Skip to content

[v16.x backport] WebCryptoAPI fixes #47336

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
panva wants to merge 13 commits into from
Closed

[v16.x backport] WebCryptoAPI fixes #47336

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
bc17568
crypto: add CryptoKey Symbol.toStringTag
panva Jan 18, 2023
cca5940
crypto: add KeyObject Symbol.toStringTag
panva Jan 3, 2023
c7c5011
crypto: handle more webcrypto errors with OperationError
panva Nov 7, 2022
5b9738a
test: mock structuredClone for WebCryptoAPI WPTs
panva Mar 31, 2023
ae600b9
crypto: fix webcrypto HMAC "get key length" in deriveKey and generateKey
panva Oct 12, 2022
252839a
crypto: ensure "x" is present when importing private CFRG webcrypto keys
panva Nov 21, 2022
a321238
crypto: fix X25519 and X448 webcrypto public CryptoKey usages
panva Nov 21, 2022
b72552c
crypto: use DataError for webcrypto keyData import failures
panva Nov 21, 2022
adca91a
crypto: validate CFRG webcrypto JWK import "d" and "x" are a pair
panva Nov 21, 2022
8570ffa
crypto: fix ECDH webcrypto public CryptoKey usages
panva Nov 21, 2022
d50a7dc
crypto: use WebIDL converters in WebCryptoAPI
panva Jan 17, 2023
588a166
crypto: re-add padding for AES-KW wrapped JWKs
panva Feb 17, 2023
ca5b942
crypto: fix webcrypto private/secret import with empty usages
panva May 7, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
crypto: fix ECDH webcrypto public CryptoKey usages 
PR-URL: #45569
Reviewed-By: Antoine du Hamel <[email protected]>
Reviewed-By: Tobias Nießen <[email protected]>
Backport-PR-URL: #47336
  • Loading branch information
@panva
panva committed Mar 31, 2023
commit 8570ffab8b331693ebc43b75ecad6618445dc5ca
9 changes: 8 additions & 1 deletion lib/internal/crypto/ec.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,14 @@ function verifyAcceptableEcKeyUse(name, type, usages) {
let checkSet;
switch (name) {
case 'ECDH':
checkSet = ['deriveKey', 'deriveBits'];
switch (type) {
case 'private':
checkSet = ['deriveKey', 'deriveBits'];
break;
case 'public':
checkSet = [];
break;
}
break;
case 'ECDSA':
switch (type) {
Expand Down
12 changes: 6 additions & 6 deletions test/parallel/test-webcrypto-derivebits-ecdh.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ async function prepareKeys() {
namedCurve
},
true,
['deriveKey', 'deriveBits']),
[]),
]);
keys[namedCurve] = {
privateKey,
Expand Down Expand Up @@ -235,17 +235,17 @@ async function prepareKeys() {
name: 'ECDH',
public: keys['P-521'].publicKey
}, keys['P-521'].publicKey, null), {
message: /baseKey must be a private key/
name: 'InvalidAccessError'
});
}

{
// Base key is not a private key
// Public is not a public key
await assert.rejects(subtle.deriveBits({
name: 'ECDH',
public: keys['P-521'].privateKey
}, keys['P-521'].publicKey, null), {
message: /algorithm\.public must be a public key/
}, keys['P-521'].privateKey, null), {
name: 'InvalidAccessError'
});
}

Expand All @@ -262,7 +262,7 @@ async function prepareKeys() {
name: 'ECDH',
public: key
}, keys['P-521'].publicKey, null), {
message: /algorithm\.public must be a public key/
name: 'InvalidAccessError'
});
}
})().then(common.mustCall());
8 changes: 4 additions & 4 deletions test/parallel/test-webcrypto-derivekey-ecdh.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ async function prepareKeys() {
namedCurve
},
true,
['deriveKey', 'deriveBits']),
[]),
]);
keys[namedCurve] = {
privateKey,
Expand Down Expand Up @@ -209,7 +209,7 @@ async function prepareKeys() {
},
keys['P-521'].publicKey,
...otherArgs),
{ message: /baseKey must be a private key/ });
{ name: 'InvalidAccessError' });
}

{
Expand All @@ -222,7 +222,7 @@ async function prepareKeys() {
},
keys['P-521'].publicKey,
...otherArgs),
{ message: /algorithm\.public must be a public key/ });
{ name: 'InvalidAccessError' });
}

{
Expand All @@ -242,6 +242,6 @@ async function prepareKeys() {
},
keys['P-521'].publicKey,
...otherArgs),
{ message: /algorithm\.public must be a public key/ });
{ name: 'InvalidAccessError' });
}
})().then(common.mustCall());
12 changes: 6 additions & 6 deletions test/parallel/test-webcrypto-export-import-ec.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -333,19 +333,19 @@ async function testImportRaw({ name, publicUsages }, namedCurve) {
const rsaPrivate = crypto.createPrivateKey(
fixtures.readKey('rsa_private_2048.pem'));

for (const [name, [publicUsage, privateUsage]] of Object.entries({
'ECDSA': ['verify', 'sign'],
'ECDH': ['deriveBits', 'deriveBits'],
})) {
for (const [name, publicUsages, privateUsages] of [
['ECDSA', ['verify'], ['sign']],
['ECDH', [], ['deriveBits', 'deriveBits']],
]) {
assert.rejects(subtle.importKey(
'spki',
rsaPublic.export({ format: 'der', type: 'spki' }),
{ name, hash: 'SHA-256', namedCurve: 'P-256' },
true, [publicUsage]), { message: /Invalid key type/ });
true, publicUsages), { message: /Invalid key type/ });
assert.rejects(subtle.importKey(
'pkcs8',
rsaPrivate.export({ format: 'der', type: 'pkcs8' }),
{ name, hash: 'SHA-256', namedCurve: 'P-256' },
true, [privateUsage]), { message: /Invalid key type/ });
true, privateUsages), { message: /Invalid key type/ });
}
}