[Webkit-unassigned] [Bug 260430] New: [WebCrypto] Import key in jwk format should throw DataError instead of TypeError

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat Aug 19 07:10:17 PDT 2023 

https://bugs.webkit.org/show_bug.cgi?id=260430

            Bug ID: 260430
           Summary: [WebCrypto] Import key in jwk format should throw
                    DataError instead of TypeError
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: jfernandez at igalia.com

This bug affects the recently added algorithm Ed25519, but also other algorithms. In the case of the former one, according to the Secure Curves spec [1], if the kty field is not present or incorrect, we should throw a DataError exception.

> If the kty field of jwk is not "OKP", then throw a DataError. 

On the other hand, the Web Cryptography specification states something similar for other algorithms:

* In case of the RSA-* [2][3][4] algorithms:

> If the "kty" field of jwk is not a case-sensitive string match to "RSA", then throw a DataError. 

* In case of the EC* [5][6] algorithms:

> If the "kty" field of jwk is not "EC", then throw a DataError. 

* In case of the AES-* [7][8][9][10] algorithms:

> If the "kty" field of jwk is not "oct", then throw a DataError. 

* In case of the HMAC [11] algorithm:

> If the "kty" field of jwk is not "oct", then throw a DataError. 


[1] https://wicg.github.io/webcrypto-secure-curves/#ed25519-operations  
[2] https://www.w3.org/TR/WebCryptoAPI/#rsassa-pkcs1-operations
[3] https://www.w3.org/TR/WebCryptoAPI/#rsa-pss-operations
[4] https://www.w3.org/TR/WebCryptoAPI/#rsa-oaep-operations
[5] https://www.w3.org/TR/WebCryptoAPI/#ecdsa-operations
[6] https://www.w3.org/TR/WebCryptoAPI/#ecdh-operations
[7] https://www.w3.org/TR/WebCryptoAPI/#aes-ctr-operations
[8] https://www.w3.org/TR/WebCryptoAPI/#aes-cbc-operations
[9] https://www.w3.org/TR/WebCryptoAPI/#aes-gcm-operations
[10] https://www.w3.org/TR/WebCryptoAPI/#aes-kw-operations
[11] https://www.w3.org/TR/WebCryptoAPI/#hmac-operations

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230819/f9d8e71e/attachment-0001.htm>

More information about the webkit-unassigned mailing list