Changeset 222316 in webkit
- Timestamp:
- Sep 21, 2017 2:51:47 AM (7 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 6 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r222314 r222316 1 2017-09-21 Zan Dobersek <zdobersek@igalia.com> 2 3 [WebCrypto] Support Elliptic Curve P-521 4 https://bugs.webkit.org/show_bug.cgi?id=169231 5 <rdar://problem/30881703> 6 7 Reviewed by Jiewen Tan. 8 9 Add support for the P-521 elliptic curve to the CryptoKeyEC class, but 10 allow the underlying platform-specific implementations to opt out of 11 supporting this feature. 12 13 This is achieved with the platformSupportedCurve() static function that 14 each platform has to implement, returning true if the passed-in curve 15 type is supported. The function is called at each CryptoKeyEC entrypoint, 16 that is in each static function that could generate a new CryptoKeyEC 17 object. These functions return a NotSupportedError exception in case the 18 platformSupportedCurve() call returns false. 19 20 While the libgcrypt-based implementation will support P-521 curves in 21 the near future, the CommonCrypto-based implementation might not. The use 22 of platformSupportedCurve() ensures that the implementations that don't 23 support EC P-521 continue to return the NotSupportedError exception at 24 these entrypoints, instead of the OperationError exception that's returned 25 when the platform-specific extensions of these entrypoints fail due to the 26 specified elliptic curve not being supported. 27 28 Both libgcrypt-based and CommonCrypto-based implementations mark P-256 and 29 P-384 curves as supported. Switch statements handling NamedCurve values 30 must now also handle the NamedCurve::P521 value, but both implementations 31 treat that as an unreachable case since support is not indicated in 32 platformSupportedCurve(), and all CryptoKeyEC operations should have 33 returned with an NotSupportedError exception before entering 34 platform-specific code. The common CryptoKeyEC constructor similarly asserts 35 that the specified curve is supported by the underlying implementation. 36 37 CryptoAlgorithmECDSA is modified to now also support 'ES512' as the algorithm 38 identifier, matching it against the 'P-521' curve value. 39 40 No new tests -- tests covering EC P-521 already exist, but no platform 41 runs them yet due to missing implementations. 42 43 * crypto/algorithms/CryptoAlgorithmECDSA.cpp: 44 (WebCore::CryptoAlgorithmECDSA::importKey): 45 * crypto/gcrypt/CryptoKeyECGCrypt.cpp: 46 (WebCore::curveName): 47 (WebCore::curveIdentifier): 48 (WebCore::curveSize): 49 (WebCore::curveUncompressedFieldElementSize): 50 (WebCore::CryptoKeyEC::platformSupportedCurve): 51 * crypto/keys/CryptoKeyEC.cpp: 52 (WebCore::toNamedCurve): 53 (WebCore::CryptoKeyEC::CryptoKeyEC): 54 (WebCore::CryptoKeyEC::generatePair): 55 (WebCore::CryptoKeyEC::importRaw): 56 (WebCore::CryptoKeyEC::importJwk): 57 (WebCore::CryptoKeyEC::importSpki): 58 (WebCore::CryptoKeyEC::importPkcs8): 59 (WebCore::CryptoKeyEC::exportJwk const): 60 (WebCore::CryptoKeyEC::namedCurveString const): 61 (WebCore::CryptoKeyEC::algorithm const): 62 * crypto/keys/CryptoKeyEC.h: 63 * crypto/mac/CryptoKeyECMac.cpp: 64 (WebCore::doesUncompressedPointMatchNamedCurve): 65 (WebCore::doesFieldElementMatchNamedCurve): 66 (WebCore::getKeySizeFromNamedCurve): 67 (WebCore::CryptoKeyEC::platformSupportedCurve): 68 (WebCore::getOID): 69 1 70 2017-09-20 Antti Koivisto <antti@apple.com> 2 71 -
trunk/Source/WebCore/crypto/algorithms/CryptoAlgorithmECDSA.cpp
r221665 r222316 37 37 static const char* const ALG256 = "ES256"; 38 38 static const char* const ALG384 = "ES384"; 39 static const char* const ALG512 = "ES512"; 39 40 static const char* const P256 = "P-256"; 40 41 static const char* const P384 = "P-384"; 42 static const char* const P521 = "P-521"; 41 43 42 44 Ref<CryptoAlgorithm> CryptoAlgorithmECDSA::create() … … 121 123 if (key.crv == P384) 122 124 isMatched = key.alg.isNull() || key.alg == ALG384; 125 if (key.crv == P521) 126 isMatched = key.alg.isNull() || key.alg == ALG512; 123 127 if (!isMatched) { 124 128 exceptionCallback(DataError); -
trunk/Source/WebCore/crypto/gcrypt/CryptoKeyECGCrypt.cpp
r220933 r222316 46 46 case CryptoKeyEC::NamedCurve::P384: 47 47 return "NIST P-384"; 48 case CryptoKeyEC::NamedCurve::P521: 49 break; 48 50 } 49 51 … … 59 61 case CryptoKeyEC::NamedCurve::P384: 60 62 return CryptoConstants::s_secp384r1Identifier.data(); 63 case CryptoKeyEC::NamedCurve::P521: 64 break; 61 65 } 62 66 … … 72 76 case CryptoKeyEC::NamedCurve::P384: 73 77 return 384; 78 case CryptoKeyEC::NamedCurve::P521: 79 break; 74 80 } 75 81 … … 85 91 case CryptoKeyEC::NamedCurve::P384: 86 92 return 48; 93 case CryptoKeyEC::NamedCurve::P521: 94 break; 87 95 } 88 96 … … 107 115 ASSERT(size == gcry_pk_get_nbits(m_platformKey)); 108 116 return size; 117 } 118 119 bool CryptoKeyEC::platformSupportedCurve(NamedCurve curve) 120 { 121 return curve == NamedCurve::P256 || curve == NamedCurve::P384; 109 122 } 110 123 -
trunk/Source/WebCore/crypto/keys/CryptoKeyEC.cpp
r220954 r222316 37 37 static const char* const P256 = "P-256"; 38 38 static const char* const P384 = "P-384"; 39 static const char* const P521 = "P-521"; 39 40 40 41 static std::optional<CryptoKeyEC::NamedCurve> toNamedCurve(const String& curve) … … 44 45 if (curve == P384) 45 46 return CryptoKeyEC::NamedCurve::P384; 47 if (curve == P521) 48 return CryptoKeyEC::NamedCurve::P521; 46 49 47 50 return std::nullopt; … … 53 56 , m_curve(curve) 54 57 { 58 // Only CryptoKeyEC objects for supported curves should be created. 59 ASSERT(platformSupportedCurve(curve)); 55 60 } 56 61 … … 58 63 { 59 64 auto namedCurve = toNamedCurve(curve); 60 if (!namedCurve )65 if (!namedCurve || !platformSupportedCurve(*namedCurve)) 61 66 return Exception { NotSupportedError }; 62 67 … … 71 76 { 72 77 auto namedCurve = toNamedCurve(curve); 73 if (!namedCurve )78 if (!namedCurve || !platformSupportedCurve(*namedCurve)) 74 79 return nullptr; 75 80 … … 89 94 return nullptr; 90 95 auto namedCurve = toNamedCurve(keyData.crv); 91 if (!namedCurve )96 if (!namedCurve || !platformSupportedCurve(*namedCurve)) 92 97 return nullptr; 93 98 … … 115 120 { 116 121 auto namedCurve = toNamedCurve(curve); 117 if (!namedCurve )122 if (!namedCurve || !platformSupportedCurve(*namedCurve)) 118 123 return nullptr; 119 124 … … 124 129 { 125 130 auto namedCurve = toNamedCurve(curve); 126 if (!namedCurve )131 if (!namedCurve || !platformSupportedCurve(*namedCurve)) 127 132 return nullptr; 128 133 … … 152 157 result.crv = P384; 153 158 break; 159 case NamedCurve::P521: 160 result.crv = P521; 161 break; 154 162 } 155 163 result.key_ops = usages(); … … 189 197 case NamedCurve::P384: 190 198 return String(P384); 199 case NamedCurve::P521: 200 return String(P521); 191 201 } 192 202 … … 212 222 result.namedCurve = ASCIILiteral(P384); 213 223 break; 224 case NamedCurve::P521: 225 result.namedCurve = ASCIILiteral(P521); 226 break; 214 227 } 215 228 -
trunk/Source/WebCore/crypto/keys/CryptoKeyEC.h
r221293 r222316 50 50 class CryptoKeyEC final : public CryptoKey { 51 51 public: 52 // FIXME: Add support for Elliptic Curve P-521 (https://webkit.org/b/169231)53 52 enum class NamedCurve { 54 53 P256, 55 54 P384, 55 P521, 56 56 }; 57 57 … … 86 86 KeyAlgorithm algorithm() const final; 87 87 88 static bool platformSupportedCurve(NamedCurve); 88 89 static std::optional<CryptoKeyPair> platformGeneratePair(CryptoAlgorithmIdentifier, NamedCurve, bool extractable, CryptoKeyUsageBitmap); 89 90 static RefPtr<CryptoKeyEC> platformImportRaw(CryptoAlgorithmIdentifier, NamedCurve, Vector<uint8_t>&& keyData, bool extractable, CryptoKeyUsageBitmap); -
trunk/Source/WebCore/crypto/mac/CryptoKeyECMac.cpp
r220933 r222316 57 57 case CryptoKeyEC::NamedCurve::P384: 58 58 return size == 97; 59 case CryptoKeyEC::NamedCurve::P521: 60 break; 59 61 } 60 62 … … 71 73 case CryptoKeyEC::NamedCurve::P384: 72 74 return size == 48; 75 case CryptoKeyEC::NamedCurve::P521: 76 break; 73 77 } 74 78 … … 84 88 case CryptoKeyEC::NamedCurve::P384: 85 89 return 384; 90 case CryptoKeyEC::NamedCurve::P521: 91 break; 86 92 } 87 93 … … 99 105 int result = CCECGetKeySize(m_platformKey); 100 106 return result ? result : 0; 107 } 108 109 bool CryptoKeyEC::platformSupportedCurve(NamedCurve curve) 110 { 111 return curve == NamedCurve::P256 || curve == NamedCurve::P384; 101 112 } 102 113 … … 211 222 oid = Secp384r1; 212 223 oidSize = sizeof(Secp384r1); 224 break; 225 case CryptoKeyEC::NamedCurve::P521: 226 ASSERT_NOT_REACHED(); 227 oid = nullptr; 228 oidSize = 0; 229 break; 213 230 } 214 231 return oidSize;
Note: See TracChangeset
for help on using the changeset viewer.