diff options
| author | Filip Skokan <panva.ip@gmail.com> | 2021-01-25 14:18:27 +0100 |
|---|---|---|
| committer | Michaël Zasso <targos@protonmail.com> | 2021-02-02 10:42:01 +0100 |
| commit | cb3b0ec4fcbef9d77bcb66338ca048b69ca2a31b (patch) | |
| tree | f4ac19cb6ff831cba0035efc3977c3630bba6af1 | |
| parent | 171001605377e898707db78fef827243e06546d8 (diff) | |
| download | node-new-cb3b0ec4fcbef9d77bcb66338ca048b69ca2a31b.tar.gz | |
crypto: generateKeyPair('ec') should not support NODE-ED* and NODE-X*
Fixes https://github.com/nodejs/node/issues/37055
PR-URL: https://github.com/nodejs/node/pull/37063
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
| -rw-r--r-- | lib/internal/crypto/ec.js | 22 | ||||
| -rw-r--r-- | src/crypto/crypto_ec.cc | 28 | ||||
| -rw-r--r-- | src/crypto/crypto_ec.h | 1 | ||||
| -rw-r--r-- | src/crypto/crypto_keys.cc | 2 | ||||
| -rw-r--r-- | test/parallel/test-crypto-keygen.js | 16 |
5 files changed, 55 insertions, 14 deletions
diff --git a/lib/internal/crypto/ec.js b/lib/internal/crypto/ec.js index 248bba57ad..8807970736 100644 --- a/lib/internal/crypto/ec.js +++ b/lib/internal/crypto/ec.js @@ -166,7 +166,27 @@ async function ecGenerateKey(algorithm, extractable, keyUsages) { // Fall through } return new Promise((resolve, reject) => { - generateKeyPair('ec', { namedCurve }, (err, pubKey, privKey) => { + let genKeyType; + let genOpts; + switch (namedCurve) { + case 'NODE-ED25519': + genKeyType = 'ed25519'; + break; + case 'NODE-ED448': + genKeyType = 'ed448'; + break; + case 'NODE-X25519': + genKeyType = 'x25519'; + break; + case 'NODE-X448': + genKeyType = 'x448'; + break; + default: + genKeyType = 'ec'; + genOpts = { namedCurve }; + break; + } + generateKeyPair(genKeyType, genOpts, (err, pubKey, privKey) => { if (err) { return reject(lazyDOMException( 'The operation failed for an operation-specific reason', diff --git a/src/crypto/crypto_ec.cc b/src/crypto/crypto_ec.cc index c764124bdd..1dd3b31763 100644 --- a/src/crypto/crypto_ec.cc +++ b/src/crypto/crypto_ec.cc @@ -36,17 +36,21 @@ int GetCurveFromName(const char* name) { int nid = EC_curve_nist2nid(name); if (nid == NID_undef) nid = OBJ_sn2nid(name); - // If there is still no match, check manually for known curves - if (nid == NID_undef) { - if (strcmp(name, "NODE-ED25519") == 0) { - nid = EVP_PKEY_ED25519; - } else if (strcmp(name, "NODE-ED448") == 0) { - nid = EVP_PKEY_ED448; - } else if (strcmp(name, "NODE-X25519") == 0) { - nid = EVP_PKEY_X25519; - } else if (strcmp(name, "NODE-X448") == 0) { - nid = EVP_PKEY_X448; - } + return nid; +} + +int GetOKPCurveFromName(const char* name) { + int nid; + if (strcmp(name, "NODE-ED25519") == 0) { + nid = EVP_PKEY_ED25519; + } else if (strcmp(name, "NODE-ED448") == 0) { + nid = EVP_PKEY_ED448; + } else if (strcmp(name, "NODE-X25519") == 0) { + nid = EVP_PKEY_X25519; + } else if (strcmp(name, "NODE-X448") == 0) { + nid = EVP_PKEY_X448; + } else { + nid = NID_undef; } return nid; } @@ -443,7 +447,7 @@ Maybe<bool> ECDHBitsTraits::AdditionalConfig( return Nothing<bool>(); } - params->id_ = GetCurveFromName(*name); + params->id_ = GetOKPCurveFromName(*name); params->private_ = private_key->Data(); params->public_ = public_key->Data(); diff --git a/src/crypto/crypto_ec.h b/src/crypto/crypto_ec.h index a6ec85947b..00d9d0087b 100644 --- a/src/crypto/crypto_ec.h +++ b/src/crypto/crypto_ec.h @@ -17,6 +17,7 @@ namespace node { namespace crypto { int GetCurveFromName(const char* name); +int GetOKPCurveFromName(const char* name); class ECDH final : public BaseObject { public: diff --git a/src/crypto/crypto_keys.cc b/src/crypto/crypto_keys.cc index cb548d10cf..6a4d7950c8 100644 --- a/src/crypto/crypto_keys.cc +++ b/src/crypto/crypto_keys.cc @@ -1058,7 +1058,7 @@ void KeyObjectHandle::InitEDRaw(const FunctionCallbackInfo<Value>& args) { ? EVP_PKEY_new_raw_private_key : EVP_PKEY_new_raw_public_key; - int id = GetCurveFromName(*name); + int id = GetOKPCurveFromName(*name); switch (id) { case EVP_PKEY_X25519: diff --git a/test/parallel/test-crypto-keygen.js b/test/parallel/test-crypto-keygen.js index c27d5fe166..b80b351357 100644 --- a/test/parallel/test-crypto-keygen.js +++ b/test/parallel/test-crypto-keygen.js @@ -1283,3 +1283,19 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher); })); } } + +{ + // Proprietary Web Cryptography API ECDH/ECDSA namedCurve parameters + // should not be recognized in this API. + // See https://github.com/nodejs/node/issues/37055 + const curves = ['NODE-ED25519', 'NODE-ED448', 'NODE-X25519', 'NODE-X448']; + for (const namedCurve of curves) { + assert.throws( + () => generateKeyPair('ec', { namedCurve }, common.mustNotCall()), + { + name: 'TypeError', + message: 'Invalid EC curve name' + } + ); + } +} |