In https://github.com/WebKit/WebKit/blob/main/LayoutTests/crypto/subtle/ecdh-import-jwk-public-key-p384.html and https://github.com/WebKit/WebKit/blob/main/LayoutTests/crypto/subtle/ecdsa-import-jwk-public-key-alg-384.html, the JWK key is defined as: var jwkKey = { kty: "EC", use: "enc", ext: true, crv: "P-384", x: "1bHwFrsaPRjYq-zFOyLXK8Ugv3EqbVF075ct7ouTl_pwyhjeBu03JHjKTsyVbNWK", y: "1bHwFrsaPRjYq-zFOyLXK8Ugv3EqbVF075ct7ouTl_pwyhjeBu03JHjKTsyVbNWK", }; However x and y are the same value and the point (x, y) is not on the elliptic curve. On windows Chrome, it fails to import the key, resulting in a DOM exception. Instead, using y = "OPQLbvRDpocNk4FRQLUVRBbqiauWcnUn7cAC2uSOH6GpSLoTo6B-4LtHq0ydd-iu" succeeds. The y value can be derived from x with openssl: 1. With EC_POINT_set_compressed_coordinates_GFp(), set the coordinate on the curve, only specifying x (and the sign of y). 2. Then retrieve both x and y with EC_POINT_get_affine_coordinates_GFp().
Created attachment 432358 [details] Patch
Created attachment 432359 [details] test html run on chrome Attaching a test html I ran on windows Chrome.
Created attachment 432361 [details] Patch
Created attachment 432439 [details] Patch
Comment on attachment 432439 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=432439&action=review > LayoutTests/ChangeLog:3 > + P-384 EC public JWK key in layout tests is wrong Is this a bad test that shouldn't be passing? trying to understand if there is a WebKit behavior bug, not just a test bug.
> Is this a bad test that shouldn't be passing? trying to understand if there is a WebKit behavior bug, not just a test bug. I believe these tests themselves are expected to be passed, and as you mentioned, there seems to be a bug that WebKit accepts a kind of invalid keys.
(In reply to Yoshiaki Jitsukawa from comment #6) > > Is this a bad test that shouldn't be passing? trying to understand if there is a WebKit behavior bug, not just a test bug. > > I believe these tests themselves are expected to be passed, and as you > mentioned, there seems to be a bug that WebKit accepts a kind of invalid > keys. Seems we should align with Chrome and throw on bad input then?
(In reply to Chris Dumez from comment #7) > Seems we should align with Chrome and throw on bad input then? I personally think so.
I've filed bug 227480 - [WebCrypto] WebKit accepts elliptic curve key whose point is not on the curve
Committed r279374 (239240@main): <https://commits.webkit.org/239240@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 432439 [details].
<rdar://problem/79916328>