Skip to content

Commit

Permalink
crypto: fix X25519 and X448 webcrypto public CryptoKey usages
Browse files Browse the repository at this point in the history
PR-URL: #45569
Reviewed-By: Antoine du Hamel <[email protected]>
Reviewed-By: Tobias Nießen <[email protected]>
  • Loading branch information
panva authored and danielleadams committed Jan 3, 2023
1 parent 27adcc9 commit a976a63
Show file tree
Hide file tree
Showing 5 changed files with 24 additions and 33 deletions.
9 changes: 8 additions & 1 deletion lib/internal/crypto/cfrg.js
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,14 @@ function verifyAcceptableCfrgKeyUse(name, type, usages) {
case 'X25519':
// Fall through
case 'X448':
checkSet = ['deriveKey', 'deriveBits'];
switch (type) {
case 'private':
checkSet = ['deriveKey', 'deriveBits'];
break;
case 'public':
checkSet = [];
break;
}
break;
case 'Ed25519':
// Fall through
Expand Down
8 changes: 4 additions & 4 deletions test/parallel/test-webcrypto-derivebits-cfrg.js
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ async function prepareKeys() {
Buffer.from(spki, 'hex'),
{ name },
true,
['deriveKey', 'deriveBits']),
[]),
]);
keys[name] = {
privateKey,
Expand Down Expand Up @@ -180,7 +180,7 @@ async function prepareKeys() {
name: 'X448',
public: keys.X448.publicKey
}, keys.X448.publicKey, null), {
message: /baseKey must be a private key/
name: 'InvalidAccessError'
});
}

Expand All @@ -190,7 +190,7 @@ async function prepareKeys() {
name: 'X448',
public: keys.X448.privateKey
}, keys.X448.publicKey, null), {
message: /algorithm\.public must be a public key/
name: 'InvalidAccessError'
});
}

Expand All @@ -207,7 +207,7 @@ async function prepareKeys() {
name: 'X448',
public: key
}, keys.X448.publicKey, null), {
message: /algorithm\.public must be a public key/
name: 'InvalidAccessError'
});
}
})().then(common.mustCall());
12 changes: 6 additions & 6 deletions test/parallel/test-webcrypto-derivekey-cfrg.js
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ async function prepareKeys() {
Buffer.from(spki, 'hex'),
{ name },
true,
['deriveKey', 'deriveBits']),
[]),
]);
keys[name] = {
privateKey,
Expand Down Expand Up @@ -150,20 +150,20 @@ async function prepareKeys() {
},
keys.X448.publicKey,
...otherArgs),
{ message: /baseKey must be a private key/ });
{ name: 'InvalidAccessError' });
}

{
// Base key is not a private key
// Public is not a public key
await assert.rejects(
subtle.deriveKey(
{
name: 'X448',
public: keys.X448.privateKey
},
keys.X448.publicKey,
keys.X448.privateKey,
...otherArgs),
{ message: /algorithm\.public must be a public key/ });
{ name: 'InvalidAccessError' });
}

{
Expand All @@ -183,6 +183,6 @@ async function prepareKeys() {
},
keys.X448.publicKey,
...otherArgs),
{ message: /algorithm\.public must be a public key/ });
{ name: 'InvalidAccessError' });
}
})().then(common.mustCall());
12 changes: 6 additions & 6 deletions test/parallel/test-webcrypto-export-import-cfrg.js
Original file line number Diff line number Diff line change
Expand Up @@ -315,19 +315,19 @@ async function testImportRaw({ name, publicUsages }) {
const rsaPrivate = crypto.createPrivateKey(
fixtures.readKey('rsa_private_2048.pem'));

for (const [name, [publicUsage, privateUsage]] of Object.entries({
'Ed25519': ['verify', 'sign'],
'X448': ['deriveBits', 'deriveBits'],
})) {
for (const [name, publicUsages, privateUsages] of [
['Ed25519', ['verify'], ['sign']],
['X448', [], ['deriveBits']],
]) {
assert.rejects(subtle.importKey(
'spki',
rsaPublic.export({ format: 'der', type: 'spki' }),
{ name },
true, [publicUsage]), { message: /Invalid key type/ });
true, publicUsages), { message: /Invalid key type/ });
assert.rejects(subtle.importKey(
'pkcs8',
rsaPrivate.export({ format: 'der', type: 'pkcs8' }),
{ name },
true, [privateUsage]), { message: /Invalid key type/ });
true, privateUsages), { message: /Invalid key type/ });
}
}
16 changes: 0 additions & 16 deletions test/wpt/status/WebCryptoAPI.json
Original file line number Diff line number Diff line change
Expand Up @@ -59,14 +59,6 @@
"import_export/okp_importKey_failures_X25519.https.any.js": {
"fail": {
"expected": [
"Bad usages: importKey(spki, {name: X25519}, true, [deriveKey])",
"Bad usages: importKey(spki, {name: X25519}, false, [deriveKey])",
"Bad usages: importKey(spki, {name: X25519}, true, [deriveBits])",
"Bad usages: importKey(spki, {name: X25519}, false, [deriveBits])",
"Bad usages: importKey(jwk (public) , {name: X25519}, true, [deriveKey])",
"Bad usages: importKey(jwk (public) , {name: X25519}, false, [deriveKey])",
"Bad usages: importKey(jwk (public) , {name: X25519}, true, [deriveBits])",
"Bad usages: importKey(jwk (public) , {name: X25519}, false, [deriveBits])",
"Bad key length: importKey(spki, {name: X25519}, true, [])",
"Bad key length: importKey(spki, {name: X25519}, false, [])",
"Bad key length: importKey(pkcs8, {name: X25519}, true, [deriveKey])",
Expand Down Expand Up @@ -97,14 +89,6 @@
"import_export/okp_importKey_failures_X448.https.any.js": {
"fail": {
"expected": [
"Bad usages: importKey(spki, {name: X448}, true, [deriveKey])",
"Bad usages: importKey(spki, {name: X448}, false, [deriveKey])",
"Bad usages: importKey(spki, {name: X448}, true, [deriveBits])",
"Bad usages: importKey(spki, {name: X448}, false, [deriveBits])",
"Bad usages: importKey(jwk (public) , {name: X448}, true, [deriveKey])",
"Bad usages: importKey(jwk (public) , {name: X448}, false, [deriveKey])",
"Bad usages: importKey(jwk (public) , {name: X448}, true, [deriveBits])",
"Bad usages: importKey(jwk (public) , {name: X448}, false, [deriveBits])",
"Bad key length: importKey(spki, {name: X448}, true, [])",
"Bad key length: importKey(spki, {name: X448}, false, [])",
"Bad key length: importKey(pkcs8, {name: X448}, true, [deriveKey])",
Expand Down

0 comments on commit a976a63

Please sign in to comment.