LibCrypto: Parse EC private key when parsing an ASN.1 PrivateKeyInfo

Parse and store the `ECPrivateKey` extracted from the `privateKeyAlgorithm` field of the ASN.1 `PrivateKeyInfo` sequence when the algorithm identifier is `ec_public_key_encryption`. The parsing function returns `ErrorOr` instead of an "empty" key, like `parse_rsa_key` does. To me, this seemed better in terms of reliability. As mentioned in the previous commit, there is room for improvement.
Author: https://github.com/devgianlu Commit: 6cf89e46c9 Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/2598 Reviewed-by: https://github.com/stelar7
2025-07-30 04:39:06 +00:00 · 2024-11-26 18:15:39 +01:00 · 2024-11-26 18:15:39 +01:00 · 6cf89e46c9 · 2024-11-27 10:01:29 +00:00
commit 6cf89e46c9
parent 5f3f089494
2 changed files with 14 additions and 0 deletions
--- a/Libraries/LibCrypto/Certificate/Certificate.cpp
+++ b/Libraries/LibCrypto/Certificate/Certificate.cpp
@ -12,6 +12,7 @@
 #include <LibCrypto/ASN1/ASN1.h>
 #include <LibCrypto/ASN1/DER.h>
 #include <LibCrypto/ASN1/PEM.h>
+#include <LibCrypto/PK/EC.h>

 namespace {
 static String s_error_string;
@ -436,6 +437,17 @@ ErrorOr<PrivateKey> parse_private_key_info(Crypto::ASN1::Decoder& decoder, Vecto
        EXIT_SCOPE();
        return private_key;
    }
+    if (private_key.algorithm.identifier.span() == ec_public_key_encryption_oid.span()) {
+        auto maybe_key = Crypto::PK::EC::parse_ec_key(value.bytes());
+        if (maybe_key.is_error()) {
+            ERROR_WITH_SCOPE(TRY(String::formatted("Invalid EC key at {}: {}", current_scope, maybe_key.release_error())));
+        }
+
+        private_key.ec = move(maybe_key.release_value().private_key);
+
+        EXIT_SCOPE();
+        return private_key;
+    }

    // https://datatracker.ietf.org/doc/html/rfc8410#section-9
    // For all of the OIDs, the parameters MUST be absent.
--- a/Libraries/LibCrypto/Certificate/Certificate.h
+++ b/Libraries/LibCrypto/Certificate/Certificate.h
@ -14,6 +14,7 @@
 #include <LibCore/ConfigFile.h>
 #include <LibCrypto/ASN1/DER.h>
 #include <LibCrypto/BigInt/UnsignedBigInteger.h>
+#include <LibCrypto/PK/EC.h>
 #include <LibCrypto/PK/RSA.h>

 namespace Crypto::Certificate {
@ -262,6 +263,7 @@ ErrorOr<SubjectPublicKey> parse_subject_public_key_info(Crypto::ASN1::Decoder& d
 class PrivateKey {
 public:
    Crypto::PK::RSAPrivateKey<Crypto::UnsignedBigInteger> rsa;
+    Crypto::PK::ECPrivateKey<Crypto::UnsignedBigInteger> ec;

    AlgorithmIdentifier algorithm;
    ByteBuffer raw_key;