From 5fac8ca64e583e0dc2c4cb91711a366075a6290c Mon Sep 17 00:00:00 2001 From: Daniel Huigens Date: Wed, 9 Jul 2025 16:17:07 +0200 Subject: [PATCH] WebCryptoAPI: Check that generated JWK public and private keys match When generating extractable key pairs, check that the exported JWK public key is a superset of the exported JWK private key (with the exception of the `key_ops` property). --- WebCryptoAPI/generateKey/successes.js | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/WebCryptoAPI/generateKey/successes.js b/WebCryptoAPI/generateKey/successes.js index a9a168e1adbf72..13c96b7c735fcb 100644 --- a/WebCryptoAPI/generateKey/successes.js +++ b/WebCryptoAPI/generateKey/successes.js @@ -75,7 +75,7 @@ function run_test(algorithmNames, slowTest) { }) .then(async function (result) { if (resultType === "CryptoKeyPair") { - await Promise.all([ + const [jwkPub,,, jwkPriv] = await Promise.all([ subtle.exportKey('jwk', result.publicKey), subtle.exportKey('spki', result.publicKey), result.publicKey.algorithm.name.startsWith('RSA') ? undefined : subtle.exportKey('raw', result.publicKey), @@ -84,6 +84,15 @@ function run_test(algorithmNames, slowTest) { subtle.exportKey('pkcs8', result.privateKey), ] : []) ]); + + if (extractable) { + // Test that the JWK public key is a superset of the JWK private key. + for (const [prop, value] of Object.entries(jwkPub)) { + if (prop !== 'key_ops') { + assert_equals(value, jwkPriv[prop], `Property ${prop} is equal in public and private JWK`); + } + } + } } else { if (extractable) { await Promise.all([