Bug 260469 - [WebCrypto] We lack a check for the Ed25519 priv/pub key pair during the JWK import
Summary: [WebCrypto] We lack a check for the Ed25519 priv/pub key pair during the JWK ...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Javier Fernandez
URL:
Keywords: InRadar
Depends on:
Blocks: 245778
  Show dependency treegraph
 
Reported: 2023-08-21 08:46 PDT by Javier Fernandez
Modified: 2023-09-08 01:44 PDT (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Javier Fernandez 2023-08-21 08:46:36 PDT 
When importing an Ed25519 key pair in JWK format we need to ensure that the value in the 'x' and 'd' keys correspond valid key pair. We need to ensure that the public key generated from the value got from the 'd' key matches the value imported from the 'x' value. 

It's worth mentioning that the Web Cryptography API spec doesn't describes explicitly such test, but I think it's implied by the need of ensure the integrity of the import of key pairs in the JWK format. Additionally, there are Web Platform Tests that fail due t the lack of this check in WebKit's implementation of the Ed25519 algorithm.
Comment 1 Javier Fernandez 2023-08-21 09:01:28 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/16888
Comment 2 EWS 2023-08-23 07:26:38 PDT 
Committed 267184@main (8c9a448b18a4): <https://commits.webkit.org/267184@main>

Reviewed commits have been landed. Closing PR #16888 and removing active labels.
Comment 3 Radar WebKit Bug Importer 2023-08-23 07:27:14 PDT 
<rdar://problem/114322427>