New issue
Advanced search Search tips

Issue 606981 link

Starred by 2 users

Issue metadata

Status: WontFix
Owner:
Closed: Apr 2016
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug



Sign in to add a comment

Spec Compliance: Import private ECDH key w/ empty usages does not fail

Reported by i...@augustcellars.com, Apr 26 2016

Issue description

UserAgent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0

Steps to reproduce the problem:
1. call self.crypto.subtle.importKey("jwk", 
 {"kty":"EC","crv":"P-256","x":"UC-mZp51gcvaU2CHy91NTrz8UNGF4F6Kz3Sc2tn4K2g","y":"Tx7nq9ajrO1xp5_oregYnw_6mE9DV0LNe6xsUbQY4Yc","d":"LlOMG_znpVPG88881WlAk8ywLJI8T6HOl-1HvfSzrnI",
{"name":"ECDH","namedCurve":"P-256"},
true,
[]);

What is the expected behavior?
promise returns with a SyntaxError

From Spec:
If the [[type]] internal slot of result is "secret" or "private" and usages is empty, then throw a SyntaxError. 

What went wrong?
The promise returned success.

Did this work before? No 

Chrome version:  52.0.2717.0  Channel: canary
OS Version: 6.1 (Windows 7, Windows Server 2008 R2)
Flash Version: Shockwave Flash 21.0 r0

Full test case generated from my WebCrypto testing suite for W3C.
 

Comment 1 by sleevi@google.com, Apr 26 2016

Cc: eroman@chromium.org
Components: Blink>WebCrypto
I don't think this represents a security bug (I have serious issue with calling 'usages' security-relevant), but I'll let Eric make the call.

Comment 2 by eroman@chromium.org, Apr 26 2016

Cc: -eroman@chromium.org
Owner: eroman@chromium.org
Status: Assigned (was: Unconfirmed)

Comment 3 by eroman@chromium.org, Apr 26 2016

Labels: -Type-Bug-Security Type-Bug
Is your test case correct?

Without modifications, I get an presumably unintentional SyntaxError, due to the code lacking a closing brace.

Once I account for that mistake, I get the expected WebCrypto SyntaxError: Usages cannot be empty when creating a key.

Comment 4 by eroman@chromium.org, Apr 26 2016

Labels: -Restrict-View-SecurityTeam

Comment 5 by eroman@chromium.org, Apr 26 2016

Labels: Needs-Feedback
I found an error in my original case that this came from.  It should be closed

Comment 7 by eroman@chromium.org, Apr 27 2016

Status: WontFix (was: Assigned)

Sign in to add a comment