Changeset 218626 in webkit

Timestamp:

Jun 20, 2017, 11:52:29 PM (8 years ago)

Author:

zandobersek@gmail.com

Message:

[GCrypt] Implement CryptoKeyEC SPKI imports
​https://bugs.webkit.org/show_bug.cgi?id=172927

Reviewed by Jiewen Tan, Michael Catanzaro and Carlos Garcia Campos.

.:

• Source/cmake/FindLibtasn1.cmake: Added.
• Source/cmake/OptionsGTK.cmake: Require libtasn1 when SUBTLE_CRYPTO is enabled.
• Source/cmake/OptionsWPE.cmake: Ditto.

Source/WebCore:

No new tests -- affected tests are now passing and are unskipped.

Implement libgcrypt-based support for SPKI imports of EC keys.

Using libtasn1 through the utility functions and wrappers, the given key data
is decoded against the SubjectPublicKeyInfo ASN.1 definition. The algorithm
member is then properly validated, making sure that the key algorithm idenfitier
is supported and that the algorithm parameters specify the correct EC curve.

The public key bit string is then retrieved and validated, ensuring it represents
an uncompressed EC point that is of valid size for the specified EC curve. The
point is then tested through an EC context to make sure it's positioned on the
specified EC curve.

Finally, the curve name and uncompressed point data are embedded into a
public-key s-expression that will be used through the libgcrypt API. This is
then used, along with other information, to create a valid CryptoKeyEC object.

• PlatformGTK.cmake: Use LIBTASN1_INCLUDE_DIRECTORIES and LIBTASN1_LIBRARIES.
• PlatformWPE.cmake: Ditto.
• crypto/gcrypt/CryptoKeyECGCrypt.cpp:

(WebCore::supportedAlgorithmIdentifier):
(WebCore::curveForIdentifier):
(WebCore::CryptoKeyEC::platformImportSpki):

Source/WebCore/PAL:

Add a file that provides utility functions for operating with libtasn1 APIs.

The precomputed ASN.1 declarations, generated from the WebCrypto.asn file with
the asn1Parser tool, are used to enable construction of ASN.1 structures that
are then used to decode the SPKI or PKCS#8 data through the decodeStructure()
function. Raw data of each element in that structure can be retrieved throug the
elementData() function.

The Structure class is added as a wrapper for asn1_node objects that are used
as decoding targets, simplifying lifetime management of these objects.

• pal/PlatformGTK.cmake:
• pal/PlatformWPE.cmake:
• pal/crypto/tasn1/Utilities.cpp: Added.

(PAL::TASN1::asn1Definitions):
(PAL::TASN1::decodeStructure):
(PAL::TASN1::elementData):

• pal/crypto/tasn1/Utilities.h: Added.

(PAL::TASN1::Structure::~Structure):
(PAL::TASN1::Structure::operator&):
(PAL::TASN1::Structure::operator asn1_node):

• pal/crypto/tasn1/WebCrypto.asn: Added.

LayoutTests:

• platform/gtk/TestExpectations:

Unskip or enable the EC-based SPKI import tests that are now passing.

Location:

trunk

Files:

• ChangeLog (modified) (1 diff)
• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/platform/gtk/TestExpectations (modified) (4 diffs)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/PAL/ChangeLog (modified) (1 diff)
• Source/WebCore/PAL/pal/PlatformGTK.cmake (modified) (1 diff)
• Source/WebCore/PAL/pal/PlatformWPE.cmake (modified) (1 diff)
• Source/WebCore/PAL/pal/crypto/tasn1 (added)
• Source/WebCore/PAL/pal/crypto/tasn1/Utilities.cpp (added)
• Source/WebCore/PAL/pal/crypto/tasn1/Utilities.h (added)
• Source/WebCore/PAL/pal/crypto/tasn1/WebCrypto.asn (added)
• Source/WebCore/PlatformGTK.cmake (modified) (2 diffs)
• Source/WebCore/PlatformWPE.cmake (modified) (2 diffs)
• Source/WebCore/crypto/gcrypt/CryptoKeyECGCrypt.cpp (modified) (2 diffs)
• Source/cmake/FindLibtasn1.cmake (added)
• Source/cmake/OptionsGTK.cmake (modified) (1 diff)
• Source/cmake/OptionsWPE.cmake (modified) (1 diff)

trunk/ChangeLog

@@ +1 @@
+2017-06-20  Zan Dobersek  <zdobersek@igalia.com>
+
+        [GCrypt] Implement CryptoKeyEC SPKI imports
+        https://bugs.webkit.org/show_bug.cgi?id=172927
+
+        Reviewed by Jiewen Tan, Michael Catanzaro and Carlos Garcia Campos.
+
+        * Source/cmake/FindLibtasn1.cmake: Added.
+        * Source/cmake/OptionsGTK.cmake: Require libtasn1 when SUBTLE_CRYPTO is enabled.
+        * Source/cmake/OptionsWPE.cmake: Ditto.
+
 2017-06-20  Carlos Garcia Campos  <cgarcia@igalia.com>
 

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2017-06-20  Zan Dobersek  <zdobersek@igalia.com>
+
+        [GCrypt] Implement CryptoKeyEC SPKI imports
+        https://bugs.webkit.org/show_bug.cgi?id=172927
+
+        Reviewed by Jiewen Tan, Michael Catanzaro and Carlos Garcia Campos.
+
+        * platform/gtk/TestExpectations:
+        Unskip or enable the EC-based SPKI import tests that are now passing.
+
 2017-06-20  Myles C. Maxfield  <mmaxfield@apple.com>
 

trunk/LayoutTests/platform/gtk/TestExpectations

@@ -759 +759 @@
 webkit.org/b/133122 crypto/subtle/ecdh-import-pkcs8-key-p256.html [ Skip ]
 webkit.org/b/133122 crypto/subtle/ecdh-import-pkcs8-key-p384.html [ Skip ]
-webkit.org/b/133122 crypto/subtle/ecdh-import-spki-key-p256.html [ Skip ]
-webkit.org/b/133122 crypto/subtle/ecdh-import-spki-key-p384.html [ Skip ]
 webkit.org/b/133122 crypto/subtle/ecdsa-generate-export-key-pkcs8.html [ Skip ]
 webkit.org/b/133122 crypto/subtle/ecdsa-generate-export-key-spki.html [ Skip ]
 webkit.org/b/133122 crypto/subtle/ecdsa-import-pkcs8-key.html [ Skip ]
-webkit.org/b/133122 crypto/subtle/ecdsa-import-spki-key.html [ Skip ]
 webkit.org/b/133122 crypto/subtle/ec-import-jwk-key-export-pkcs8-key.html [ Skip ]
 webkit.org/b/133122 crypto/subtle/ec-import-jwk-key-export-spki-key.html [ Skip ]
@@ -771 +768 @@
 webkit.org/b/133122 crypto/subtle/ec-import-pkcs8-key-export-pkcs8-key-p256.html [ Skip ]
 webkit.org/b/133122 crypto/subtle/ec-import-pkcs8-key-export-pkcs8-key-p384.html [ Skip ]
-webkit.org/b/133122 crypto/subtle/ec-import-spki-key-export-jwk-key.html [ Skip ]
-webkit.org/b/133122 crypto/subtle/ec-import-spki-key-export-raw-key.html [ Skip ]
 webkit.org/b/133122 crypto/subtle/ec-import-spki-key-export-spki-key-p256.html [ Skip ]
 webkit.org/b/133122 crypto/subtle/ec-import-spki-key-export-spki-key-p384.html [ Skip ]
@@ -812 +807 @@
 webkit.org/b/133122 crypto/workers/subtle/ec-generate-export-spki-key.html [ Skip ]
 webkit.org/b/133122 crypto/workers/subtle/ec-import-pkcs8-key.html [ Skip ]
-webkit.org/b/133122 crypto/workers/subtle/ec-import-spki-key.html [ Skip ]
 webkit.org/b/133122 crypto/workers/subtle/ec-postMessage-worker.html [ Skip ]
 webkit.org/b/133122 crypto/workers/subtle/hmac-postMessage-worker.html [ Skip ]
@@ -844 +838 @@
 crypto/workers/subtle/rsa-pss-import-key-sign.html [ Pass ]
 crypto/workers/subtle/rsa-pss-import-key-verify.html [ Pass ]
+
+# libgcrypt-based implementation supports ecDH algorithm identifier for ECDH SPKI imports.
+crypto/subtle/ecdh-import-spki-key-ecdh-identifier.html [ Pass ]
 
 # These are legacy APIs that we don't support, apart from a few digest algorithms.

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2017-06-20  Zan Dobersek  <zdobersek@igalia.com>
+
+        [GCrypt] Implement CryptoKeyEC SPKI imports
+        https://bugs.webkit.org/show_bug.cgi?id=172927
+
+        Reviewed by Jiewen Tan, Michael Catanzaro and Carlos Garcia Campos.
+
+        No new tests -- affected tests are now passing and are unskipped.
+
+        Implement libgcrypt-based support for SPKI imports of EC keys.
+
+        Using libtasn1 through the utility functions and wrappers, the given key data
+        is decoded against the SubjectPublicKeyInfo ASN.1 definition. The algorithm
+        member is then properly validated, making sure that the key algorithm idenfitier
+        is supported and that the algorithm parameters specify the correct EC curve.
+
+        The public key bit string is then retrieved and validated, ensuring it represents
+        an uncompressed EC point that is of valid size for the specified EC curve. The
+        point is then tested through an EC context to make sure it's positioned on the
+        specified EC curve.
+
+        Finally, the curve name and uncompressed point data are embedded into a
+        `public-key` s-expression that will be used through the libgcrypt API. This is
+        then used, along with other information, to create a valid CryptoKeyEC object.
+
+        * PlatformGTK.cmake: Use LIBTASN1_INCLUDE_DIRECTORIES and LIBTASN1_LIBRARIES.
+        * PlatformWPE.cmake: Ditto.
+        * crypto/gcrypt/CryptoKeyECGCrypt.cpp:
+        (WebCore::supportedAlgorithmIdentifier):
+        (WebCore::curveForIdentifier):
+        (WebCore::CryptoKeyEC::platformImportSpki):
+
 2017-06-20  Devin Rousso  <drousso@apple.com>
 

trunk/Source/WebCore/PAL/ChangeLog

@@ +1 @@
+2017-06-20  Zan Dobersek  <zdobersek@igalia.com>
+
+        [GCrypt] Implement CryptoKeyEC SPKI imports
+        https://bugs.webkit.org/show_bug.cgi?id=172927
+
+        Reviewed by Jiewen Tan, Michael Catanzaro and Carlos Garcia Campos.
+
+        Add a file that provides utility functions for operating with libtasn1 APIs.
+
+        The precomputed ASN.1 declarations, generated from the WebCrypto.asn file with
+        the asn1Parser tool, are used to enable construction of ASN.1 structures that
+        are then used to decode the SPKI or PKCS#8 data through the decodeStructure()
+        function. Raw data of each element in that structure can be retrieved throug the
+        elementData() function.
+
+        The Structure class is added as a wrapper for asn1_node objects that are used
+        as decoding targets, simplifying lifetime management of these objects.
+
+        * pal/PlatformGTK.cmake:
+        * pal/PlatformWPE.cmake:
+        * pal/crypto/tasn1/Utilities.cpp: Added.
+        (PAL::TASN1::asn1Definitions):
+        (PAL::TASN1::decodeStructure):
+        (PAL::TASN1::elementData):
+        * pal/crypto/tasn1/Utilities.h: Added.
+        (PAL::TASN1::Structure::~Structure):
+        (PAL::TASN1::Structure::operator&):
+        (PAL::TASN1::Structure::operator asn1_node):
+        * pal/crypto/tasn1/WebCrypto.asn: Added.
+
 2017-06-20  Myles C. Maxfield  <mmaxfield@apple.com>
 

trunk/Source/WebCore/PAL/pal/PlatformGTK.cmake

@@ -1 +1 @@
 list(APPEND PAL_SOURCES
     crypto/gcrypt/CryptoDigestGCrypt.cpp
+
+    crypto/tasn1/Utilities.cpp
 )

trunk/Source/WebCore/PAL/pal/PlatformWPE.cmake

@@ -1 +1 @@
 list(APPEND PAL_SOURCES
     crypto/gcrypt/CryptoDigestGCrypt.cpp
+
+    crypto/tasn1/Utilities.cpp
 )

trunk/Source/WebCore/PlatformGTK.cmake

@@ -220 +220 @@
     ${LIBSECRET_LIBRARIES}
     ${LIBSOUP_LIBRARIES}
+    ${LIBTASN1_LIBRARIES}
     ${LIBXML2_LIBRARIES}
     ${LIBXSLT_LIBRARIES}
@@ -246 +247 @@
     ${LIBSECRET_INCLUDE_DIRS}
     ${LIBSOUP_INCLUDE_DIRS}
+    ${LIBTASN1_INCLUDE_DIRS}
     ${LIBXML2_INCLUDE_DIR}
     ${LIBXSLT_INCLUDE_DIR}

trunk/Source/WebCore/PlatformWPE.cmake

@@ -172 +172 @@
     ${LIBGCRYPT_LIBRARIES}
     ${LIBSOUP_LIBRARIES}
+    ${LIBTASN1_LIBRARIES}
     ${LIBXML2_LIBRARIES}
     ${LIBXSLT_LIBRARIES}
@@ -186 +187 @@
     ${LIBGCRYPT_INCLUDE_DIRS}
     ${LIBSOUP_INCLUDE_DIRS}
+    ${LIBTASN1_INCLUDE_DIRS}
     ${LIBXML2_INCLUDE_DIR}
     ${LIBXSLT_INCLUDE_DIR}

trunk/Source/WebCore/crypto/gcrypt/CryptoKeyECGCrypt.cpp

@@ -35 +35 @@
 #include <pal/crypto/gcrypt/Handle.h>
 #include <pal/crypto/gcrypt/Utilities.h>
+#include <pal/crypto/tasn1/Utilities.h>
 #include <wtf/text/Base64.h>
 
@@ -194 +195 @@
 }
 
-RefPtr<CryptoKeyEC> CryptoKeyEC::platformImportSpki(CryptoAlgorithmIdentifier, NamedCurve, Vector<uint8_t>&&, bool, CryptoKeyUsageBitmap)
-{
-    notImplemented();
-
-    return nullptr;
+static bool supportedAlgorithmIdentifier(CryptoAlgorithmIdentifier keyIdentifier, const Vector<uint8_t>& identifier)
+{
+    static const std::array<uint8_t, 18> s_id_ecPublicKey { { "1.2.840.10045.2.1" } };
+    static const std::array<uint8_t, 13> s_id_ecDH { { "1.3.132.1.12" } };
+
+    auto size = identifier.size();
+    auto* data = identifier.data();
+
+    switch (keyIdentifier) {
+    case CryptoAlgorithmIdentifier::ECDSA:
+        // ECDSA only supports id-ecPublicKey algorithms for imported keys.
+        if (size == s_id_ecPublicKey.size() && !std::memcmp(data, s_id_ecPublicKey.data(), size))
+            return true;
+        return false;
+    case CryptoAlgorithmIdentifier::ECDH:
+        // ECDH supports both id-ecPublicKey and ic-ecDH algorithms for imported keys.
+        if (size == s_id_ecPublicKey.size() && !std::memcmp(data, s_id_ecPublicKey.data(), size))
+            return true;
+        if (size == s_id_ecDH.size() && !std::memcmp(data, s_id_ecDH.data(), size))
+            return true;
+        return false;
+    default:
+        ASSERT_NOT_REACHED();
+        break;
+    }
+
+    return false;
+}
+
+static std::optional<CryptoKeyEC::NamedCurve> curveForIdentifier(const Vector<uint8_t>& identifier)
+{
+    static const std::array<uint8_t, 20> s_secp256r1 { { "1.2.840.10045.3.1.7" } };
+    static const std::array<uint8_t, 13> s_secp384r1 { { "1.3.132.0.34" } };
+    static const std::array<uint8_t, 13> s_secp521r1 { { "1.3.132.0.35" } };
+
+    auto size = identifier.size();
+    auto* data = identifier.data();
+
+    if (size == s_secp256r1.size() && !std::memcmp(data, s_secp256r1.data(), size))
+        return CryptoKeyEC::NamedCurve::P256;
+    if (size == s_secp384r1.size() && !std::memcmp(data, s_secp384r1.data(), size))
+        return CryptoKeyEC::NamedCurve::P384;
+    if (size == s_secp521r1.size() && !std::memcmp(data, s_secp521r1.data(), size))
+        return std::nullopt; // Not yet supported.
+
+    return std::nullopt;
+}
+
+RefPtr<CryptoKeyEC> CryptoKeyEC::platformImportSpki(CryptoAlgorithmIdentifier identifier, NamedCurve curve, Vector<uint8_t>&& keyData, bool extractable, CryptoKeyUsageBitmap usages)
+{
+    // Decode the `SubjectPublicKeyInfo` structure using the provided key data.
+    PAL::TASN1::Structure spki;
+    if (!PAL::TASN1::decodeStructure(&spki, "WebCrypto.SubjectPublicKeyInfo", keyData))
+        return nullptr;
+
+    // Validate `algorithm.algorithm`.
+    {
+        auto algorithm = PAL::TASN1::elementData(spki, "algorithm.algorithm");
+        if (!algorithm)
+            return nullptr;
+
+        if (!supportedAlgorithmIdentifier(identifier, *algorithm))
+            return nullptr;
+    }
+
+    // Validate `algorithm.parameters` and therein embedded `ECParameters`.
+    {
+        auto parameters = PAL::TASN1::elementData(spki, "algorithm.parameters");
+        if (!parameters)
+            return nullptr;
+
+        // Decode the `ECParameters` structure using the `algorithm.parameters` data.
+        PAL::TASN1::Structure ecParameters;
+        if (!PAL::TASN1::decodeStructure(&ecParameters, "WebCrypto.ECParameters", *parameters))
+            return nullptr;
+
+        auto namedCurve = PAL::TASN1::elementData(ecParameters, "namedCurve");
+        if (!namedCurve)
+            return nullptr;
+
+        auto parameterCurve = curveForIdentifier(*namedCurve);
+        if (!parameterCurve || *parameterCurve != curve)
+            return nullptr;
+    }
+
+    // Retrieve the `subjectPublicKey` data and embed it into the `public-key` s-expression.
+    PAL::GCrypt::Handle<gcry_sexp_t> platformKey;
+    {
+        auto subjectPublicKey = PAL::TASN1::elementData(spki, "subjectPublicKey");
+        if (!subjectPublicKey)
+            return nullptr;
+
+        // Bail if the `subjectPublicKey` data size doesn't match the size of an uncompressed point
+        // for this curve, or if the first byte in the `subjectPublicKey` data isn't 0x04, as required
+        // for an uncompressed EC point encoded in an octet string.
+        if (subjectPublicKey->size() != uncompressedPointSizeForCurve(curve) || subjectPublicKey->at(0) != 0x04)
+            return nullptr;
+
+        // Convert X and Y coordinate data into MPIs.
+        unsigned coordinateSize = uncompressedFieldElementSizeForCurve(curve);
+        PAL::GCrypt::Handle<gcry_mpi_t> xMPI, yMPI;
+        {
+            gcry_error_t error = gcry_mpi_scan(&xMPI, GCRYMPI_FMT_USG, &subjectPublicKey->at(1), coordinateSize, nullptr);
+            if (error != GPG_ERR_NO_ERROR) {
+                PAL::GCrypt::logError(error);
+                return nullptr;
+            }
+
+            error = gcry_mpi_scan(&yMPI, GCRYMPI_FMT_USG, &subjectPublicKey->at(1 + coordinateSize), coordinateSize, nullptr);
+            if (error != GPG_ERR_NO_ERROR) {
+                PAL::GCrypt::logError(error);
+                return nullptr;
+            }
+        }
+
+        // Construct an MPI point from the X and Y coordinates and using 1 as the Z coordinate.
+        // This always allocates the gcry_mpi_point_t object.
+        PAL::GCrypt::Handle<gcry_mpi_point_t> point(gcry_mpi_point_set(nullptr, xMPI, yMPI, GCRYMPI_CONST_ONE));
+
+        // Create an EC context for the specified curve.
+        PAL::GCrypt::Handle<gcry_ctx_t> context;
+        gcry_error_t error = gcry_mpi_ec_new(&context, nullptr, curveName(curve));
+        if (error != GPG_ERR_NO_ERROR) {
+            PAL::GCrypt::logError(error);
+            return nullptr;
+        }
+
+        // Bail if the constructed MPI point is not on the specified EC curve.
+        if (!gcry_mpi_ec_curve_point(point, context))
+            return nullptr;
+
+        error = gcry_sexp_build(&platformKey, nullptr, "(public-key(ecc(curve %s)(q %b)))",
+            curveName(curve), subjectPublicKey->size(), subjectPublicKey->data());
+        if (error != GPG_ERR_NO_ERROR) {
+            PAL::GCrypt::logError(error);
+            return nullptr;
+        }
+    }
+
+    // Finally create a new CryptoKeyEC object, transferring to it ownership of the `public-key` s-expression.
+    return create(identifier, curve, CryptoKeyType::Public, platformKey.release(), extractable, usages);
 }
 

trunk/Source/cmake/OptionsGTK.cmake

@@ -272 +272 @@
 
 if (ENABLE_SUBTLE_CRYPTO)
+    find_package(Libtasn1 REQUIRED)
+    if (NOT LIBTASN1_FOUND)
+        message(FATAL_ERROR "libtasn1 is required to enable Web Crypto API support.")
+    endif ()
     if (LIBGCRYPT_VERSION VERSION_LESS 1.7.0)
         message(FATAL_ERROR "libgcrypt 1.7.0 is required to enable Web Crypto API support.")

trunk/Source/cmake/OptionsWPE.cmake

@@ -120 +120 @@
 
 if (ENABLE_SUBTLE_CRYPTO)
+    find_package(Libtasn1 REQUIRED)
+    if (NOT LIBTASN1_FOUND)
+        message(FATAL_ERROR "libtasn1 is required to enable Web Crypto API support.")
+    endif ()
     if (LIBGCRYPT_VERSION VERSION_LESS 1.7.0)
         message(FATAL_ERROR "libgcrypt 1.7.0 is required to enable Web Crypto API support.")