Closed Bug 1410861 Opened 4 years ago Closed 2 months ago

Implement AES-GCM unwrap of ECDSA keys for WebCrypto API

Categories

(Core :: DOM: Web Crypto, enhancement, P3)

Product:
Core
Component:
DOM: Web Crypto
Version:
57 Branch
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
88 Branch
Tracking Flags:
Tracking Status
firefox88 --- fixed

People

(Reporter: guillaume-mozilla, Assigned: christoph-wa)

Details

(Whiteboard: [domsecurity-backlog1])

Attachments

(1 file, 1 obsolete file)

Bug 1410861 - Support for `unwrapKey` of ECDH/ECDSA keys
47 bytes, text/x-phabricator-request
Details | Review 
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0
Build ID: 20171019140425

Steps to reproduce:

On the well known Live API Table ( https://diafygi.github.io/webcrypto-examples/ ) we could see we can wrap a ECDSA key with AES-GCM but can't unwrap it. 
By the way, it's the same for ECDH algorithm.


Actual results:

Can't use unwrapKey() for ECDSA


Expected results:

Nothing
Component: Untriaged → DOM: Security
Product: Firefox → Core
Tim, can you weigh in?
Flags: needinfo?(ttaubert)
Seems like that's missing. Will happily accept any patches :)
Flags: needinfo?(ttaubert)
Priority: -- → P3
Status: UNCONFIRMED → NEW
Ever confirmed: true
Whiteboard: [domsecurity-backlog1]
Component: DOM: Security → DOM: Web Crypto
Assignee: nobody → christoph-wa
Status: NEW → ASSIGNED

As mentioned in phab, I don't have access to the try server. So I think you have to do this.

Flags: needinfo?(dkeeler)

Ok. If you want to keep submitting patches, I recommend you get try access so you can test your changes out before landing them: https://wiki.mozilla.org/ReleaseEngineering/TryServer#Getting_access_to_the_Try_Server

Flags: needinfo?(dkeeler)
Pushed by dkeeler@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/e2521231284c
Support for `unwrapKey` of ECDH/ECDSA keys r=keeler

Looks like there are some tests in https://searchfox.org/mozilla-central/source/testing/web-platform/meta/WebCryptoAPI/wrapKey_unwrapKey/test_wrapKey_unwrapKey.https.html.ini that are passing now. I believe you can remove the corresponding failure entries - e.g.:

  [Can wrap and unwrap ECDH public key keys using spki and AES-CTR]
    expected: FAIL

Depends on D97711

Attachment #9204093 - Attachment is obsolete: true
Flags: needinfo?(christoph-wa)
Pushed by dkeeler@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/503a3d1a480f
Support for `unwrapKey` of ECDH/ECDSA keys r=keeler

https://hg.mozilla.org/mozilla-central/rev/503a3d1a480f

Status: ASSIGNED → RESOLVED
Closed: 2 months ago
status-firefox88: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 88 Branch
You need to log in before you can comment on or make changes to this bug.