveBits, deriveKey]) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+PASS Good parameters: P-256 bits (pkcs8, buffer(138), {name: ECDH, namedCurve: P-256}, true, [deriveBits, deriveKey]) 
 PASS Good parameters: P-256 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-256}, true, [deriveBits, deriveKey]) 
-FAIL Good parameters: P-256 bits (pkcs8, buffer(138), {name: ECDH, namedCurve: P-256}, true, [deriveBits]) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+PASS Good parameters: P-256 bits (pkcs8, buffer(138), {name: ECDH, namedCurve: P-256}, true, [deriveBits]) 
 PASS Good parameters: P-256 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-256}, true, [deriveBits]) 
-FAIL Good parameters: P-256 bits (spki, buffer(91), {name: ECDH, namedCurve: P-256}, false, []) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+PASS Good parameters: P-256 bits (spki, buffer(91), {name: ECDH, namedCurve: P-256}, false, []) 
 PASS Good parameters: P-256 bits (jwk, object(kty, crv, x, y), {name: ECDH, namedCurve: P-256}, false, []) 
-FAIL Good parameters: P-256 bits (pkcs8, buffer(138), {name: ECDH, namedCurve: P-256}, false, [deriveKey]) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+PASS Good parameters: P-256 bits (pkcs8, buffer(138), {name: ECDH, namedCurve: P-256}, false, [deriveKey]) 
 PASS Good parameters: P-256 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-256}, false, [deriveKey]) 
-FAIL Good parameters: P-256 bits (pkcs8, buffer(138), {name: ECDH, namedCurve: P-256}, false, [deriveBits, deriveKey]) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+PASS Good parameters: P-256 bits (pkcs8, buffer(138), {name: ECDH, namedCurve: P-256}, false, [deriveBits, deriveKey]) 
 PASS Good parameters: P-256 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-256}, false, [deriveBits, deriveKey]) 
-FAIL Good parameters: P-256 bits (pkcs8, buffer(138), {name: ECDH, namedCurve: P-256}, false, [deriveBits]) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+PASS Good parameters: P-256 bits (pkcs8, buffer(138), {name: ECDH, namedCurve: P-256}, false, [deriveBits]) 
 PASS Good parameters: P-256 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-256}, false, [deriveBits]) 
-FAIL Good parameters: P-384 bits (spki, buffer(120), {name: ECDH, namedCurve: P-384}, true, []) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+PASS Good parameters: P-384 bits (spki, buffer(120), {name: ECDH, namedCurve: P-384}, true, []) 
 PASS Good parameters: P-384 bits (jwk, object(kty, crv, x, y), {name: ECDH, namedCurve: P-384}, true, []) 
-FAIL Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, true, [deriveKey]) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+PASS Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, true, [deriveKey]) 
 PASS Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, true, [deriveKey]) 
-FAIL Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, true, [deriveBits, deriveKey]) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+PASS Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, true, [deriveBits, deriveKey]) 
 PASS Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, true, [deriveBits, deriveKey]) 
-FAIL Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, true, [deriveBits]) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+PASS Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, true, [deriveBits]) 
 PASS Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, true, [deriveBits]) 
-FAIL Good parameters: P-384 bits (spki, buffer(120), {name: ECDH, namedCurve: P-384}, false, []) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+PASS Good parameters: P-384 bits (spki, buffer(120), {name: ECDH, namedCurve: P-384}, false, []) 
 PASS Good parameters: P-384 bits (jwk, object(kty, crv, x, y), {name: ECDH, namedCurve: P-384}, false, []) 
-FAIL Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, false, [deriveKey]) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+PASS Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, false, [deriveKey]) 
 PASS Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, false, [deriveKey]) 
-FAIL Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, false, [deriveBits, deriveKey]) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+PASS Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, false, [deriveBits, deriveKey]) 
 PASS Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, false, [deriveBits, deriveKey]) 
-FAIL Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, false, [deriveBits]) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+PASS Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, false, [deriveBits]) 
 PASS Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, false, [deriveBits]) 
-FAIL Good parameters: P-521 bits (spki, buffer(158), {name: ECDH, namedCurve: P-521}, true, []) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+FAIL Good parameters: P-521 bits (spki, buffer(158), {name: ECDH, namedCurve: P-521}, true, []) assert_unreached: Threw an unexpected error: DataError (DOM Exception 30): Data provided to an operation does not meet requirements Reached unreachable code
 FAIL Good parameters: P-521 bits (jwk, object(kty, crv, x, y), {name: ECDH, namedCurve: P-521}, true, []) assert_unreached: Threw an unexpected error: DataError (DOM Exception 30): Data provided to an operation does not meet requirements Reached unreachable code
-FAIL Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, true, [deriveKey]) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+FAIL Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, true, [deriveKey]) assert_unreached: Threw an unexpected error: DataError (DOM Exception 30): Data provided to an operation does not meet requirements Reached unreachable code
 FAIL Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-521}, true, [deriveKey]) assert_unreached: Threw an unexpected error: DataError (DOM Exception 30): Data provided to an operation does not meet requirements Reached unreachable code
-FAIL Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, true, [deriveBits, deriveKey]) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+FAIL Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, true, [deriveBits, deriveKey]) assert_unreached: Threw an unexpected error: DataError (DOM Exception 30): Data provided to an operation does not meet requirements Reached unreachable code
 FAIL Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-521}, true, [deriveBits, deriveKey]) assert_unreached: Threw an unexpected error: DataError (DOM Exception 30): Data provided to an operation does not meet requirements Reached unreachable code
-FAIL Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, true, [deriveBits]) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+FAIL Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, true, [deriveBits]) assert_unreached: Threw an unexpected error: DataError (DOM Exception 30): Data provided to an operation does not meet requirements Reached unreachable code
 FAIL Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-521}, true, [deriveBits]) assert_unreached: Threw an unexpected error: DataError (DOM Exception 30): Data provided to an operation does not meet requirements Reached unreachable code
-FAIL Good parameters: P-521 bits (spki, buffer(158), {name: ECDH, namedCurve: P-521}, false, []) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+FAIL Good parameters: P-521 bits (spki, buffer(158), {name: ECDH, namedCurve: P-521}, false, []) assert_unreached: Threw an unexpected error: DataError (DOM Exception 30): Data provided to an operation does not meet requirements Reached unreachable code
 FAIL Good parameters: P-521 bits (jwk, object(kty, crv, x, y), {name: ECDH, namedCurve: P-521}, false, []) assert_unreached: Threw an unexpected error: DataError (DOM Exception 30): Data provided to an operation does not meet requirements Reached unreachable code
-FAIL Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, false, [deriveKey]) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+FAIL Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, false, [deriveKey]) assert_unreached: Threw an unexpected error: DataError (DOM Exception 30): Data provided to an operation does not meet requirements Reached unreachable code
 FAIL Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-521}, false, [deriveKey]) assert_unreached: Threw an unexpected error: DataError (DOM Exception 30): Data provided to an operation does not meet requirements Reached unreachable code
-FAIL Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, false, [deriveBits, deriveKey]) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+FAIL Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, false, [deriveBits, deriveKey]) assert_unreached: Threw an unexpected error: DataError (DOM Exception 30): Data provided to an operation does not meet requirements Reached unreachable code
 FAIL Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-521}, false, [deriveBits, deriveKey]) assert_unreached: Threw an unexpected error: DataError (DOM Exception 30): Data provided to an operation does not meet requirements Reached unreachable code
-FAIL Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, false, [deriveBits]) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+FAIL Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, false, [deriveBits]) assert_unreached: Threw an unexpected error: DataError (DOM Exception 30): Data provided to an operation does not meet requirements Reached unreachable code
 FAIL Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-521}, false, [deriveBits]) assert_unreached: Threw an unexpected error: DataError (DOM Exception 30): Data provided to an operation does not meet requirements Reached unreachable code
 

trunk/LayoutTests/imported/w3c/web-platform-tests/WebCryptoAPI/import_export/test_ec_importKey-expected.txt

@@ -24 +24 @@
 FAIL Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDSA, namedCurve: P-521}, false, [sign]) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The operation is not supported. Reached unreachable code
 FAIL Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-521}, false, [sign]) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The operation is not supported. Reached unreachable code
-FAIL Good parameters: P-256 bits (spki, buffer(91), {name: ECDH, namedCurve: P-256}, true, []) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+PASS Good parameters: P-256 bits (spki, buffer(91), {name: ECDH, namedCurve: P-256}, true, []) 
 PASS Good parameters: P-256 bits (jwk, object(kty, crv, x, y), {name: ECDH, namedCurve: P-256}, true, []) 
-FAIL Good parameters: P-256 bits (pkcs8, buffer(138), {name: ECDH, namedCurve: P-256}, true, [deriveKey]) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+PASS Good parameters: P-256 bits (pkcs8, buffer(138), {name: ECDH, namedCurve: P-256}, true, [deriveKey]) 
 PASS Good parameters: P-256 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-256}, true, [deriveKey]) 
-FAIL Good parameters: P-256 bits (pkcs8, buffer(138), {name: ECDH, namedCurve: P-256}, true, [deriveBits, deriveKey]) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+PASS Good parameters: P-256 bits (pkcs8, buffer(138), {name: ECDH, namedCurve: P-256}, true, [deriveBits, deriveKey]) 
 PASS Good parameters: P-256 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-256}, true, [deriveBits, deriveKey]) 
-FAIL Good parameters: P-256 bits (pkcs8, buffer(138), {name: ECDH, namedCurve: P-256}, true, [deriveBits]) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+PASS Good parameters: P-256 bits (pkcs8, buffer(138), {name: ECDH, namedCurve: P-256}, true, [deriveBits]) 
 PASS Good parameters: P-256 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-256}, true, [deriveBits]) 
-FAIL Good parameters: P-256 bits (spki, buffer(91), {name: ECDH, namedCurve: P-256}, false, []) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+PASS Good parameters: P-256 bits (spki, buffer(91), {name: ECDH, namedCurve: P-256}, false, []) 
 PASS Good parameters: P-256 bits (jwk, object(kty, crv, x, y), {name: ECDH, namedCurve: P-256}, false, []) 
-FAIL Good parameters: P-256 bits (pkcs8, buffer(138), {name: ECDH, namedCurve: P-256}, false, [deriveKey]) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+PASS Good parameters: P-256 bits (pkcs8, buffer(138), {name: ECDH, namedCurve: P-256}, false, [deriveKey]) 
 PASS Good parameters: P-256 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-256}, false, [deriveKey]) 
-FAIL Good parameters: P-256 bits (pkcs8, buffer(138), {name: ECDH, namedCurve: P-256}, false, [deriveBits, deriveKey]) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+PASS Good parameters: P-256 bits (pkcs8, buffer(138), {name: ECDH, namedCurve: P-256}, false, [deriveBits, deriveKey]) 
 PASS Good parameters: P-256 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-256}, false, [deriveBits, deriveKey]) 
-FAIL Good parameters: P-256 bits (pkcs8, buffer(138), {name: ECDH, namedCurve: P-256}, false, [deriveBits]) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+PASS Good parameters: P-256 bits (pkcs8, buffer(138), {name: ECDH, namedCurve: P-256}, false, [deriveBits]) 
 PASS Good parameters: P-256 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-256}, false, [deriveBits]) 
-FAIL Good parameters: P-384 bits (spki, buffer(120), {name: ECDH, namedCurve: P-384}, true, []) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+PASS Good parameters: P-384 bits (spki, buffer(120), {name: ECDH, namedCurve: P-384}, true, []) 
 PASS Good parameters: P-384 bits (jwk, object(kty, crv, x, y), {name: ECDH, namedCurve: P-384}, true, []) 
-FAIL Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, true, [deriveKey]) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+PASS Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, true, [deriveKey]) 
 PASS Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, true, [deriveKey]) 
-FAIL Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, true, [deriveBits, deriveKey]) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+PASS Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, true, [deriveBits, deriveKey]) 
 PASS Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, true, [deriveBits, deriveKey]) 
-FAIL Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, true, [deriveBits]) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+PASS Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, true, [deriveBits]) 
 PASS Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, true, [deriveBits]) 
-FAIL Good parameters: P-384 bits (spki, buffer(120), {name: ECDH, namedCurve: P-384}, false, []) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+PASS Good parameters: P-384 bits (spki, buffer(120), {name: ECDH, namedCurve: P-384}, false, []) 
 PASS Good parameters: P-384 bits (jwk, object(kty, crv, x, y), {name: ECDH, namedCurve: P-384}, false, []) 
-FAIL Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, false, [deriveKey]) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+PASS Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, false, [deriveKey]) 
 PASS Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, false, [deriveKey]) 
-FAIL Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, false, [deriveBits, deriveKey]) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+PASS Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, false, [deriveBits, deriveKey]) 
 PASS Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, false, [deriveBits, deriveKey]) 
-FAIL Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, false, [deriveBits]) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+PASS Good parameters: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, false, [deriveBits]) 
 PASS Good parameters: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, false, [deriveBits]) 
-FAIL Good parameters: P-521 bits (spki, buffer(158), {name: ECDH, namedCurve: P-521}, true, []) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+FAIL Good parameters: P-521 bits (spki, buffer(158), {name: ECDH, namedCurve: P-521}, true, []) assert_unreached: Threw an unexpected error: DataError (DOM Exception 30): Data provided to an operation does not meet requirements Reached unreachable code
 FAIL Good parameters: P-521 bits (jwk, object(kty, crv, x, y), {name: ECDH, namedCurve: P-521}, true, []) assert_unreached: Threw an unexpected error: DataError (DOM Exception 30): Data provided to an operation does not meet requirements Reached unreachable code
-FAIL Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, true, [deriveKey]) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+FAIL Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, true, [deriveKey]) assert_unreached: Threw an unexpected error: DataError (DOM Exception 30): Data provided to an operation does not meet requirements Reached unreachable code
 FAIL Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-521}, true, [deriveKey]) assert_unreached: Threw an unexpected error: DataError (DOM Exception 30): Data provided to an operation does not meet requirements Reached unreachable code
-FAIL Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, true, [deriveBits, deriveKey]) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+FAIL Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, true, [deriveBits, deriveKey]) assert_unreached: Threw an unexpected error: DataError (DOM Exception 30): Data provided to an operation does not meet requirements Reached unreachable code
 FAIL Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-521}, true, [deriveBits, deriveKey]) assert_unreached: Threw an unexpected error: DataError (DOM Exception 30): Data provided to an operation does not meet requirements Reached unreachable code
-FAIL Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, true, [deriveBits]) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+FAIL Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, true, [deriveBits]) assert_unreached: Threw an unexpected error: DataError (DOM Exception 30): Data provided to an operation does not meet requirements Reached unreachable code
 FAIL Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-521}, true, [deriveBits]) assert_unreached: Threw an unexpected error: DataError (DOM Exception 30): Data provided to an operation does not meet requirements Reached unreachable code
-FAIL Good parameters: P-521 bits (spki, buffer(158), {name: ECDH, namedCurve: P-521}, false, []) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+FAIL Good parameters: P-521 bits (spki, buffer(158), {name: ECDH, namedCurve: P-521}, false, []) assert_unreached: Threw an unexpected error: DataError (DOM Exception 30): Data provided to an operation does not meet requirements Reached unreachable code
 FAIL Good parameters: P-521 bits (jwk, object(kty, crv, x, y), {name: ECDH, namedCurve: P-521}, false, []) assert_unreached: Threw an unexpected error: DataError (DOM Exception 30): Data provided to an operation does not meet requirements Reached unreachable code
-FAIL Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, false, [deriveKey]) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+FAIL Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, false, [deriveKey]) assert_unreached: Threw an unexpected error: DataError (DOM Exception 30): Data provided to an operation does not meet requirements Reached unreachable code
 FAIL Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-521}, false, [deriveKey]) assert_unreached: Threw an unexpected error: DataError (DOM Exception 30): Data provided to an operation does not meet requirements Reached unreachable code
-FAIL Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, false, [deriveBits, deriveKey]) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+FAIL Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, false, [deriveBits, deriveKey]) assert_unreached: Threw an unexpected error: DataError (DOM Exception 30): Data provided to an operation does not meet requirements Reached unreachable code
 FAIL Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-521}, false, [deriveBits, deriveKey]) assert_unreached: Threw an unexpected error: DataError (DOM Exception 30): Data provided to an operation does not meet requirements Reached unreachable code
-FAIL Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, false, [deriveBits]) assert_unreached: Threw an unexpected error: NotSupportedError (DOM Exception 9): The algorithm is not supported Reached unreachable code
+FAIL Good parameters: P-521 bits (pkcs8, buffer(241), {name: ECDH, namedCurve: P-521}, false, [deriveBits]) assert_unreached: Threw an unexpected error: DataError (DOM Exception 30): Data provided to an operation does not meet requirements Reached unreachable code
 FAIL Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-521}, false, [deriveBits]) assert_unreached: Threw an unexpected error: DataError (DOM Exception 30): Data provided to an operation does not meet requirements Reached unreachable code
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2017-03-16  Jiewen Tan  <jiewen_tan@apple.com>
+
+        [WebCrypto] Support SPKI/PKCS8 for Elliptic Curve
+        https://bugs.webkit.org/show_bug.cgi?id=169318
+        <rdar://problem/31081956>
+
+        Reviewed by Brent Fulgham.
+
+        This patch adds SPKI/PKCS8 support for Elliptic Curve cryptos. We can now import/export
+        SPKI/PKCS8 Elliptic Curve keys after this change. Few things to note: 1) This patch
+        implements a loose DER encoder/decoder for hacking the underlying CommonCrypto library.
+        2) It only permits id-ecPublicKey as the AlgorithmIdentifier following OpenSSL/Chrome(BoringSSL).
+        3) It follows OpenSSL/Chrome(BoringSSL) to replace ECParameters in ECPrivateKey with custom
+        tags. Hence, we should fully comply with OpenSSL/Chrome(BoringSSL).
+
+        Tests: crypto/subtle/ec-import-jwk-key-export-pkcs8-key.html
+               crypto/subtle/ec-import-jwk-key-export-spki-key.html
+               crypto/subtle/ec-import-pkcs8-key-export-jwk-key.html
+               crypto/subtle/ec-import-pkcs8-key-export-pkcs8-key-p256.html
+               crypto/subtle/ec-import-pkcs8-key-export-pkcs8-key-p384.html
+               crypto/subtle/ec-import-raw-key-export-spki-key.html
+               crypto/subtle/ec-import-spki-key-export-jwk-key.html
+               crypto/subtle/ec-import-spki-key-export-raw-key.html
+               crypto/subtle/ec-import-spki-key-export-spki-key-p256.html
+               crypto/subtle/ec-import-spki-key-export-spki-key-p384.html
+               crypto/subtle/ecdh-generate-export-key-spki-p256.html
+               crypto/subtle/ecdh-generate-export-key-spki-p384.html
+               crypto/subtle/ecdh-generate-export-pkcs8-p256.html
+               crypto/subtle/ecdh-generate-export-pkcs8-p384.html
+               crypto/subtle/ecdh-import-pkcs8-key-p256.html
+               crypto/subtle/ecdh-import-pkcs8-key-p384.html
+               crypto/subtle/ecdh-import-spki-key-p256.html
+               crypto/subtle/ecdh-import-spki-key-p384.html
+               crypto/workers/subtle/ec-generate-export-pkcs8-key.html
+               crypto/workers/subtle/ec-generate-export-spki-key.html
+               crypto/workers/subtle/ec-import-pkcs8-key.html
+               crypto/workers/subtle/ec-import-spki-key.html
+
+        * WebCore.xcodeproj/project.pbxproj:
+        * crypto/algorithms/CryptoAlgorithmECDH.cpp:
+        (WebCore::CryptoAlgorithmECDH::importKey):
+        (WebCore::CryptoAlgorithmECDH::exportKey):
+        * crypto/gnutls/CryptoKeyECGnuTLS.cpp:
+        (WebCore::CryptoKeyEC::platformExportRaw):
+        (WebCore::CryptoKeyEC::platformImportSpki):
+        (WebCore::CryptoKeyEC::platformExportSpki):
+        (WebCore::CryptoKeyEC::platformImportPkcs8):
+        (WebCore::CryptoKeyEC::platformExportPkcs8):
+        (WebCore::CryptoKeyEC::exportRaw): Deleted.
+        * crypto/keys/CryptoKeyEC.cpp:
+        (WebCore::CryptoKeyEC::importSpki):
+        (WebCore::CryptoKeyEC::importPkcs8):
+        (WebCore::CryptoKeyEC::exportRaw):
+        (WebCore::CryptoKeyEC::exportSpki):
+        (WebCore::CryptoKeyEC::exportPkcs8):
+        * crypto/keys/CryptoKeyEC.h:
+        * crypto/mac/CommonCryptoDERUtilities.h: Added.
+        (WebCore::bytesUsedToEncodedLength):
+        (WebCore::extraBytesNeededForEncodedLength):
+        (WebCore::addEncodedASN1Length):
+        (WebCore::bytesNeededForEncodedLength):
+        * crypto/mac/CryptoKeyECMac.cpp:
+        (WebCore::compareBytes):
+        (WebCore::CryptoKeyEC::platformExportRaw):
+        (WebCore::CryptoKeyEC::platformImportJWKPrivate):
+        (WebCore::getOID):
+        (WebCore::CryptoKeyEC::platformImportSpki):
+        (WebCore::CryptoKeyEC::platformExportSpki):
+        (WebCore::CryptoKeyEC::platformImportPkcs8):
+        (WebCore::CryptoKeyEC::platformExportPkcs8):
+        (WebCore::CryptoKeyEC::exportRaw): Deleted.
+        Enlarge the robust of exportRaw.
+        * crypto/mac/CryptoKeyRSAMac.cpp:
+        (WebCore::CryptoKeyRSA::exportSpki):
+        (WebCore::CryptoKeyRSA::exportPkcs8):
+        Enhance the implementation.
+        (WebCore::bytesUsedToEncodedLength): Deleted.
+        (WebCore::bytesNeededForEncodedLength): Deleted.
+        (WebCore::addEncodedASN1Length): Deleted.
+        Moved to CommonCryptoDERUtilities.h.
+
 2017-03-16  Alex Christensen  <achristensen@webkit.org>
 

trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj

@@ -2583 +2583 @@
                 57E657EF1E71665400F941CA /* JSPbkdf2Params.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 57E657ED1E71665400F941CA /* JSPbkdf2Params.cpp */; };
                 57E657F01E71665400F941CA /* JSPbkdf2Params.h in Headers */ = {isa = PBXBuildFile; fileRef = 57E657EE1E71665400F941CA /* JSPbkdf2Params.h */; };
+                57E664FC1E73703300765536 /* CommonCryptoDERUtilities.h in Headers */ = {isa = PBXBuildFile; fileRef = 57E664FB1E73703300765536 /* CommonCryptoDERUtilities.h */; };
                 57EF5E601D20C83900171E60 /* TextCodecReplacement.h in Headers */ = {isa = PBXBuildFile; fileRef = 57EF5E5F1D20C83900171E60 /* TextCodecReplacement.h */; };
                 57EF5E621D20D28700171E60 /* TextCodecReplacement.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 57EF5E611D20D28700171E60 /* TextCodecReplacement.cpp */; };
@@ -10258 +10259 @@
                 57E657ED1E71665400F941CA /* JSPbkdf2Params.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSPbkdf2Params.cpp; sourceTree = "<group>"; };
                 57E657EE1E71665400F941CA /* JSPbkdf2Params.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSPbkdf2Params.h; sourceTree = "<group>"; };
+                57E664FB1E73703300765536 /* CommonCryptoDERUtilities.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CommonCryptoDERUtilities.h; sourceTree = "<group>"; };
                 57EF5E5F1D20C83900171E60 /* TextCodecReplacement.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TextCodecReplacement.h; sourceTree = "<group>"; };
                 57EF5E611D20D28700171E60 /* TextCodecReplacement.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = TextCodecReplacement.cpp; sourceTree = "<group>"; };
@@ -24201 +24203 @@
                         isa = PBXGroup;
                         children = (
+                                57E664FB1E73703300765536 /* CommonCryptoDERUtilities.h */,
                                 E125F843182425C900D84CD9 /* CryptoAlgorithmAES_CBCMac.cpp */,
                                 570440571E53851600356601 /* CryptoAlgorithmAES_CFBMac.cpp */,
@@ -27069 +27072 @@
                                 930908910AF7EDE40081DF01 /* HitTestRequest.h in Headers */,
                                 9307F1D80AF2D59000DBA31A /* HitTestResult.h in Headers */,
+                                57E664FC1E73703300765536 /* CommonCryptoDERUtilities.h in Headers */,
                                 BC3BC29C0E91AB0F00835588 /* HostWindow.h in Headers */,
                                 FD31609912B026F700C1A359 /* HRTFDatabase.h in Headers */,

trunk/Source/WebCore/crypto/algorithms/CryptoAlgorithmECDH.cpp

@@ -154 +154 @@
         result = CryptoKeyEC::importRaw(ecParameters.identifier, ecParameters.namedCurve, WTFMove(WTF::get<Vector<uint8_t>>(data)), extractable, usages);
         break;
-    default:
-        exceptionCallback(NOT_SUPPORTED_ERR);
-        return;
+    case SubtleCrypto::KeyFormat::Spki:
+        if (usages) {
+            exceptionCallback(SYNTAX_ERR);
+            return;
+        }
+        result = CryptoKeyEC::importSpki(ecParameters.identifier, ecParameters.namedCurve, WTFMove(WTF::get<Vector<uint8_t>>(data)), extractable, usages);
+        break;
+    case SubtleCrypto::KeyFormat::Pkcs8:
+        if (usages && (usages ^ CryptoKeyUsageDeriveKey) && (usages ^ CryptoKeyUsageDeriveBits) && (usages ^ (CryptoKeyUsageDeriveKey | CryptoKeyUsageDeriveBits))) {
+            exceptionCallback(SYNTAX_ERR);
+            return;
+        }
+        result = CryptoKeyEC::importPkcs8(ecParameters.identifier, ecParameters.namedCurve, WTFMove(WTF::get<Vector<uint8_t>>(data)), extractable, usages);
+        break;
     }
     if (!result) {
@@ -177 +188 @@
     KeyData result;
     switch (format) {
-    case SubtleCrypto::KeyFormat::Jwk: {
+    case SubtleCrypto::KeyFormat::Jwk:
         result = ecKey.exportJwk();
         break;
-    }
     case SubtleCrypto::KeyFormat::Raw: {
-        if (ecKey.type() != CryptoKey::Type::Public) {
-            exceptionCallback(INVALID_ACCESS_ERR);
-            return;
-        }
-        result = ecKey.exportRaw();
-        break;
-    }
-    default:
-        exceptionCallback(NOT_SUPPORTED_ERR);
-        return;
+        auto raw = ecKey.exportRaw();
+        if (raw.hasException()) {
+            exceptionCallback(raw.releaseException().code());
+            return;
+        }
+        result = raw.releaseReturnValue();
+        break;
+    }
+    case SubtleCrypto::KeyFormat::Spki: {
+        auto spki = ecKey.exportSpki();
+        if (spki.hasException()) {
+            exceptionCallback(spki.releaseException().code());
+            return;
+        }
+        result = spki.releaseReturnValue();
+        break;
+    }
+    case SubtleCrypto::KeyFormat::Pkcs8: {
+        auto pkcs8 = ecKey.exportPkcs8();
+        if (pkcs8.hasException()) {
+            exceptionCallback(pkcs8.releaseException().code());
+            return;
+        }
+        result = pkcs8.releaseReturnValue();
+        break;
+    }
     }
 

trunk/Source/WebCore/crypto/gnutls/CryptoKeyECGnuTLS.cpp

@@ -49 +49 @@
 }
 
-Vector<uint8_t> CryptoKeyEC::exportRaw() const
+Vector<uint8_t> CryptoKeyEC::platformExportRaw() const
 {
     notImplemented();
@@ -89 +89 @@
 }
 
+RefPtr<CryptoKeyEC> CryptoKeyEC::platformImportSpki(CryptoAlgorithmIdentifier, NamedCurve, Vector<uint8_t>&&, bool, CryptoKeyUsageBitmap)
+{
+    notImplemented();
+
+    return nullptr;
+}
+
+Vector<uint8_t> CryptoKeyEC::platformExportSpki() const
+{
+    notImplemented();
+
+    return { };
+}
+
+RefPtr<CryptoKeyEC> CryptoKeyEC::platformImportPkcs8(CryptoAlgorithmIdentifier, NamedCurve, Vector<uint8_t>&&, bool, CryptoKeyUsageBitmap)
+{
+    notImplemented();
+
+    return nullptr;
+}
+
+Vector<uint8_t> CryptoKeyEC::platformExportPkcs8() const
+{
+    notImplemented();
+
+    return { };
+}
+
 } // namespace WebCore
 

trunk/Source/WebCore/crypto/keys/CryptoKeyEC.cpp

@@ -114 +114 @@
 }
 
+RefPtr<CryptoKeyEC> CryptoKeyEC::importSpki(CryptoAlgorithmIdentifier identifier, const String& curve, Vector<uint8_t>&& keyData, bool extractable, CryptoKeyUsageBitmap usages)
+{
+    auto namedCurve = toNamedCurve(curve);
+    if (!namedCurve)
+        return nullptr;
+
+    return platformImportSpki(identifier, *namedCurve, WTFMove(keyData), extractable, usages);
+}
+
+RefPtr<CryptoKeyEC> CryptoKeyEC::importPkcs8(CryptoAlgorithmIdentifier identifier, const String& curve, Vector<uint8_t>&& keyData, bool extractable, CryptoKeyUsageBitmap usages)
+{
+    auto namedCurve = toNamedCurve(curve);
+    if (!namedCurve)
+        return nullptr;
+
+    return platformImportPkcs8(identifier, *namedCurve, WTFMove(keyData), extractable, usages);
+}
+
+ExceptionOr<Vector<uint8_t>> CryptoKeyEC::exportRaw() const
+{
+    if (type() != CryptoKey::Type::Public)
+        return Exception { INVALID_ACCESS_ERR };
+
+    return platformExportRaw();
+}
+
 JsonWebKey CryptoKeyEC::exportJwk() const
 {
@@ -130 +156 @@
     platformAddFieldElements(result);
     return result;
+}
+
+ExceptionOr<Vector<uint8_t>> CryptoKeyEC::exportSpki() const
+{
+    if (type() != CryptoKey::Type::Public)
+        return Exception { INVALID_ACCESS_ERR };
+
+    return platformExportSpki();
+}
+
+ExceptionOr<Vector<uint8_t>> CryptoKeyEC::exportPkcs8() const
+{
+    if (type() != CryptoKey::Type::Private)
+        return Exception { INVALID_ACCESS_ERR };
+
+    return platformExportPkcs8();
 }
 

trunk/Source/WebCore/crypto/keys/CryptoKeyEC.h

@@ -80 +80 @@
     static RefPtr<CryptoKeyEC> importRaw(CryptoAlgorithmIdentifier, const String& curve, Vector<uint8_t>&& keyData, bool extractable, CryptoKeyUsageBitmap);
     static RefPtr<CryptoKeyEC> importJwk(CryptoAlgorithmIdentifier, const String& curve, JsonWebKey&&, bool extractable, CryptoKeyUsageBitmap);
+    static RefPtr<CryptoKeyEC> importSpki(CryptoAlgorithmIdentifier, const String& curve, Vector<uint8_t>&& keyData, bool extractable, CryptoKeyUsageBitmap);
+    static RefPtr<CryptoKeyEC> importPkcs8(CryptoAlgorithmIdentifier, const String& curve, Vector<uint8_t>&& keyData, bool extractable, CryptoKeyUsageBitmap);
 
-    Vector<uint8_t> exportRaw() const;
+    ExceptionOr<Vector<uint8_t>> exportRaw() const;
     JsonWebKey exportJwk() const;
+    ExceptionOr<Vector<uint8_t>> exportSpki() const;
+    ExceptionOr<Vector<uint8_t>> exportPkcs8() const;
 
     size_t keySizeInBits() const;
@@ -100 +104 @@
     static RefPtr<CryptoKeyEC> platformImportJWKPublic(CryptoAlgorithmIdentifier, NamedCurve, Vector<uint8_t>&& x, Vector<uint8_t>&& y, bool extractable, CryptoKeyUsageBitmap);
     static RefPtr<CryptoKeyEC> platformImportJWKPrivate(CryptoAlgorithmIdentifier, NamedCurve, Vector<uint8_t>&& x, Vector<uint8_t>&& y, Vector<uint8_t>&& d, bool extractable, CryptoKeyUsageBitmap);
+    static RefPtr<CryptoKeyEC> platformImportSpki(CryptoAlgorithmIdentifier, NamedCurve, Vector<uint8_t>&& keyData, bool extractable, CryptoKeyUsageBitmap);
+    static RefPtr<CryptoKeyEC> platformImportPkcs8(CryptoAlgorithmIdentifier, NamedCurve, Vector<uint8_t>&& keyData, bool extractable, CryptoKeyUsageBitmap);
+    Vector<uint8_t> platformExportRaw() const;
     void platformAddFieldElements(JsonWebKey&) const;
+    Vector<uint8_t> platformExportSpki() const;
+    Vector<uint8_t> platformExportPkcs8() const;
 
     PlatformECKey m_platformKey;

trunk/Source/WebCore/crypto/mac/CryptoKeyECMac.cpp

@@ -29 +29 @@
 #if ENABLE(SUBTLE_CRYPTO)
 
+#include "CommonCryptoDERUtilities.h"
 #include "CommonCryptoUtilities.h"
 #include "JsonWebKey.h"
@@ -35 +36 @@
 namespace WebCore {
 
-static unsigned char InitialOctet = 0x04; // Per Section 2.3.3 of http://www.secg.org/sec1-v2.pdf
+static const unsigned char InitialOctetEC = 0x04; // Per Section 2.3.3 of http://www.secg.org/sec1-v2.pdf
+// OID id-ecPublicKey 1.2.840.10045.2.1.
+static const unsigned char IdEcPublicKey[] = {0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01};
+// OID secp256r1 1.2.840.10045.3.1.7.
+static constexpr unsigned char Secp256r1[] = {0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07};
+// OID secp384r1 1.3.132.0.34
+static constexpr unsigned char Secp384r1[] = {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22};
+// Version 1. Per https://tools.ietf.org/html/rfc5915#section-3
+static const unsigned char PrivateKeyVersion[] = {0x02, 0x01, 0x01};
+// Custom OpenSSL ECParameters Tags
+static const size_t CustomTagSize = 2;
+static constexpr unsigned char EcP256[] = {0xa1, 0x44};
+static constexpr unsigned char EcP384[] = {0xa1, 0x64};
 
 // Per Section 2.3.4 of http://www.secg.org/sec1-v2.pdf
@@ -90 +103 @@
 }
 
-Vector<uint8_t> CryptoKeyEC::exportRaw() const
+Vector<uint8_t> CryptoKeyEC::platformExportRaw() const
 {
     Vector<uint8_t> result(keySizeInBits() / 4 + 1); // Per Section 2.3.4 of http://www.secg.org/sec1-v2.pdf
@@ -142 +155 @@
 
     // A hack to CommonCrypto since it doesn't provide API for creating private keys directly from x, y, d.
-    // BinaryInput = InitialOctet + X + Y + D
+    // BinaryInput = InitialOctetEC + X + Y + D
     Vector<uint8_t> binaryInput;
-    binaryInput.append(InitialOctet);
+    binaryInput.append(InitialOctetEC);
     binaryInput.appendVector(x);
     binaryInput.appendVector(y);
@@ -174 +187 @@
 }
 
+static size_t getOID(CryptoKeyEC::NamedCurve curve, const uint8_t*& oid)
+{
+    size_t oidSize;
+    switch (curve) {
+    case CryptoKeyEC::NamedCurve::P256:
+        oid = Secp256r1;
+        oidSize = sizeof(Secp256r1);
+        break;
+    case CryptoKeyEC::NamedCurve::P384:
+        oid = Secp384r1;
+        oidSize = sizeof(Secp384r1);
+    }
+    return oidSize;
+}
+
+// Per https://www.ietf.org/rfc/rfc5280.txt
+// SubjectPublicKeyInfo ::= SEQUENCE { algorithm AlgorithmIdentifier, subjectPublicKey BIT STRING }
+// AlgorithmIdentifier  ::= SEQUENCE { algorithm OBJECT IDENTIFIER, parameters ANY DEFINED BY algorithm OPTIONAL }
+// Per https://www.ietf.org/rfc/rfc5480.txt
+// id-ecPublicKey OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 }
+// secp256r1 OBJECT IDENTIFIER      ::= { iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 7 }
+// secp384r1 OBJECT IDENTIFIER      ::= { iso(1) identified-organization(3) certicom(132) curve(0) 34 }
+RefPtr<CryptoKeyEC> CryptoKeyEC::platformImportSpki(CryptoAlgorithmIdentifier identifier, NamedCurve curve, Vector<uint8_t>&& keyData, bool extractable, CryptoKeyUsageBitmap usages)
+{
+    // The following is a loose check on the provided SPKI key, it aims to extract AlgorithmIdentifier, ECParameters, and Key.
+    // Once the underlying crypto library is updated to accept SPKI EC Key, we should remove this hack.
+    // <rdar://problem/30987628>
+    size_t index = 1; // Read SEQUENCE
+    if (keyData.size() < index + 1)
+        return nullptr;
+    index += bytesUsedToEncodedLength(keyData[index]) + 1; // Read length, SEQUENCE
+    if (keyData.size() < index + 1)
+        return nullptr;
+    index += bytesUsedToEncodedLength(keyData[index]); // Read length
+    if (keyData.size() < index + sizeof(IdEcPublicKey))
+        return nullptr;
+    if (memcmp(keyData.data() + index, IdEcPublicKey, sizeof(IdEcPublicKey)))
+        return nullptr;
+    index += sizeof(IdEcPublicKey); // Read id-ecPublicKey
+    const uint8_t* oid;
+    size_t oidSize = getOID(curve, oid);
+    if (keyData.size() < index + oidSize)
+        return nullptr;
+    if (memcmp(keyData.data() + index, oid, oidSize))
+        return nullptr;
+    index += oidSize + 1; // Read named curve OID, BIT STRING
+    if (keyData.size() < index + 1)
+        return nullptr;
+    index += bytesUsedToEncodedLength(keyData[index]) + 1; // Read length, InitialOctet
+
+    if (!doesUncompressedPointMatchNamedCurve(curve, keyData.size() - index))
+        return nullptr;
+
+    CCECCryptorRef ccPublicKey;
+    if (CCECCryptorImportKey(kCCImportKeyBinary, keyData.data() + index, keyData.size() - index, ccECKeyPublic, &ccPublicKey))
+        return nullptr;
+
+    return create(identifier, curve, CryptoKeyType::Public, ccPublicKey, extractable, usages);
+}
+
+Vector<uint8_t> CryptoKeyEC::platformExportSpki() const
+{
+    Vector<uint8_t> keyBytes(keySizeInBits() / 4 + 1); // Per Section 2.3.4 of http://www.secg.org/sec1-v2.pdf
+    size_t keySize = keyBytes.size();
+    CCECCryptorExportKey(kCCImportKeyBinary, keyBytes.data(), &keySize, ccECKeyPublic, m_platformKey);
+
+    // The following addes SPKI header to a raw EC public key.
+    // Once the underlying crypto library is updated to output SPKI EC Key, we should remove this hack.
+    // <rdar://problem/30987628>
+    const uint8_t* oid;
+    size_t oidSize = getOID(namedCurve(), oid);
+
+    // SEQUENCE + length(1) + OID id-ecPublicKey + OID secp256r1/OID secp384r1 + BIT STRING + length(?) + InitialOctet + Key size
+    size_t totalSize = sizeof(IdEcPublicKey) + oidSize + bytesNeededForEncodedLength(keySize + 1) + keySize + 4;
+
+    Vector<uint8_t> result;
+    result.reserveCapacity(totalSize + bytesNeededForEncodedLength(totalSize) + 1);
+    result.append(SequenceMark);
+    addEncodedASN1Length(result, totalSize);
+    result.append(SequenceMark);
+    addEncodedASN1Length(result, sizeof(IdEcPublicKey) + oidSize);
+    result.append(IdEcPublicKey, sizeof(IdEcPublicKey));
+    result.append(oid, oidSize);
+    result.append(BitStringMark);
+    addEncodedASN1Length(result, keySize + 1);
+    result.append(InitialOctet);
+    result.append(keyBytes.data(), keyBytes.size());
+
+    return result;
+}
+
+// Per https://www.ietf.org/rfc/rfc5208.txt
+// PrivateKeyInfo ::= SEQUENCE { version INTEGER, privateKeyAlgorithm AlgorithmIdentifier, privateKey OCTET STRING { ECPrivateKey } }
+// Per https://www.ietf.org/rfc/rfc5915.txt
+// ECPrivateKey ::= SEQUENCE { version INTEGER { ecPrivkeyVer1(1) }, privateKey OCTET STRING, parameters CustomECParameters, publicKey BIT STRING }
+// OpenSSL uses custom ECParameters. We follow OpenSSL as a compatibility concern.
+RefPtr<CryptoKeyEC> CryptoKeyEC::platformImportPkcs8(CryptoAlgorithmIdentifier identifier, NamedCurve curve, Vector<uint8_t>&& keyData, bool extractable, CryptoKeyUsageBitmap usages)
+{
+    // The following is a loose check on the provided PKCS8 key, it aims to extract AlgorithmIdentifier, ECParameters, and Key.
+    // Once the underlying crypto library is updated to accept PKCS8 EC Key, we should remove this hack.
+    // <rdar://problem/30987628>
+    size_t index = 1; // Read SEQUENCE
+    if (keyData.size() < index + 1)
+        return nullptr;
+    index += bytesUsedToEncodedLength(keyData[index]) + 4; // Read length, version, SEQUENCE
+    if (keyData.size() < index + 1)
+        return nullptr;
+    index += bytesUsedToEncodedLength(keyData[index]); // Read length
+    if (keyData.size() < index + sizeof(IdEcPublicKey))
+        return nullptr;
+    if (memcmp(keyData.data() + index, IdEcPublicKey, sizeof(IdEcPublicKey)))
+        return nullptr;
+    index += sizeof(IdEcPublicKey); // Read id-ecPublicKey
+    const uint8_t* oid;
+    size_t oidSize = getOID(curve, oid);
+    if (keyData.size() < index + oidSize)
+        return nullptr;
+    if (memcmp(keyData.data() + index, oid, oidSize))
+        return nullptr;
+    index += oidSize + 1; // Read named curve OID, OCTET STRING
+    if (keyData.size() < index + 1)
+        return nullptr;
+    index += bytesUsedToEncodedLength(keyData[index]) + 1; // Read length, SEQUENCE
+    if (keyData.size() < index + 1)
+        return nullptr;
+    index += bytesUsedToEncodedLength(keyData[index]) + 4; // Read length, version, OCTET STRING
+    if (keyData.size() < index + 1)
+        return nullptr;
+    index += bytesUsedToEncodedLength(keyData[index]); // Read length
+
+    if (keyData.size() < index + getKeySizeFromNamedCurve(curve) / 8)
+        return nullptr;
+    size_t privateKeyPos = index;
+    index += getKeySizeFromNamedCurve(curve) / 8 + CustomTagSize + 1; // Read privateKey, CustomECParameters, BIT STRING
+    if (keyData.size() < index + 1)
+        return nullptr;
+    index += bytesUsedToEncodedLength(keyData[index]) + 1; // Read length, InitialOctet
+
+    // KeyBinary = uncompressed point + private key
+    Vector<uint8_t> keyBinary;
+    keyBinary.append(keyData.data() + index, keyData.size() - index);
+    if (!doesUncompressedPointMatchNamedCurve(curve, keyBinary.size()))
+        return nullptr;
+    keyBinary.append(keyData.data() + privateKeyPos, getKeySizeFromNamedCurve(curve) / 8);
+
+    CCECCryptorRef ccPrivateKey;
+    if (CCECCryptorImportKey(kCCImportKeyBinary, keyBinary.data(), keyBinary.size(), ccECKeyPrivate, &ccPrivateKey))
+        return nullptr;
+
+    return create(identifier, curve, CryptoKeyType::Private, ccPrivateKey, extractable, usages);
+}
+
+Vector<uint8_t> CryptoKeyEC::platformExportPkcs8() const
+{
+    size_t keySizeInBytes = keySizeInBits() / 8;
+    Vector<uint8_t> keyBytes(keySizeInBytes * 3 + 1); // 04 + X + Y + private key
+    size_t keySize = keyBytes.size();
+    CCECCryptorExportKey(kCCImportKeyBinary, keyBytes.data(), &keySize, ccECKeyPrivate, m_platformKey);
+
+    // The following addes PKCS8 header to a raw EC private key.
+    // Once the underlying crypto library is updated to output PKCS8 EC Key, we should remove this hack.
+    // <rdar://problem/30987628>
+    const uint8_t* oid;
+    size_t oidSize = getOID(namedCurve(), oid);
+    const uint8_t* customTag;
+    switch (namedCurve()) {
+    case NamedCurve::P256:
+        customTag = EcP256;
+        break;
+    case NamedCurve::P384:
+        customTag = EcP384;
+    }
+
+    // InitialOctet + 04 + X + Y
+    size_t publicKeySize = keySizeInBytes * 2 + 2;
+    // VERSION + OCTET STRING + length(1) + private key + CustomECParameters(2) + BIT STRING + length(?) + publicKeySize
+    size_t ecPrivateKeySize = sizeof(Version) + keySizeInBytes + CustomTagSize + bytesNeededForEncodedLength(publicKeySize) + publicKeySize + 3;
+    // SEQUENCE + length(?) + ecPrivateKeySize
+    size_t privateKeySize = bytesNeededForEncodedLength(ecPrivateKeySize) + ecPrivateKeySize + 1;
+    // VERSION + SEQUENCE + length(1) + OID id-ecPublicKey + OID secp256r1/OID secp384r1 + OCTET STRING + length(?) + privateKeySize
+    size_t totalSize = sizeof(Version) + sizeof(IdEcPublicKey) + oidSize + bytesNeededForEncodedLength(privateKeySize) + privateKeySize + 3;
+
+    Vector<uint8_t> result;
+    result.reserveCapacity(totalSize + bytesNeededForEncodedLength(totalSize) + 1);
+    result.append(SequenceMark);
+    addEncodedASN1Length(result, totalSize);
+    result.append(Version, sizeof(Version));
+    result.append(SequenceMark);
+    addEncodedASN1Length(result, sizeof(IdEcPublicKey) + oidSize);
+    result.append(IdEcPublicKey, sizeof(IdEcPublicKey));
+    result.append(oid, oidSize);
+    result.append(OctetStringMark);
+    addEncodedASN1Length(result, privateKeySize);
+    result.append(SequenceMark);
+    addEncodedASN1Length(result, ecPrivateKeySize);
+    result.append(PrivateKeyVersion, sizeof(PrivateKeyVersion));
+    result.append(OctetStringMark);
+    addEncodedASN1Length(result, keySizeInBytes);
+    result.append(keyBytes.data() + publicKeySize - 1, keySizeInBytes);
+    result.append(customTag, CustomTagSize);
+    result.append(BitStringMark);
+    addEncodedASN1Length(result, publicKeySize);
+    result.append(InitialOctet);
+    result.append(keyBytes.data(), publicKeySize - 1);
+
+    return result;
+}
+
 } // namespace WebCore
 

trunk/Source/WebCore/crypto/mac/CryptoKeyRSAMac.cpp

@@ -29 +29 @@
 #if ENABLE(SUBTLE_CRYPTO)
 
+#include "CommonCryptoDERUtilities.h"
 #include "CommonCryptoUtilities.h"
 #include "CryptoAlgorithmRegistry.h"
@@ -40 +41 @@
 
 // OID rsaEncryption: 1.2.840.113549.1.1.1. Per https://tools.ietf.org/html/rfc3279#section-2.3.1
-static unsigned char RSAOIDHeader[] = {0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00};
-// Version 0. Per https://tools.ietf.org/html/rfc5208#section-5
-static unsigned char Version[] = {0x02, 0x01, 0x00};
-
-// Per X.690 08/2015: https://www.itu.int/rec/T-REC-X.680-X.693/en
-static unsigned char BitStringMark = 0x03;
-static unsigned char OctetStringMark = 0x04;
-static unsigned char SequenceMark = 0x30;
-
-static unsigned char InitialOctet = 0x00;
+static const unsigned char RSAOIDHeader[] = {0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00};
 
 // FIXME: We should get rid of magic number 16384. It assumes that the length of provided key will not exceed 16KB.
@@ -254 +246 @@
 }
 
-static size_t bytesUsedToEncodedLength(uint8_t octet)
-{
-    if (octet < 128)
-        return 1;
-    return octet - 127;
-}
-
-static size_t bytesNeededForEncodedLength(size_t length)
-{
-    if (!length)
-        return 0;
-    size_t result = 1;
-    while (result < sizeof(length) && length >= (1 << (result * 8)))
-        result += 1;
-    return result;
-}
-
-static void addEncodedASN1Length(Vector<uint8_t>& in, size_t length)
-{
-    if (length < 128) {
-        in.append(length);
-        return;
-    }
-
-    size_t extraBytes = bytesNeededForEncodedLength(length);
-    in.append(128 + extraBytes);
-
-    size_t lastPosition = in.size() + extraBytes - 1;
-    in.grow(in.size() + extraBytes);
-    for (size_t i = 0; i < extraBytes; i++) {
-        in[lastPosition - i] = length & 0xff;
-        length = length >> 8;
-    }
-}
-
 // FIXME: We should use WorkQueue here instead of dispatch_async once WebKitSubtleCrypto is deprecated.
 // https://bugs.webkit.org/show_bug.cgi?id=164943
@@ -374 +331 @@
 
     // RSAOIDHeader + BitStringMark + Length + keySize + InitialOctet
-    size_t totalSize = sizeof(RSAOIDHeader) + bytesNeededForEncodedLength(keySize + 1) + keySize + 3;
+    size_t totalSize = sizeof(RSAOIDHeader) + bytesNeededForEncodedLength(keySize + 1) + keySize + 2;
 
     // Per https://tools.ietf.org/html/rfc5280#section-4.1. subjectPublicKeyInfo.
     Vector<uint8_t> result;
+    result.reserveCapacity(totalSize + bytesNeededForEncodedLength(totalSize) + 1);
     result.append(SequenceMark);
     addEncodedASN1Length(result, totalSize);
@@ -432 +390 @@
 
     // Version + RSAOIDHeader + OctetStringMark + Length + keySize
-    size_t totalSize = sizeof(Version) + sizeof(RSAOIDHeader) + bytesNeededForEncodedLength(keySize) + keySize + 2;
+    size_t totalSize = sizeof(Version) + sizeof(RSAOIDHeader) + bytesNeededForEncodedLength(keySize) + keySize + 1;
 
     // Per https://tools.ietf.org/html/rfc5208#section-5. PrivateKeyInfo.
     Vector<uint8_t> result;
+    result.reserveCapacity(totalSize + bytesNeededForEncodedLength(totalSize) + 1);
     result.append(SequenceMark);
     addEncodedASN1Length(result, totalSize);