Open Bug 2000795 Opened 4 months ago Updated 1 month ago

SubtleCrypto.exportKey fails for some imported EC keys

Categories

(Core :: DOM: Web Crypto, defect, P2)

Product:
Core
Component:
DOM: Web Crypto
Version:
Firefox 145
Type:
defect

Tracking

()

Status:
ASSIGNED

People

(Reporter: panva.ip, Assigned: anna.weine)

Details

Attachments

(1 file, 1 obsolete file)

Bug 2000795 - [WebCrypto] Fix for SubtleCrypto.exportKey fails for some imported EC keys
48 bytes, text/x-phabricator-request
Details | Review

Steps to reproduce:

Now that EC pkcs8 without a public key can be imported (Fixed in https://bugzilla.mozilla.org/show_bug.cgi?id=1915792) the resulting CryptoKey fails to be re-exported as jwk.

This works in Chrome, Node, Deno, and other server runtimes but fails in Firefox.
Safari still fails to even import the key.

This is causing hurdles with PQ/T Hybrid HPKE KEM key derivation (seed expansion), requiring users to implement scalar multiplication which honestly should not be left to users to do.

const jwk = {
  kty: 'EC',
  x: 'KJtyCr3jOZjnIHmJf7Mj2W010EkgBCHbWKP_QoFgK04',
  y: 'gZRbjpFSPK4H_IIq1Oxs--LS6PjEODMXz-cGIdjsaGI',
  crv: 'P-256',
  d: '7sOs7L87ue9x5ZsP3f8ScKUFf76mZdkXzNO-Hv1FWI4'
}

const template = Uint8Array.of(0x30, 0x41, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x04, 0x27, 0x30, 0x25, 0x02, 0x01, 0x01, 0x04, 0x20)
const d = Uint8Array.fromBase64(jwk.d, { alphabet: 'base64url' })

const pkcs8 = new Uint8Array(template.byteLength + d.byteLength)

pkcs8.set(template)
pkcs8.set(d, template.byteLength)

crypto.subtle.importKey('pkcs8', pkcs8, { name: 'ECDH', namedCurve: 'P-256' }, true, ['deriveBits']).then((key) => {
  console.log(key)
  crypto.subtle.exportKey('jwk', key).then(console.log, () => console.log('failed to jwk export'))
  crypto.subtle.exportKey('pkcs8', key).then(console.log, () => console.log('failed to pkcs8 export'))
}, () => console.log('failed to import'))

Actual results:

prints an imported CryptoKey
prints a re-exported pkcs8 (same as input, no public key included)
fails to export jwk

Expected results:

prints an imported CryptoKey
prints a re-exported pkcs8
prints a re-exported jwk with recalculated x and y coordinates

The Bugbug bot thinks this bug should belong to the 'Core::DOM: Web Crypto' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → DOM: Web Crypto
Product: Firefox → Core

Oh.
Thanks for the report, I will take a look, probably the next week.

Assignee: nobody → anna.weine
Severity: -- → S4
Priority: -- → P2
Flags: needinfo?(anna.weine)
Attachment #9527446 - Attachment description: WIP: Bug 2000795 - [WebCrypto] Fix for SubtleCrypto.exportKey fails for some imported EC keys → Bug 2000795 - [WebCrypto] Fix for SubtleCrypto.exportKey fails for some imported EC keys
Attachment #9527435 - Attachment is obsolete: true

It looks like my patch solves the problem. Filip, whenever you have time, could you check it?

Thanks!

Flags: needinfo?(anna.weine) → needinfo?(panva.ip)

Don't know where I'd even start checking :) feel free to proceed at your own best judgement please

Flags: needinfo?(panva.ip)
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true

Thank you Filip And Anna ! This bug is also found me because I wanted to derive a key from a seed. Here is my issue reproduction code snippet. It can be pasted into the Console in the developer tools.

https://picopublish.sequentialread.com/files/subtlecrypto-not-working.js

In Chrome this snippet will print the same jwk formatted key twice, in firefox it only prints the first time and then second time, it gives "The operation failed for an operation-specific reason"

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: