Closed Bug 1410403 Opened 2 years ago Closed 22 days ago

WebCrypto: incorrect oid for ecdsa keys in spki

Categories

(Core :: DOM: Web Crypto, defect, P3)

Product:
Core
Component:
DOM: Web Crypto
Version:
56 Branch
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla72
Tracking Flags:
Tracking Status
firefox72 --- fixed

People

(Reporter: ondras, Assigned: jcj)

References

Details

(Whiteboard: [webcrypto][domsecurity-backlog])

Attachments

(1 file, 1 obsolete file)

Bug 1410403 - Use id-ecPublicKey for ECDH key export from WebCrypto r?keeler
47 bytes, text/x-phabricator-request
Details | Review 
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:56.0) Gecko/20100101 Firefox/56.0
Build ID: 20171003100843

Steps to reproduce:

ECDSA keys exported via WebExpo to spki shall have the algo OID of "1.2.840.10045.2.1" as per https://www.w3.org/TR/WebCryptoAPI/#ecdsa-operations.

Currently, these keys have OID "1.3.132.112".


Actual results:

The OID is "1.3.132.112"


Expected results:

The OID shall be "1.2.840.10045.2.1".
Typo: s/WebExpo/WebCrypto/
Component: Untriaged → Security
Product: Firefox → Core
The ecdh OID is also wrong as per https://github.com/w3c/webcrypto/issues/86
Component: Security → Security: PSM
Priority: -- → P2
Whiteboard: [psm-backlog]
Component: Security: PSM → DOM: Security
Summary: incorrect oid for ecdsa keys in spki → WebCrypto: incorrect oid for ecdsa keys in spki
Whiteboard: [psm-backlog] → [psm-backlog] [webcrypto]

JC, P2 in Dom:Security requires someone to be assigned to it. Can you help me find either an assignee or alternatively we could change the priority. What do you think?

Flags: needinfo?(jjones)

Eventually I expect it will be Dana or me, but let's put it at P3 for now.

Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: needinfo?(jjones)
Priority: P2 → P3
Whiteboard: [psm-backlog] [webcrypto] → [webcrypto]
Whiteboard: [webcrypto] → [webcrypto][domsecurity-backlog]
Component: DOM: Security → DOM: Web Crypto

Note that while this bug may appear inconsequential, it actually prevents easily importing the key into other contexts like OpenSSL. The ASN has to be manually opened and fixed.

Thanks for the heads-up, kll, that's useful to know. With the updates from Bug 1564509 this is straightforward. I'll post a patch shortly.

Assignee: nobody → jjones
Status: NEW → ASSIGNED

id-ecPublicKey is defined as the OID {iso(1) member-body(2) us(840)
ansi-x962(10045) keyType(2) ecPublicKey(1)}, and is the NSS default, so
remove the override code from CryptoKey.cpp that forced it to the legacy
id-ecDH code.

Pushed by jjones@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/35f2efaaeff6
Use id-ecPublicKey for ECDH key export from WebCrypto r=keeler
Pushed by rgurzau@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/a4ef4d6cdff0
Fixup, mark as fixed relevant WebCrypto Web Platform Tests UPGRADE_NSS_RELEASE CLOSED TREE
Attachment #9108478 - Attachment is obsolete: true

https://hg.mozilla.org/mozilla-central/rev/35f2efaaeff6
https://hg.mozilla.org/mozilla-central/rev/a4ef4d6cdff0

Status: ASSIGNED → RESOLVED
Closed: 22 days ago
status-firefox72: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla72
You need to log in before you can comment on or make changes to this bug.