Bug 227432

Summary: P-384 EC public JWK key in layout tests is wrong
Product: WebKit Reporter: Yoshiaki Jitsukawa <yoshiaki.jitsukawa>
Component: Tools / TestsAssignee: Yoshiaki Jitsukawa <yoshiaki.jitsukawa>
Status: RESOLVED FIXED    
Severity: Normal CC: ap, bfulgham, cdumez, ews-watchlist, jiewen_tan, katherine_cheney, webkit-bug-importer, yoshiaki.jitsukawa
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=227480
Attachments:
Description Flags
Patch
none
test html run on chrome
none
Patch
none
Patch none

Yoshiaki Jitsukawa
Reported 2021-06-27 17:20:48 PDT
In https://github.com/WebKit/WebKit/blob/main/LayoutTests/crypto/subtle/ecdh-import-jwk-public-key-p384.html and https://github.com/WebKit/WebKit/blob/main/LayoutTests/crypto/subtle/ecdsa-import-jwk-public-key-alg-384.html, the JWK key is defined as: var jwkKey = { kty: "EC", use: "enc", ext: true, crv: "P-384", x: "1bHwFrsaPRjYq-zFOyLXK8Ugv3EqbVF075ct7ouTl_pwyhjeBu03JHjKTsyVbNWK", y: "1bHwFrsaPRjYq-zFOyLXK8Ugv3EqbVF075ct7ouTl_pwyhjeBu03JHjKTsyVbNWK", }; However x and y are the same value and the point (x, y) is not on the elliptic curve. On windows Chrome, it fails to import the key, resulting in a DOM exception. Instead, using y = "OPQLbvRDpocNk4FRQLUVRBbqiauWcnUn7cAC2uSOH6GpSLoTo6B-4LtHq0ydd-iu" succeeds. The y value can be derived from x with openssl: 1. With EC_POINT_set_compressed_coordinates_GFp(), set the coordinate on the curve, only specifying x (and the sign of y). 2. Then retrieve both x and y with EC_POINT_get_affine_coordinates_GFp().
Attachments
Patch (2.21 KB, patch)
2021-06-27 17:32 PDT, Yoshiaki Jitsukawa 		no flags
DetailsFormatted DiffDiff
test html run on chrome (559 bytes, text/html)
2021-06-27 17:36 PDT, Yoshiaki Jitsukawa 		no flags
Details
Patch (4.33 KB, patch)
2021-06-27 17:44 PDT, Yoshiaki Jitsukawa 		no flags
DetailsFormatted DiffDiff
Patch (4.33 KB, patch)
2021-06-28 16:13 PDT, Yoshiaki Jitsukawa 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Yoshiaki Jitsukawa
Comment 1 2021-06-27 17:32:49 PDT
Created attachment 432358 [details] Patch
Yoshiaki Jitsukawa
Comment 2 2021-06-27 17:36:05 PDT
Created attachment 432359 [details] test html run on chrome Attaching a test html I ran on windows Chrome.
Yoshiaki Jitsukawa
Comment 3 2021-06-27 17:44:33 PDT
Created attachment 432361 [details] Patch
Yoshiaki Jitsukawa
Comment 4 2021-06-28 16:13:20 PDT
Created attachment 432439 [details] Patch
Alexey Proskuryakov
Comment 5 2021-06-28 19:13:47 PDT
Comment on attachment 432439 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=432439&action=review > LayoutTests/ChangeLog:3 > + P-384 EC public JWK key in layout tests is wrong Is this a bad test that shouldn't be passing? trying to understand if there is a WebKit behavior bug, not just a test bug.
Yoshiaki Jitsukawa
Comment 6 2021-06-28 19:26:03 PDT
> Is this a bad test that shouldn't be passing? trying to understand if there is a WebKit behavior bug, not just a test bug. I believe these tests themselves are expected to be passed, and as you mentioned, there seems to be a bug that WebKit accepts a kind of invalid keys.
Chris Dumez
Comment 7 2021-06-28 20:10:03 PDT
(In reply to Yoshiaki Jitsukawa from comment #6) > > Is this a bad test that shouldn't be passing? trying to understand if there is a WebKit behavior bug, not just a test bug. > > I believe these tests themselves are expected to be passed, and as you > mentioned, there seems to be a bug that WebKit accepts a kind of invalid > keys. Seems we should align with Chrome and throw on bad input then?
Yoshiaki Jitsukawa
Comment 8 2021-06-28 22:22:29 PDT
(In reply to Chris Dumez from comment #7) > Seems we should align with Chrome and throw on bad input then? I personally think so.
Yoshiaki Jitsukawa
Comment 9 2021-06-29 02:50:06 PDT
I've filed bug 227480 - [WebCrypto] WebKit accepts elliptic curve key whose point is not on the curve
EWS
Comment 10 2021-06-29 08:19:52 PDT
Committed r279374 (239240@main): <https://commits.webkit.org/239240@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 432439 [details].
Radar WebKit Bug Importer
Comment 11 2021-06-29 08:20:17 PDT
<rdar://problem/79916328>
Note You need to log in before you can comment on or make changes to this bug.