-
Notifications
You must be signed in to change notification settings - Fork 30.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto: generateKeyPair('ec') should not support NODE-ED* and NODE-X* #37063
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is the only public API change (outside of WebCrypto) from the referenced PR, but I'm not 100% sure. It definitely fixes the problem with generateKeyPair
.
I still have to manage to change |
src/crypto/crypto_ecdh.cc
Outdated
@@ -443,7 +447,7 @@ Maybe<bool> ECDHBitsTraits::AdditionalConfig( | |||
return Nothing<bool>(); | |||
} | |||
|
|||
params->id_ = GetCurveFromName(*name); | |||
params->id_ = GetOKPCurveFromName(*name); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
AFAICT id_
is only used to discern between X25519, X448 and then it throws everything else in the default
bucket anyway, therefore returning the specific EC curve ids is not necessary and using GetOKPCurveFromName
is ok.
Co-authored-by: Tobias Nießen <[email protected]>
Fixes #37055 PR-URL: #37063 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Juan José Arboleda <[email protected]>
Landed in 8b65004 |
Fixes #37055 PR-URL: #37063 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Juan José Arboleda <[email protected]>
The following "curves" were added to the
'ec'
key type in #36879.NODE-ED25519
NODE-ED448
NODE-X25519
NODE-X448
However, none of these are pure EC curves, for example, Curve25519 does not work with ECDSA, which is one of the reasons why
crypto.getCurves()
does not include Curve25519. This PR makes these "curves" only recognized from the Web Cryptography API experimental interface.Fixes #37055
cc @jasnell @tniessen