Skip to content

Commit

Permalink
crypto: fix webcrypto EC key namedCurve validation errors
Browse files Browse the repository at this point in the history
PR-URL: nodejs/node#44172
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Tobias Nießen <[email protected]>
Backport-PR-URL: nodejs/node#44872
  • Loading branch information
panva authored and guangwong committed Jan 3, 2023
1 parent a06fba1 commit 8ebadd5
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 52 deletions.
29 changes: 14 additions & 15 deletions lib/internal/crypto/ec.js
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
'use strict';

const {
ArrayPrototypeIncludes,
ObjectKeys,
SafeSet,
} = primordials;
Expand All @@ -16,11 +17,6 @@ const {
kSigEncP1363,
} = internalBinding('crypto');

const {
validateOneOf,
validateString,
} = require('internal/validators');

const {
codes: {
ERR_MISSING_OPTION,
Expand Down Expand Up @@ -90,11 +86,12 @@ function createECPublicKeyRaw(namedCurve, keyData) {

async function ecGenerateKey(algorithm, extractable, keyUsages) {
const { name, namedCurve } = algorithm;
validateString(namedCurve, 'algorithm.namedCurve');
validateOneOf(
namedCurve,
'algorithm.namedCurve',
ObjectKeys(kNamedCurveAliases));

if (!ArrayPrototypeIncludes(ObjectKeys(kNamedCurveAliases), namedCurve)) {
throw lazyDOMException(
'Unrecognized namedCurve',
'NotSupportedError');
}

const usageSet = new SafeSet(keyUsages);
switch (name) {
Expand Down Expand Up @@ -168,11 +165,13 @@ async function ecImportKey(
keyUsages) {

const { name, namedCurve } = algorithm;
validateString(namedCurve, 'algorithm.namedCurve');
validateOneOf(
namedCurve,
'algorithm.namedCurve',
ObjectKeys(kNamedCurveAliases));

if (!ArrayPrototypeIncludes(ObjectKeys(kNamedCurveAliases), namedCurve)) {
throw lazyDOMException(
'Unrecognized namedCurve',
'NotSupportedError');
}

let keyObject;
const usagesSet = new SafeSet(keyUsages);
switch (format) {
Expand Down
2 changes: 1 addition & 1 deletion test/parallel/test-webcrypto-keygen.js
Original file line number Diff line number Diff line change
Expand Up @@ -452,7 +452,7 @@ const vectors = {
[1, true, {}, [], undefined, null].forEach(async (namedCurve) => {
await assert.rejects(
subtle.generateKey({ name, namedCurve }, true, privateUsages), {
code: 'ERR_INVALID_ARG_TYPE'
name: 'NotSupportedError'
});
});
}
Expand Down
36 changes: 0 additions & 36 deletions test/wpt/status/WebCryptoAPI.json
Original file line number Diff line number Diff line change
Expand Up @@ -2690,48 +2690,12 @@
"generateKey/failures_ECDH.https.any.js": {
"fail": {
"expected": [
"Bad algorithm property: generateKey({name: ECDH, namedCurve: P-512}, false, [deriveKey])",
"Bad algorithm property: generateKey({name: ECDH, namedCurve: P-512}, true, [deriveKey])",
"Bad algorithm property: generateKey({name: ECDH, namedCurve: P-512}, false, [deriveBits, deriveKey])",
"Bad algorithm property: generateKey({name: ECDH, namedCurve: P-512}, true, [deriveBits, deriveKey])",
"Bad algorithm property: generateKey({name: ECDH, namedCurve: P-512}, false, [deriveBits])",
"Bad algorithm property: generateKey({name: ECDH, namedCurve: P-512}, true, [deriveBits])",
"Bad algorithm property: generateKey({name: ECDH, namedCurve: P-512}, false, [])",
"Bad algorithm property: generateKey({name: ECDH, namedCurve: P-512}, true, [])",
"Bad algorithm property: generateKey({name: ECDH, namedCurve: P-512}, false, [deriveKey, deriveBits, deriveKey, deriveBits, deriveKey, deriveBits])",
"Bad algorithm property: generateKey({name: ECDH, namedCurve: P-512}, true, [deriveKey, deriveBits, deriveKey, deriveBits, deriveKey, deriveBits])",
"Bad algorithm property: generateKey({name: ECDH, namedCurve: Curve25519}, false, [deriveKey])",
"Bad algorithm property: generateKey({name: ECDH, namedCurve: Curve25519}, true, [deriveKey])",
"Bad algorithm property: generateKey({name: ECDH, namedCurve: Curve25519}, false, [deriveBits, deriveKey])",
"Bad algorithm property: generateKey({name: ECDH, namedCurve: Curve25519}, true, [deriveBits, deriveKey])",
"Bad algorithm property: generateKey({name: ECDH, namedCurve: Curve25519}, false, [deriveBits])",
"Bad algorithm property: generateKey({name: ECDH, namedCurve: Curve25519}, true, [deriveBits])",
"Bad algorithm property: generateKey({name: ECDH, namedCurve: Curve25519}, false, [])",
"Bad algorithm property: generateKey({name: ECDH, namedCurve: Curve25519}, true, [])",
"Bad algorithm property: generateKey({name: ECDH, namedCurve: Curve25519}, false, [deriveKey, deriveBits, deriveKey, deriveBits, deriveKey, deriveBits])",
"Bad algorithm property: generateKey({name: ECDH, namedCurve: Curve25519}, true, [deriveKey, deriveBits, deriveKey, deriveBits, deriveKey, deriveBits])"
]
}
},
"generateKey/failures_ECDSA.https.any.js": {
"fail": {
"expected": [
"Bad algorithm property: generateKey({name: ECDSA, namedCurve: P-512}, false, [sign])",
"Bad algorithm property: generateKey({name: ECDSA, namedCurve: P-512}, true, [sign])",
"Bad algorithm property: generateKey({name: ECDSA, namedCurve: P-512}, false, [verify, sign])",
"Bad algorithm property: generateKey({name: ECDSA, namedCurve: P-512}, true, [verify, sign])",
"Bad algorithm property: generateKey({name: ECDSA, namedCurve: P-512}, false, [])",
"Bad algorithm property: generateKey({name: ECDSA, namedCurve: P-512}, true, [])",
"Bad algorithm property: generateKey({name: ECDSA, namedCurve: P-512}, false, [sign, verify, sign, sign, verify])",
"Bad algorithm property: generateKey({name: ECDSA, namedCurve: P-512}, true, [sign, verify, sign, sign, verify])",
"Bad algorithm property: generateKey({name: ECDSA, namedCurve: Curve25519}, false, [sign])",
"Bad algorithm property: generateKey({name: ECDSA, namedCurve: Curve25519}, true, [sign])",
"Bad algorithm property: generateKey({name: ECDSA, namedCurve: Curve25519}, false, [verify, sign])",
"Bad algorithm property: generateKey({name: ECDSA, namedCurve: Curve25519}, true, [verify, sign])",
"Bad algorithm property: generateKey({name: ECDSA, namedCurve: Curve25519}, false, [])",
"Bad algorithm property: generateKey({name: ECDSA, namedCurve: Curve25519}, true, [])",
"Bad algorithm property: generateKey({name: ECDSA, namedCurve: Curve25519}, false, [sign, verify, sign, sign, verify])",
"Bad algorithm property: generateKey({name: ECDSA, namedCurve: Curve25519}, true, [sign, verify, sign, sign, verify])"
]
}
},
Expand Down

0 comments on commit 8ebadd5

Please sign in to comment.