Skip to content

Commit b92b804

Browse files
panvadanielleadams
panva
authored and
danielleadams
committed
crypto: validate CFRG webcrypto JWK import "d" and "x" are a pair
PR-URL: #45569 Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
1 parent 621e3c9 commit b92b804

File tree

2 files changed

+17
-41
lines changed

2 files changed

+17
-41
lines changed

lib/internal/crypto/cfrg.js

+17-5
Original file line numberDiff line numberDiff line change
@@ -300,12 +300,24 @@ async function cfrgImportKey(
300300
name,
301301
isPublic ? 'public' : 'private',
302302
usagesSet);
303-
keyObject = createCFRGRawKey(
303+
304+
const publicKeyObject = createCFRGRawKey(
304305
name,
305-
Buffer.from(
306-
isPublic ? keyData.x : keyData.d,
307-
'base64'),
308-
isPublic);
306+
Buffer.from(keyData.x, 'base64'),
307+
true);
308+
309+
if (isPublic) {
310+
keyObject = publicKeyObject;
311+
} else {
312+
keyObject = createCFRGRawKey(
313+
name,
314+
Buffer.from(keyData.d, 'base64'),
315+
false);
316+
317+
if (!createPublicKey(keyObject).equals(publicKeyObject)) {
318+
throw lazyDOMException('Invalid JWK keyData', 'DataError');
319+
}
320+
}
309321
break;
310322
}
311323
case 'raw': {

test/wpt/status/WebCryptoAPI.json

-36
Original file line numberDiff line numberDiff line change
@@ -7,41 +7,5 @@
77
},
88
"idlharness.https.any.js": {
99
"skip": "Various non-IDL-compliant things"
10-
},
11-
"import_export/okp_importKey_failures_Ed25519.https.any.js": {
12-
"fail": {
13-
"expected": [
14-
"Invalid key pair: importKey(jwk(private), {name: Ed25519}, true, [sign])",
15-
"Invalid key pair: importKey(jwk(private), {name: Ed25519}, true, [sign, sign])"
16-
]
17-
}
18-
},
19-
"import_export/okp_importKey_failures_Ed448.https.any.js": {
20-
"fail": {
21-
"expected": [
22-
"Invalid key pair: importKey(jwk(private), {name: Ed448}, true, [sign])",
23-
"Invalid key pair: importKey(jwk(private), {name: Ed448}, true, [sign, sign])"
24-
]
25-
}
26-
},
27-
"import_export/okp_importKey_failures_X25519.https.any.js": {
28-
"fail": {
29-
"expected": [
30-
"Invalid key pair: importKey(jwk(private), {name: X25519}, true, [deriveKey])",
31-
"Invalid key pair: importKey(jwk(private), {name: X25519}, true, [deriveBits, deriveKey])",
32-
"Invalid key pair: importKey(jwk(private), {name: X25519}, true, [deriveBits])",
33-
"Invalid key pair: importKey(jwk(private), {name: X25519}, true, [deriveKey, deriveBits, deriveKey, deriveBits])"
34-
]
35-
}
36-
},
37-
"import_export/okp_importKey_failures_X448.https.any.js": {
38-
"fail": {
39-
"expected": [
40-
"Invalid key pair: importKey(jwk(private), {name: X448}, true, [deriveKey])",
41-
"Invalid key pair: importKey(jwk(private), {name: X448}, true, [deriveBits, deriveKey])",
42-
"Invalid key pair: importKey(jwk(private), {name: X448}, true, [deriveBits])",
43-
"Invalid key pair: importKey(jwk(private), {name: X448}, true, [deriveKey, deriveBits, deriveKey, deriveBits])"
44-
]
45-
}
4610
}
4711
}

0 commit comments

Comments
 (0)