SubtleCrypto.deriveBits fails with P-384 keys

[diachedelic]

The following script fails with an "Unsupported namedCurve" error. It works fine if the P-384 is changed to P-256.

function generate_keypair() {
    return crypto.subtle.generateKey(
        {name: "ECDH", namedCurve: "P-384"},
        true,
        ["deriveBits"]
    );
}

Promise.all([
    generate_keypair(),
    generate_keypair()
]).then(function ([alice, bob]) {
    return crypto.subtle.deriveBits(
        {name: "ECDH", public: bob.publicKey},
        alice.privateKey,
        256
    );
}).then(
    console.log
);

It appears that the upstream fix mentioned in this TODO comment has just landed, meaning that it should be possible to make SubtleCrypto.deriveBits work with P-384 keys.

[diachedelic]

Version 0.11.0 of the p384 crate was released a few days ago, and it seems to contain the functionality we require. However, in bumping p384 from v0.8.0 to v0.11.0 I got some Cargo version conflicts. To resolve these conflicts, I upgraded some other RustCrypto crates:

• elliptic-curve from 0.10.6 to 0.11.0 (0.12.0 is the latest)
• p256 from 0.9.0 to 0.11.0
• rsa from 0.5.0 to 0.6.1
• spki from 0.4.1 to 0.6.0

Unfortunately, this broke the build (https://gist.github.com/diachedelic/a760e057d032dcc53765dda73adf863f). At this point, I realised I was out of my depth.

[diachedelic]

I also noticed this comment

Shamelessly copied from pkcs8 crate and modified so as to not require Arithmetic trait currently missing from p384

which looks like it wants to be addressed alongside this issue.

[littledivy]

Version 0.11.0 of the p384 crate was released a few days ago, and it seems to contain the functionality we require.

There is a PR for upgrading all the webcrypto deps: #14452 This should be unblocked after that.

[diachedelic]

Legend!

[diachedelic]

Duplicate of #13451.