fix(ext/crypto): fix identity test for x25519 derive bits

Fixes denoland#25991
littledivy · Oct 3, 2024 · b8304b3 · b8304b3
1 parent c7cba4e
commit b8304b3
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 2 deletions.
diff --git a/ext/crypto/x25519.rs b/ext/crypto/x25519.rs
@@ -47,10 +47,10 @@ pub fn op_crypto_derive_bits_x25519(
   let sh_sec = x25519_dalek::x25519(k, u);
   let point = MontgomeryPoint(sh_sec);
   if point.ct_eq(&MONTGOMERY_IDENTITY).unwrap_u8() == 1 {
-    return false;
+    return true;
   }
   secret.copy_from_slice(&sh_sec);
-  true
+  false
 }
 
 // id-X25519 OBJECT IDENTIFIER ::= { 1 3 101 110 }

diff --git a/tests/unit/webcrypto_test.ts b/tests/unit/webcrypto_test.ts
@@ -2045,3 +2045,43 @@ Deno.test(async function p521Generate() {
   assert(key.privateKey instanceof CryptoKey);
   assert(key.publicKey instanceof CryptoKey);
 });
+
+Deno.test(async function x25519SharedSecret() {
+  const alicesKeyPair = await crypto.subtle.generateKey(
+    {
+      name: "X25519",
+    },
+    false,
+    ["deriveBits"],
+  ) as CryptoKeyPair;
+
+  const bobsKeyPair = await crypto.subtle.generateKey(
+    {
+      name: "X25519",
+    },
+    false,
+    ["deriveBits"],
+  ) as CryptoKeyPair;
+
+  const sharedSecret1 = await crypto.subtle.deriveBits(
+    {
+      name: "X25519",
+      public: bobsKeyPair.publicKey,
+    },
+    alicesKeyPair.privateKey,
+    128,
+  );
+
+  const sharedSecret2 = await crypto.subtle.deriveBits(
+    {
+      name: "X25519",
+      public: alicesKeyPair.publicKey,
+    },
+    bobsKeyPair.privateKey,
+    128,
+  );
+
+  assertEquals(sharedSecret1.byteLength, sharedSecret2.byteLength);
+  assertEquals(sharedSecret1.byteLength, 16);
+  assertEquals(new Uint8Array(sharedSecret1), new Uint8Array(sharedSecret2));
+});