SubtleCrypto unwrapKey fails for ECDSA P-256 PKCS8 without public key
Categories
(Core :: DOM: Web Crypto, defect, P5)
Tracking
()
People
(Reporter: goras.francesco, Unassigned)
Details
Attachments
(2 files)
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/109.0
Steps to reproduce:
Wrap a PKCS8 ECDSA P-256 Private Key with AES-CBC-256 outside the browser.
Unwrap the key in Firefox browser using the same AES-CBC-256 key.
Data for testing:
AES Wrapping (base64) key :
CHMspM1BmwfJ409QEhVmyv0MyDs3aiOdQAXhszCESS8=
ECDSA Wrapped (base64) Key:
K0JMWom7t15owjLswf1Z64NGOPCiJm3Ii2eTxWujIzkxvbhb4ZQMS5XCujHpm4VYBspwo/RJQLQdKML7f7pk/HJW8+CzaphUEqc6dsg56JAIVNfzpG7nbFHuyxajyDHP
ECDSA Manually decrypted (base64) key:
MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCALB3t65sV79QCLCF/aTwjfcIxtOEgQ89Oymp49aV3NDA==
Actual results:
SubtleCrypto error thrown:
- DOMException: Data provided to an operation does not meet requirements
Expected results:
Key should be unwrapped successfully as it does in Chromium browsers.
Reporter | ||
Comment 1•1 year ago
|
||
This is the Original ECDSA Key. As you can see it's a normal PKCS8 format.
Reporter | ||
Comment 2•1 year ago
|
||
This is the Wrapped ECDSA Key manually decrypted using an online tool. As you can see, it's still a valid PKCS8 format, however it's missing the public key unlike the previous screenshot.
Reporter | ||
Comment 3•1 year ago
|
||
Apologies, I miss-pasted the ECDSA Wrapped key (the first 16 bytes where the IV, I've separated that value for ease of testing)
New Data for testing:
AES Wrapping (base64) key :
CHMspM1BmwfJ409QEhVmyv0MyDs3aiOdQAXhszCESS8=
IV (base64):
K0JMWom7t15owjLswf1Z6w==
ECDSA Wrapped (base64) Key:
g0Y48KImbciLZ5PFa6MjOTG9uFvhlAxLlcK6MembhVgGynCj9ElAtB0owvt/umT8clbz4LNqmFQSpzp2yDnokAhU1/OkbudsUe7LFqPIMc8=
ECDSA Manually decrypted (base64) key:
MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCALB3t65sV79QCLCF/aTwjfcIxtOEgQ89Oymp49aV3NDA==
Cyberchef link to show the manual decryption process: cyberchef-decrypt-example
Reporter | ||
Updated•1 year ago
|
Reporter | ||
Comment 4•1 year ago
|
||
Example code to reproduce bug
async function testUnwrap() {
try {
const aesKeyStr = "CHMspM1BmwfJ409QEhVmyv0MyDs3aiOdQAXhszCESS8="
const ivStr = "K0JMWom7t15owjLswf1Z6w=="
const ecdsaWrappedKeyStr = "g0Y48KImbciLZ5PFa6MjOTG9uFvhlAxLlcK6MembhVgGynCj9ElAtB0owvt/umT8clbz4LNqmFQSpzp2yDnokAhU1/OkbudsUe7LFqPIMc8="
const aesKey = await window.crypto.subtle.importKey(
"raw",
Buffer.from(aesKeyStr, 'base64'),
{ name: "AES-CBC" },
true,
["unwrapKey"]
);
const unwrappedKey = await window.crypto.subtle.unwrapKey(
"pkcs8", // Input format of Wrapped Key
Buffer.from(ecdsaWrappedKeyStr, 'base64'), // Wrapped Key
aesKey, // Unwrapping Key
{ name: "AES-CBC", iv: Buffer.from(ivStr, 'base64') }, // Unwrapping Key algo
{ name: "ECDSA", namedCurve: "P-256" }, // wrappedKey algo
true, // Exportable
["sign"] // Key usages
)
} catch (err) {
console.log(err)
}
}
testUnwrap()
Comment 5•1 year ago
|
||
The severity field is not set for this bug.
:keeler, could you have a look please?
For more information, please visit auto_nag documentation.
![]() |
||
Updated•1 year ago
|
Updated•2 months ago
|
Description
•