Open Bug 1819804 Opened 1 year ago Updated 2 months ago

SubtleCrypto unwrapKey fails for ECDSA P-256 PKCS8 without public key

Categories

(Core :: DOM: Web Crypto, defect, P5)

Product:
Core
Component:
DOM: Web Crypto
Version:
Firefox 109
Platform:
Desktop
Windows 11
Type:
defect

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: goras.francesco, Unassigned)

Details

Attachments

(2 files)

ECDSA-key.png
22.35 KB, image/png
Details
ECDSA-decrypted-key.png
16.59 KB, image/png
Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/109.0

Steps to reproduce:

Wrap a PKCS8 ECDSA P-256 Private Key with AES-CBC-256 outside the browser.

Unwrap the key in Firefox browser using the same AES-CBC-256 key.

Data for testing:

AES Wrapping (base64) key :
CHMspM1BmwfJ409QEhVmyv0MyDs3aiOdQAXhszCESS8=

ECDSA Wrapped (base64) Key:
K0JMWom7t15owjLswf1Z64NGOPCiJm3Ii2eTxWujIzkxvbhb4ZQMS5XCujHpm4VYBspwo/RJQLQdKML7f7pk/HJW8+CzaphUEqc6dsg56JAIVNfzpG7nbFHuyxajyDHP

ECDSA Manually decrypted (base64) key:
MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCALB3t65sV79QCLCF/aTwjfcIxtOEgQ89Oymp49aV3NDA==

Actual results:

SubtleCrypto error thrown:

  • DOMException: Data provided to an operation does not meet requirements

Expected results:

Key should be unwrapped successfully as it does in Chromium browsers.

Attached image ECDSA-key.png

This is the Original ECDSA Key. As you can see it's a normal PKCS8 format.

Attached image ECDSA-decrypted-key.png

This is the Wrapped ECDSA Key manually decrypted using an online tool. As you can see, it's still a valid PKCS8 format, however it's missing the public key unlike the previous screenshot.

Apologies, I miss-pasted the ECDSA Wrapped key (the first 16 bytes where the IV, I've separated that value for ease of testing)

New Data for testing:

AES Wrapping (base64) key :

CHMspM1BmwfJ409QEhVmyv0MyDs3aiOdQAXhszCESS8=

IV (base64):

K0JMWom7t15owjLswf1Z6w==

ECDSA Wrapped (base64) Key:

g0Y48KImbciLZ5PFa6MjOTG9uFvhlAxLlcK6MembhVgGynCj9ElAtB0owvt/umT8clbz4LNqmFQSpzp2yDnokAhU1/OkbudsUe7LFqPIMc8=

ECDSA Manually decrypted (base64) key:

MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCALB3t65sV79QCLCF/aTwjfcIxtOEgQ89Oymp49aV3NDA==

Cyberchef link to show the manual decryption process: cyberchef-decrypt-example

Component: Untriaged → DOM: Web Crypto
OS: Unspecified → Windows 11
Product: Firefox → Core
Hardware: Unspecified → Desktop

Example code to reproduce bug

async function testUnwrap() {
    try {
        const aesKeyStr = "CHMspM1BmwfJ409QEhVmyv0MyDs3aiOdQAXhszCESS8="
        const ivStr = "K0JMWom7t15owjLswf1Z6w=="
        const ecdsaWrappedKeyStr = "g0Y48KImbciLZ5PFa6MjOTG9uFvhlAxLlcK6MembhVgGynCj9ElAtB0owvt/umT8clbz4LNqmFQSpzp2yDnokAhU1/OkbudsUe7LFqPIMc8="
        
        const aesKey = await window.crypto.subtle.importKey(
            "raw",
            Buffer.from(aesKeyStr, 'base64'),
            { name: "AES-CBC" },
            true,
            ["unwrapKey"]
        );
        const unwrappedKey = await window.crypto.subtle.unwrapKey(
            "pkcs8",                                                  // Input format of Wrapped Key
            Buffer.from(ecdsaWrappedKeyStr, 'base64'),                // Wrapped Key
            aesKey,                                                   // Unwrapping Key
            { name: "AES-CBC", iv: Buffer.from(ivStr, 'base64') },    // Unwrapping Key algo
            { name: "ECDSA", namedCurve: "P-256" },                   // wrappedKey algo
            true,                                                     // Exportable
            ["sign"]                                                  // Key usages
        )
    } catch (err) {
        console.log(err)
    }
}
testUnwrap()

The severity field is not set for this bug.
:keeler, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(dkeeler)
Severity: -- → S4
Flags: needinfo?(dkeeler)
Priority: -- → P5
You need to log in before you can comment on or make changes to this bug.