Closed Bug 1514032 Opened 6 years ago Closed 6 years ago

crypto.subtle.exportKey exported format for ec keys seems to wrong

Categories

(Core :: DOM: Security, defect)

Product:
Core
Component:
DOM: Security
Version:
63 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1410403

People

(Reporter: gerteb, Unassigned)

References

(Blocks 1 open bug)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36

Steps to reproduce:






My problem is that the crypto.subtle.exportKey to public spki pem key in firefox seems to be broken. The key is exported, but the result can't be used! According to https://diafygi.github.io/webcrypto-examples/ it should be posible, but the result from key export don't work in openssl! Chrome and Safari works without problems using p-256, p-384 and p-521.



Actual results:

Must admit i don't know the inner workings of pem keys, but have noticed that the start og the pem key is always identical. this is what i get: MFYwEAYEK4EEcAYIKoZIzj0DAQcDQgAE



Expected results:

This is what i get from Chrome, Safari and openssl: MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE chrome
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE Safari
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE openssl
Component: General → DOM: Security
JC, can you weigh in that webcrypto bug?
Flags: needinfo?(jjones)
Can you link to the actual code you're running? The strings you posted would be the start of valid subject public key infos for secp256r1, but the actual key data is missing. Maybe that part got truncated accidentally?
Flags: needinfo?(jjones) → needinfo?(gerteb)
The steps to reproduce are missing -- maybe add them as an attachment? without that we'll have to close this "incomplete"
Tested with openssl:
[root@vm crypto]# openssl version
OpenSSL 1.0.2k-fips  26 Jan 2017

server private ec pem key "privkey.pem":
-----BEGIN EC PRIVATE KEY-----
MIGkAgEBBDAF+58p3iI/fttgLROtsrIglrTTw4Ug5SbOBHY+DhF5rfATdAmLStxG
GOLK5qWpV82gBwYFK4EEACKhZANiAARncHMp7PmQrJCNoxUqpTRrKEoH8mmcUAzn
/J9YAd7W43/UB2qmJLO0+M6odfHnt1XXdxjNSDe/5OsBK9C++B77IHZzMT2QKzOt
do91AoiTxW+BtumF8NqzefoKbhkZFhE=
-----END EC PRIVATE KEY-----

chrome public ec pem key "key.pem.chrome":
-----BEGIN PUBLIC KEY-----
MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAETwEHC0RCseaFHJSXDR1dHcCrkIhwsu8O
2/jrGiS+EF2hcJDYrOCcizYL7aab/TWNIPWokvO8CfXfkxrzO9ODNeUuuZnVLkTr
00HH1GsAD/yC73UdQW3qr+O+PlbO1Phu
-----END PUBLIC KEY-----

firefox public ec pem key "key.pem.firefox":
-----BEGIN PUBLIC KEY-----
MHMwDQYEK4EEcAYFK4EEACIDYgAE2lNfhm/8Zy00uA7HuiZ+mWgP+G3lZ0CV3xK/
IJS/g2T6UP4lCTvrSQkfr8Xu/iMxYomIAENn3PHy2GLEORwmW+SpqAP19QJv8KNV
8D9dtRKT6/B4feeKsfK9fnCOvbYr
-----END PUBLIC KEY-----

[root@vm crypto]# openssl pkeyutl -derive -inkey privkey.pem -peerkey key.pem.chrome -out chrome.shared.key

file "chrome.shared.key":
,ë}fééõuÇÊÑ*–.íZmë‡Ø€i0)!÷½dD´+î,WüÒŽˆ

[root@vm crypto]# openssl pkeyutl -derive -inkey privkey.pem -peerkey key.pem.firefox -out firefox.shared.key
unable to load Peer Key
Error reading peer key key.pem.firefox
139805568268176:error:0609E09C:digital envelope routines:PKEY_SET_TYPE:unsupported algorithm:p_lib.c:239:
139805568268176:error:0B07706F:x509 certificate routines:X509_PUBKEY_get:unsupported algorithm:x_pubkey.c:148:
139805568268176:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_oth.c:83:
Error setting up peer key

openssp exits with error, and file not written. In php 7.3.0 where i use it in openssl_pkey_derive(pubkey,privkey) the key is not derived. Php uses the same openssl version as above. Chrome is version  71.0.3578.98 and Firefox is version 64.0 (64-bit)
Flags: needinfo?(gerteb)
What code did you run to generate the keys?
Flags: needinfo?(gerteb)
Oh this is just bug 1410403.
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Flags: needinfo?(gerteb)
Resolution: --- → DUPLICATE
Does it mean that there is a differences in which algorithm to use for ecdh spki in webcrypto. And that the only options to use webcrypto in conjunction with openssl for ecdh key derivation is chromium based browsers and safari? Edge presumably does not support ecdh until they shift javascript engine sometime in the future.
No it's just a bug in Firefox. The implementation doesn't set the correct OID, so openssl thinks it doesn't know how to handle it.
You need to log in before you can comment on or make changes to this bug.