[webkit-changes] [WebKit/WebKit] 049cd4: Integrity check for the X25519 JWK import

Javier Fernandez Garcia-Boente noreply at github.com
Tue Dec 3 03:54:12 PST 2024


  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 049cd4cf1bf991a083080743403c1ef8e4d34428
      https://github.com/WebKit/WebKit/commit/049cd4cf1bf991a083080743403c1ef8e4d34428
  Author: Javier Fernandez <jfernandez at igalia.com>
  Date:   2024-12-03 (Tue, 03 Dec 2024)

  Changed paths:
    M LayoutTests/imported/w3c/web-platform-tests/WebCryptoAPI/import_export/okp_importKey_failures_X25519.https.any-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/WebCryptoAPI/import_export/okp_importKey_failures_X25519.https.any.worker-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/WebCryptoAPI/wrapKey_unwrapKey/wrapKey_unwrapKey.https.any-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/WebCryptoAPI/wrapKey_unwrapKey/wrapKey_unwrapKey.https.any.worker-expected.txt
    M Source/WebCore/crypto/keys/CryptoKeyOKP.cpp

  Log Message:
  -----------
  Integrity check for the X25519 JWK import
https://bugs.webkit.org/show_bug.cgi?id=282578

Reviewed by David Kilzer.

The test case attahced in the bug forces wrapping into a non-extractable
key and the tries to unwrap it into an extractable key. This shouldn't be
allowed, since the JWK import operation perform internally must ensure the
expected value of the 'ext' attribute is the correct one.

This change implements additional integrity checks in the X25518 importKey
operation when it's using the JWK format.

This bug is the root cause of the failure in one of the X25519 test cases
defined in the wrapKey_unwrapKey.https.any.js file of the WPT WebCrypto API
test suite.

Regarding tests, I've added new test cases to the import_key_failures tests
to cover the change in the X25519 JWK import logic. Additionally, this change
also updates the test expectations for this test since it seems it's all PASS
now for all the platforms.

* LayoutTests/imported/w3c/web-platform-tests/WebCryptoAPI/import_export/okp_importKey_failures_X25519.https.any-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/WebCryptoAPI/import_export/okp_importKey_failures_X25519.https.any.worker-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/WebCryptoAPI/wrapKey_unwrapKey/wrapKey_unwrapKey.https.any-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/WebCryptoAPI/wrapKey_unwrapKey/wrapKey_unwrapKey.https.any.worker-expected.txt:
* Source/WebCore/crypto/keys/CryptoKeyOKP.cpp:
(WebCore::CryptoKeyOKP::importJwk):

Canonical link: https://commits.webkit.org/287273@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications


More information about the webkit-changes mailing list