Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

src: refactor SubtleCrypto algorithm and length validations #57273

Merged
merged 3 commits into from
Mar 4, 2025
Merged

src: refactor SubtleCrypto algorithm and length validations #57273

merged 3 commits into from
Mar 4, 2025

Conversation

panva
Copy link
Member

@panva panva commented Mar 2, 2025
edited
Loading

This PR refactors the algorithm operation validations of the normalized algorithm and length (where applicable) that can be performed without accessing parameters such as key, data, ciphertext, etc.

This will allow #57270 to invoke these sync validations as part of the SubtleCrypto.supports() steps without repeating them in its own implementation.

This code is well tested throught WebCryptoAPI WPTs and I've also covered some previously missed lines in our own test suite.

@nodejs-github-bot
Copy link
Collaborator

Review requested:

  • @nodejs/crypto

@nodejs-github-bot nodejs-github-bot added lib / src Issues and PRs related to general changes in the lib or src directory. needs-ci PRs that need a full CI run. labels Mar 2, 2025
@panva panva mentioned this pull request Mar 2, 2025
Draft
@panva panva added the web-standards Issues and PRs related to Web APIs label Mar 2, 2025
@panva
Copy link
Member Author

panva commented Mar 2, 2025

cc @nodejs/web-standards

@panva panva added crypto Issues and PRs related to the crypto subsystem. webcrypto labels Mar 2, 2025
@codecov Codecov
Copy link

codecov bot commented Mar 2, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 94.70588% with 9 lines in your changes missing coverage. Please review.

Project coverage is 90.26%. Comparing base (6b0af17) to head (a522867).
Report is 25 commits behind head on main.

Files with missing lines Patch % Lines
lib/internal/crypto/mac.js 80.48% 8 Missing ⚠️
lib/internal/crypto/keys.js 92.30% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #57273      +/-   ##
==========================================
+ Coverage   90.24%   90.26%   +0.02%     
==========================================
  Files         630      630              
  Lines      184908   184921      +13     
  Branches    36181    36196      +15     
==========================================
+ Hits       166874   166923      +49     
+ Misses      11061    11026      -35     
+ Partials     6973     6972       -1
Files with missing lines Coverage Δ
lib/internal/crypto/aes.js 90.78% <100.00%> (+0.31%) ⬆️
lib/internal/crypto/cfrg.js 97.27% <100.00%> (+0.02%) ⬆️
lib/internal/crypto/diffiehellman.js 96.25% <100.00%> (-1.34%) ⬇️
lib/internal/crypto/ec.js 97.19% <100.00%> (+1.51%) ⬆️
lib/internal/crypto/hkdf.js 95.95% <100.00%> (+0.09%) ⬆️
lib/internal/crypto/pbkdf2.js 94.85% <100.00%> (+0.23%) ⬆️
lib/internal/crypto/rsa.js 92.18% <100.00%> (+1.60%) ⬆️
lib/internal/crypto/util.js 94.50% <ø> (+1.42%) ⬆️
lib/internal/crypto/keys.js 95.40% <92.30%> (+1.52%) ⬆️
lib/internal/crypto/mac.js 87.44% <80.48%> (-1.40%) ⬇️

... and 26 files with indirect coverage changes

@panva panva force-pushed the webcrypto-refactored-validations branch from 18888dc to 9b119b2 Compare March 2, 2025 14:14
@panva panva added author ready PRs that have at least one approval, no pending requests for changes, and a CI started. request-ci Add this label to start a Jenkins CI on a PR. labels Mar 2, 2025
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Mar 2, 2025
@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@panva panva force-pushed the webcrypto-refactored-validations branch from 9b119b2 to 37988fa Compare March 2, 2025 23:41
@panva panva added the request-ci Add this label to start a Jenkins CI on a PR. label Mar 2, 2025
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Mar 2, 2025
@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@panva panva force-pushed the webcrypto-refactored-validations branch from 37988fa to a1aa1be Compare March 2, 2025 23:56
@panva panva added the request-ci Add this label to start a Jenkins CI on a PR. label Mar 2, 2025
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Mar 3, 2025
@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
MattiasBuelens
MattiasBuelens reviewed Mar 3, 2025
View reviewed changes
@panva panva added commit-queue-squash Add this label to instruct the Commit Queue to squash all the PR commits into the first one. request-ci Add this label to start a Jenkins CI on a PR. labels Mar 3, 2025
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Mar 3, 2025
@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@panva panva added the request-ci Add this label to start a Jenkins CI on a PR. label Mar 3, 2025
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Mar 3, 2025
@nodejs-github-bot

This comment was marked as outdated.

Sign in to view
@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/65559/

MattiasBuelens
MattiasBuelens approved these changes Mar 4, 2025
View reviewed changes
lib/internal/crypto/cfrg.js
}

function eddsaSignVerify(key, data, algorithm, signature) {
validateEdDSASignVerifyAlgorithm(algorithm);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This changes the order of the checks. Previously, we first checked (key.type !== type) and then checked (name === 'Ed448' && context?.byteLength). Now, it's the other way around.

It seems like we're not really following the strict order from the specification for other algorithms either. So I guess this is fine?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, the (name === 'Ed448' && context?.byteLength) check is our own because we don't support non-empty contexts. From the (early draft warning) supports method proposal this falls under

If the specified operation or algorithm (or one of its parameter values) is expected to fail (for any key and/or data) for an implementation-specific reason (e.g. known nonconformance to the specification), return false.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have a draft PR for the supports method in #57270 that I will further refactor this PR's validations structures in when it lands.

@panva panva added the commit-queue Add this label to land a pull request using GitHub Actions. label Mar 4, 2025
@nodejs-github-bot nodejs-github-bot removed the commit-queue Add this label to land a pull request using GitHub Actions. label Mar 4, 2025
@nodejs-github-bot nodejs-github-bot merged commit 6fdd4e6 into nodejs:main Mar 4, 2025
58 checks passed
@nodejs-github-bot
Copy link
Collaborator

Landed in 6fdd4e6

@panva panva deleted the webcrypto-refactored-validations branch March 4, 2025 17:46
@panva panva mentioned this pull request Mar 4, 2025
Closed
aduh95 pushed a commit that referenced this pull request Mar 9, 2025
@panva @aduh95
src: refactor SubtleCrypto algorithm and length validations
90d0b37 
PR-URL: #57273
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Jason Zhang <xzha4350@gmail.com>
Reviewed-By: Mattias Buelens <mattias@buelens.com>
aduh95 pushed a commit that referenced this pull request Mar 9, 2025
@panva @aduh95
src: refactor SubtleCrypto algorithm and length validations
b10ac9a 
PR-URL: #57273
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Jason Zhang <xzha4350@gmail.com>
Reviewed-By: Mattias Buelens <mattias@buelens.com>
@github-actions github-actions bot mentioned this pull request Mar 12, 2025
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasnell jasnell jasnell approved these changes

@MattiasBuelens MattiasBuelens MattiasBuelens approved these changes

@jazelly jazelly jazelly approved these changes

Assignees
No one assigned
Labels
author ready PRs that have at least one approval, no pending requests for changes, and a CI started. commit-queue-squash Add this label to instruct the Commit Queue to squash all the PR commits into the first one. crypto Issues and PRs related to the crypto subsystem. lib / src Issues and PRs related to general changes in the lib or src directory. needs-ci PRs that need a full CI run. web-standards Issues and PRs related to Web APIs webcrypto
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@panva @nodejs-github-bot @jasnell @MattiasBuelens @jazelly