Fix various TODO by checking the validity of ECDSA and ECDH keys when
they are imported. There are no checks in place for raw import because
the spec doesn't contemplate them yet.
Also add some internal tests since WPT doesn't seem to provide them.
It may happen that the scalars used by SECPxxxr1 turn out to be slightly
smaller than their actual size when serialized to `UnsignedBigInteger`,
especially for P521. Handle this case by serializing zeros instead of
failing.
Originally discovered as a flaky WPT test.
Our `UnsignedBigInteger` implementation cannot handle numbers whose
size is not a multiple of 4. For this reason we need to carry the real
size around for P-521 support.
Implement the Ed448 curve for signing and verifying using OpenSSL.
The methods could be all made static, but all other curves are not.
I think this is material for further refactoring.
This adds a thin wrapper to LibCrypto for generating cryptographically
secure random values and replaces current usages of PRNG within
LibCrypto as well.
This required multiple changes:
- Make hashes non-copiable because they contain a heap allocated pointer
- Reference classes via `NonnullOwnPtr` only (they are non-copiable)
- Drop all existing hashes implementations
- Use the `OpenSSLHashFunction` base class to implement the same hashes
I was not able to come up with a way to divide this commit into multiple
without increasing the amount of changes.
Nothing breaks with this commit!
In order for public/private key serialization to work correctly we must
store the size of the key because P-521 cannot be stored as full words
inside `UnsignedBigInteger` and therefore is exported as the wrong
length (68 instead of 66).
This makes it also possible to refactor some methods and cleanup
constants scattered around.
Gets almost all import/export tests, expect the JWK ones that calculate
the public key on export. The `SECPxxxr1` implementation currently fails
to do calculations for P-521.
Define SECP521r1 with its constants. Since the parameters cannot be
represented as full bytes, a slight modification has been added to the
byte size.
The current implementation of SECPxxxr1 does not work with this curve.
Little refactoring to remove the last bits of ASN1 decoding/encoding
from within the `SECPxxxr1` class. It was a bit confusing for the
`SECPxxxr1` methods to handle ASN1 internally implicitly. Some explicit
methods are available to achieve the same functionality on the data
structures.
This allows to move ASN1 logic from inside the `SECPxxxr1` curve
itself to the data structures. It makes more sense to have dedicated and
explicit methods to handle transformation between formats.
It looks like the `SECPxxxr1` was made mainly to work with the TLS
implementation which requires everything to be bytes. This is not always
the case and a loss of generality.
I have added some methods that take and return `UnsignedBigInteger`s
for better interoperability with ASN.1 stuff. I would like to remove
the old methods relying on bytes, but I haven't made my mind around how
to generalize it for all curves.
