[Webkit-unassigned] [Bug 260469] New: [WebCrypto] We lack a check for the Ed25519 priv/pub key pair during the JWK import

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Aug 21 08:46:36 PDT 2023 

https://bugs.webkit.org/show_bug.cgi?id=260469

            Bug ID: 260469
           Summary: [WebCrypto] We lack a check for the Ed25519 priv/pub
                    key pair during the JWK import
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: jfernandez at igalia.com

When importing an Ed25519 key pair in JWK format we need to ensure that the value in the 'x' and 'd' keys correspond valid key pair. We need to ensure that the public key generated from the value got from the 'd' key matches the value imported from the 'x' value. 

It's worth mentioning that the Web Cryptography API spec doesn't describes explicitly such test, but I think it's implied by the need of ensure the integrity of the import of key pairs in the JWK format. Additionally, there are Web Platform Tests that fail due t the lack of this check in WebKit's implementation of the Ed25519 algorithm.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230821/2e65c0ba/attachment.htm>

More information about the webkit-unassigned mailing list