Diff
Modified: trunk/LayoutTests/ChangeLog (159392 => 159393)
--- trunk/LayoutTests/ChangeLog 2013-11-18 01:17:09 UTC (rev 159392)
+++ trunk/LayoutTests/ChangeLog 2013-11-18 01:18:43 UTC (rev 159393)
@@ -1,5 +1,15 @@
2013-11-17 Alexey Proskuryakov <[email protected]>
+ RSASSA-PKCS1-v1_5 JWK import doesn't check key size
+ https://bugs.webkit.org/show_bug.cgi?id=124472
+
+ Reviewed by Sam Weinig.
+
+ * crypto/subtle/rsassa-pkcs1-v1_5-import-jwk-small-key-expected.txt: Added.
+ * crypto/subtle/rsassa-pkcs1-v1_5-import-jwk-small-key.html: Added.
+
+2013-11-17 Alexey Proskuryakov <[email protected]>
+
JWK crypto key export result is a DOM string instead of an array buffer
https://bugs.webkit.org/show_bug.cgi?id=124473
Added: trunk/LayoutTests/crypto/subtle/rsassa-pkcs1-v1_5-import-jwk-small-key-expected.txt (0 => 159393)
--- trunk/LayoutTests/crypto/subtle/rsassa-pkcs1-v1_5-import-jwk-small-key-expected.txt (rev 0)
+++ trunk/LayoutTests/crypto/subtle/rsassa-pkcs1-v1_5-import-jwk-small-key-expected.txt 2013-11-18 01:18:43 UTC (rev 159393)
@@ -0,0 +1,11 @@
+A key of size 2048 bits or larger MUST be used with RS256, RS384, RS512 JWK algorithms.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS crypto.subtle.importKey("jwk", asciiToUint8Array(JSON.stringify(publicKeyJSON)), null, extractable, ["sign", "verify"]) threw exception TypeError: Key size is not valid for RS256.
+PASS crypto.subtle.importKey("jwk", asciiToUint8Array(JSON.stringify(privateKeyJSON)), null, extractable, ["sign", "verify"]) threw exception TypeError: Key size is not valid for RS512.
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Property changes on: trunk/LayoutTests/crypto/subtle/rsassa-pkcs1-v1_5-import-jwk-small-key-expected.txt
___________________________________________________________________
Added: svn:mime-type
Added: svn:eol-style
Added: trunk/LayoutTests/crypto/subtle/rsassa-pkcs1-v1_5-import-jwk-small-key.html (0 => 159393)
--- trunk/LayoutTests/crypto/subtle/rsassa-pkcs1-v1_5-import-jwk-small-key.html (rev 0)
+++ trunk/LayoutTests/crypto/subtle/rsassa-pkcs1-v1_5-import-jwk-small-key.html 2013-11-18 01:18:43 UTC (rev 159393)
@@ -0,0 +1,44 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src=""
+<script src=""
+</head>
+<body>
+<p id="description"></p>
+<div id="console"></div>
+
+<script>
+description("A key of size 2048 bits or larger MUST be used with RS256, RS384, RS512 JWK algorithms.");
+
+var extractable = true;
+
+// openssl genrsa 1024 >1024.pem
+// openssl asn1parse -in 1024.pem
+var publicKeyJSON = {
+ kty: "RSA",
+ alg: "RS256",
+ n: Base64URL.stringify(hexStringToUint8Array("B7F103F8412CCD26F5D54FC3157CD8CE1F134F4EABF0A042350BDD7F00FEA2B77EEF19915B10AA2417BB2CB4EC1D57B9661A20072469B9DF9C6E89CB35CCC8543CC40770DCC30D0BBFF1BF9DA1E2549F40476EDADB9312985DAE8C7527C1C12AAFEDF4584989968CDCC9EFEB197438C534D1BFAAC30B1D41F75EADB86CC581B9")),
+ e: Base64URL.stringify(hexStringToUint8Array("010001"))
+};
+
+var privateKeyJSON = {
+ kty: "RSA",
+ alg: "RS512",
+ n: Base64URL.stringify(hexStringToUint8Array("B7F103F8412CCD26F5D54FC3157CD8CE1F134F4EABF0A042350BDD7F00FEA2B77EEF19915B10AA2417BB2CB4EC1D57B9661A20072469B9DF9C6E89CB35CCC8543CC40770DCC30D0BBFF1BF9DA1E2549F40476EDADB9312985DAE8C7527C1C12AAFEDF4584989968CDCC9EFEB197438C534D1BFAAC30B1D41F75EADB86CC581B9")),
+ e: Base64URL.stringify(hexStringToUint8Array("010001")),
+ d: Base64URL.stringify(hexStringToUint8Array("5BA6F4F26B0F36BDB5FA6EBEE6E3096853259CFBB742B3A7A9A4DADDE0920063EC149929CB3557819A6D824E37E43B04BF323F492FC49A8028031017B81BECA8EC2A85ABCF193501D80DC251DB8863B8673D8B6772DB2D2AE08CD1829C3F542141461CACE4E8A1F112AD13FF4A4DD865A89AEA94E984D487E5798EF07643B9CD")),
+ p: Base64URL.stringify(hexStringToUint8Array("E06BFE5722A68E5D597DD8DB937483CBA352AB817209275ADAD103772B7A8EF4EA946311A2B51805959818CEB362F257D6998B475FEA9E34F2A30205B5F5A7FF")),
+ q: Base64URL.stringify(hexStringToUint8Array("D1D2DBDB1F4DCBFE8D16CDD2CF83C7B5FADFC7891F22FC527BF208F81B92F2543569C3AD22224B82D407DEB65F651D09D2558FEE8BC6E5DA51F6F13206CC1647")),
+ dp: Base64URL.stringify(hexStringToUint8Array("73ECB4F3D3AD4F6ABEF877D56C84CA339D88ED98AF0C356D040CE58A60462DA42BAC3CC47654AF34EB4226C656F96C8F9D05B1614C1588657754668E06A0FF87")),
+ dq: Base64URL.stringify(hexStringToUint8Array("5B9C5ACDB33F3E5FE7AE1B337DD325B138D5D7C2F0CB4FAB9BDE333850A1BA183631F5737441D102501D178A3CE062EB54E072B54E660B19654C12472B5C9425")),
+ qi: Base64URL.stringify(hexStringToUint8Array("D6A920B241178923C59BCBD1A815764619225A90F2C090A9FBD594A61561542D0DF179590413C26C8A72FC6E14EC63A377169970671B3A1EB5E4F4DF1A4CA725"))
+};
+
+shouldThrow('crypto.subtle.importKey("jwk", asciiToUint8Array(JSON.stringify(publicKeyJSON)), null, extractable, ["sign", "verify"])');
+shouldThrow('crypto.subtle.importKey("jwk", asciiToUint8Array(JSON.stringify(privateKeyJSON)), null, extractable, ["sign", "verify"])');
+</script>
+
+<script src=""
+</body>
+</html>
Property changes on: trunk/LayoutTests/crypto/subtle/rsassa-pkcs1-v1_5-import-jwk-small-key.html
___________________________________________________________________
Added: svn:mime-type
Modified: trunk/Source/WebCore/ChangeLog (159392 => 159393)
--- trunk/Source/WebCore/ChangeLog 2013-11-18 01:17:09 UTC (rev 159392)
+++ trunk/Source/WebCore/ChangeLog 2013-11-18 01:18:43 UTC (rev 159393)
@@ -1,5 +1,23 @@
2013-11-17 Alexey Proskuryakov <[email protected]>
+ RSASSA-PKCS1-v1_5 JWK import doesn't check key size
+ https://bugs.webkit.org/show_bug.cgi?id=124472
+
+ Reviewed by Sam Weinig.
+
+ Test: crypto/subtle/rsassa-pkcs1-v1_5-import-jwk-small-key.html
+
+ * bindings/js/JSCryptoKeySerializationJWK.cpp:
+ (WebCore::JSCryptoKeySerializationJWK::keySizeIsValid): Added the checks.
+ (WebCore::JSCryptoKeySerializationJWK::keyDataRSAComponents): Check key size when
+ importing.
+ (WebCore::JSCryptoKeySerializationJWK::serialize): Updated a comment.
+
+ * crypto/keys/CryptoKeySerializationRaw.cpp: (WebCore::CryptoKeySerializationRaw::serialize):
+ Updated a comment.
+
+2013-11-17 Alexey Proskuryakov <[email protected]>
+
JWK crypto key export result is a DOM string instead of an array buffer
https://bugs.webkit.org/show_bug.cgi?id=124473
Modified: trunk/Source/WebCore/bindings/js/JSCryptoKeySerializationJWK.cpp (159392 => 159393)
--- trunk/Source/WebCore/bindings/js/JSCryptoKeySerializationJWK.cpp 2013-11-18 01:17:09 UTC (rev 159392)
+++ trunk/Source/WebCore/bindings/js/JSCryptoKeySerializationJWK.cpp 2013-11-18 01:18:43 UTC (rev 159393)
@@ -277,6 +277,12 @@
return sizeInBits == 192;
if (m_jwkAlgorithmName == "A256CBC")
return sizeInBits == 256;
+ if (m_jwkAlgorithmName == "RS256")
+ return sizeInBits >= 2048;
+ if (m_jwkAlgorithmName == "RS384")
+ return sizeInBits >= 2048;
+ if (m_jwkAlgorithmName == "RS512")
+ return sizeInBits >= 2048;
return true;
}
@@ -315,6 +321,11 @@
return nullptr;
}
+ if (!keySizeIsValid(modulus.size() * 8)) {
+ throwTypeError(m_exec, "Key size is not valid for " + m_jwkAlgorithmName);
+ return nullptr;
+ }
+
if (!getBigIntegerVectorFromJSON(m_exec, m_json.get(), "e", exponent)) {
if (!m_exec->hadException())
throwTypeError(m_exec, "Required JWK \"e\" member is missing");
@@ -504,8 +515,8 @@
{
std::unique_ptr<CryptoKeyData> keyData = key.exportData();
if (!keyData) {
- // FIXME: Shouldn't happen once all key types implement exportData().
- throwTypeError(exec, "Key doesn't support exportKey");
+ // This generally shouldn't happen as long as all key types implement exportData(), but as underlying libraries return errors, there may be some rare failure conditions.
+ throwTypeError(exec, "Couldn't export key material");
return String();
}
Modified: trunk/Source/WebCore/crypto/keys/CryptoKeySerializationRaw.cpp (159392 => 159393)
--- trunk/Source/WebCore/crypto/keys/CryptoKeySerializationRaw.cpp 2013-11-18 01:17:09 UTC (rev 159392)
+++ trunk/Source/WebCore/crypto/keys/CryptoKeySerializationRaw.cpp 2013-11-18 01:18:43 UTC (rev 159393)
@@ -65,7 +65,7 @@
{
std::unique_ptr<CryptoKeyData> keyData = key.exportData();
if (!keyData) {
- // FIXME: Shouldn't happen once all key types implement exportData().
+ // This generally shouldn't happen as long as all key types implement exportData(), but as underlying libraries return errors, there may be some rare failure conditions.
return false;
}
