Bug 227432

Summary: P-384 EC public JWK key in layout tests is wrong
Product: WebKit Reporter: Yoshiaki Jitsukawa <yoshiaki.jitsukawa>
Component: Tools / TestsAssignee: Yoshiaki Jitsukawa <yoshiaki.jitsukawa>
Status: RESOLVED FIXED    
Severity: Normal CC: ap, bfulgham, cdumez, ews-watchlist, jiewen_tan, katherine_cheney, webkit-bug-importer, yoshiaki.jitsukawa
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=227480
Attachments:
Description Flags
Patch
none
test html run on chrome
none
Patch
none
Patch none

Description Yoshiaki Jitsukawa 2021-06-27 17:20:48 PDT 
In https://github.com/WebKit/WebKit/blob/main/LayoutTests/crypto/subtle/ecdh-import-jwk-public-key-p384.html and https://github.com/WebKit/WebKit/blob/main/LayoutTests/crypto/subtle/ecdsa-import-jwk-public-key-alg-384.html, the JWK key is defined as:
var jwkKey = {
    kty: "EC",
    use: "enc",
    ext: true,
    crv: "P-384",
    x: "1bHwFrsaPRjYq-zFOyLXK8Ugv3EqbVF075ct7ouTl_pwyhjeBu03JHjKTsyVbNWK",
    y: "1bHwFrsaPRjYq-zFOyLXK8Ugv3EqbVF075ct7ouTl_pwyhjeBu03JHjKTsyVbNWK",
};
However x and y are the same value and the point (x, y) is not on the elliptic curve.

On windows Chrome, it fails to import the key, resulting in a DOM exception. Instead, using y = "OPQLbvRDpocNk4FRQLUVRBbqiauWcnUn7cAC2uSOH6GpSLoTo6B-4LtHq0ydd-iu" succeeds. 

The y value can be derived from x with openssl:
 1. With EC_POINT_set_compressed_coordinates_GFp(), set the coordinate on the curve, only specifying x (and the sign of y).
 2. Then retrieve both x and y with EC_POINT_get_affine_coordinates_GFp().
Comment 1 Yoshiaki Jitsukawa 2021-06-27 17:32:49 PDT 
Created attachment 432358 [details]
Patch
Comment 2 Yoshiaki Jitsukawa 2021-06-27 17:36:05 PDT 
Created attachment 432359 [details]
test html run on chrome

Attaching a test html I ran on windows Chrome.
Comment 3 Yoshiaki Jitsukawa 2021-06-27 17:44:33 PDT 
Created attachment 432361 [details]
Patch
Comment 4 Yoshiaki Jitsukawa 2021-06-28 16:13:20 PDT 
Created attachment 432439 [details]
Patch
Comment 5 Alexey Proskuryakov 2021-06-28 19:13:47 PDT 
Comment on attachment 432439 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=432439&action=review

> LayoutTests/ChangeLog:3
> +        P-384 EC public JWK key in layout tests is wrong

Is this a bad test that shouldn't be passing? trying to understand if there is a WebKit behavior bug, not just a test bug.
Comment 6 Yoshiaki Jitsukawa 2021-06-28 19:26:03 PDT 
> Is this a bad test that shouldn't be passing? trying to understand if there is a WebKit behavior bug, not just a test bug.

I believe these tests themselves are expected to be passed, and as you mentioned, there seems to be a bug that WebKit accepts a kind of invalid keys.
Comment 7 Chris Dumez 2021-06-28 20:10:03 PDT 
(In reply to Yoshiaki Jitsukawa from comment #6)
> > Is this a bad test that shouldn't be passing? trying to understand if there is a WebKit behavior bug, not just a test bug.
> 
> I believe these tests themselves are expected to be passed, and as you
> mentioned, there seems to be a bug that WebKit accepts a kind of invalid
> keys.

Seems we should align with Chrome and throw on bad input then?
Comment 8 Yoshiaki Jitsukawa 2021-06-28 22:22:29 PDT 
(In reply to Chris Dumez from comment #7)
> Seems we should align with Chrome and throw on bad input then?

I personally think so.
Comment 9 Yoshiaki Jitsukawa 2021-06-29 02:50:06 PDT 
I've filed bug 227480 - [WebCrypto] WebKit accepts elliptic curve key whose point is not on the curve
Comment 10 EWS 2021-06-29 08:19:52 PDT 
Committed r279374 (239240@main): <https://commits.webkit.org/239240@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 432439 [details].
Comment 11 Radar WebKit Bug Importer 2021-06-29 08:20:17 PDT 
<rdar://problem/79916328>