Bug 1718899 - webcrypto: handle the 'alg' field in ECDSA JWK keys r=rmf

KeyAlgorithmProxy::JwkAlg() didn't account for ECDSA, so when
ImportKeyTask::JwkCompatible() checked the 'alg' field, if it was present and
correct, it would never match for ECDSA keys, so importing would fail.

Differential Revision: https://phabricator.services.mozilla.com/D128116

dom/crypto/KeyAlgorithmProxy.cpp

@@ -202,6 +202,19 @@ nsString KeyAlgorithmProxy::JwkAlg() const {
     }
   }
 
+  if (mName.EqualsLiteral(WEBCRYPTO_ALG_ECDSA)) {
+    nsString curveName = mEc.mNamedCurve;
+    if (curveName.EqualsLiteral(WEBCRYPTO_NAMED_CURVE_P256)) {
+      return NS_LITERAL_STRING_FROM_CSTRING(JWK_ALG_ECDSA_P_256);
+    }
+    if (curveName.EqualsLiteral(WEBCRYPTO_NAMED_CURVE_P384)) {
+      return NS_LITERAL_STRING_FROM_CSTRING(JWK_ALG_ECDSA_P_384);
+    }
+    if (curveName.EqualsLiteral(WEBCRYPTO_NAMED_CURVE_P521)) {
+      return NS_LITERAL_STRING_FROM_CSTRING(JWK_ALG_ECDSA_P_521);
+    }
+  }
+
   return nsString();
 }
 

dom/crypto/WebCryptoCommon.h

@@ -109,9 +109,11 @@ struct JSStructuredCloneWriter;
 #define JWK_ALG_PS256 "PS256"
 #define JWK_ALG_PS384 "PS384"
 #define JWK_ALG_PS512 "PS512"
+// The JSON Web Algorithms spec (RFC 7518) uses the hash to identify these, not
+// the curve.
 #define JWK_ALG_ECDSA_P_256 "ES256"
 #define JWK_ALG_ECDSA_P_384 "ES384"
-#define JWK_ALG_ECDSA_P_521 "ES521"
+#define JWK_ALG_ECDSA_P_521 "ES512"
 
 // JWK usages
 #define JWK_USE_ENC "enc"

dom/crypto/test/test-vectors.js

@@ -959,6 +959,7 @@ let tv = {
     pub_jwk: {
       kty: "EC",
       crv: "P-521",
+      alg: "ES512",
 
       // 0061387fd6b95914e885f912edfbb5fb274655027f216c4091ca83e19336740fd8
       // 1aedfe047f51b42bdf68161121013e0d55b117a14e4303f926c8debb77a7fdaad1
@@ -1001,6 +1002,27 @@ let tv = {
     ),
   },
 
+  // An ECDSA key in JWK format, which an "alg" field that doesn't match the
+  // curve.
+  ecdsa_jwk_alg_mismatch: {
+    pub_jwk: {
+      kty: "EC",
+      crv: "P-521",
+      alg: "ES256",
+
+      // 0061387fd6b95914e885f912edfbb5fb274655027f216c4091ca83e19336740fd8
+      // 1aedfe047f51b42bdf68161121013e0d55b117a14e4303f926c8debb77a7fdaad1
+      x:
+        "AGE4f9a5WRTohfkS7fu1-ydGVQJ_IWxAkcqD4ZM2dA_Y" +
+        "Gu3-BH9RtCvfaBYRIQE-DVWxF6FOQwP5Jsjeu3en_arR",
+      // 00e7d0c75c38626e895ca21526b9f9fdf84dcecb93f2b233390550d2b1463b7ee3
+      // f58df7346435ff0434199583c97c665a97f12f706f2357da4b40288def888e59e6
+      y:
+        "AOfQx1w4Ym6JXKIVJrn5_fhNzsuT8rIzOQVQ0rFGO37j" +
+        "9Y33NGQ1_wQ0GZWDyXxmWpfxL3BvI1faS0Aoje-Ijlnm",
+    },
+  },
+
   ecdsa_bad: {
     pub_jwk: {
       kty: "EC",

dom/crypto/test/test_WebCrypto_ECDSA.html

@@ -128,12 +128,25 @@ TestArray.addTest(
   }
 );
 
+
+// -----------------------------------------------------------------------------
+TestArray.addTest(
+  "Verify that ECDSA import fails with a key with a mismatched 'alg' field",
+  function() {
+    var that = this;
+    var alg = { name: "ECDSA", namedCurve: "P-521", hash: "SHA-512" };
+
+    crypto.subtle.importKey("jwk", tv.ecdsa_jwk_alg_mismatch.pub_jwk, alg, true, ["verify"])
+      .then(error(that), complete(that));
+  }
+);
+
 // -----------------------------------------------------------------------------
 TestArray.addTest(
   "Verify that ECDSA import fails with a known-bad public key",
   function() {
     var that = this;
-    var alg = { name: "ECDSA", namedCurve: "P-256", hash: "SHA-256" };
+    var alg = { name: "ECDSA", namedCurve: "P-521", hash: "SHA-512" };
 
     crypto.subtle.importKey("jwk", tv.ecdsa_bad.pub_jwk, alg, true, ["verify"])
       .then(error(that), complete(that));