Bug 196181

Summary: crypto.subtle.importKey fails for for RSA keys with p < q
Product: WebKit Reporter: Soma Lucz <webkit-bugzilla>
Component: WebKit Misc.Assignee: Nobody <webkit-unassigned>
Status: RESOLVED WONTFIX    
Severity: Major CC: bfulgham, jiewen_tan, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: Safari 12   
Hardware: All   
OS: All   

Description Soma Lucz 2019-03-23 16:22:20 PDT 
In Safari 12 crypto.subtle.importKey fails for RSA keys with p < q. Although generating such keys is against conventions and the efficiency of the CRT application, it is not invalid. Microsoft Edge generates such keys in ~50% of the time.

This is a very inconvenient issue for web applications relying on RSA cryptography used in a cross-browser environment.

Example good key (with p > q, importKey succeeds in Safari):

const goodKey = {
  n: "wOwKgOpYOpKmVUd8XAleZcgzGx_ZFrWpc39jn3DCUwOVbV0OXp-W4srTcyCFExfhjCNd7r8gZpQ4KvutkkWXGXE3WzxhwMUD3CZrG31bW84Q5cEXo7GerRDmf5MwVJl0AOLdQHIHmrPRzxB5pAknuGwrb6ckmVj0_RVWl6yU2u75XXWAwcuAPUNkeqtpMtASU9LRsNV24VjNsEFPb9bWxgc5iB8rzzE4Z5SiDKiV6mV49kG9RUxmqC9SrIw45JEGTlFDk5UVkq6jHa2k3KwcEjFqP4eMgyHKkpBSuLfx-Rm2LH9oU8v-o75yx_Q7dOsynVv1BtZ3oFqULx2QNL8raQ",
  e: "AQAB",
  d: "DAitPw1fI4gyR--FmlgbQ04RogeCiyAZydKQbEmkVXlLwN6lHtHln4_3UJ8ereo3b35lRZc2di-YsVWxpgYhPr0JLu-9SUEA1KKw264eHMPl2e8JgnR56WG8fwi3Yw-PZN7B3ls-ji_ZTolAjTLk_2P_8Z8DcW1TGtZR6HQjdOSHfywpBjSfoj0JZwvJQpgsuSTVdRqs6BdHYThCK-3JLT1xpEPV7P1gH4gUjvj9OaSwEN5682heUZMmrvSR0-7CScMt7T7KhhzlL868v5cjRMe4k5lh8llST9Ze5GKy9WJZslarDeGOSLkOKIpQKekfTcPT0r4GCbKbNa6ZRU1RYQ",
  p: "4XiAqMzTmP_aPAD7xrugwtuxJQgrx8gWKIfwLcI4zPww1Ve714vdSMiBpc0h-sdP9dt1Vab9GJx_aIn-PF5rdEQ2LLZsT4-E3T0ew80n5mj0UkVpiZaNBn6gJyMOMZ0sGPBXuhhhukoIoCKQaLi6w4aiiNMbcSRnU6h6KqfeW7c",
  q: "2wtNgSO06FAnzYrlOFwKyB9cYGOE_JO86sMkVQRKDhuVVY26XLpaoSlU275tS1EN4_JPbAJMMN4BjtMyQiDpkID_DdHXoSJCnYEgYOozX394X-j2FjqHctjHq6maQxv4sXtBZM3pwXPNcFq28QfBpEMdhNbvFAcuj6mX8JP68d8",
  dp: "ypiEwyiJWYlMh246zi_6HB1b53KYJEPd5T2Ayx0h_M7-8jSLTPsYMzY3iMvyJGzDpJ81p2kNMvgsY7ra_1O4KhjAtRyV5keHk2RAKKBHofncz7AfTMpCnftZ3NDbCCm6Xg5YRZdy-PldFsb4C6Ex8E8h7OAEYH3deoaAf6OnYbE",
  dq: "jmsr6mI_9qhfKMo9PUbDD9ksI9OxHNQmCfH1Rn2ydLfEgcrTuATGdnC8JuAKieTahjH_J7fauA8wrh9tVwe1NOpaay7b532yGFxjo__ChT4JEzsR_ePyO17tfBSbIzUlnqgIHbWwXcKgeYPR3KdxZQ7qO3vQGJKO2IOpMZfVmrs",
  qi: "ISX6LmvGioKbqgek9vy85DyFEdd_2Xksxg1MBcIOOlaCEydqShgZ2DtQ-ORHGk2D7apH44NvicPfPrAUS5Cbdo1xFnjgQT6LGAzqzQ7Y01SSxFQJIUXWaEGj5m8LVa8xa8PE6plGsIGCX9RL5aQDssc4CYn8YuDacsHca_--JUY",
  kty: "RSA"
};
crypto.subtle
  .importKey(
    "jwk",
    goodKey,
    { name: "RSA-OAEP", hash: { name: "SHA-1" } },
    false,
    ["decrypt"]
  )
  .then(() => console.log("goodKey success"))
  .catch(() => console.log("goodKey error"));

Example bad key (with p < q, importKey fails in Safari):

const badKey = {
  n: "0ZsZ2wOsJfDReOnhGvv2aphndsGYem9-L9hf4ALARZTfePkZbUQwk_z97HnA1UhBz-70kf1kTRPsO1MEtlFh2l2YVhZP6TQ13mKQpwMNoqN8E3BchvZQvSX-GhR1NxHOgFPvEF9q98ruXOvzhz4LCFgMR2SyGQopUPPpEiMsWO91YUyTwsw02gW_l5BcBis0r1xT3I0V9KEs8DMvBfOqnLeQLwzJ7lCXS-_uirTUyfe_VfMuVMIXDuAdVkcQR8YYm44ySmC-N5e2tmBNT8xc6dRizydS_t1cXh-D3TLw_w17USNNNveeem3jMGMf0ky0ZAbEPihwx5Vnl9SZd9PDfQ",
  e: "AQAB",
  d: "GNWssZN00SYAW7gyULUr1CNsltiHTXJqXBbh_TO2PkhOVhIFnjmnG9Gs8FjYrSybh5yDY8zHFo7WvYyvkT6BPpM6WnDYVQQ3obrB8tfcxLlkGRWGEQOcO10GB2cHIFg-xFuthp4XmXZ02ZOnTg3e1sU_5zGaHHdkv8-2fMyoE31MzBGRp6XCvmFhCemIvelymKbLDAkYL6TfBwgszh8C_JCqOeQgA07ht4gCGk_mH2TN91yOrbE5NNfI1yGptB92E_XxoA_v-IDD3hTFBwfuOv4ZyDpRmDYTOJcDwiozStnxTs2301sDAcIXswCsQ-0srsi61mt5APBJepM8PMGX7Q",
  p: "2yyXrox5xygc5mSXzwTZ3hjGOqcN43WQR_ZTNsk8CpjlbL23dAgs2_obnq0Ch05OxN7NPs9zBm2OZx6sWuZ13rCssUzhWzMwfY8O82RNSeW_gZP1ertbhgqR6K9H1RN_xxx7PqdcxIB8Kykxxf7d4mF-LR_DDXwHyXDCMNXou-8",
  q: "9NLxbz5zlPSqp_e1LLj6jGwkoYoF9wenAreAsjxDAxlcWVxalKgYr7vuTZ0UCi9Ou1u78NTMi9TAEU_RzeH72nW-RjUQWRRFDkRGqnfpDylCUViZZ49g4zHzVdc-5lg-JVQsZ4pV1ija4726D-yB45VchiKSo7whgB93Mw8de1M",
  dp: "gElhnzFqNkAsak6G7Q2R2IX3wWz2nCS8BuMPYgn3stw7raJ-NtRyLW__qqjpyfjz8hfXWuRiF2kY6RLzH2G1rFsNOdoeLhuQTm3l-mDDPHXV2iqYjPYNZC_bp66xBO8c45awLMQZcIskIr9B-vprNY6LJC5rJQFsLWRqxdrvFtE",
  dq: "xqXCMLlDn0FGlzNuVfNhmD7HGiub22ziHlo2mmg7F3Ckdf1xod0i6rRaD6-8aucnwu4T-L0xmuPtVB6n5Z3PdNrEoMK9mQnRXloX3ImfGSYpIUf6cQTtYGtPPf-AkfZXtoIt5XVhYHuV3-Q57GHCop62jD_RK_miVQsy9ML28PE",
  qi: "KcfzhX3UaSnJfeMg1rG5UBw6y9SG7WM78jmjaaGB4y9tfhiYXska8mG3yh2ahnia8qUDh5y3ZQ8iSD6Cnk2yPql0XxnTb-HBv5SKL2kESGd5PawaET5qABrGkHN4P-bNlWYDQF_VjL-9DxZB6sPgIsTNSaqjGeFCX8Cvqj57KXk",
  kty: "RSA"
};
crypto.subtle
  .importKey(
    "jwk",
    badKey,
    { name: "RSA-OAEP", hash: { name: "SHA-1" } },
    false,
    ["decrypt"]
  )
  .then(() => console.log("badKey success"))
  .catch(() => console.log("badKey error"));

Running the above two in Safari, I get:

goodKey success
badKey error

The symmetric Microsoft Edge bug I submitted: https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/20950190/

Please sort this out in a way that makes the two browsers compatible in this matter.
Comment 1 Radar WebKit Bug Importer 2019-03-25 14:21:00 PDT 
<rdar://problem/49228962>
Comment 2 Jiewen Tan 2019-03-25 14:28:59 PDT 
CommonCrypto is investigating this bug. CommonCrypto is the crypto services WebKit's WebCrypto API calls.
Comment 3 Brent Fulgham 2022-02-12 22:48:44 PST 
Note: This implementation is in a different OS component, which has this fix now.

No WebKit Changes will be made for this issue.