Support for Curve25519 in the WebCrypto API: Ed25519 algorithm
Categories
(Core :: DOM: Web Crypto, enhancement, P1)
Tracking
()
Tracking | Status | |
---|---|---|
firefox129 | --- | fixed |
People
(Reporter: jfernandez, Assigned: anna.weine)
References
(Blocks 1 open bug)
Details
(Keywords: dev-doc-complete, parity-chrome, parity-safari)
Attachments
(1 file, 6 obsolete files)
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:107.0) Gecko/20100101 Firefox/107.0
Steps to reproduce:
Run the WebCryptoAPI tests related to the Ed25219 keys from the WPT test suite:
Actual results:
All the tests fail.
Expected results:
All the tests pass.
Reporter | ||
Comment 1•2 years ago
|
||
It seems Firefox has shown support [1] for implementing Curve25519 safe curve some time ago already. Additionally, Chrome [2] and Safari [3] have already started to implement the Ed25519 and X25519 algorithms.
[1] https://github.com/mozilla/standards-positions/pull/296
[2] https://bugs.chromium.org/p/chromium/issues/detail?id=1370697
[3] https://bugs.webkit.org/show_bug.cgi?id=246145
Comment 2•2 years ago
|
||
The Bugbug bot thinks this bug should belong to the 'Core::DOM: Security' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.
Updated•2 years ago
|
Reporter | ||
Comment 3•2 years ago
|
||
Assuming there is enough support for the feature, I have started to work on this.
Reporter | ||
Comment 4•2 years ago
|
||
This bug depends on a complete implementation for Curve25519 support in nss, which as far as I know it's being tracked in https://bugzilla.mozilla.org/show_bug.cgi?id=1325335
Reporter | ||
Updated•2 years ago
|
Reporter | ||
Updated•2 years ago
|
Reporter | ||
Updated•2 years ago
|
We're eagerly awaiting this for our user contribution work at omnilingo
Assignee | ||
Comment 6•6 months ago
|
||
Updated•6 months ago
|
Assignee | ||
Comment 7•6 months ago
|
||
Updated•6 months ago
|
Updated•6 months ago
|
Updated•6 months ago
|
Assignee | ||
Comment 8•6 months ago
|
||
Updated•6 months ago
|
Updated•6 months ago
|
Assignee | ||
Comment 9•6 months ago
|
||
Depends on D206361
Comment 10•6 months ago
|
||
For tracking purposes, it's best if you use separate bugs for NSS and PSM changes. Can you move the "Ed25519 Enhancement" series to one or more new bugs?
Updated•6 months ago
|
Assignee | ||
Comment 11•6 months ago
|
||
(In reply to John Schanck [:jschanck] from comment #10)
For tracking purposes, it's best if you use separate bugs for NSS and PSM changes. Can you move the "Ed25519 Enhancement" series to one or more new bugs?
Sure!
Comment 12•6 months ago
|
||
Comment on attachment 9394481 [details]
Bug 1804788 - Ed25519 Enchancement Part III: check if R has a small order or non-canonical
Revision D206362 was moved to bug 1889153. Setting attachment 9394481 [details] to obsolete.
Comment 13•6 months ago
|
||
Comment on attachment 9394480 [details]
WIP: Bug 1804788 - ED25519 verification enchancement Part 2. Checking pk for small order
Revision D206361 was moved to bug 1889153. Setting attachment 9394480 [details] to obsolete.
Comment 14•6 months ago
|
||
Comment on attachment 9393644 [details]
Bug 1804788 - Ed25519 enchancement. Part I: Implementing correctness check of Ed25519 public key (pk == privateKey * bP)
Revision D205933 was moved to bug 1889153. Setting attachment 9393644 [details] to obsolete.
Updated•6 months ago
|
Updated•6 months ago
|
Comment 15•6 months ago
|
||
Comment on attachment 9393644 [details]
Bug 1804788 - Ed25519 enchancement. Part I: Implementing correctness check of Ed25519 public key (pk == privateKey * bP)
Revision D205933 was moved to bug 1889153. Setting attachment 9393644 [details] to obsolete.
Updated•6 months ago
|
Assignee | ||
Updated•5 months ago
|
Updated•5 months ago
|
Updated•5 months ago
|
Assignee | ||
Comment 16•5 months ago
|
||
Updated•5 months ago
|
Updated•5 months ago
|
Updated•4 months ago
|
Updated•4 months ago
|
Assignee | ||
Comment 17•4 months ago
|
||
Updated•4 months ago
|
Updated•4 months ago
|
Updated•4 months ago
|
Updated•4 months ago
|
Updated•4 months ago
|
Updated•4 months ago
|
Updated•3 months ago
|
Comment 18•3 months ago
|
||
Comment 19•3 months ago
|
||
Comment 20•3 months ago
|
||
Updated•3 months ago
|
Assignee | ||
Updated•3 months ago
|
Comment 21•3 months ago
|
||
bugherder |
Updated•3 months ago
|
Updated•3 months ago
|
Assignee | ||
Comment 22•3 months ago
|
||
Comment 23•3 months ago
|
||
Reopened for unpublished patches.
Updated•3 months ago
|
Updated•3 months ago
|
Updated•3 months ago
|
Updated•3 months ago
|
Comment 24•3 months ago
|
||
Comment on attachment 9406697 [details]
Bug 1804788 - WebCrypto: Enable X25519 algorithm
Revision D213261 was moved to bug 1904836. Setting attachment 9406697 [details] to obsolete.
Comment 25•3 months ago
|
||
Comment on attachment 9409648 [details]
Bug 1804788 - WebCrypto: Extending telemetry for to support Ed25519
Revision D214931 was moved to bug 1905617. Setting attachment 9409648 [details] to obsolete.
Assignee | ||
Updated•3 months ago
|
Updated•3 months ago
|
Updated•3 months ago
|
Comment 26•3 months ago
•
|
||
FF129 Docs work for this can be tracked in https://github.com/mdn/content/issues/34708
Can I confirm that from this issue we
- we support Ed25519 as an algorithm in
SubtleCrypto
forgenerateKey
,sign
,verify
,importKey
,exportKey
, - we support X25519 as an algorithm in
generateKey
,importKey
, exportKey,
deriveKey,
deriveBits` - you can use
X25519
orEd25519
as the algorithm inderiveKey()
but the derived key cant be that algorithm?
How can we use generateKey()
with X25519
? It seems to not like any of the usages I try.
Assignee | ||
Comment 27•3 months ago
|
||
Hello,
-
I confirm that we support Ed25519 as an algorithm for generateKey, sign/verify, importKey/exportKey. Maybe intentionally, you're missing wrap/unwrap keys (see here: https://wpt.fyi/results/WebCryptoAPI/wrapKey_unwrapKey/wrapKey_unwrapKey.https.any.html?label=experimental&label=master&aligned)
-
We do not support X25519, but we hope to start supporting starting from the next Nightly release.
-
DeriveKey takes ECDH or KDF (HKDF/PBKDF2) algorithms (see here: https://www.w3.org/TR/WebCryptoAPI/#algorithm-overview). Ed2519 can not be used as an algorithm in deriveKey, but x25519 can. The reason why it's not in the list is that they update the specification with the algorithms now.
I am happy to help if you have any other questions!
Updated•2 months ago
|
Comment 28•2 months ago
|
||
Comment 29•2 months ago
|
||
Comment on attachment 9406697 [details]
Bug 1804788 - WebCrypto: Enable X25519 algorithm
Revision D213261 was moved to bug 1904836. Setting attachment 9406697 [details] to obsolete.
Comment 30•2 months ago
|
||
bugherder |
Updated•2 months ago
|
Updated•2 months ago
|
Updated•2 months ago
|
Description
•