Closed BenWiederhake closed 3 weeks ago
twiss
commented
3 weeks ago Yeah, it seems this text is missing :) Not just in the import key operations, but also in the generate key operations, btw.
Do you feel like making a PR for this as well? :) (If not I can also do it.)
BenWiederhake
commented
3 weeks ago I'd be happy to! Since this is definitely not just "editorial", I just applied for Passierschein A38 got a w3 account. Let's see if it really works that easily.
twiss
commented
3 weeks ago I think it is editorial since it's not intended to change implementations' existing behavior. You could also argue this behavior is described by the text saying that "Opaque keying material, including that used for symmetric algorithms, is represented by secret". (That's not to say that it shouldn't also be added to the individual operations, of course.)
But yes, getting a W3 account might make it easier to contribute in general :)
BenWiederhake
commented
3 weeks ago I feel like this should add WPT tests, since this might be a new requirement, because technically the [[type]] wasn't defined before. So it is imaginable that a hypothetical browser might initialize the AES key as type "private" or "public", even though it's not supposed to be that way. (Hence the need for tests, to ensure interop.)
What do you think?
EDIT: Turns out, this is already tested: https://github.com/web-platform-tests/wpt/blob/master/WebCryptoAPI/generateKey/successes.js#L70
I don't see where [[type]] is being set in the case of AES-CBC importKey, or in fact any of the AES variants. Maybe I overlooked it, but where?
CryptoKey.[[type]]slot, and never writes to it: https://w3c.github.io/webcrypto/#SubtleCrypto-method-importKeyI suggest to add a step like
Set the [[type]] internal slot of key to "secret".to each AES algorithm, and also HMAC.Or maybe I just missed a very important page? :-)
EDIT: Originally reported together with some false-positive issues: #373.