RESOLVED FIXED 276916
[WebCrypto] ECDH and X25519 derive bits should return an empty string when length is zero 
https://bugs.webkit.org/show_bug.cgi?id=276916
Summary [WebCrypto] ECDH and X25519 derive bits should return an empty string when le...
Javier Fernandez
Reported 2024-07-22 16:11:22 PDT
We have reached an important agreement [1] to change the last draft of the WebCrypto API specification to solve a long-term interoperability issue in the deriveBits operation to define the 'length' parameter as optional. In such conversation it's been agreed that a zero value for the 'length' parameter should return an empty string instead of the whole derived key, as currently WebKit does. It's worth mentioning that the current draft already specify such behavior for the ECDH and X25519 algorithms, so WebKit's implementation is not spec-compliant on this regard. [1] https://github.com/w3c/webcrypto/pull/345
Attachments
Add attachment proposed patch, testcase, etc.
Javier Fernandez
Comment 1 2024-07-24 03:40:12 PDT
Pull request: https://github.com/WebKit/WebKit/pull/31146
Radar WebKit Bug Importer
Comment 2 2024-07-29 16:12:24 PDT
<rdar://problem/132761687>
Javier Fernandez
Comment 3 2024-09-30 03:53:45 PDT
There is an ongoing discussion [1] to throw an OperatonError exception on any value passed in the 'length' parameter that implies truncating the derivedKey material. So if that's approved, this bug should be changed or closed as invalid.
Javier Fernandez
Comment 4 2024-09-30 03:54:26 PDT
(In reply to Javier Fernandez from comment #3) > There is an ongoing discussion [1] to throw an OperatonError exception on > any value passed in the 'length' parameter that implies truncating the > derivedKey material. > > So if that's approved, this bug should be changed or closed as invalid. [1] https://github.com/w3c/webcrypto/issues/369
EWS
Comment 5 2024-10-18 01:03:20 PDT
Committed 285383@main (0b46039641c2): <https://commits.webkit.org/285383@main> Reviewed commits have been landed. Closing PR #31146 and removing active labels.
WebKit Commit Bot
Comment 6 2024-10-23 13:45:42 PDT
Re-opened since this is blocked by bug 282002
Nitin Mahendru
Comment 7 2024-10-25 14:30:42 PDT
Pull request: https://github.com/WebKit/WebKit/pull/35739
EWS
Comment 8 2024-10-28 14:37:49 PDT
Committed 285789@main (f9e55bf363c1): <https://commits.webkit.org/285789@main> Reviewed commits have been landed. Closing PR #35739 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.