Bug 227432 - P-384 EC public JWK key in layout tests is wrong
Summary: P-384 EC public JWK key in layout tests is wrong
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Tools / Tests (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Yoshiaki Jitsukawa
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2021-06-27 17:20 PDT by Yoshiaki Jitsukawa
Modified: 2021-06-29 08:20 PDT (History)
8 users (show)

See Also:


Attachments
Patch (2.21 KB, patch)
2021-06-27 17:32 PDT, Yoshiaki Jitsukawa
no flags Details | Formatted Diff | Diff
test html run on chrome (559 bytes, text/html)
2021-06-27 17:36 PDT, Yoshiaki Jitsukawa
no flags Details
Patch (4.33 KB, patch)
2021-06-27 17:44 PDT, Yoshiaki Jitsukawa
no flags Details | Formatted Diff | Diff
Patch (4.33 KB, patch)
2021-06-28 16:13 PDT, Yoshiaki Jitsukawa
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Yoshiaki Jitsukawa 2021-06-27 17:20:48 PDT
In https://github.com/WebKit/WebKit/blob/main/LayoutTests/crypto/subtle/ecdh-import-jwk-public-key-p384.html and https://github.com/WebKit/WebKit/blob/main/LayoutTests/crypto/subtle/ecdsa-import-jwk-public-key-alg-384.html, the JWK key is defined as:
var jwkKey = {
    kty: "EC",
    use: "enc",
    ext: true,
    crv: "P-384",
    x: "1bHwFrsaPRjYq-zFOyLXK8Ugv3EqbVF075ct7ouTl_pwyhjeBu03JHjKTsyVbNWK",
    y: "1bHwFrsaPRjYq-zFOyLXK8Ugv3EqbVF075ct7ouTl_pwyhjeBu03JHjKTsyVbNWK",
};
However x and y are the same value and the point (x, y) is not on the elliptic curve.

On windows Chrome, it fails to import the key, resulting in a DOM exception. Instead, using y = "OPQLbvRDpocNk4FRQLUVRBbqiauWcnUn7cAC2uSOH6GpSLoTo6B-4LtHq0ydd-iu" succeeds. 

The y value can be derived from x with openssl:
 1. With EC_POINT_set_compressed_coordinates_GFp(), set the coordinate on the curve, only specifying x (and the sign of y).
 2. Then retrieve both x and y with EC_POINT_get_affine_coordinates_GFp().
Comment 1 Yoshiaki Jitsukawa 2021-06-27 17:32:49 PDT
Created attachment 432358 [details]
Patch
Comment 2 Yoshiaki Jitsukawa 2021-06-27 17:36:05 PDT
Created attachment 432359 [details]
test html run on chrome

Attaching a test html I ran on windows Chrome.
Comment 3 Yoshiaki Jitsukawa 2021-06-27 17:44:33 PDT
Created attachment 432361 [details]
Patch
Comment 4 Yoshiaki Jitsukawa 2021-06-28 16:13:20 PDT
Created attachment 432439 [details]
Patch
Comment 5 Alexey Proskuryakov 2021-06-28 19:13:47 PDT
Comment on attachment 432439 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=432439&action=review

> LayoutTests/ChangeLog:3
> +        P-384 EC public JWK key in layout tests is wrong

Is this a bad test that shouldn't be passing? trying to understand if there is a WebKit behavior bug, not just a test bug.
Comment 6 Yoshiaki Jitsukawa 2021-06-28 19:26:03 PDT
> Is this a bad test that shouldn't be passing? trying to understand if there is a WebKit behavior bug, not just a test bug.

I believe these tests themselves are expected to be passed, and as you mentioned, there seems to be a bug that WebKit accepts a kind of invalid keys.
Comment 7 Chris Dumez 2021-06-28 20:10:03 PDT
(In reply to Yoshiaki Jitsukawa from comment #6)
> > Is this a bad test that shouldn't be passing? trying to understand if there is a WebKit behavior bug, not just a test bug.
> 
> I believe these tests themselves are expected to be passed, and as you
> mentioned, there seems to be a bug that WebKit accepts a kind of invalid
> keys.

Seems we should align with Chrome and throw on bad input then?
Comment 8 Yoshiaki Jitsukawa 2021-06-28 22:22:29 PDT
(In reply to Chris Dumez from comment #7)
> Seems we should align with Chrome and throw on bad input then?

I personally think so.
Comment 9 Yoshiaki Jitsukawa 2021-06-29 02:50:06 PDT
I've filed bug 227480 - [WebCrypto] WebKit accepts elliptic curve key whose point is not on the curve
Comment 10 EWS 2021-06-29 08:19:52 PDT
Committed r279374 (239240@main): <https://commits.webkit.org/239240@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 432439 [details].
Comment 11 Radar WebKit Bug Importer 2021-06-29 08:20:17 PDT
<rdar://problem/79916328>