WebCrypto: Add ECDSA algorithm (Blink side).

Source/bindings/core/v8/SerializedScriptValue.cpp

 /*
  * Copyright (C) 2010 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 205 matching lines @@
     ArrayBufferTag = 'B', // byteLength:uint32_t, data:byte[byteLength] -> ArrayBuffer (ref)
     ArrayBufferTransferTag = 't', // index:uint32_t -> ArrayBuffer. For ArrayBuffer transfer
     ArrayBufferViewTag = 'V', // subtag:byte, byteOffset:uint32_t, byteLength:uint32_t -> ArrayBufferView (ref). Consumes an ArrayBuffer from the top of the deserialization stack.
     CryptoKeyTag = 'K', // subtag:byte, props, usages:uint32_t, keyDataLength:uint32_t, keyData:byte[keyDataLength]
                         //   If subtag=AesKeyTag:
                         //       props = keyLengthBytes:uint32_t, algorithmId:uint32_t
                         //   If subtag=HmacKeyTag:
                         //       props = keyLengthBytes:uint32_t, hashId:uint32_t
                         //   If subtag=RsaHashedKeyTag:
                         //       props = algorithmId:uint32_t, type:uint32_t, modulusLengthBits:uint32_t, publicExponentLength:uint32_t, publicExponent:byte[publicExponentLength], hashId:uint32_t
+                        //   If subtag=EcKeyTag:
+                        //       props = algorithmId:uint32_t, type:uint32_t, namedCurve:uint32_t
     ObjectReferenceTag = '^', // ref:uint32_t -> reference table[ref]
     GenerateFreshObjectTag = 'o', // -> empty object allocated an object ID and pushed onto the open stack (ref)
     GenerateFreshSparseArrayTag = 'a', // length:uint32_t -> empty array[length] allocated an object ID and pushed onto the open stack (ref)
     GenerateFreshDenseArrayTag = 'A', // length:uint32_t -> empty array[length] allocated an object ID and pushed onto the open stack (ref)
     ReferenceCountTag = '?', // refTableSize:uint32_t -> If the reference table is not refTableSize big, fails.
     StringObjectTag = 's', //  string:RawString -> new String(string) (ref)
     NumberObjectTag = 'n', // value:double -> new Number(value) (ref)
     TrueObjectTag = 'y', // new Boolean(true) (ref)
     FalseObjectTag = 'x', // new Boolean(false) (ref)
     VersionTag = 0xFF // version:uint32_t -> Uses this as the file version.
@@ skipping 10 matching lines @@
     FloatArrayTag = 'f',
     DoubleArrayTag = 'F',
     DataViewTag = '?'
 };
 
 enum CryptoKeySubTag {
     AesKeyTag = 1,
     HmacKeyTag = 2,
     // ID 3 was used by RsaKeyTag, while still behind experimental flag.
     RsaHashedKeyTag = 4,
+    EcKeyTag = 5,
     // Maximum allowed value is 255
 };
 
 enum AssymetricCryptoKeyType {
     PublicKeyType = 1,
     PrivateKeyType = 2,
     // Maximum allowed value is 2^32-1
 };
 
 enum CryptoKeyAlgorithmTag {
     AesCbcTag = 1,
     HmacTag = 2,
     RsaSsaPkcs1v1_5Tag = 3,
     // ID 4 was used by RsaEs, while still behind experimental flag.
     Sha1Tag = 5,
     Sha256Tag = 6,
     Sha384Tag = 7,
     Sha512Tag = 8,
     AesGcmTag = 9,
     RsaOaepTag = 10,
     AesCtrTag = 11,
     AesKwTag = 12,
     RsaPssTag = 13,
+    EcdsaTag = 14,
     // Maximum allowed value is 2^32-1
 };
 
+enum NamedCurveTag {
+    P256Tag = 1,
+    P384Tag = 2,
+    P521Tag = 3,
+    // Maximum allowed value is 2^32-1

[jww, 2014/11/12 08:10:54]

Okay, I'm feeling really ignorant here, but what does this comment mean in
relation to this enum? It may be obvious, and I just don't know Ecdsa, but it's
not immediately clear to me what this comment means.

[eroman, 2014/11/12 19:11:13]

Perhaps the comment is not necessary.

My intent is to indicate that no value in the enum should be larger than 2^32-1

My thinking is as follows:

C++ enum (without using features from C++11) does not specify what integral type
is used.

However when serialized these values are being converted to a uint32_t, so it
must safely fit inside of that. Maybe this isn't possible though, since the C++
spec says no enum value should be larger than an int. But what if ints are not
32 bits. Maybe I am just paranoid.

[jww, 2014/11/13 06:15:08]

Got it. I actually didn't see that the other enums in this file have that
comment as well. Given that this is a universal issue in Blink, and from what I
can tell, enums elsewhere in Blink don't have similar comments, I'd say drop
this comment (in fact, I'd say drop them all from this file). It just seems a
bit confusing to me, and we need to be aware across all of Blink anyway.

+};
+
 enum CryptoKeyUsage {
     // Extractability is not a "usage" in the WebCryptoKeyUsages sense, however
     // it fits conveniently into this bitfield.
     ExtractableUsage = 1 << 0,
 
     EncryptUsage = 1 << 1,
     DecryptUsage = 1 << 2,
     SignUsage = 1 << 3,
     VerifyUsage = 1 << 4,
     DeriveKeyUsage = 1 << 5,
@@ skipping 220 matching lines @@
         switch (key.algorithm().paramsType()) {
         case WebCryptoKeyAlgorithmParamsTypeAes:
             doWriteAesKey(key);
             break;
         case WebCryptoKeyAlgorithmParamsTypeHmac:
             doWriteHmacKey(key);
             break;
         case WebCryptoKeyAlgorithmParamsTypeRsaHashed:
             doWriteRsaHashedKey(key);
             break;
+        case WebCryptoKeyAlgorithmParamsTypeEc:
+            doWriteEcKey(key);
+            break;
         case WebCryptoKeyAlgorithmParamsTypeNone:
             ASSERT_NOT_REACHED();
             return false;
         }
 
         doWriteKeyUsages(key.usages(), key.extractable());
 
         WebVector<uint8_t> keyData;
         if (!Platform::current()->crypto()->serializeKeyForClone(key, keyData))
             return false;
@@ skipping 197 matching lines @@
         ASSERT(!(key.algorithm().aesParams()->lengthBits() % 8));
         doWriteUint32(key.algorithm().aesParams()->lengthBits() / 8);
     }
 
     void doWriteRsaHashedKey(const WebCryptoKey& key)
     {
         ASSERT(key.algorithm().rsaHashedParams());
         append(static_cast<uint8_t>(RsaHashedKeyTag));
 
         doWriteAlgorithmId(key.algorithm().id());
-
-        switch (key.type()) {
-        case WebCryptoKeyTypePublic:
-            doWriteUint32(PublicKeyType);
-            break;
-        case WebCryptoKeyTypePrivate:
-            doWriteUint32(PrivateKeyType);
-            break;
-        case WebCryptoKeyTypeSecret:
-            ASSERT_NOT_REACHED();
-        }
+        doWriteAsymmetricKeyType(key.type());
 
         const WebCryptoRsaHashedKeyAlgorithmParams* params = key.algorithm().rsaHashedParams();
         doWriteUint32(params->modulusLengthBits());
         doWriteUint32(params->publicExponent().size());
         append(params->publicExponent().data(), params->publicExponent().size());
-        doWriteAlgorithmId(key.algorithm().rsaHashedParams()->hash().id());
+        doWriteAlgorithmId(params->hash().id());
+    }
+
+    void doWriteEcKey(const WebCryptoKey& key)
+    {
+        ASSERT(key.algorithm().ecParams());
+        append(static_cast<uint8_t>(EcKeyTag));
+
+        doWriteAlgorithmId(key.algorithm().id());
+        doWriteAsymmetricKeyType(key.type());
+        doWriteNamedCurve(key.algorithm().ecParams()->namedCurve());
     }
 
     void doWriteAlgorithmId(WebCryptoAlgorithmId id)
     {
         switch (id) {
         case WebCryptoAlgorithmIdAesCbc:
             return doWriteUint32(AesCbcTag);
         case WebCryptoAlgorithmIdHmac:
             return doWriteUint32(HmacTag);
         case WebCryptoAlgorithmIdRsaSsaPkcs1v1_5:
             return doWriteUint32(RsaSsaPkcs1v1_5Tag);
         case WebCryptoAlgorithmIdSha1:
             return doWriteUint32(Sha1Tag);
         case WebCryptoAlgorithmIdSha256:
             return doWriteUint32(Sha256Tag);
         case WebCryptoAlgorithmIdSha384:
             return doWriteUint32(Sha384Tag);
         case WebCryptoAlgorithmIdSha512:
             return doWriteUint32(Sha512Tag);
         case WebCryptoAlgorithmIdAesGcm:
             return doWriteUint32(AesGcmTag);
         case WebCryptoAlgorithmIdRsaOaep:
             return doWriteUint32(RsaOaepTag);
         case WebCryptoAlgorithmIdAesCtr:
             return doWriteUint32(AesCtrTag);
         case WebCryptoAlgorithmIdAesKw:
             return doWriteUint32(AesKwTag);
         case WebCryptoAlgorithmIdRsaPss:
             return doWriteUint32(RsaPssTag);
+        case WebCryptoAlgorithmIdEcdsa:
+            return doWriteUint32(EcdsaTag);
         }
         ASSERT_NOT_REACHED();
     }
+
+    void doWriteAsymmetricKeyType(WebCryptoKeyType keyType)
+    {
+        switch (keyType) {
+        case WebCryptoKeyTypePublic:
+            doWriteUint32(PublicKeyType);
+            break;
+        case WebCryptoKeyTypePrivate:
+            doWriteUint32(PrivateKeyType);
+            break;
+        case WebCryptoKeyTypeSecret:
+            ASSERT_NOT_REACHED();
+        }
+    }
+
+    void doWriteNamedCurve(WebCryptoNamedCurve namedCurve)
+    {
+        switch (namedCurve) {
+        case WebCryptoNamedCurveP256:
+            return doWriteUint32(P256Tag);
+        case WebCryptoNamedCurveP384:
+            return doWriteUint32(P384Tag);
+        case WebCryptoNamedCurveP521:
+            return doWriteUint32(P521Tag);
+        }
+        ASSERT_NOT_REACHED();
+    }
 
     void doWriteKeyUsages(const WebCryptoKeyUsageMask usages, bool extractable)
     {
         // Reminder to update this when adding new key usages.
         COMPILE_ASSERT(EndOfWebCryptoKeyUsage == (1 << 7) + 1, UpdateMe);
 
         uint32_t value = 0;
 
         if (extractable)
             value |= ExtractableUsage;
@@ skipping 1454 matching lines @@
                 return false;
             break;
         case HmacKeyTag:
             if (!doReadHmacKey(algorithm, type))
                 return false;
             break;
         case RsaHashedKeyTag:
             if (!doReadRsaHashedKey(algorithm, type))
                 return false;
             break;
+        case EcKeyTag:
+            if (!doReadEcKey(algorithm, type))
+                return false;
+            break;
         default:
             return false;
         }
 
         WebCryptoKeyUsageMask usages;
         bool extractable;
         if (!doReadKeyUsages(usages, extractable))
             return false;
 
         uint32_t keyDataLength;
@@ skipping 147 matching lines @@
         type = WebCryptoKeyTypeSecret;
         return !algorithm.isNull();
     }
 
     bool doReadRsaHashedKey(WebCryptoKeyAlgorithm& algorithm, WebCryptoKeyType& type)
     {
         WebCryptoAlgorithmId id;
         if (!doReadAlgorithmId(id))
             return false;
 
-        uint32_t rawType;
-        if (!doReadUint32(&rawType))
+        if (!doReadAsymmetricKeyType(type))
             return false;
 
-        switch (static_cast<AssymetricCryptoKeyType>(rawType)) {
-        case PublicKeyType:
-            type = WebCryptoKeyTypePublic;
-            break;
-        case PrivateKeyType:
-            type = WebCryptoKeyTypePrivate;
-            break;
-        default:
-            return false;
-        }
-
         uint32_t modulusLengthBits;
         if (!doReadUint32(&modulusLengthBits))
             return false;
 
         uint32_t publicExponentSize;
         if (!doReadUint32(&publicExponentSize))
             return false;
 
         if (m_position + publicExponentSize > m_length)
             return false;
 
         const uint8_t* publicExponent = m_buffer + m_position;
         m_position += publicExponentSize;
 
         WebCryptoAlgorithmId hash;
         if (!doReadAlgorithmId(hash))
             return false;
         algorithm = WebCryptoKeyAlgorithm::createRsaHashed(id, modulusLengthBits, publicExponent, publicExponentSize, hash);
 
         return !algorithm.isNull();
     }
 
+    bool doReadEcKey(WebCryptoKeyAlgorithm& algorithm, WebCryptoKeyType& type)
+    {
+        WebCryptoAlgorithmId id;
+        if (!doReadAlgorithmId(id))
+            return false;
+
+        if (!doReadAsymmetricKeyType(type))
+            return false;
+
+        WebCryptoNamedCurve namedCurve;
+        if (!doReadNamedCurve(namedCurve))
+            return false;
+
+        algorithm = WebCryptoKeyAlgorithm::createEc(id, namedCurve);
+        return !algorithm.isNull();
+    }
+
     bool doReadAlgorithmId(WebCryptoAlgorithmId& id)
     {
         uint32_t rawId;
         if (!doReadUint32(&rawId))
             return false;
 
         switch (static_cast<CryptoKeyAlgorithmTag>(rawId)) {
         case AesCbcTag:
             id = WebCryptoAlgorithmIdAesCbc;
             return true;
@@ skipping 23 matching lines @@
             return true;
         case AesCtrTag:
             id = WebCryptoAlgorithmIdAesCtr;
             return true;
         case AesKwTag:
             id = WebCryptoAlgorithmIdAesKw;
             return true;
         case RsaPssTag:
             id = WebCryptoAlgorithmIdRsaPss;
             return true;
+        case EcdsaTag:
+            id = WebCryptoAlgorithmIdEcdsa;
+            return true;
         }
 
         return false;
+    }
+
+    bool doReadAsymmetricKeyType(WebCryptoKeyType& type)
+    {
+        uint32_t rawType;
+        if (!doReadUint32(&rawType))
+            return false;
+
+        switch (static_cast<AssymetricCryptoKeyType>(rawType)) {
+        case PublicKeyType:
+            type = WebCryptoKeyTypePublic;
+            return true;
+        case PrivateKeyType:
+            type = WebCryptoKeyTypePrivate;
+            return true;
+        }
+
+        return false;
+    }
+
+    bool doReadNamedCurve(WebCryptoNamedCurve& namedCurve)
+    {
+        uint32_t rawName;
+        if (!doReadUint32(&rawName))
+            return false;
+
+        switch (static_cast<NamedCurveTag>(rawName)) {
+        case P256Tag:
+            namedCurve = WebCryptoNamedCurveP256;
+            return true;
+        case P384Tag:
+            namedCurve = WebCryptoNamedCurveP384;
+            return true;
+        case P521Tag:
+            namedCurve = WebCryptoNamedCurveP521;
+            return true;
+        }
+
+        return false;
     }
 
     bool doReadKeyUsages(WebCryptoKeyUsageMask& usages, bool& extractable)
     {
         // Reminder to update this when adding new key usages.
         COMPILE_ASSERT(EndOfWebCryptoKeyUsage == (1 << 7) + 1, UpdateMe);
         const uint32_t allPossibleUsages = ExtractableUsage | EncryptUsage | DecryptUsage | SignUsage | VerifyUsage | DeriveKeyUsage | WrapKeyUsage | UnwrapKeyUsage | DeriveBitsUsage;
 
         uint32_t rawUsages;
         if (!doReadUint32(&rawUsages))
@@ skipping 543 matching lines @@
     // If the allocated memory was not registered before, then this class is likely
     // used in a context other then Worker's onmessage environment and the presence of
     // current v8 context is not guaranteed. Avoid calling v8 then.
     if (m_externallyAllocatedMemory) {
         ASSERT(v8::Isolate::GetCurrent());
         v8::Isolate::GetCurrent()->AdjustAmountOfExternalAllocatedMemory(-m_externallyAllocatedMemory);
     }
 }
 
 } // namespace blink