From 06733bea48bd760fd99f1f15728ab11bccc9a423 Mon Sep 17 00:00:00 2001 From: devgianlu Date: Sat, 14 Dec 2024 11:19:16 +0100 Subject: [PATCH] LibWeb: Fix `X448` PCKS#8 key export format The ASN1 structure for PCKS#8 was wrong and missing one wrapping of the key in a OctetString. The issue was discovered while implementing `wrapKey` and `unwrapKey` in the next commits. --- Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp | 5 ++++- .../okp_importKey_X448.https.any.txt | 19 +++++++++---------- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp b/Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp index d3fcb386d2a..86bd3413800 100644 --- a/Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp +++ b/Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp @@ -5447,8 +5447,11 @@ WebIDL::ExceptionOr> X448::export_key(Bindings::KeyFormat fo // * Set the privateKeyAlgorithm field to a PrivateKeyAlgorithmIdentifier ASN.1 type with the following properties: // * Set the algorithm object identifier to the id-X448 OID defined in [RFC8410]. // * Set the privateKey field to the result of DER-encoding a CurvePrivateKey ASN.1 type, as defined in Section 7 of [RFC8410], that represents the X448 private key represented by the [[handle]] internal slot of key + ::Crypto::ASN1::Encoder encoder; + TRY_OR_THROW_OOM(m_realm->vm(), encoder.write(key_data.bytes())); + auto x448_oid = ::Crypto::ASN1::x448_oid; - auto data = TRY_OR_THROW_OOM(m_realm->vm(), ::Crypto::PK::wrap_in_private_key_info(key_data, x448_oid)); + auto data = TRY_OR_THROW_OOM(m_realm->vm(), ::Crypto::PK::wrap_in_private_key_info(encoder.finish(), x448_oid)); // 3. Let result be a new ArrayBuffer associated with the relevant global object of this [HTML], and containing data. return JS::ArrayBuffer::create(m_realm, data); diff --git a/Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/import_export/okp_importKey_X448.https.any.txt b/Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/import_export/okp_importKey_X448.https.any.txt index 3b55799e853..c93d0757120 100644 --- a/Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/import_export/okp_importKey_X448.https.any.txt +++ b/Tests/LibWeb/Text/expected/wpt-import/WebCryptoAPI/import_export/okp_importKey_X448.https.any.txt @@ -2,8 +2,7 @@ Harness status: OK Found 54 tests -46 Pass -8 Fail +54 Pass Pass Good parameters: X448 bits (spki, buffer(68), {name: X448}, true, []) Pass Good parameters: X448 bits (spki, buffer(68), X448, true, []) Pass Good parameters: X448 bits (jwk, object(kty, crv, x), {name: X448}, true, []) @@ -12,26 +11,26 @@ Pass Good parameters with ignored JWK alg: X448 (jwk, object(kty, crv, x), {name Pass Good parameters with ignored JWK alg: X448 (jwk, object(kty, crv, x), X448, true, []) Pass Good parameters: X448 bits (raw, buffer(56), {name: X448}, true, []) Pass Good parameters: X448 bits (raw, buffer(56), X448, true, []) -Fail Good parameters: X448 bits (pkcs8, buffer(72), {name: X448}, true, [deriveKey]) -Fail Good parameters: X448 bits (pkcs8, buffer(72), X448, true, [deriveKey]) +Pass Good parameters: X448 bits (pkcs8, buffer(72), {name: X448}, true, [deriveKey]) +Pass Good parameters: X448 bits (pkcs8, buffer(72), X448, true, [deriveKey]) Pass Good parameters: X448 bits (jwk, object(crv, d, x, kty), {name: X448}, true, [deriveKey]) Pass Good parameters: X448 bits (jwk, object(crv, d, x, kty), X448, true, [deriveKey]) Pass Good parameters with ignored JWK alg: X448 (jwk, object(crv, d, x, kty), {name: X448}, true, [deriveKey]) Pass Good parameters with ignored JWK alg: X448 (jwk, object(crv, d, x, kty), X448, true, [deriveKey]) -Fail Good parameters: X448 bits (pkcs8, buffer(72), {name: X448}, true, [deriveBits, deriveKey]) -Fail Good parameters: X448 bits (pkcs8, buffer(72), X448, true, [deriveBits, deriveKey]) +Pass Good parameters: X448 bits (pkcs8, buffer(72), {name: X448}, true, [deriveBits, deriveKey]) +Pass Good parameters: X448 bits (pkcs8, buffer(72), X448, true, [deriveBits, deriveKey]) Pass Good parameters: X448 bits (jwk, object(crv, d, x, kty), {name: X448}, true, [deriveBits, deriveKey]) Pass Good parameters: X448 bits (jwk, object(crv, d, x, kty), X448, true, [deriveBits, deriveKey]) Pass Good parameters with ignored JWK alg: X448 (jwk, object(crv, d, x, kty), {name: X448}, true, [deriveBits, deriveKey]) Pass Good parameters with ignored JWK alg: X448 (jwk, object(crv, d, x, kty), X448, true, [deriveBits, deriveKey]) -Fail Good parameters: X448 bits (pkcs8, buffer(72), {name: X448}, true, [deriveBits]) -Fail Good parameters: X448 bits (pkcs8, buffer(72), X448, true, [deriveBits]) +Pass Good parameters: X448 bits (pkcs8, buffer(72), {name: X448}, true, [deriveBits]) +Pass Good parameters: X448 bits (pkcs8, buffer(72), X448, true, [deriveBits]) Pass Good parameters: X448 bits (jwk, object(crv, d, x, kty), {name: X448}, true, [deriveBits]) Pass Good parameters: X448 bits (jwk, object(crv, d, x, kty), X448, true, [deriveBits]) Pass Good parameters with ignored JWK alg: X448 (jwk, object(crv, d, x, kty), {name: X448}, true, [deriveBits]) Pass Good parameters with ignored JWK alg: X448 (jwk, object(crv, d, x, kty), X448, true, [deriveBits]) -Fail Good parameters: X448 bits (pkcs8, buffer(72), {name: X448}, true, [deriveKey, deriveBits, deriveKey, deriveBits]) -Fail Good parameters: X448 bits (pkcs8, buffer(72), X448, true, [deriveKey, deriveBits, deriveKey, deriveBits]) +Pass Good parameters: X448 bits (pkcs8, buffer(72), {name: X448}, true, [deriveKey, deriveBits, deriveKey, deriveBits]) +Pass Good parameters: X448 bits (pkcs8, buffer(72), X448, true, [deriveKey, deriveBits, deriveKey, deriveBits]) Pass Good parameters: X448 bits (jwk, object(crv, d, x, kty), {name: X448}, true, [deriveKey, deriveBits, deriveKey, deriveBits]) Pass Good parameters: X448 bits (jwk, object(crv, d, x, kty), X448, true, [deriveKey, deriveBits, deriveKey, deriveBits]) Pass Good parameters with ignored JWK alg: X448 (jwk, object(crv, d, x, kty), {name: X448}, true, [deriveKey, deriveBits, deriveKey, deriveBits])