1743582 - support importing compressed EC keys in webcrypto

Status: UNCONFIRMED

(Core :: DOM: Web Crypto, enhancement)

Description

[Filip Skokan]

Steps to reproduce:

// SPKI representation of a P-384 EC key in a compressed form.
const spki = new Uint8Array([48, 70, 48, 16, 6, 7, 42, 134, 72, 206, 61, 2, 1, 6, 5, 43, 129, 4, 0, 34, 3, 50, 0, 2, 251, 203, 124, 105, 238, 28, 96, 87, 155, 231, 163, 52, 19, 72, 120, 217, 197, 197, 191, 53, 213, 82, 218, 182, 60, 1, 64, 57, 126, 209, 76, 239, 99, 125, 119, 32, 146, 92, 68, 105, 158, 163, 14, 114, 135, 76, 114, 251])

await crypto.subtle.importKey('spki', spki, { name: 'ECDSA', namedCurve: 'P-384' }, false, ['verify'])

Actual results:

importKey is rejected with DOMException: Data provided to an operation does not meet requirements

Expected results:

compressed EC public key SPKI should import as in other browsers

Comment 1

[Filip Skokan]

Attachment: Screenshot 2021-11-30 at 12.19.49.png

working in Chrome

Comment 2

[Filip Skokan]

Likewise, same issue, when using the raw keyFormat

const pub = new Uint8Array([2, 251, 203, 124, 105, 238, 28, 96, 87, 155, 231, 163, 52, 19, 72, 120, 217, 197, 197, 191, 53, 213, 82, 218, 182, 60, 1, 64, 57, 126, 209, 76, 239, 99, 125, 119, 32, 146, 92, 68, 105, 158, 163, 14, 114, 135, 76, 114, 251])
await crypto.subtle.importKey('raw', pub, { name: 'ECDSA', namedCurve: 'P-384' }, false, ['verify'])

importKey is rejected with DOMException: Data provided to an operation does not meet requirements

Comment 3

[Dana Keeler (she/her) (use needinfo) [:keeler]]

Note that the specification doesn't actually require supporting compressed EC keys.

Comment 4

[Filip Skokan]

That's right, but at the same time, FF is an outlier in it not supporting compressed EC public keys and we expect interoperability from Web API implementations.

Comment 5

[Thomas Wisniewski [:twisniewski]]

The Safari 16.4 beta release notes indicate that it will also support importing these keys.