deriveBits: Implement support of non-multiples of 8 for lengths

[olegbespalov]

What?

While do have support of deriveBits operation (for the ECDH algorithm).

However, the web platform test suite showed that the length argument could be a non-multiply of 8. In that case, we should implement the logic to support such values.

For now, we explicitly return an error if the length is a non-multiply of 8. see 6c61c1b

Below is a snippet that could be run in the browser. It works in Chrome, but errors in Firefox.

window.crypto.subtle.importKey(
      'spki',
      new Uint8Array([
        48, 89, 48, 19, 6, 7, 42, 134, 72, 206, 61, 2, 1, 6, 8, 42, 134, 72, 206,
        61, 3, 1, 7, 3, 66, 0, 4, 10, 5, 30, 56, 111, 103, 196, 166, 225, 229,
        203, 238, 125, 55, 116, 91, 88, 142, 190, 114, 15, 117, 89, 22, 40, 111,
        150, 41, 105, 122, 57, 23, 17, 216, 106, 234, 201, 103, 8, 210, 58, 38,
        35, 216, 198, 237, 187, 84, 217, 164, 63, 100, 6, 105, 49, 128, 15, 53,
        29, 158, 117, 235, 238, 30,
      ]),
      {
        name: 'ECDH',
        namedCurve: 'P-256'
      },
      true,
      []
    ).then(publicKey => {
      window.crypto.subtle.importKey(
        'pkcs8',
        new Uint8Array([
          48, 129, 135, 2, 1, 0, 48, 19, 6, 7, 42, 134, 72, 206, 61, 2, 1, 6, 8, 42,
          134, 72, 206, 61, 3, 1, 7, 4, 109, 48, 107, 2, 1, 1, 4, 32, 15, 247, 79,
          232, 241, 202, 175, 97, 92, 206, 241, 29, 217, 53, 114, 87, 98, 217, 216,
          65, 236, 186, 185, 94, 170, 38, 68, 123, 52, 100, 245, 113, 161, 68, 3,
          66, 0, 4, 140, 96, 11, 44, 102, 25, 45, 97, 158, 39, 210, 37, 107, 59,
          151, 118, 178, 141, 30, 5, 246, 13, 234, 189, 98, 174, 123, 154, 211, 157,
          224, 217, 59, 4, 102, 109, 199, 119, 14, 126, 207, 13, 211, 203, 203, 211,
          110, 221, 107, 94, 220, 153, 81, 7, 55, 161, 237, 104, 46, 205, 112, 244,
          10, 47,
        ]),
        {
          name: 'ECDH',
          namedCurve: 'P-256'
        },
        true,
        ["deriveKey", "deriveBits"]
      ).then(privateKey => {
        window.crypto.subtle.deriveBits(
          {
            name: 'ECDH',
            public: publicKey
          },
          privateKey,
          245 // non-multiply of 8
        ).then(bits => {
          console.log('Derived bits:', new Uint8Array(bits));
        }, error => {
          console.error('Error deriving bits:', error);
        });
      }, error => {
        console.error('Error importing private key:', error);
      });
    }, error => {
      console.error('Error importing public key:', error);
    });

Related PRs:

• ECDH support #67
• Minor fixes and tests for deriveBits #79

Why?

WebCrypto API defines it as possible to have a length that is non-multiply of 8.

[mstoykov]

Is this a problem with the go stdlib returning errors on those? Or in our implementation?

[olegbespalov]

@mstoykov It's on our implementation, we need to handle such cases. In theory, it's not hard, but I stopped iterating on it for now since I want to wrap everything before release.