[WebCrypto] Support Elliptic Curve P-521
authorzandobersek@gmail.com <zandobersek@gmail.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 21 Sep 2017 09:51:47 +0000 (09:51 +0000)
committerzandobersek@gmail.com <zandobersek@gmail.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 21 Sep 2017 09:51:47 +0000 (09:51 +0000)
commit81ac8bc2da2ff02e2a970ee07bd925d2a920e8c3
tree6645d22c30cec11c4e9b8f646433f69f5803ce79
parentb3a57f14018f50528e03804bd7c8d184500519cb
[WebCrypto] Support Elliptic Curve P-521
https://bugs.webkit.org/show_bug.cgi?id=169231
<rdar://problem/30881703>

Reviewed by Jiewen Tan.

Add support for the P-521 elliptic curve to the CryptoKeyEC class, but
allow the underlying platform-specific implementations to opt out of
supporting this feature.

This is achieved with the platformSupportedCurve() static function that
each platform has to implement, returning true if the passed-in curve
type is supported. The function is called at each CryptoKeyEC entrypoint,
that is in each static function that could generate a new CryptoKeyEC
object. These functions return a NotSupportedError exception in case the
platformSupportedCurve() call returns false.

While the libgcrypt-based implementation will support P-521 curves in
the near future, the CommonCrypto-based implementation might not. The use
of platformSupportedCurve() ensures that the implementations that don't
support EC P-521 continue to return the NotSupportedError exception at
these entrypoints, instead of the OperationError exception that's returned
when the platform-specific extensions of these entrypoints fail due to the
specified elliptic curve not being supported.

Both libgcrypt-based and CommonCrypto-based implementations mark P-256 and
P-384 curves as supported. Switch statements handling NamedCurve values
must now also handle the NamedCurve::P521 value, but both implementations
treat that as an unreachable case since support is not indicated in
platformSupportedCurve(), and all CryptoKeyEC operations should have
returned with an NotSupportedError exception before entering
platform-specific code. The common CryptoKeyEC constructor similarly asserts
that the specified curve is supported by the underlying implementation.

CryptoAlgorithmECDSA is modified to now also support 'ES512' as the algorithm
identifier, matching it against the 'P-521' curve value.

No new tests -- tests covering EC P-521 already exist, but no platform
runs them yet due to missing implementations.

* crypto/algorithms/CryptoAlgorithmECDSA.cpp:
(WebCore::CryptoAlgorithmECDSA::importKey):
* crypto/gcrypt/CryptoKeyECGCrypt.cpp:
(WebCore::curveName):
(WebCore::curveIdentifier):
(WebCore::curveSize):
(WebCore::curveUncompressedFieldElementSize):
(WebCore::CryptoKeyEC::platformSupportedCurve):
* crypto/keys/CryptoKeyEC.cpp:
(WebCore::toNamedCurve):
(WebCore::CryptoKeyEC::CryptoKeyEC):
(WebCore::CryptoKeyEC::generatePair):
(WebCore::CryptoKeyEC::importRaw):
(WebCore::CryptoKeyEC::importJwk):
(WebCore::CryptoKeyEC::importSpki):
(WebCore::CryptoKeyEC::importPkcs8):
(WebCore::CryptoKeyEC::exportJwk const):
(WebCore::CryptoKeyEC::namedCurveString const):
(WebCore::CryptoKeyEC::algorithm const):
* crypto/keys/CryptoKeyEC.h:
* crypto/mac/CryptoKeyECMac.cpp:
(WebCore::doesUncompressedPointMatchNamedCurve):
(WebCore::doesFieldElementMatchNamedCurve):
(WebCore::getKeySizeFromNamedCurve):
(WebCore::CryptoKeyEC::platformSupportedCurve):
(WebCore::getOID):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@222316 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebCore/ChangeLog
Source/WebCore/crypto/algorithms/CryptoAlgorithmECDSA.cpp
Source/WebCore/crypto/gcrypt/CryptoKeyECGCrypt.cpp
Source/WebCore/crypto/keys/CryptoKeyEC.cpp
Source/WebCore/crypto/keys/CryptoKeyEC.h
Source/WebCore/crypto/mac/CryptoKeyECMac.cpp