From b2c014ec0e80b454a22df6ddffe774e70f240aae Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Thu, 16 Sep 2021 22:03:15 +0200 Subject: [PATCH 1/2] crypto: fix webcrypto ed(25519|448) spki/pkcs8 import --- lib/internal/crypto/ec.js | 30 +++++++------------ test/parallel/test-webcrypto-ed25519-ed448.js | 14 +++++++++ test/parallel/test-webcrypto-x25519-x448.js | 15 ++++++++++ 3 files changed, 40 insertions(+), 19 deletions(-) diff --git a/lib/internal/crypto/ec.js b/lib/internal/crypto/ec.js index 1ebceadf50f399..76c6b306cf25a3 100644 --- a/lib/internal/crypto/ec.js +++ b/lib/internal/crypto/ec.js @@ -269,14 +269,12 @@ async function ecImportKey( case 'NODE-X25519': // Fall through case 'NODE-X448': - checkNamedCurve = false; if (algorithm.name !== 'ECDH') throw lazyDOMException('Invalid algorithm name.', 'DataError'); break; case 'NODE-ED25519': // Fall through case 'NODE-ED448': - checkNamedCurve = false; if (algorithm.name !== namedCurve) throw lazyDOMException('Invalid algorithm name.', 'DataError'); break; @@ -310,7 +308,6 @@ async function ecImportKey( throw lazyDOMException('Invalid JWK keyData', 'DataError'); switch (keyData.kty) { case 'OKP': { - checkNamedCurve = false; const isPublic = keyData.d === undefined; let type; @@ -395,7 +392,6 @@ async function ecImportKey( case 'NODE-X25519': // Fall through case 'NODE-X448': - checkNamedCurve = false; if (algorithm.public !== undefined) validateBoolean(algorithm.public, 'algorithm.public'); if (algorithm.name !== 'ECDH') @@ -409,7 +405,6 @@ async function ecImportKey( case 'NODE-ED25519': // Fall through case 'NODE-ED448': - checkNamedCurve = false; if (algorithm.public !== undefined) validateBoolean(algorithm.public, 'algorithm.public'); if (algorithm.name !== namedCurve) @@ -436,30 +431,27 @@ async function ecImportKey( throw lazyDOMException('Invalid key type', 'DataError'); break; case 'ECDH': - if ( - algorithm.namedCurve === 'NODE-X25519' && - keyObject.asymmetricKeyType !== 'x25519' - ) { - throw lazyDOMException('Invalid key type', 'DataError'); - } else if ( - algorithm.namedCurve === 'NODE-X448' && - keyObject.asymmetricKeyType !== 'x448' - ) { - throw lazyDOMException('Invalid key type', 'DataError'); - } else if ( - algorithm.namedCurve.startsWith('P') && - keyObject.asymmetricKeyType !== 'ec' - ) { + if (algorithm.namedCurve === 'NODE-X25519') { + if (keyObject.asymmetricKeyType !== 'x25519') + throw lazyDOMException('Invalid key type', 'DataError'); + checkNamedCurve = false; + } else if (algorithm.namedCurve === 'NODE-X448') { + if (keyObject.asymmetricKeyType !== 'x448') + throw lazyDOMException('Invalid key type', 'DataError'); + checkNamedCurve = false; + } else if (keyObject.asymmetricKeyType !== 'ec') { throw lazyDOMException('Invalid key type', 'DataError'); } break; case 'NODE-ED25519': if (keyObject.asymmetricKeyType !== 'ed25519') throw lazyDOMException('Invalid key type', 'DataError'); + checkNamedCurve = false; break; case 'NODE-ED448': if (keyObject.asymmetricKeyType !== 'ed448') throw lazyDOMException('Invalid key type', 'DataError'); + checkNamedCurve = false; break; } diff --git a/test/parallel/test-webcrypto-ed25519-ed448.js b/test/parallel/test-webcrypto-ed25519-ed448.js index 9c60ceff64b1b4..f03cec9183efa8 100644 --- a/test/parallel/test-webcrypto-ed25519-ed448.js +++ b/test/parallel/test-webcrypto-ed25519-ed448.js @@ -382,6 +382,20 @@ assert.rejects( assert.strictEqual(cryptoKey.algorithm.name, namedCurve); }, common.mustNotCall()); + subtle.importKey( + keyObject.type === 'private' ? 'pkcs8' : 'spki', + keyObject.export({ + format: 'der', + type: keyObject.type === 'private' ? 'pkcs8' : 'spki', + }), + { name: namedCurve, namedCurve }, + true, + keyObject.type === 'private' ? ['sign'] : ['verify'], + ).then((cryptoKey) => { + assert.strictEqual(cryptoKey.type, keyObject.type); + assert.strictEqual(cryptoKey.algorithm.name, namedCurve); + }, common.mustNotCall()); + assert.rejects( subtle.importKey( 'node.keyObject', diff --git a/test/parallel/test-webcrypto-x25519-x448.js b/test/parallel/test-webcrypto-x25519-x448.js index cd079b5fb80a5e..89716e5d302a16 100644 --- a/test/parallel/test-webcrypto-x25519-x448.js +++ b/test/parallel/test-webcrypto-x25519-x448.js @@ -295,6 +295,21 @@ assert.rejects( assert.strictEqual(cryptoKey.type, keyObject.type); assert.strictEqual(cryptoKey.algorithm.name, 'ECDH'); }, common.mustNotCall()); + + subtle.importKey( + keyObject.type === 'private' ? 'pkcs8' : 'spki', + keyObject.export({ + format: 'der', + type: keyObject.type === 'private' ? 'pkcs8' : 'spki', + }), + { name: 'ECDH', namedCurve }, + true, + keyObject.type === 'private' ? ['deriveBits'] : [], + ).then((cryptoKey) => { + assert.strictEqual(cryptoKey.type, keyObject.type); + assert.strictEqual(cryptoKey.algorithm.name, 'ECDH'); + assert.strictEqual(cryptoKey.algorithm.namedCurve, namedCurve); + }, common.mustNotCall()); } } } From 5c02e778d18e00675137a33db7beb22c87d15fea Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Fri, 17 Sep 2021 17:38:53 +0200 Subject: [PATCH 2/2] fixup! crypto: fix webcrypto ed(25519|448) spki/pkcs8 import --- test/parallel/test-webcrypto-ed25519-ed448.js | 1 + 1 file changed, 1 insertion(+) diff --git a/test/parallel/test-webcrypto-ed25519-ed448.js b/test/parallel/test-webcrypto-ed25519-ed448.js index f03cec9183efa8..8abca247738621 100644 --- a/test/parallel/test-webcrypto-ed25519-ed448.js +++ b/test/parallel/test-webcrypto-ed25519-ed448.js @@ -394,6 +394,7 @@ assert.rejects( ).then((cryptoKey) => { assert.strictEqual(cryptoKey.type, keyObject.type); assert.strictEqual(cryptoKey.algorithm.name, namedCurve); + assert.strictEqual(cryptoKey.algorithm.namedCurve, namedCurve); }, common.mustNotCall()); assert.rejects(