NEW 230001
SubtleCrypto.exportKey RSA sometimes exports different Private Exponent 
https://bugs.webkit.org/show_bug.cgi?id=230001
Summary SubtleCrypto.exportKey RSA sometimes exports different Private Exponent
Filip Skokan
Reported 2021-09-07 08:22:22 PDT
When importing RSA JWKs I'm seeing an issue with export on iOS 14 that did not exist on iOS 12 and iOS 13. I'm experiencing this through real device testing on the BrowserStack platform. The issue is that if re-exported, the exported JWK does not sometimes match the imported one. The snippet below works fine on iOS 12 and 13, but fails on iOS 14 Mobile Safari 14.0.2 (iOS 14.3). ```js const jwk = { kty: "RSA", n: "w1MQU2ERHuPd_BJAJEHqI2UQdcU7qBQn9LrujqDIU1KafLNDK_yrS-ZhlpL9XOO0KZpLa4bEZhJpqiHiqG65uaeIsfS1iU2tqKQ5YBq5MQBcfR330jNAa08t8wAnamPZdEZGZX17MIw7J3fvpbHKSdsyfH6EacCrtmGjUzhXiKwcwG3BH1GRySnFBrsCbOA4WBp5DbP1GurgNcWOsGul2bApK44f0bawQ3RAEgchJFsC_Uz_w7piA9r8Wl9KUJZ5ygvEuTojTQBtyjcngwHFXgHDYzveHh7Q25MaX2EmoEUQUnH_VgOXKoSjtBSWTVW1lo-T7dw3XTiIsJRFWa38mQ", e: "AQAB", d: "JYptdNkPJVS-cZhAY7eXfL4L79a8pI1bMJpNB3S3i-wwbQ83NdkWQzxAPWR69cN9-RECtePtE4EuddiVa7H8WEZu62URDxay7drCfEomldhv7kw4OVpIY1eQiUfaS4RtYv-uwAriBm6tX-SZVstZCeDrTyox4PF7D06syW3mxQmZMTL6IwOLpQiAgijO5Aa2KihufIWbCVaEQ8UOvJ9VXcAJsM4wSHUc55jx5CfwHSlyPjxuWcBACvCB4llY_n_krHbFDAocmUImjpbMWp5y3BmS9wtGlbS_H9_Dl9Efkp6qRdhenOF2Fh9vLhoi19AhPu0ORfHTgjUuN4tLb88IAQ", p: "8kxaQxCH24jb0tZ4gPfvRUJJuD6WNbtBClhdoSE2JmvHM-HtzVCh6aW_ulHLIT82PBMRXTK_lihiUD6NvCSbjMiVEKHT6Jn5-dbSlpp8uj3HmfsACBvLpxMD81Go6Tx7RKb1HNL7yRCLyo8r9buJenGF2H03HJ88HuNoCjAxZ8E", q: "zl6xI19mJupKa0PTRZsy6sZ_2dQnl-KuMVt3-TtZ4LfcSZL1F24HlAkj8tPKGVF6oya-bYRoQ928iZTNV2Gy1VdnjUGb3xeINFzORZmGUGtV5w6ugtLcngYKkfdEfLltq2KX3ZvS--EdkT9iY47kWrTicSf28IyLUolCm62fitk", dp: "TjwbFPZ8d4VMPVqk1De6GWna9dO3mqfYy2dW7BUWL_ey_Wyg5R94-EFdk-KfLSAE-gbKH4aoV-q4O-LGzw4e76lAgHtQOhWlomcb3icJyPTzwyNJklSvQEYii2k9mfm-b59dG66AQB7IlGIANrsUG-YV6p4bsnEz72FMEaYX_cE", dq: "PyeLXh_byxz4GUtwZGTSeDa2-ZqLY1fjpwcu9_7JypN5vqpShxENEKibb7yQpJ7iwPsiW7GhluNMx23aSVuEtvVAo2HoqaUx8ZRVK8eH6yRt7X_4t-B_03xVz8W0F9dHUKOjhhYhwyNpQQH8wisAhyHECo0IbSUVnfSThcDkikE", qi: "DBZc1mfJLCxHgpHyfrlueIVTooOCGBWTSC-C6PBicwjl2eJiQVe9Q3zFShjvv70SJpZ15SBKn06fML9nn9lRvbzQJBP671lUtxF_NfYN7Yl_FLEeADMfV7wBKZ8eIk8BhstzSY3xH_ZNJklYRnSCBZNI_NlSfH2QxSb-JjH6xGA", }; const { subtle } = globalThis.crypto; const cryptoKey = await subtle.importKey('jwk', jwk, { name: 'RSASSA-PKCS1-v1_5', hash: { name: 'SHA-256' } }, true, ['sign']) const reExport = await subtle.exportKey('jwk', cryptoKey) console.log(reExport.d === jwk.d) // expect the keys to match ```
Attachments
test case (2.03 KB, text/html)
2021-09-07 15:30 PDT, Alexey Proskuryakov 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Filip Skokan
Comment 1 2021-09-07 12:33:06 PDT
Interestingly enough, when I flip the actual and expected, then I the same bug applies to OS X Safari only in reverse. That being said - for deterministic signatures produced using both JWKs - they both generate the same output.
Alexey Proskuryakov
Comment 2 2021-09-07 15:30:01 PDT
Created attachment 437563 [details] test case Same test case as an attachment. Verified failing on Apple Silicon Mac. I think that we get this value directly from CCRSAGetKeyComponents. Equivalent private exponents obviously exist; I'm not sure if there are any requirements on round-trip fidelity or on using a particular normalized form in any of the specs involved.
Radar WebKit Bug Importer
Comment 3 2021-09-08 09:11:02 PDT
<rdar://problem/82875952>
Note You need to log in before you can comment on or make changes to this bug.