Skip to content

Commit

Permalink
crypto: fix webcrypto ed(25519|448) spki/pkcs8 import
Browse files Browse the repository at this point in the history
  • Loading branch information
panva committed Sep 16, 2021
1 parent 0f1765e commit 314cd80
Show file tree
Hide file tree
Showing 3 changed files with 54 additions and 29 deletions.
30 changes: 11 additions & 19 deletions lib/internal/crypto/ec.js
Original file line number Diff line number Diff line change
Expand Up @@ -269,14 +269,12 @@ async function ecImportKey(
case 'NODE-X25519':
// Fall through
case 'NODE-X448':
checkNamedCurve = false;
if (algorithm.name !== 'ECDH')
throw lazyDOMException('Invalid algorithm name.', 'DataError');
break;
case 'NODE-ED25519':
// Fall through
case 'NODE-ED448':
checkNamedCurve = false;
if (algorithm.name !== namedCurve)
throw lazyDOMException('Invalid algorithm name.', 'DataError');
break;
Expand Down Expand Up @@ -310,7 +308,6 @@ async function ecImportKey(
throw lazyDOMException('Invalid JWK keyData', 'DataError');
switch (keyData.kty) {
case 'OKP': {
checkNamedCurve = false;
const isPublic = keyData.d === undefined;

let type;
Expand Down Expand Up @@ -395,7 +392,6 @@ async function ecImportKey(
case 'NODE-X25519':
// Fall through
case 'NODE-X448':
checkNamedCurve = false;
if (algorithm.public !== undefined)
validateBoolean(algorithm.public, 'algorithm.public');
if (algorithm.name !== 'ECDH')
Expand All @@ -409,7 +405,6 @@ async function ecImportKey(
case 'NODE-ED25519':
// Fall through
case 'NODE-ED448':
checkNamedCurve = false;
if (algorithm.public !== undefined)
validateBoolean(algorithm.public, 'algorithm.public');
if (algorithm.name !== namedCurve)
Expand All @@ -436,30 +431,27 @@ async function ecImportKey(
throw lazyDOMException('Invalid key type', 'DataError');
break;
case 'ECDH':
if (
algorithm.namedCurve === 'NODE-X25519' &&
keyObject.asymmetricKeyType !== 'x25519'
) {
throw lazyDOMException('Invalid key type', 'DataError');
} else if (
algorithm.namedCurve === 'NODE-X448' &&
keyObject.asymmetricKeyType !== 'x448'
) {
throw lazyDOMException('Invalid key type', 'DataError');
} else if (
algorithm.namedCurve.startsWith('P') &&
keyObject.asymmetricKeyType !== 'ec'
) {
if (algorithm.namedCurve === 'NODE-X25519') {
if (keyObject.asymmetricKeyType !== 'x25519')
throw lazyDOMException('Invalid key type', 'DataError');
checkNamedCurve = false
} else if (algorithm.namedCurve === 'NODE-X448') {
if (keyObject.asymmetricKeyType !== 'x448')
throw lazyDOMException('Invalid key type', 'DataError');
checkNamedCurve = false
} else if (keyObject.asymmetricKeyType !== 'ec') {
throw lazyDOMException('Invalid key type', 'DataError');
}
break;
case 'NODE-ED25519':
if (keyObject.asymmetricKeyType !== 'ed25519')
throw lazyDOMException('Invalid key type', 'DataError');
checkNamedCurve = false;
break;
case 'NODE-ED448':
if (keyObject.asymmetricKeyType !== 'ed448')
throw lazyDOMException('Invalid key type', 'DataError');
checkNamedCurve = false;
break;
}

Expand Down
14 changes: 14 additions & 0 deletions test/parallel/test-webcrypto-ed25519-ed448.js
Original file line number Diff line number Diff line change
Expand Up @@ -382,6 +382,20 @@ assert.rejects(
assert.strictEqual(cryptoKey.algorithm.name, namedCurve);
}, common.mustNotCall());

subtle.importKey(
keyObject.type === 'private' ? 'pkcs8' : 'spki',
keyObject.export({
format: 'der',
type: keyObject.type === 'private' ? 'pkcs8' : 'spki',
}),
{ name: namedCurve, namedCurve },
true,
keyObject.type === 'private' ? ['sign'] : ['verify'],
).then((cryptoKey) => {
assert.strictEqual(cryptoKey.type, keyObject.type);
assert.strictEqual(cryptoKey.algorithm.name, namedCurve);
}, common.mustNotCall());

assert.rejects(
subtle.importKey(
'node.keyObject',
Expand Down
39 changes: 29 additions & 10 deletions test/parallel/test-webcrypto-x25519-x448.js
Original file line number Diff line number Diff line change
Expand Up @@ -285,16 +285,35 @@ assert.rejects(
const { publicKey, privateKey } = generateKeyPairSync(asymmetricKeyType);
for (const keyObject of [publicKey, privateKey]) {
const namedCurve = `NODE-${asymmetricKeyType.toUpperCase()}`;
subtle.importKey(
'node.keyObject',
keyObject,
{ name: 'ECDH', namedCurve },
true,
keyObject.type === 'private' ? ['deriveBits', 'deriveKey'] : [],
).then((cryptoKey) => {
assert.strictEqual(cryptoKey.type, keyObject.type);
assert.strictEqual(cryptoKey.algorithm.name, 'ECDH');
}, common.mustNotCall());
{
subtle.importKey(
'node.keyObject',
keyObject,
{ name: 'ECDH', namedCurve },
true,
keyObject.type === 'private' ? ['deriveBits', 'deriveKey'] : [],
).then((cryptoKey) => {
assert.strictEqual(cryptoKey.type, keyObject.type);
assert.strictEqual(cryptoKey.algorithm.name, 'ECDH');
}, common.mustNotCall());
}

{
subtle.importKey(
keyObject.type === 'private' ? 'pkcs8' : 'spki',
keyObject.export({
format: 'der',
type: keyObject.type === 'private' ? 'pkcs8' : 'spki',
}),
{ name: namedCurve, namedCurve },
true,
keyObject.type === 'private' ? ['deriveBits'] : [],
).then((cryptoKey) => {
assert.strictEqual(cryptoKey.type, keyObject.type);
assert.strictEqual(cryptoKey.algorithm.name, 'ECDH');
assert.strictEqual(cryptoKey.algorithm.namedCurve, namedCurve);
}, common.mustNotCall());
}
}
}
}

0 comments on commit 314cd80

Please sign in to comment.