crypto: ensure "x" is present when importing private CFRG webcrypto keys

panva · danielleadams · commit 27adcc9c4b76 · 2023-01-03T08:39:02.000-05:00
PR-URL: #45569 Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
diff --git a/lib/internal/crypto/cfrg.js b/lib/internal/crypto/cfrg.js
@@ -275,6 +275,10 @@ async function cfrgImportKey(
         }
       }
 
+      if (!isPublic && typeof keyData.x !== 'string') {
+        throw lazyDOMException('Invalid JWK keyData', 'DataError');
+      }
+
       verifyAcceptableCfrgKeyUse(
         name,
         isPublic ? 'public' : 'private',
diff --git a/test/wpt/status/WebCryptoAPI.json b/test/wpt/status/WebCryptoAPI.json
@@ -27,10 +27,6 @@
         "Bad key length: importKey(jwk (public) , {name: Ed25519}, false, [verify])",
         "Bad key length: importKey(jwk (public) , {name: Ed25519}, true, [verify, verify])",
         "Bad key length: importKey(jwk (public) , {name: Ed25519}, false, [verify, verify])",
-        "Missing JWK 'x' parameter: importKey(jwk(private), {name: Ed25519}, true, [sign])",
-        "Missing JWK 'x' parameter: importKey(jwk(private), {name: Ed25519}, false, [sign])",
-        "Missing JWK 'x' parameter: importKey(jwk(private), {name: Ed25519}, true, [sign, sign])",
-        "Missing JWK 'x' parameter: importKey(jwk(private), {name: Ed25519}, false, [sign, sign])",
         "Invalid key pair: importKey(jwk(private), {name: Ed25519}, true, [sign])",
         "Invalid key pair: importKey(jwk(private), {name: Ed25519}, true, [sign, sign])"
       ]
@@ -55,10 +51,6 @@
         "Bad key length: importKey(jwk (public) , {name: Ed448}, false, [verify])",
         "Bad key length: importKey(jwk (public) , {name: Ed448}, true, [verify, verify])",
         "Bad key length: importKey(jwk (public) , {name: Ed448}, false, [verify, verify])",
-        "Missing JWK 'x' parameter: importKey(jwk(private), {name: Ed448}, true, [sign])",
-        "Missing JWK 'x' parameter: importKey(jwk(private), {name: Ed448}, false, [sign])",
-        "Missing JWK 'x' parameter: importKey(jwk(private), {name: Ed448}, true, [sign, sign])",
-        "Missing JWK 'x' parameter: importKey(jwk(private), {name: Ed448}, false, [sign, sign])",
         "Invalid key pair: importKey(jwk(private), {name: Ed448}, true, [sign])",
         "Invalid key pair: importKey(jwk(private), {name: Ed448}, true, [sign, sign])"
       ]
@@ -95,14 +87,6 @@
         "Bad key length: importKey(jwk(private), {name: X25519}, false, [deriveBits])",
         "Bad key length: importKey(jwk(private), {name: X25519}, true, [deriveKey, deriveBits, deriveKey, deriveBits])",
         "Bad key length: importKey(jwk(private), {name: X25519}, false, [deriveKey, deriveBits, deriveKey, deriveBits])",
-        "Missing JWK 'x' parameter: importKey(jwk(private), {name: X25519}, true, [deriveKey])",
-        "Missing JWK 'x' parameter: importKey(jwk(private), {name: X25519}, false, [deriveKey])",
-        "Missing JWK 'x' parameter: importKey(jwk(private), {name: X25519}, true, [deriveBits, deriveKey])",
-        "Missing JWK 'x' parameter: importKey(jwk(private), {name: X25519}, false, [deriveBits, deriveKey])",
-        "Missing JWK 'x' parameter: importKey(jwk(private), {name: X25519}, true, [deriveBits])",
-        "Missing JWK 'x' parameter: importKey(jwk(private), {name: X25519}, false, [deriveBits])",
-        "Missing JWK 'x' parameter: importKey(jwk(private), {name: X25519}, true, [deriveKey, deriveBits, deriveKey, deriveBits])",
-        "Missing JWK 'x' parameter: importKey(jwk(private), {name: X25519}, false, [deriveKey, deriveBits, deriveKey, deriveBits])",
         "Invalid key pair: importKey(jwk(private), {name: X25519}, true, [deriveKey])",
         "Invalid key pair: importKey(jwk(private), {name: X25519}, true, [deriveBits, deriveKey])",
         "Invalid key pair: importKey(jwk(private), {name: X25519}, true, [deriveBits])",
@@ -141,14 +125,6 @@
         "Bad key length: importKey(jwk(private), {name: X448}, false, [deriveKey, deriveBits, deriveKey, deriveBits])",
         "Bad key length: importKey(jwk (public) , {name: X448}, true, [])",
         "Bad key length: importKey(jwk (public) , {name: X448}, false, [])",
-        "Missing JWK 'x' parameter: importKey(jwk(private), {name: X448}, true, [deriveKey])",
-        "Missing JWK 'x' parameter: importKey(jwk(private), {name: X448}, false, [deriveKey])",
-        "Missing JWK 'x' parameter: importKey(jwk(private), {name: X448}, true, [deriveBits, deriveKey])",
-        "Missing JWK 'x' parameter: importKey(jwk(private), {name: X448}, false, [deriveBits, deriveKey])",
-        "Missing JWK 'x' parameter: importKey(jwk(private), {name: X448}, true, [deriveBits])",
-        "Missing JWK 'x' parameter: importKey(jwk(private), {name: X448}, false, [deriveBits])",
-        "Missing JWK 'x' parameter: importKey(jwk(private), {name: X448}, true, [deriveKey, deriveBits, deriveKey, deriveBits])",
-        "Missing JWK 'x' parameter: importKey(jwk(private), {name: X448}, false, [deriveKey, deriveBits, deriveKey, deriveBits])",
         "Invalid key pair: importKey(jwk(private), {name: X448}, true, [deriveKey])",
         "Invalid key pair: importKey(jwk(private), {name: X448}, true, [deriveBits, deriveKey])",
         "Invalid key pair: importKey(jwk(private), {name: X448}, true, [deriveBits])",

Original file line number	Diff line number	Diff line change
`@@ -275,6 +275,10 @@ async function cfrgImportKey(`
`275`	`275`	`}`
`276`	`276`	`}`
`277`	`277`
	`278`	`+ if (!isPublic && typeof keyData.x !== 'string') {`
	`279`	`+ throw lazyDOMException('Invalid JWK keyData', 'DataError');`
	`280`	`+ }`
	`281`	`+`
`278`	`282`	`verifyAcceptableCfrgKeyUse(`
`279`	`283`	`name,`
`280`	`284`	`isPublic ? 'public' : 'private',`