Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit fa0a2d8

Browse filesBrowse files
panvadanielleadams
panva
authored and
danielleadams
committed
crypto: refactor verify acceptable key usage functions
PR-URL: #45569 Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
1 parent ef64b86 commit fa0a2d8
Copy full SHA for fa0a2d8

File tree

Expand file treeCollapse file tree

3 files changed

+37
-66
lines changed
Open diff view settings
Filter options
Expand file treeCollapse file tree

3 files changed

+37
-66
lines changed
Open diff view settings
Collapse file

‎lib/internal/crypto/cfrg.js‎

Copy file name to clipboardExpand all lines: lib/internal/crypto/cfrg.js
+11-21Lines changed: 11 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -47,32 +47,22 @@ const {
4747

4848
const generateKeyPair = promisify(_generateKeyPair);
4949

50-
function verifyAcceptableCfrgKeyUse(name, type, usages) {
50+
function verifyAcceptableCfrgKeyUse(name, isPublic, usages) {
5151
let checkSet;
5252
switch (name) {
5353
case 'X25519':
5454
// Fall through
5555
case 'X448':
56-
switch (type) {
57-
case 'private':
58-
checkSet = ['deriveKey', 'deriveBits'];
59-
break;
60-
case 'public':
61-
checkSet = [];
62-
break;
63-
}
56+
checkSet = isPublic ? [] : ['deriveKey', 'deriveBits'];
6457
break;
6558
case 'Ed25519':
6659
// Fall through
6760
case 'Ed448':
68-
switch (type) {
69-
case 'private':
70-
checkSet = ['sign'];
71-
break;
72-
case 'public':
73-
checkSet = ['verify'];
74-
break;
75-
}
61+
checkSet = isPublic ? ['verify'] : ['sign'];
62+
break;
63+
default:
64+
throw lazyDOMException(
65+
'The algorithm is not supported', 'NotSupportedError');
7666
}
7767
if (hasAnyNotIn(usages, checkSet)) {
7868
throw lazyDOMException(
@@ -219,7 +209,7 @@ async function cfrgImportKey(
219209
const usagesSet = new SafeSet(keyUsages);
220210
switch (format) {
221211
case 'spki': {
222-
verifyAcceptableCfrgKeyUse(name, 'public', usagesSet);
212+
verifyAcceptableCfrgKeyUse(name, true, usagesSet);
223213
try {
224214
keyObject = createPublicKey({
225215
key: keyData,
@@ -233,7 +223,7 @@ async function cfrgImportKey(
233223
break;
234224
}
235225
case 'pkcs8': {
236-
verifyAcceptableCfrgKeyUse(name, 'private', usagesSet);
226+
verifyAcceptableCfrgKeyUse(name, false, usagesSet);
237227
try {
238228
keyObject = createPrivateKey({
239229
key: keyData,
@@ -298,7 +288,7 @@ async function cfrgImportKey(
298288

299289
verifyAcceptableCfrgKeyUse(
300290
name,
301-
isPublic ? 'public' : 'private',
291+
isPublic,
302292
usagesSet);
303293

304294
const publicKeyObject = createCFRGRawKey(
@@ -321,7 +311,7 @@ async function cfrgImportKey(
321311
break;
322312
}
323313
case 'raw': {
324-
verifyAcceptableCfrgKeyUse(name, 'public', usagesSet);
314+
verifyAcceptableCfrgKeyUse(name, true, usagesSet);
325315
keyObject = createCFRGRawKey(name, keyData, true);
326316
break;
327317
}
Collapse file

‎lib/internal/crypto/ec.js‎

Copy file name to clipboardExpand all lines: lib/internal/crypto/ec.js
+14-25Lines changed: 14 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -54,28 +54,18 @@ const {
5454

5555
const generateKeyPair = promisify(_generateKeyPair);
5656

57-
function verifyAcceptableEcKeyUse(name, type, usages) {
57+
function verifyAcceptableEcKeyUse(name, isPublic, usages) {
5858
let checkSet;
5959
switch (name) {
6060
case 'ECDH':
61-
switch (type) {
62-
case 'private':
63-
checkSet = ['deriveKey', 'deriveBits'];
64-
break;
65-
case 'public':
66-
checkSet = [];
67-
break;
68-
}
61+
checkSet = isPublic ? [] : ['deriveKey', 'deriveBits'];
6962
break;
7063
case 'ECDSA':
71-
switch (type) {
72-
case 'private':
73-
checkSet = ['sign'];
74-
break;
75-
case 'public':
76-
checkSet = ['verify'];
77-
break;
78-
}
64+
checkSet = isPublic ? ['verify'] : ['sign'];
65+
break;
66+
default:
67+
throw lazyDOMException(
68+
'The algorithm is not supported', 'NotSupportedError');
7969
}
8070
if (hasAnyNotIn(usages, checkSet)) {
8171
throw lazyDOMException(
@@ -186,7 +176,7 @@ async function ecImportKey(
186176
const usagesSet = new SafeSet(keyUsages);
187177
switch (format) {
188178
case 'spki': {
189-
verifyAcceptableEcKeyUse(name, 'public', usagesSet);
179+
verifyAcceptableEcKeyUse(name, true, usagesSet);
190180
try {
191181
keyObject = createPublicKey({
192182
key: keyData,
@@ -200,7 +190,7 @@ async function ecImportKey(
200190
break;
201191
}
202192
case 'pkcs8': {
203-
verifyAcceptableEcKeyUse(name, 'private', usagesSet);
193+
verifyAcceptableEcKeyUse(name, false, usagesSet);
204194
try {
205195
keyObject = createPrivateKey({
206196
key: keyData,
@@ -221,11 +211,10 @@ async function ecImportKey(
221211
if (keyData.crv !== namedCurve)
222212
throw lazyDOMException('Named curve mismatch', 'DataError');
223213

224-
if (keyData.d !== undefined) {
225-
verifyAcceptableEcKeyUse(name, 'private', usagesSet);
226-
} else {
227-
verifyAcceptableEcKeyUse(name, 'public', usagesSet);
228-
}
214+
verifyAcceptableEcKeyUse(
215+
name,
216+
keyData.d === undefined,
217+
usagesSet);
229218

230219
if (usagesSet.size > 0 && keyData.use !== undefined) {
231220
if (algorithm.name === 'ECDSA' && keyData.use !== 'sig')
@@ -265,7 +254,7 @@ async function ecImportKey(
265254
break;
266255
}
267256
case 'raw': {
268-
verifyAcceptableEcKeyUse(name, 'public', usagesSet);
257+
verifyAcceptableEcKeyUse(name, true, usagesSet);
269258
keyObject = createECPublicKeyRaw(namedCurve, keyData);
270259
break;
271260
}
Collapse file

‎lib/internal/crypto/rsa.js‎

Copy file name to clipboardExpand all lines: lib/internal/crypto/rsa.js
+12-20Lines changed: 12 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -74,28 +74,20 @@ const kRsaVariants = {
7474
};
7575
const generateKeyPair = promisify(_generateKeyPair);
7676

77-
function verifyAcceptableRsaKeyUse(name, type, usages) {
77+
function verifyAcceptableRsaKeyUse(name, isPublic, usages) {
7878
let checkSet;
7979
switch (name) {
8080
case 'RSA-OAEP':
81-
switch (type) {
82-
case 'private':
83-
checkSet = ['decrypt', 'unwrapKey'];
84-
break;
85-
case 'public':
86-
checkSet = ['encrypt', 'wrapKey'];
87-
break;
88-
}
81+
checkSet = isPublic ? ['encrypt', 'wrapKey'] : ['decrypt', 'unwrapKey'];
82+
break;
83+
case 'RSA-PSS':
84+
// Fall through
85+
case 'RSASSA-PKCS1-v1_5':
86+
checkSet = isPublic ? ['verify'] : ['sign'];
8987
break;
9088
default:
91-
switch (type) {
92-
case 'private':
93-
checkSet = ['sign'];
94-
break;
95-
case 'public':
96-
checkSet = ['verify'];
97-
break;
98-
}
89+
throw lazyDOMException(
90+
'The algorithm is not supported', 'NotSupportedError');
9991
}
10092
if (hasAnyNotIn(usages, checkSet)) {
10193
throw lazyDOMException(
@@ -244,7 +236,7 @@ async function rsaImportKey(
244236
let keyObject;
245237
switch (format) {
246238
case 'spki': {
247-
verifyAcceptableRsaKeyUse(algorithm.name, 'public', usagesSet);
239+
verifyAcceptableRsaKeyUse(algorithm.name, true, usagesSet);
248240
try {
249241
keyObject = createPublicKey({
250242
key: keyData,
@@ -258,7 +250,7 @@ async function rsaImportKey(
258250
break;
259251
}
260252
case 'pkcs8': {
261-
verifyAcceptableRsaKeyUse(algorithm.name, 'private', usagesSet);
253+
verifyAcceptableRsaKeyUse(algorithm.name, false, usagesSet);
262254
try {
263255
keyObject = createPrivateKey({
264256
key: keyData,
@@ -277,7 +269,7 @@ async function rsaImportKey(
277269

278270
verifyAcceptableRsaKeyUse(
279271
algorithm.name,
280-
keyData.d !== undefined ? 'private' : 'public',
272+
keyData.d === undefined,
281273
usagesSet);
282274

283275
if (keyData.kty !== 'RSA')

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.