Skip to content

crypto: use WebIDL converters in WebCryptoAPI #46067

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
nodejs-github-bot merged 27 commits into from
Jan 17, 2023
Merged

crypto: use WebIDL converters in WebCryptoAPI #46067

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
27 commits
Select commit Hold shift + click to select a range
bc436eb
crypto: use WebIDL converters in WebCryptoAPI
panva Jan 2, 2023
03c0459
add docs change entry
panva Jan 3, 2023
28a3c4f
make webidl require a noop after first use
panva Jan 3, 2023
c11a280
add note to the normalizeAlgorithm
panva Jan 3, 2023
c1f2da3
match normalizeAlgorithm case-insensitive definition
panva Jan 3, 2023
c5bab06
update unrecognized name message and assertions
panva Jan 3, 2023
2900c12
remove unused converter
panva Jan 3, 2023
976cd80
refactor makeException to have default code
panva Jan 3, 2023
b40e895
update toNumber to use makeException
panva Jan 3, 2023
7208755
carry context to toNumber exceptions
panva Jan 3, 2023
cc91875
normalize webidl error message sentences
panva Jan 3, 2023
30353de
add webidl.requiredArguments tests
panva Jan 3, 2023
cdfbb9d
add webidl.converters.boolean tests
panva Jan 3, 2023
1216371
add more converter tests
panva Jan 3, 2023
ffcd2fc
add more converter tests
panva Jan 3, 2023
4bed6b0
lint and doc change change
panva Jan 3, 2023
609f194
address some comments
panva Jan 3, 2023
c7af35a
address comments
panva Jan 3, 2023
39e40f0
address comments
panva Jan 3, 2023
91c8abd
address comments
panva Jan 3, 2023
833e286
remove more redundant checks
panva Jan 3, 2023
fcddb59
refactor JWK import validations
panva Jan 3, 2023
31b983c
upcoming linter rules fix
panva Jan 3, 2023
5d74979
webcrypto does not need defaultValue
panva Jan 4, 2023
44640fb
improve coverage
panva Jan 4, 2023
fb9d1c4
apply review feedback
panva Jan 5, 2023
42b9fb2
address more prototype pollution
panva Jan 5, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
crypto: use WebIDL converters in WebCryptoAPI 
WebCryptoAPI functions' arguments are now coersed and validated as per
their WebIDL definitions like in other Web Crypto API implementations.
This further improves interoperability with other implementations of
Web Crypto API.
  • Loading branch information
@panva
panva committed Jan 3, 2023
commit bc436ebd7ad52c5736832eb57059b631af2bcab4
6 changes: 0 additions & 6 deletions lib/internal/crypto/aes.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,6 @@ const {
} = internalBinding('crypto');

const {
getArrayBufferOrView,
hasAnyNotIn,
jobPromise,
validateByteLength,
Expand Down Expand Up @@ -112,7 +111,6 @@ function getVariant(name, length) {
}

function asyncAesCtrCipher(mode, key, data, { counter, length }) {
counter = getArrayBufferOrView(counter, 'algorithm.counter');
validateByteLength(counter, 'algorithm.counter', 16);
// The length must specify an integer between 1 and 128. While
// there is no default, this should typically be 64.
Expand All @@ -135,7 +133,6 @@ function asyncAesCtrCipher(mode, key, data, { counter, length }) {
}

function asyncAesCbcCipher(mode, key, data, { iv }) {
iv = getArrayBufferOrView(iv, 'algorithm.iv');
validateByteLength(iv, 'algorithm.iv', 16);
return jobPromise(() => new AESCipherJob(
kCryptoJobAsync,
Expand Down Expand Up @@ -166,12 +163,9 @@ function asyncAesGcmCipher(
'OperationError'));
}

iv = getArrayBufferOrView(iv, 'algorithm.iv');
validateMaxBufferLength(iv, 'algorithm.iv');

if (additionalData !== undefined) {
additionalData =
getArrayBufferOrView(additionalData, 'algorithm.additionalData');
validateMaxBufferLength(additionalData, 'algorithm.additionalData');
}

Expand Down
4 changes: 0 additions & 4 deletions lib/internal/crypto/cfrg.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@ const {
} = internalBinding('crypto');

const {
getArrayBufferOrView,
getUsagesUnion,
hasAnyNotIn,
jobPromise,
Expand Down Expand Up @@ -73,7 +72,6 @@ function verifyAcceptableCfrgKeyUse(name, isPublic, usages) {

function createCFRGRawKey(name, keyData, isPublic) {
const handle = new KeyObjectHandle();
keyData = getArrayBufferOrView(keyData, 'keyData');

switch (name) {
case 'Ed25519':
Expand Down Expand Up @@ -337,8 +335,6 @@ function eddsaSignVerify(key, data, { name, context }, signature) {
throw lazyDOMException(`Key must be a ${type} key`, 'InvalidAccessError');

if (name === 'Ed448' && context !== undefined) {
context =
getArrayBufferOrView(context, 'algorithm.context');
if (context.byteLength !== 0) {
throw lazyDOMException(
'Non zero-length context is not yet supported.', 'NotSupportedError');
Expand Down
3 changes: 0 additions & 3 deletions lib/internal/crypto/diffiehellman.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,6 @@ const {

const {
KeyObject,
isCryptoKey,
} = require('internal/crypto/keys');

const {
Expand Down Expand Up @@ -324,8 +323,6 @@ async function ecdhDeriveBits(algorithm, baseKey, length) {
// give us everything that is generated.
if (length !== null)
validateUint32(length, 'length');
if (!isCryptoKey(key))
throw new ERR_INVALID_ARG_TYPE('algorithm.public', 'CryptoKey', key);

if (key.type !== 'public') {
throw lazyDOMException(
Expand Down
2 changes: 0 additions & 2 deletions lib/internal/crypto/ec.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,6 @@ const {
} = require('internal/errors');

const {
getArrayBufferOrView,
getUsagesUnion,
hasAnyNotIn,
jobPromise,
Expand Down Expand Up @@ -76,7 +75,6 @@ function verifyAcceptableEcKeyUse(name, isPublic, usages) {

function createECPublicKeyRaw(namedCurve, keyData) {
const handle = new KeyObjectHandle();
keyData = getArrayBufferOrView(keyData, 'keyData');

if (!handle.initECRaw(kNamedCurveAliases[namedCurve], keyData)) {
throw lazyDOMException('Invalid keyData', 'DataError');
Expand Down
10 changes: 1 addition & 9 deletions lib/internal/crypto/hash.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,11 +14,9 @@ const {
} = internalBinding('crypto');

const {
getArrayBufferOrView,
getDefaultEncoding,
getStringOption,
jobPromise,
normalizeAlgorithm,
normalizeHashName,
validateMaxBufferLength,
kHandle,
Expand Down Expand Up @@ -168,13 +166,8 @@ Hmac.prototype._transform = Hash.prototype._transform;
// Implementation for WebCrypto subtle.digest()

async function asyncDigest(algorithm, data) {
algorithm = normalizeAlgorithm(algorithm);
data = getArrayBufferOrView(data, 'data');
validateMaxBufferLength(data, 'data');

if (algorithm.length !== undefined)
validateUint32(algorithm.length, 'algorithm.length');

switch (algorithm.name) {
case 'SHA-1':
// Fall through
Expand All @@ -186,8 +179,7 @@ async function asyncDigest(algorithm, data) {
return jobPromise(() => new HashJob(
kCryptoJobAsync,
normalizeHashName(algorithm.name),
data,
algorithm.length));
data));
}

throw lazyDOMException('Unrecognized name.', 'NotSupportedError');
Expand Down
8 changes: 1 addition & 7 deletions lib/internal/crypto/hkdf.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@ const {
const { kMaxLength } = require('buffer');

const {
getArrayBufferOrView,
normalizeHashName,
toBuf,
validateByteSource,
Expand All @@ -45,7 +44,6 @@ const {
codes: {
ERR_INVALID_ARG_TYPE,
ERR_OUT_OF_RANGE,
ERR_MISSING_OPTION,
},
hideStackFrames,
} = require('internal/errors');
Expand Down Expand Up @@ -140,11 +138,7 @@ function hkdfSync(hash, key, salt, info, length) {

const hkdfPromise = promisify(hkdf);
async function hkdfDeriveBits(algorithm, baseKey, length) {
const { hash } = algorithm;
const salt = getArrayBufferOrView(algorithm.salt, 'algorithm.salt');
const info = getArrayBufferOrView(algorithm.info, 'algorithm.info');
if (hash === undefined)
throw new ERR_MISSING_OPTION('algorithm.hash');
const { hash, salt, info } = algorithm;

if (length === 0)
throw lazyDOMException('length cannot be zero', 'OperationError');
Expand Down
16 changes: 4 additions & 12 deletions lib/internal/crypto/pbkdf2.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,12 +15,9 @@ const {
const {
validateFunction,
validateInt32,
validateInteger,
validateString,
} = require('internal/validators');

const { ERR_MISSING_OPTION } = require('internal/errors').codes;

const {
getArrayBufferOrView,
getDefaultEncoding,
Expand Down Expand Up @@ -101,19 +98,12 @@ function check(password, salt, iterations, keylen, digest) {

const pbkdf2Promise = promisify(pbkdf2);
async function pbkdf2DeriveBits(algorithm, baseKey, length) {
const { iterations } = algorithm;
let { hash } = algorithm;
const salt = getArrayBufferOrView(algorithm.salt, 'algorithm.salt');
if (hash === undefined)
throw new ERR_MISSING_OPTION('algorithm.hash');
validateInteger(iterations, 'algorithm.iterations');
const { iterations, hash, salt } = algorithm;
if (iterations === 0)
throw lazyDOMException(
'iterations cannot be zero',
'OperationError');

hash = normalizeHashName(hash.name);

const raw = baseKey[kKeyObject].export();

if (length === 0)
Expand All @@ -128,7 +118,9 @@ async function pbkdf2DeriveBits(algorithm, baseKey, length) {

let result;
try {
result = await pbkdf2Promise(raw, salt, iterations, length / 8, hash);
result = await pbkdf2Promise(
raw, salt, iterations, length / 8, normalizeHashName(hash.name),
);
} catch (err) {
throw lazyDOMException(
'The operation failed for an operation-specific reason',
Expand Down
3 changes: 0 additions & 3 deletions lib/internal/crypto/random.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,6 @@ const { Buffer, kMaxLength } = require('buffer');
const {
codes: {
ERR_INVALID_ARG_TYPE,
ERR_MISSING_ARGS,
ERR_OUT_OF_RANGE,
ERR_OPERATION_FAILED,
}
Expand Down Expand Up @@ -316,8 +315,6 @@ function onJobDone(buf, callback, error) {
// not allowed to exceed 65536 bytes, and can only
// be an integer-type TypedArray.
function getRandomValues(data) {
if (arguments.length < 1)
throw new ERR_MISSING_ARGS('typedArray');
if (!isTypedArray(data) ||
isFloat32Array(data) ||
isFloat64Array(data)) {
Expand Down
2 changes: 0 additions & 2 deletions lib/internal/crypto/rsa.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,6 @@ const {

const {
bigIntArrayToUnsignedInt,
getArrayBufferOrView,
getUsagesUnion,
hasAnyNotIn,
jobPromise,
Expand Down Expand Up @@ -104,7 +103,6 @@ function rsaOaepCipher(mode, key, data, { label }) {
'InvalidAccessError');
}
if (label !== undefined) {
label = getArrayBufferOrView(label, 'algorithm.label');
validateMaxBufferLength(label, 'algorithm.label');
}

Expand Down
Loading