Support for Curve25519 (Ed25519 X25519) in Web Cryptography APIs

[lidel]

We are collaborating with Igalia on this. Filling issue so folks can subscribe for updates – I will edit details below to reflect current state.

• Meta / specs
  • https://github.com/w3c/webcrypto/pull/362
  • https://github.com/WICG/webcrypto-secure-curves/issues/20
  • working on the issue about the deriveBits inconsistencies in the spec (https://github.com/w3c/webcrypto/issues/322)
  • blogpost: https://blogs.igalia.com/jfernandez/2023/06/20/secure-curves-in-the-web-cryptography-api/
  • [x] interoperability issues related to the deriveKey length
    • https://github.com/w3c/webcrypto/issues/322
    • https://github.com/w3c/webcrypto/issues/329
    • https://chromium-review.googlesource.com/c/chromium/src/+/5328466
  • [x] Web Platform Tests
    • https://github.com/web-platform-tests/wpt/pull/43400
    • https://github.com/web-platform-tests/wpt/pull/44719
    • https://github.com/web-platform-tests/wpt/pull/43751
• [ ] Chromium
  • [x] [blink-dev] Intent to Prototype: Curve25519 in Web Cryptography
  • [x] Initial implementation of the Ed25519 algorithm
  • [x] Issue 1370697: Implement safe curves Ed25519 and X25510
  • [x] Change X25519´s behavior to match the current spec
  • [ ] https://issues.chromium.org/issues/40074061 → https://chromium-review.googlesource.com/c/chromium/src/+/5054207
  • [ ] enable by default: https://chromium-review.googlesource.com/c/chromium/src/+/6440173
• [ ] Firefox
  • [x] https://bugzilla.mozilla.org/show_bug.cgi?id=1804788
  • [ ] https://bugzilla.mozilla.org/show_bug.cgi?id=1889153 might be related, adds extra checks on "small order" detail mentioned in https://github.com/libp2p/specs/issues/593 (tbd if this is tested by WPT or not)
  • [ ] may be delayed by necessary NSS prework (https://bugzilla.mozilla.org/show_bug.cgi?id=1325335#c18)
    • [ ] NSS work wip: https://bugzilla.mozilla.org/show_bug.cgi?id=1325335
• [ ] WebKit
  • [ ] https://bugs.webkit.org/show_bug.cgi?id=246145
  • [ ] https://bugs.webkit.org/show_bug.cgi?id=262613 → https://github.com/WebKit/WebKit/pull/21006
  • [ ] https://github.com/WebKit/WebKit/pull/5811
  • [x] https://github.com/WebKit/WebKit/pull/8691
  • [x] Safari 17.0 includes "Support for Ed25519 cryptography." https://webkit.org/blog/14445/webkit-features-in-safari-17-0/

[lidel]

Igalia posted a fantastic blog post about current progress on Secure Curves in the Web Cryptography API:

• https://blogs.igalia.com/jfernandez/2023/06/20/secure-curves-in-the-web-cryptography-api/

[javifernandez]

• Chromium
  • Both Ed25519 and X25519 implementation are completed, although behind a runtime flag
• WebKit
  • Both Ed25519 and X25519 implementation are completed, although behind a runtime flag