RESOLVED FIXED 216755
[WebCrypto] Support Elliptic Curve P-521 on Mac 
https://bugs.webkit.org/show_bug.cgi?id=216755
Summary [WebCrypto] Support Elliptic Curve P-521 on Mac
Jonas Finnemann Jensen
Reported 2020-09-20 15:44:02 PDT
WebKit on Mac built with CommonCrypto does not support Elliptic Curve P-521 in WebCrypto for ECDSA and ECDH. The code [2] only allows P-256 or P-384. Lack of support for P-521 is noted in the "Update on Web Cryptography" blog post [1], but the bug 169231 was resolved without addressing support for P-521 on Mac with according to [Bug 169231 Comment 4][3] because of missing support in CommonCrypto. Leaving out P-521 support might be reasonable, I'm not an expert on the strength of these primitives. But I imagine that supporting it would be nice for compatibility with Firefox and Chrome, both of which support P-521. Feel free to reopen bug 169231, and close this as a duplicate :) (sorry, for the noise, but this seems like a compatibility issue worth tracking) [1]: https://webkit.org/blog/7790/update-on-web-cryptography/ [2]: https://trac.webkit.org/browser/webkit/trunk/Source/WebCore/crypto/mac/CryptoKeyECMac.cpp?rev=239692#L105 [3]: https://bugs.webkit.org/show_bug.cgi?id=169231#c4
Attachments
WIP Patch (68.75 KB, patch)
2021-07-06 19:56 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
WIP Patch (69.67 KB, patch)
2021-07-06 20:02 PDT, Chris Dumez 		ews-feeder: commit-queue-
DetailsFormatted DiffDiff
WIP Patch (123.48 KB, patch)
2021-07-07 09:30 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (128.76 KB, patch)
2021-07-07 09:35 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (138.45 KB, patch)
2021-07-07 10:27 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (139.06 KB, patch)
2021-07-07 13:31 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (141.64 KB, patch)
2021-07-07 16:20 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Show Obsolete (6) View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2020-09-27 15:44:14 PDT
<rdar://problem/69667220>
Chris Dumez
Comment 2 2021-07-06 19:56:08 PDT
Created attachment 432998 [details] WIP Patch
Chris Dumez
Comment 3 2021-07-06 20:02:14 PDT
Created attachment 432999 [details] WIP Patch
Chris Dumez
Comment 4 2021-07-06 20:18:57 PDT
A couple of tests are crashing in signECDSA(), I will need to figure out why.
Chris Dumez
Comment 5 2021-07-07 09:30:36 PDT
Created attachment 433036 [details] WIP Patch
Chris Dumez
Comment 6 2021-07-07 09:35:11 PDT
Created attachment 433037 [details] Patch
Chris Dumez
Comment 7 2021-07-07 10:27:44 PDT
Created attachment 433043 [details] Patch
Chris Dumez
Comment 8 2021-07-07 13:31:55 PDT
Created attachment 433065 [details] Patch
Alex Christensen
Comment 9 2021-07-07 15:14:12 PDT
Comment on attachment 433065 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=433065&action=review > Source/WebCore/crypto/mac/CryptoKeyECMac.cpp:62 > + return size == 133; It would be nice if these were given names instead of just magic numbers. Or they could be calculated from constexpr expressions. > Source/WebCore/crypto/mac/CryptoKeyECMac.cpp:78 > + return size == 66; ditto.
Chris Dumez
Comment 10 2021-07-07 16:20:14 PDT
Created attachment 433090 [details] Patch
Chris Dumez
Comment 11 2021-07-07 16:21:01 PDT
(In reply to Alex Christensen from comment #9) > Comment on attachment 433065 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=433065&action=review > > > Source/WebCore/crypto/mac/CryptoKeyECMac.cpp:62 > > + return size == 133; > > It would be nice if these were given names instead of just magic numbers. > Or they could be calculated from constexpr expressions. > > > Source/WebCore/crypto/mac/CryptoKeyECMac.cpp:78 > > + return size == 66; > > ditto. Fixed. Now computed using constexpr functions instead of hardcoded values.
EWS
Comment 12 2021-07-07 17:25:53 PDT
Committed r279688 (239493@main): <https://commits.webkit.org/239493@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 433090 [details].
Note You need to log in before you can comment on or make changes to this bug.