Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit b92b804

Browse filesBrowse files
panvadanielleadams
panva
authored and
danielleadams
committed
crypto: validate CFRG webcrypto JWK import "d" and "x" are a pair
PR-URL: #45569 Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
1 parent 621e3c9 commit b92b804
Copy full SHA for b92b804

File tree

Expand file treeCollapse file tree

2 files changed

+17
-41
lines changed
Open diff view settings
Filter options
Expand file treeCollapse file tree

2 files changed

+17
-41
lines changed
Open diff view settings
Collapse file

‎lib/internal/crypto/cfrg.js‎

Copy file name to clipboardExpand all lines: lib/internal/crypto/cfrg.js
+17-5Lines changed: 17 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -300,12 +300,24 @@ async function cfrgImportKey(
300300
name,
301301
isPublic ? 'public' : 'private',
302302
usagesSet);
303-
keyObject = createCFRGRawKey(
303+
304+
const publicKeyObject = createCFRGRawKey(
304305
name,
305-
Buffer.from(
306-
isPublic ? keyData.x : keyData.d,
307-
'base64'),
308-
isPublic);
306+
Buffer.from(keyData.x, 'base64'),
307+
true);
308+
309+
if (isPublic) {
310+
keyObject = publicKeyObject;
311+
} else {
312+
keyObject = createCFRGRawKey(
313+
name,
314+
Buffer.from(keyData.d, 'base64'),
315+
false);
316+
317+
if (!createPublicKey(keyObject).equals(publicKeyObject)) {
318+
throw lazyDOMException('Invalid JWK keyData', 'DataError');
319+
}
320+
}
309321
break;
310322
}
311323
case 'raw': {
Collapse file

‎test/wpt/status/WebCryptoAPI.json‎

Copy file name to clipboardExpand all lines: test/wpt/status/WebCryptoAPI.json
-36Lines changed: 0 additions & 36 deletions
Original file line numberDiff line numberDiff line change
@@ -7,41 +7,5 @@
77
},
88
"idlharness.https.any.js": {
99
"skip": "Various non-IDL-compliant things"
10-
},
11-
"import_export/okp_importKey_failures_Ed25519.https.any.js": {
12-
"fail": {
13-
"expected": [
14-
"Invalid key pair: importKey(jwk(private), {name: Ed25519}, true, [sign])",
15-
"Invalid key pair: importKey(jwk(private), {name: Ed25519}, true, [sign, sign])"
16-
]
17-
}
18-
},
19-
"import_export/okp_importKey_failures_Ed448.https.any.js": {
20-
"fail": {
21-
"expected": [
22-
"Invalid key pair: importKey(jwk(private), {name: Ed448}, true, [sign])",
23-
"Invalid key pair: importKey(jwk(private), {name: Ed448}, true, [sign, sign])"
24-
]
25-
}
26-
},
27-
"import_export/okp_importKey_failures_X25519.https.any.js": {
28-
"fail": {
29-
"expected": [
30-
"Invalid key pair: importKey(jwk(private), {name: X25519}, true, [deriveKey])",
31-
"Invalid key pair: importKey(jwk(private), {name: X25519}, true, [deriveBits, deriveKey])",
32-
"Invalid key pair: importKey(jwk(private), {name: X25519}, true, [deriveBits])",
33-
"Invalid key pair: importKey(jwk(private), {name: X25519}, true, [deriveKey, deriveBits, deriveKey, deriveBits])"
34-
]
35-
}
36-
},
37-
"import_export/okp_importKey_failures_X448.https.any.js": {
38-
"fail": {
39-
"expected": [
40-
"Invalid key pair: importKey(jwk(private), {name: X448}, true, [deriveKey])",
41-
"Invalid key pair: importKey(jwk(private), {name: X448}, true, [deriveBits, deriveKey])",
42-
"Invalid key pair: importKey(jwk(private), {name: X448}, true, [deriveBits])",
43-
"Invalid key pair: importKey(jwk(private), {name: X448}, true, [deriveKey, deriveBits, deriveKey, deriveBits])"
44-
]
45-
}
4610
}
4711
}

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.