diff options
| author | Divy Srivastava <dj.srivastava23@gmail.com> | 2024-01-06 16:48:31 +0530 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-01-06 16:48:31 +0530 |
| commit | bfd5f1598cc462b460791fdfca9bb6c2c69fec9b (patch) | |
| tree | 93dfa9f650d07351d76e2202b7a4f7930727271b /ext/crypto/import_key.rs | |
| parent | 1d46ee5129dc5c674a7a4b6ad3a40243de4de2a0 (diff) | |
feat(ext/crypto): initial support for p521 in `generateKey` and `importKey` (#21815)
Part 1 of a potential 3 part series. Ref #13449
The current implementation passes key material back and forth RustCrypto
group of crates and ring. ring does not implement p521 yet.
This PR adds support for P521 named curve in `generateKey` and
`importKey` where we use RustCrypto. Other parts should be moved over to
the RustGroup group of crates for consistency.
Diffstat (limited to 'ext/crypto/import_key.rs')
| -rw-r--r-- | ext/crypto/import_key.rs | 30 |
1 files changed, 27 insertions, 3 deletions
diff --git a/ext/crypto/import_key.rs b/ext/crypto/import_key.rs index 409ffe7be..7b06cae99 100644 --- a/ext/crypto/import_key.rs +++ b/ext/crypto/import_key.rs @@ -520,7 +520,12 @@ fn import_key_ec_jwk_to_point( p384::EncodedPoint::from_affine_coordinates(&x, &y, false).to_bytes() } - _ => return Err(not_supported_error("Unsupported named curve")), + EcNamedCurve::P521 => { + let x = decode_b64url_to_field_bytes::<p521::NistP521>(&x)?; + let y = decode_b64url_to_field_bytes::<p521::NistP521>(&y)?; + + p521::EncodedPoint::from_affine_coordinates(&x, &y, false).to_bytes() + } }; Ok(point_bytes.to_vec()) @@ -629,7 +634,15 @@ fn import_key_ec( return Err(data_error("invalid P-384 elliptic curve point")); } } - _ => return Err(not_supported_error("Unsupported named curve")), + EcNamedCurve::P521 => { + // 1-2. + let point = p521::EncodedPoint::from_bytes(&data) + .map_err(|_| data_error("invalid P-521 elliptic curve point"))?; + // 3. + if point.is_identity() { + return Err(data_error("invalid P-521 elliptic curve point")); + } + } }; Ok(ImportKeyResult::Ec { raw_data: RustRawKeyData::Public(data.to_vec().into()), @@ -755,7 +768,18 @@ fn import_key_ec( point.as_bytes().len() } - _ => return Err(not_supported_error("Unsupported named curve")), + EcNamedCurve::P521 => { + let point = + p521::EncodedPoint::from_bytes(&*encoded_key).map_err(|_| { + data_error("invalid P-521 elliptic curve SPKI data") + })?; + + if point.is_identity() { + return Err(data_error("invalid P-521 elliptic curve point")); + } + + point.as_bytes().len() + } }; if bytes_consumed != pk_info.subject_public_key.raw_bytes().len() { |