mirror of
https://github.com/nodejs/node.git
synced 2024-11-21 21:19:50 +01:00
crypto: ensure invalid SubtleCrypto JWK data import results in DataError
PR-URL: https://github.com/nodejs/node/pull/55041 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
This commit is contained in:
parent
96ec7eede9
commit
b64006c0ed
@ -295,7 +295,12 @@ async function aesImportKey(
|
||||
}
|
||||
|
||||
const handle = new KeyObjectHandle();
|
||||
handle.initJwk(keyData);
|
||||
try {
|
||||
handle.initJwk(keyData);
|
||||
} catch (err) {
|
||||
throw lazyDOMException(
|
||||
'Invalid keyData', { name: 'DataError', cause: err });
|
||||
}
|
||||
|
||||
({ length } = handle.keyDetail({ }));
|
||||
validateKeyLength(length);
|
||||
|
@ -17,6 +17,12 @@ const {
|
||||
kSignJobModeVerify,
|
||||
} = internalBinding('crypto');
|
||||
|
||||
const {
|
||||
codes: {
|
||||
ERR_CRYPTO_INVALID_JWK,
|
||||
},
|
||||
} = require('internal/errors');
|
||||
|
||||
const {
|
||||
getUsagesUnion,
|
||||
hasAnyNotIn,
|
||||
@ -277,22 +283,26 @@ async function cfrgImportKey(
|
||||
isPublic,
|
||||
usagesSet);
|
||||
|
||||
const publicKeyObject = createCFRGRawKey(
|
||||
name,
|
||||
Buffer.from(keyData.x, 'base64'),
|
||||
true);
|
||||
|
||||
if (isPublic) {
|
||||
keyObject = publicKeyObject;
|
||||
} else {
|
||||
keyObject = createCFRGRawKey(
|
||||
try {
|
||||
const publicKeyObject = createCFRGRawKey(
|
||||
name,
|
||||
Buffer.from(keyData.d, 'base64'),
|
||||
false);
|
||||
Buffer.from(keyData.x, 'base64'),
|
||||
true);
|
||||
|
||||
if (!createPublicKey(keyObject).equals(publicKeyObject)) {
|
||||
throw lazyDOMException('Invalid JWK', 'DataError');
|
||||
if (isPublic) {
|
||||
keyObject = publicKeyObject;
|
||||
} else {
|
||||
keyObject = createCFRGRawKey(
|
||||
name,
|
||||
Buffer.from(keyData.d, 'base64'),
|
||||
false);
|
||||
|
||||
if (!createPublicKey(keyObject).equals(publicKeyObject)) {
|
||||
throw new ERR_CRYPTO_INVALID_JWK();
|
||||
}
|
||||
}
|
||||
} catch (err) {
|
||||
throw lazyDOMException('Invalid keyData', { name: 'DataError', cause: err });
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
@ -240,9 +240,15 @@ async function ecImportKey(
|
||||
}
|
||||
|
||||
const handle = new KeyObjectHandle();
|
||||
const type = handle.initJwk(keyData, namedCurve);
|
||||
let type;
|
||||
try {
|
||||
type = handle.initJwk(keyData, namedCurve);
|
||||
} catch (err) {
|
||||
throw lazyDOMException(
|
||||
'Invalid keyData', { name: 'DataError', cause: err });
|
||||
}
|
||||
if (type === undefined)
|
||||
throw lazyDOMException('Invalid JWK', 'DataError');
|
||||
throw lazyDOMException('Invalid keyData', 'DataError');
|
||||
keyObject = type === kKeyTypePrivate ?
|
||||
new PrivateKeyObject(handle) :
|
||||
new PublicKeyObject(handle);
|
||||
|
@ -145,7 +145,12 @@ async function hmacImportKey(
|
||||
}
|
||||
|
||||
const handle = new KeyObjectHandle();
|
||||
handle.initJwk(keyData);
|
||||
try {
|
||||
handle.initJwk(keyData);
|
||||
} catch (err) {
|
||||
throw lazyDOMException(
|
||||
'Invalid keyData', { name: 'DataError', cause: err });
|
||||
}
|
||||
keyObject = new SecretKeyObject(handle);
|
||||
break;
|
||||
}
|
||||
|
@ -275,9 +275,15 @@ async function rsaImportKey(
|
||||
}
|
||||
|
||||
const handle = new KeyObjectHandle();
|
||||
const type = handle.initJwk(keyData);
|
||||
let type;
|
||||
try {
|
||||
type = handle.initJwk(keyData);
|
||||
} catch (err) {
|
||||
throw lazyDOMException(
|
||||
'Invalid keyData', { name: 'DataError', cause: err });
|
||||
}
|
||||
if (type === undefined)
|
||||
throw lazyDOMException('Invalid JWK', 'DataError');
|
||||
throw lazyDOMException('Invalid keyData', 'DataError');
|
||||
|
||||
keyObject = type === kKeyTypePrivate ?
|
||||
new PrivateKeyObject(handle) :
|
||||
|
@ -322,6 +322,15 @@ async function testImportJwk({ name, publicUsages, privateUsages }, extractable)
|
||||
extractable,
|
||||
[/* empty usages */]),
|
||||
{ name: 'SyntaxError', message: 'Usages cannot be empty when importing a private key.' });
|
||||
|
||||
await assert.rejects(
|
||||
subtle.importKey(
|
||||
'jwk',
|
||||
{ kty: jwk.kty, /* missing x */ crv: jwk.crv },
|
||||
{ name },
|
||||
extractable,
|
||||
publicUsages),
|
||||
{ name: 'DataError', message: 'Invalid keyData' });
|
||||
}
|
||||
|
||||
async function testImportRaw({ name, publicUsages }) {
|
||||
|
@ -330,6 +330,15 @@ async function testImportJwk(
|
||||
extractable,
|
||||
[/* empty usages */]),
|
||||
{ name: 'SyntaxError', message: 'Usages cannot be empty when importing a private key.' });
|
||||
|
||||
await assert.rejects(
|
||||
subtle.importKey(
|
||||
'jwk',
|
||||
{ kty: jwk.kty, /* missing x */ y: jwk.y, crv: jwk.crv },
|
||||
{ name, namedCurve },
|
||||
extractable,
|
||||
publicUsages),
|
||||
{ name: 'DataError', message: 'Invalid keyData' });
|
||||
}
|
||||
|
||||
async function testImportRaw({ name, publicUsages }, namedCurve) {
|
||||
|
@ -513,6 +513,15 @@ async function testImportJwk(
|
||||
extractable,
|
||||
[/* empty usages */]),
|
||||
{ name: 'SyntaxError', message: 'Usages cannot be empty when importing a private key.' });
|
||||
|
||||
await assert.rejects(
|
||||
subtle.importKey(
|
||||
'jwk',
|
||||
{ kty: jwk.kty, /* missing e */ n: jwk.n },
|
||||
{ name, hash },
|
||||
extractable,
|
||||
publicUsages),
|
||||
{ name: 'DataError', message: 'Invalid keyData' });
|
||||
}
|
||||
|
||||
// combinations to test
|
||||
|
Loading…
Reference in New Issue
Block a user