[Bug 27404] New: Should check the publicKey's algorithm.name for ECDH's deriveBits()? from bugzilla@jessica.w3.org on 2014-11-21 (public-webcrypto@w3.org from November 2014)

From: <bugzilla@jessica.w3.org>
Date: Fri, 21 Nov 2014 22:20:36 +0000
To: public-webcrypto@w3.org
Message-ID: <bug-27404-7213@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=27404

            Bug ID: 27404
           Summary: Should check the publicKey's algorithm.name for ECDH's
                    deriveBits()?
           Product: Web Cryptography
           Version: unspecified
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Web Cryptography API Document
          Assignee: sleevi@google.com
          Reporter: ericroman@google.com
                CC: public-webcrypto@w3.org

ECDH's deriveBits() tests that:
   * baseKey.algorithm.name == "ECDH"
   * publicKey.type == "public"
   * publicKey.algorithm.namedCurve == baseKey.algorithm.namedCurve

However it does not test that:
   * publicKey.algorithm.name == baseKey.algorithm.name


Not sure if this is intentional, but that would mean passing some other public
EC key (say for ECDSA) is allowed by the spec.

Whereas the rest of WebCrypto is fairly particular about restricting key usage
cross-algorithm.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Received on Friday, 21 November 2014 22:20:37 UTC