Bug 227480

Summary: [WebCrypto] WebKit accepts elliptic curve key whose point is not on the curve
Product: WebKit Reporter: Yoshiaki Jitsukawa <yoshiaki.jitsukawa>
Component: WebCore Misc.Assignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: ap, cdumez, jiewen_tan, katherine_cheney, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=227432

Description Yoshiaki Jitsukawa 2021-06-29 02:48:49 PDT
It might be an implementation-defined behavior but WebKit doesn't throw when importing an elliptic curve key whose point (x, y) is not on the curve.

For example, on Chrome, a DOM exception is thrown with the following code, while not on Safari:

var jwkKey = {
    kty: "EC",
    use: "enc",
    ext: true,
    crv: "P-384",
    x: "1bHwFrsaPRjYq-zFOyLXK8Ugv3EqbVF075ct7ouTl_pwyhjeBu03JHjKTsyVbNWK",
    y: "1bHwFrsaPRjYq-zFOyLXK8Ugv3EqbVF075ct7ouTl_pwyhjeBu03JHjKTsyVbNWK", // (x, y) is not on the P-384 curve
    // y: "OPQLbvRDpocNk4FRQLUVRBbqiauWcnUn7cAC2uSOH6GpSLoTo6B-4LtHq0ydd-iu", // x and this y is on the curve
};
var extractable = true;

crypto.subtle.importKey("jwk", jwkKey, { name: "ECDH", namedCurve: "P-384" }, extractable, [ ]).then(function(result) {
    publicKey = result;
});
Comment 1 Radar WebKit Bug Importer 2021-07-06 02:49:17 PDT
<rdar://problem/80201774>