LibCrypto: Implement ECPrivateKey and ECPublicKey

Added basic EC private and public key definitions as well as ASN.1
encoding and decoding.

A lot of refactoring can be made around the ASN.1 processing (here and
in other parts of the codebase) by utilizing what is available
in `LibCrypto::Certificate` as macros, but I think it's outside the
scope of implementing ECDH support for WebCryptoAPI.

Libraries/LibCrypto/CMakeLists.txt

@@ -34,6 +34,7 @@ set(SOURCES
     Hash/SHA2.cpp
     NumberTheory/ModularFunctions.cpp
     PK/RSA.cpp
+    PK/EC.cpp
 )
 
 serenity_lib(LibCrypto crypto)

Libraries/LibCrypto/PK/EC.cpp

@@ -0,0 +1,124 @@
+/*
+ * Copyright (c) 2024, Altomani Gianluca <altomanigianluca@gmail.com>
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ */
+
+#include <AK/ByteBuffer.h>
+#include <AK/StringView.h>
+#include <LibCrypto/ASN1/DER.h>
+#include <LibCrypto/Certificate/Certificate.h>
+
+namespace Crypto::PK {
+
+template<>
+ErrorOr<ByteBuffer> ECPrivateKey<IntegerType>::export_as_der() const
+{
+    ASN1::Encoder encoder;
+    TRY(encoder.write_constructed(ASN1::Class::Universal, ASN1::Kind::Sequence, [&]() -> ErrorOr<void> {
+        TRY(encoder.write(1u)); // version
+
+        auto d_bytes = TRY(ByteBuffer::create_uninitialized(m_d.byte_length()));
+        auto d_size = m_d.export_data(d_bytes.span());
+        TRY(encoder.write<ReadonlyBytes>(d_bytes.span().slice(0, d_size)));
+
+        if (m_parameters.has_value()) {
+            TRY(encoder.write_constructed(ASN1::Class::Context, static_cast<ASN1::Kind>(0), [&]() -> ErrorOr<void> {
+                TRY(encoder.write<Vector<int>>(*m_parameters, {}, ASN1::Kind::ObjectIdentifier));
+                return {};
+            }));
+        }
+
+        if (m_public_key.has_value()) {
+            TRY(encoder.write_constructed(ASN1::Class::Context, static_cast<ASN1::Kind>(1), [&]() -> ErrorOr<void> {
+                auto public_key_bytes = TRY(m_public_key->to_uncompressed());
+                TRY(encoder.write(ASN1::BitStringView(public_key_bytes, 0)));
+
+                return {};
+            }));
+        }
+
+        return {};
+    }));
+
+    return encoder.finish();
+}
+
+// https://www.rfc-editor.org/rfc/rfc5915#section-3
+ErrorOr<EC::KeyPairType> EC::parse_ec_key(ReadonlyBytes der)
+{
+    // ECPrivateKey ::= SEQUENCE {
+    //      version         INTEGER { ecPrivkeyVer1(1) }(ecPrivkeyVer1),
+    //      privateKey      OCTET STRING,
+    //      parameters  [0] ECParameters {{ NamedCurve }} OPTIONAL,
+    //      publicKey   [1] BIT STRING OPTIONAL
+    // }
+    KeyPairType keypair;
+
+    ASN1::Decoder decoder(der);
+
+    auto tag = TRY(decoder.peek());
+    if (tag.kind != ASN1::Kind::Sequence) {
+        auto message = TRY(String::formatted("EC key parse failed: Expected a Sequence but got {}", ASN1::kind_name(tag.kind)));
+        return Error::from_string_view(message.bytes_as_string_view());
+    }
+
+    TRY(decoder.enter());
+
+    auto version = TRY(decoder.read<UnsignedBigInteger>());
+    if (version != 1) {
+        auto message = TRY(String::formatted("EC key parse failed: Invalid version {}", version));
+        return Error::from_string_view(message.bytes_as_string_view());
+    }
+
+    auto private_key = TRY(decoder.read<StringView>());
+
+    Optional<Vector<int>> parameters;
+    if (!decoder.eof()) {
+        auto tag = TRY(decoder.peek());
+        if (static_cast<u8>(tag.kind) == 0) {
+            TRY(decoder.rewrite_tag(ASN1::Kind::Sequence));
+            TRY(decoder.enter());
+
+            parameters = TRY(Crypto::Certificate::parse_ec_parameters(decoder, {}));
+
+            TRY(decoder.leave());
+        }
+    }
+
+    Optional<ECPublicKey<>> public_key;
+    if (!decoder.eof()) {
+        auto tag = TRY(decoder.peek());
+        if (static_cast<u8>(tag.kind) == 1) {
+            TRY(decoder.rewrite_tag(ASN1::Kind::Sequence));
+            TRY(decoder.enter());
+
+            auto public_key_bits = TRY(decoder.read<ASN1::BitStringView>());
+            auto public_key_bytes = TRY(public_key_bits.raw_bytes());
+            if (public_key_bytes.size() != 1 + private_key.length() * 2) {
+                return Error::from_string_literal("EC key parse failed: Invalid public key length");
+            }
+
+            if (public_key_bytes[0] != 0x04) {
+                return Error::from_string_literal("EC key parse failed: Unsupported public key format");
+            }
+
+            public_key = ::Crypto::PK::ECPublicKey<> {
+                UnsignedBigInteger::import_data(public_key_bytes.slice(1, private_key.length())),
+                UnsignedBigInteger::import_data(public_key_bytes.slice(1 + private_key.length(), private_key.length())),
+            };
+
+            TRY(decoder.leave());
+        }
+    }
+
+    keypair.private_key = ECPrivateKey {
+        UnsignedBigInteger::import_data(private_key),
+        parameters,
+        public_key,
+    };
+
+    return keypair;
+}
+
+}

Libraries/LibCrypto/PK/EC.h

@@ -0,0 +1,87 @@
+/*
+ * Copyright (c) 2024, Altomani Gianluca <altomanigianluca@gmail.com>
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ */
+
+#pragma once
+
+#include <AK/ByteBuffer.h>
+#include <AK/StringView.h>
+#include <LibCrypto/ASN1/DER.h>
+#include <LibCrypto/PK/PK.h>
+
+namespace Crypto::PK {
+
+template<typename Integer = UnsignedBigInteger>
+class ECPublicKey {
+public:
+    ECPublicKey(Integer x, Integer y)
+        : m_x(move(x))
+        , m_y(move(y))
+    {
+    }
+
+    ECPublicKey()
+        : m_x(0)
+        , m_y(0)
+    {
+    }
+
+    Integer const& x() const { return m_x; }
+    Integer const& y() const { return m_y; }
+
+    ErrorOr<ByteBuffer> to_uncompressed() const
+    {
+        auto bytes = TRY(ByteBuffer::create_uninitialized(1 + m_x.byte_length() + m_y.byte_length()));
+        bytes[0] = 0x04; // uncompressed
+        auto x_size = m_x.export_data(bytes.span().slice(1));
+        auto y_size = m_y.export_data(bytes.span().slice(1 + x_size));
+        return bytes.slice(0, 1 + x_size + y_size);
+    }
+
+private:
+    Integer m_x;
+    Integer m_y;
+};
+
+// https://www.rfc-editor.org/rfc/rfc5915#section-3
+template<typename Integer = UnsignedBigInteger>
+class ECPrivateKey {
+public:
+    ECPrivateKey(Integer d, Optional<Vector<int>> parameters, Optional<ECPublicKey<Integer>> public_key)
+        : m_d(move(d))
+        , m_parameters(parameters)
+        , m_public_key(public_key)
+    {
+    }
+
+    ECPrivateKey() = default;
+
+    Integer const& d() const { return m_d; }
+    Optional<Vector<int> const&> parameters() const { return m_parameters; }
+    Optional<ECPublicKey<Integer> const&> public_key() const { return m_public_key; }
+
+    ErrorOr<ByteBuffer> export_as_der() const;
+
+private:
+    Integer m_d;
+    Optional<Vector<int>> m_parameters;
+    Optional<ECPublicKey<Integer>> m_public_key;
+};
+
+template<typename PubKey, typename PrivKey>
+struct ECKeyPair {
+    PubKey public_key;
+    PrivKey private_key;
+};
+
+using IntegerType = UnsignedBigInteger;
+class EC : public PKSystem<ECPrivateKey<IntegerType>, ECPublicKey<IntegerType>> {
+public:
+    using KeyPairType = ECKeyPair<PublicKeyType, PrivateKeyType>;
+
+    static ErrorOr<KeyPairType> parse_ec_key(ReadonlyBytes der);
+};
+
+}