Changeset 222316 in webkit

Timestamp:

Sep 21, 2017 2:51:47 AM (7 years ago)

Author:

zandobersek@gmail.com

Message:

[WebCrypto] Support Elliptic Curve P-521
​https://bugs.webkit.org/show_bug.cgi?id=169231
<rdar://problem/30881703>

Reviewed by Jiewen Tan.

Add support for the P-521 elliptic curve to the CryptoKeyEC class, but
allow the underlying platform-specific implementations to opt out of
supporting this feature.

This is achieved with the platformSupportedCurve() static function that
each platform has to implement, returning true if the passed-in curve
type is supported. The function is called at each CryptoKeyEC entrypoint,
that is in each static function that could generate a new CryptoKeyEC
object. These functions return a NotSupportedError exception in case the
platformSupportedCurve() call returns false.

While the libgcrypt-based implementation will support P-521 curves in
the near future, the CommonCrypto-based implementation might not. The use
of platformSupportedCurve() ensures that the implementations that don't
support EC P-521 continue to return the NotSupportedError exception at
these entrypoints, instead of the OperationError exception that's returned
when the platform-specific extensions of these entrypoints fail due to the
specified elliptic curve not being supported.

Both libgcrypt-based and CommonCrypto-based implementations mark P-256 and
P-384 curves as supported. Switch statements handling NamedCurve values
must now also handle the NamedCurve::P521 value, but both implementations
treat that as an unreachable case since support is not indicated in
platformSupportedCurve(), and all CryptoKeyEC operations should have
returned with an NotSupportedError exception before entering
platform-specific code. The common CryptoKeyEC constructor similarly asserts
that the specified curve is supported by the underlying implementation.

CryptoAlgorithmECDSA is modified to now also support 'ES512' as the algorithm
identifier, matching it against the 'P-521' curve value.

No new tests -- tests covering EC P-521 already exist, but no platform
runs them yet due to missing implementations.

• crypto/algorithms/CryptoAlgorithmECDSA.cpp:

(WebCore::CryptoAlgorithmECDSA::importKey):

• crypto/gcrypt/CryptoKeyECGCrypt.cpp:

(WebCore::curveName):
(WebCore::curveIdentifier):
(WebCore::curveSize):
(WebCore::curveUncompressedFieldElementSize):
(WebCore::CryptoKeyEC::platformSupportedCurve):

• crypto/keys/CryptoKeyEC.cpp:

(WebCore::toNamedCurve):
(WebCore::CryptoKeyEC::CryptoKeyEC):
(WebCore::CryptoKeyEC::generatePair):
(WebCore::CryptoKeyEC::importRaw):
(WebCore::CryptoKeyEC::importJwk):
(WebCore::CryptoKeyEC::importSpki):
(WebCore::CryptoKeyEC::importPkcs8):
(WebCore::CryptoKeyEC::exportJwk const):
(WebCore::CryptoKeyEC::namedCurveString const):
(WebCore::CryptoKeyEC::algorithm const):

• crypto/keys/CryptoKeyEC.h:
• crypto/mac/CryptoKeyECMac.cpp:

(WebCore::doesUncompressedPointMatchNamedCurve):
(WebCore::doesFieldElementMatchNamedCurve):
(WebCore::getKeySizeFromNamedCurve):
(WebCore::CryptoKeyEC::platformSupportedCurve):
(WebCore::getOID):

Location:

trunk/Source/WebCore

Files:

• ChangeLog (modified) (1 diff)
• crypto/algorithms/CryptoAlgorithmECDSA.cpp (modified) (2 diffs)
• crypto/gcrypt/CryptoKeyECGCrypt.cpp (modified) (5 diffs)
• crypto/keys/CryptoKeyEC.cpp (modified) (11 diffs)
• crypto/keys/CryptoKeyEC.h (modified) (2 diffs)
• crypto/mac/CryptoKeyECMac.cpp (modified) (5 diffs)

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2017-09-21  Zan Dobersek  <zdobersek@igalia.com>
+
+        [WebCrypto] Support Elliptic Curve P-521
+        https://bugs.webkit.org/show_bug.cgi?id=169231
+        <rdar://problem/30881703>
+
+        Reviewed by Jiewen Tan.
+
+        Add support for the P-521 elliptic curve to the CryptoKeyEC class, but
+        allow the underlying platform-specific implementations to opt out of
+        supporting this feature.
+
+        This is achieved with the platformSupportedCurve() static function that
+        each platform has to implement, returning true if the passed-in curve
+        type is supported. The function is called at each CryptoKeyEC entrypoint,
+        that is in each static function that could generate a new CryptoKeyEC
+        object. These functions return a NotSupportedError exception in case the
+        platformSupportedCurve() call returns false.
+
+        While the libgcrypt-based implementation will support P-521 curves in
+        the near future, the CommonCrypto-based implementation might not. The use
+        of platformSupportedCurve() ensures that the implementations that don't
+        support EC P-521 continue to return the NotSupportedError exception at
+        these entrypoints, instead of the OperationError exception that's returned
+        when the platform-specific extensions of these entrypoints fail due to the
+        specified elliptic curve not being supported.
+
+        Both libgcrypt-based and CommonCrypto-based implementations mark P-256 and
+        P-384 curves as supported. Switch statements handling NamedCurve values
+        must now also handle the NamedCurve::P521 value, but both implementations
+        treat that as an unreachable case since support is not indicated in
+        platformSupportedCurve(), and all CryptoKeyEC operations should have
+        returned with an NotSupportedError exception before entering
+        platform-specific code. The common CryptoKeyEC constructor similarly asserts
+        that the specified curve is supported by the underlying implementation.
+
+        CryptoAlgorithmECDSA is modified to now also support 'ES512' as the algorithm
+        identifier, matching it against the 'P-521' curve value.
+
+        No new tests -- tests covering EC P-521 already exist, but no platform
+        runs them yet due to missing implementations.
+
+        * crypto/algorithms/CryptoAlgorithmECDSA.cpp:
+        (WebCore::CryptoAlgorithmECDSA::importKey):
+        * crypto/gcrypt/CryptoKeyECGCrypt.cpp:
+        (WebCore::curveName):
+        (WebCore::curveIdentifier):
+        (WebCore::curveSize):
+        (WebCore::curveUncompressedFieldElementSize):
+        (WebCore::CryptoKeyEC::platformSupportedCurve):
+        * crypto/keys/CryptoKeyEC.cpp:
+        (WebCore::toNamedCurve):
+        (WebCore::CryptoKeyEC::CryptoKeyEC):
+        (WebCore::CryptoKeyEC::generatePair):
+        (WebCore::CryptoKeyEC::importRaw):
+        (WebCore::CryptoKeyEC::importJwk):
+        (WebCore::CryptoKeyEC::importSpki):
+        (WebCore::CryptoKeyEC::importPkcs8):
+        (WebCore::CryptoKeyEC::exportJwk const):
+        (WebCore::CryptoKeyEC::namedCurveString const):
+        (WebCore::CryptoKeyEC::algorithm const):
+        * crypto/keys/CryptoKeyEC.h:
+        * crypto/mac/CryptoKeyECMac.cpp:
+        (WebCore::doesUncompressedPointMatchNamedCurve):
+        (WebCore::doesFieldElementMatchNamedCurve):
+        (WebCore::getKeySizeFromNamedCurve):
+        (WebCore::CryptoKeyEC::platformSupportedCurve):
+        (WebCore::getOID):
+
 2017-09-20  Antti Koivisto  <antti@apple.com>
 

trunk/Source/WebCore/crypto/algorithms/CryptoAlgorithmECDSA.cpp

@@ -37 +37 @@
 static const char* const ALG256 = "ES256";
 static const char* const ALG384 = "ES384";
+static const char* const ALG512 = "ES512";
 static const char* const P256 = "P-256";
 static const char* const P384 = "P-384";
+static const char* const P521 = "P-521";
 
 Ref<CryptoAlgorithm> CryptoAlgorithmECDSA::create()
@@ -121 +123 @@
         if (key.crv == P384)
             isMatched = key.alg.isNull() || key.alg == ALG384;
+        if (key.crv == P521)
+            isMatched = key.alg.isNull() || key.alg == ALG512;
         if (!isMatched) {
             exceptionCallback(DataError);

trunk/Source/WebCore/crypto/gcrypt/CryptoKeyECGCrypt.cpp

@@ -46 +46 @@
     case CryptoKeyEC::NamedCurve::P384:
         return "NIST P-384";
+    case CryptoKeyEC::NamedCurve::P521:
+        break;
     }
 
@@ -59 +61 @@
     case CryptoKeyEC::NamedCurve::P384:
         return CryptoConstants::s_secp384r1Identifier.data();
+    case CryptoKeyEC::NamedCurve::P521:
+        break;
     }
 
@@ -72 +76 @@
     case CryptoKeyEC::NamedCurve::P384:
         return 384;
+    case CryptoKeyEC::NamedCurve::P521:
+        break;
     }
 
@@ -85 +91 @@
     case CryptoKeyEC::NamedCurve::P384:
         return 48;
+    case CryptoKeyEC::NamedCurve::P521:
+        break;
     }
 
@@ -107 +115 @@
     ASSERT(size == gcry_pk_get_nbits(m_platformKey));
     return size;
+}
+
+bool CryptoKeyEC::platformSupportedCurve(NamedCurve curve)
+{
+    return curve == NamedCurve::P256 || curve == NamedCurve::P384;
 }
 

trunk/Source/WebCore/crypto/keys/CryptoKeyEC.cpp

@@ -37 +37 @@
 static const char* const P256 = "P-256";
 static const char* const P384 = "P-384";
+static const char* const P521 = "P-521";
 
 static std::optional<CryptoKeyEC::NamedCurve> toNamedCurve(const String& curve)
@@ -44 +45 @@
     if (curve == P384)
         return CryptoKeyEC::NamedCurve::P384;
+    if (curve == P521)
+        return CryptoKeyEC::NamedCurve::P521;
 
     return std::nullopt;
@@ -53 +56 @@
     , m_curve(curve)
 {
+    // Only CryptoKeyEC objects for supported curves should be created.
+    ASSERT(platformSupportedCurve(curve));
 }
 
@@ -58 +63 @@
 {
     auto namedCurve = toNamedCurve(curve);
-    if (!namedCurve)
+    if (!namedCurve || !platformSupportedCurve(*namedCurve))
         return Exception { NotSupportedError };
 
@@ -71 +76 @@
 {
     auto namedCurve = toNamedCurve(curve);
-    if (!namedCurve)
+    if (!namedCurve || !platformSupportedCurve(*namedCurve))
         return nullptr;
 
@@ -89 +94 @@
         return nullptr;
     auto namedCurve = toNamedCurve(keyData.crv);
-    if (!namedCurve)
+    if (!namedCurve || !platformSupportedCurve(*namedCurve))
         return nullptr;
 
@@ -115 +120 @@
 {
     auto namedCurve = toNamedCurve(curve);
-    if (!namedCurve)
+    if (!namedCurve || !platformSupportedCurve(*namedCurve))
         return nullptr;
 
@@ -124 +129 @@
 {
     auto namedCurve = toNamedCurve(curve);
-    if (!namedCurve)
+    if (!namedCurve || !platformSupportedCurve(*namedCurve))
         return nullptr;
 
@@ -152 +157 @@
         result.crv = P384;
         break;
+    case NamedCurve::P521:
+        result.crv = P521;
+        break;
     }
     result.key_ops = usages();
@@ -189 +197 @@
     case NamedCurve::P384:
         return String(P384);
+    case NamedCurve::P521:
+        return String(P521);
     }
 
@@ -212 +222 @@
         result.namedCurve = ASCIILiteral(P384);
         break;
+    case NamedCurve::P521:
+        result.namedCurve = ASCIILiteral(P521);
+        break;
     }
 

trunk/Source/WebCore/crypto/keys/CryptoKeyEC.h

@@ -50 +50 @@
 class CryptoKeyEC final : public CryptoKey {
 public:
-    // FIXME: Add support for Elliptic Curve P-521 (https://webkit.org/b/169231)
     enum class NamedCurve {
         P256,
         P384,
+        P521,
     };
 
@@ -86 +86 @@
     KeyAlgorithm algorithm() const final;
 
+    static bool platformSupportedCurve(NamedCurve);
     static std::optional<CryptoKeyPair> platformGeneratePair(CryptoAlgorithmIdentifier, NamedCurve, bool extractable, CryptoKeyUsageBitmap);
     static RefPtr<CryptoKeyEC> platformImportRaw(CryptoAlgorithmIdentifier, NamedCurve, Vector<uint8_t>&& keyData, bool extractable, CryptoKeyUsageBitmap);

trunk/Source/WebCore/crypto/mac/CryptoKeyECMac.cpp

@@ -57 +57 @@
     case CryptoKeyEC::NamedCurve::P384:
         return size == 97;
+    case CryptoKeyEC::NamedCurve::P521:
+        break;
     }
 
@@ -71 +73 @@
     case CryptoKeyEC::NamedCurve::P384:
         return size == 48;
+    case CryptoKeyEC::NamedCurve::P521:
+        break;
     }
 
@@ -84 +88 @@
     case CryptoKeyEC::NamedCurve::P384:
         return 384;
+    case CryptoKeyEC::NamedCurve::P521:
+        break;
     }
 
@@ -99 +105 @@
     int result = CCECGetKeySize(m_platformKey);
     return result ? result : 0;
+}
+
+bool CryptoKeyEC::platformSupportedCurve(NamedCurve curve)
+{
+    return curve == NamedCurve::P256 || curve == NamedCurve::P384;
 }
 
@@ -211 +222 @@
         oid = Secp384r1;
         oidSize = sizeof(Secp384r1);
+        break;
+    case CryptoKeyEC::NamedCurve::P521:
+        ASSERT_NOT_REACHED();
+        oid = nullptr;
+        oidSize = 0;
+        break;
     }
     return oidSize;