Skip to content

Commit

Permalink
crypto: use DataError for webcrypto keyData import failures
Browse files Browse the repository at this point in the history
PR-URL: #45569
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
  • Loading branch information
panva authored and targos committed Dec 12, 2022
1 parent 40037b4 commit 9e2e3de
Show file tree
Hide file tree
Showing 4 changed files with 67 additions and 71 deletions.
32 changes: 21 additions & 11 deletions lib/internal/crypto/cfrg.js
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,7 @@ function createCFRGRawKey(name, keyData, isPublic) {

const keyType = isPublic ? kKeyTypePublic : kKeyTypePrivate;
if (!handle.initEDRaw(name, keyData, keyType)) {
throw lazyDOMException('Failure to generate key object');
throw lazyDOMException('Invalid keyData', 'DataError');
}

return isPublic ? new PublicKeyObject(handle) : new PrivateKeyObject(handle);
Expand Down Expand Up @@ -220,20 +220,30 @@ async function cfrgImportKey(
switch (format) {
case 'spki': {
verifyAcceptableCfrgKeyUse(name, 'public', usagesSet);
keyObject = createPublicKey({
key: keyData,
format: 'der',
type: 'spki'
});
try {
keyObject = createPublicKey({
key: keyData,
format: 'der',
type: 'spki'
});
} catch (err) {
throw lazyDOMException(
'Invalid keyData', { name: 'DataError', cause: err });
}
break;
}
case 'pkcs8': {
verifyAcceptableCfrgKeyUse(name, 'private', usagesSet);
keyObject = createPrivateKey({
key: keyData,
format: 'der',
type: 'pkcs8'
});
try {
keyObject = createPrivateKey({
key: keyData,
format: 'der',
type: 'pkcs8'
});
} catch (err) {
throw lazyDOMException(
'Invalid keyData', { name: 'DataError', cause: err });
}
break;
}
case 'jwk': {
Expand Down
40 changes: 26 additions & 14 deletions lib/internal/crypto/ec.js
Original file line number Diff line number Diff line change
Expand Up @@ -80,8 +80,12 @@ function verifyAcceptableEcKeyUse(name, type, usages) {
function createECPublicKeyRaw(namedCurve, keyData) {
const handle = new KeyObjectHandle();
keyData = getArrayBufferOrView(keyData, 'keyData');
if (handle.initECRaw(kNamedCurveAliases[namedCurve], keyData))
return new PublicKeyObject(handle);

if (!handle.initECRaw(kNamedCurveAliases[namedCurve], keyData)) {
throw lazyDOMException('Invalid keyData', 'DataError');
}

return new PublicKeyObject(handle);
}

async function ecGenerateKey(algorithm, extractable, keyUsages) {
Expand Down Expand Up @@ -176,20 +180,30 @@ async function ecImportKey(
switch (format) {
case 'spki': {
verifyAcceptableEcKeyUse(name, 'public', usagesSet);
keyObject = createPublicKey({
key: keyData,
format: 'der',
type: 'spki'
});
try {
keyObject = createPublicKey({
key: keyData,
format: 'der',
type: 'spki'
});
} catch (err) {
throw lazyDOMException(
'Invalid keyData', { name: 'DataError', cause: err });
}
break;
}
case 'pkcs8': {
verifyAcceptableEcKeyUse(name, 'private', usagesSet);
keyObject = createPrivateKey({
key: keyData,
format: 'der',
type: 'pkcs8'
});
try {
keyObject = createPrivateKey({
key: keyData,
format: 'der',
type: 'pkcs8'
});
} catch (err) {
throw lazyDOMException(
'Invalid keyData', { name: 'DataError', cause: err });
}
break;
}
case 'jwk': {
Expand Down Expand Up @@ -246,8 +260,6 @@ async function ecImportKey(
case 'raw': {
verifyAcceptableEcKeyUse(name, 'public', usagesSet);
keyObject = createECPublicKeyRaw(namedCurve, keyData);
if (keyObject === undefined)
throw lazyDOMException('Unable to import EC key', 'OperationError');
break;
}
}
Expand Down
30 changes: 20 additions & 10 deletions lib/internal/crypto/rsa.js
Original file line number Diff line number Diff line change
Expand Up @@ -245,20 +245,30 @@ async function rsaImportKey(
switch (format) {
case 'spki': {
verifyAcceptableRsaKeyUse(algorithm.name, 'public', usagesSet);
keyObject = createPublicKey({
key: keyData,
format: 'der',
type: 'spki'
});
try {
keyObject = createPublicKey({
key: keyData,
format: 'der',
type: 'spki'
});
} catch (err) {
throw lazyDOMException(
'Invalid keyData', { name: 'DataError', cause: err });
}
break;
}
case 'pkcs8': {
verifyAcceptableRsaKeyUse(algorithm.name, 'private', usagesSet);
keyObject = createPrivateKey({
key: keyData,
format: 'der',
type: 'pkcs8'
});
try {
keyObject = createPrivateKey({
key: keyData,
format: 'der',
type: 'pkcs8'
});
} catch (err) {
throw lazyDOMException(
'Invalid keyData', { name: 'DataError', cause: err });
}
break;
}
case 'jwk': {
Expand Down
36 changes: 0 additions & 36 deletions test/wpt/status/WebCryptoAPI.json
Original file line number Diff line number Diff line change
Expand Up @@ -11,14 +11,6 @@
"import_export/okp_importKey_failures_Ed25519.https.any.js": {
"fail": {
"expected": [
"Bad key length: importKey(spki, {name: Ed25519}, true, [verify])",
"Bad key length: importKey(spki, {name: Ed25519}, false, [verify])",
"Bad key length: importKey(spki, {name: Ed25519}, true, [verify, verify])",
"Bad key length: importKey(spki, {name: Ed25519}, false, [verify, verify])",
"Bad key length: importKey(pkcs8, {name: Ed25519}, true, [sign])",
"Bad key length: importKey(pkcs8, {name: Ed25519}, false, [sign])",
"Bad key length: importKey(pkcs8, {name: Ed25519}, true, [sign, sign])",
"Bad key length: importKey(pkcs8, {name: Ed25519}, false, [sign, sign])",
"Bad key length: importKey(jwk(private), {name: Ed25519}, true, [sign])",
"Bad key length: importKey(jwk(private), {name: Ed25519}, false, [sign])",
"Bad key length: importKey(jwk(private), {name: Ed25519}, true, [sign, sign])",
Expand All @@ -35,14 +27,6 @@
"import_export/okp_importKey_failures_Ed448.https.any.js": {
"fail": {
"expected": [
"Bad key length: importKey(spki, {name: Ed448}, true, [verify])",
"Bad key length: importKey(spki, {name: Ed448}, false, [verify])",
"Bad key length: importKey(spki, {name: Ed448}, true, [verify, verify])",
"Bad key length: importKey(spki, {name: Ed448}, false, [verify, verify])",
"Bad key length: importKey(pkcs8, {name: Ed448}, true, [sign])",
"Bad key length: importKey(pkcs8, {name: Ed448}, false, [sign])",
"Bad key length: importKey(pkcs8, {name: Ed448}, true, [sign, sign])",
"Bad key length: importKey(pkcs8, {name: Ed448}, false, [sign, sign])",
"Bad key length: importKey(jwk(private), {name: Ed448}, true, [sign])",
"Bad key length: importKey(jwk(private), {name: Ed448}, false, [sign])",
"Bad key length: importKey(jwk(private), {name: Ed448}, true, [sign, sign])",
Expand All @@ -59,16 +43,6 @@
"import_export/okp_importKey_failures_X25519.https.any.js": {
"fail": {
"expected": [
"Bad key length: importKey(spki, {name: X25519}, true, [])",
"Bad key length: importKey(spki, {name: X25519}, false, [])",
"Bad key length: importKey(pkcs8, {name: X25519}, true, [deriveKey])",
"Bad key length: importKey(pkcs8, {name: X25519}, false, [deriveKey])",
"Bad key length: importKey(pkcs8, {name: X25519}, true, [deriveBits, deriveKey])",
"Bad key length: importKey(pkcs8, {name: X25519}, false, [deriveBits, deriveKey])",
"Bad key length: importKey(pkcs8, {name: X25519}, true, [deriveBits])",
"Bad key length: importKey(pkcs8, {name: X25519}, false, [deriveBits])",
"Bad key length: importKey(pkcs8, {name: X25519}, true, [deriveKey, deriveBits, deriveKey, deriveBits])",
"Bad key length: importKey(pkcs8, {name: X25519}, false, [deriveKey, deriveBits, deriveKey, deriveBits])",
"Bad key length: importKey(jwk (public) , {name: X25519}, true, [])",
"Bad key length: importKey(jwk (public) , {name: X25519}, false, [])",
"Bad key length: importKey(jwk(private), {name: X25519}, true, [deriveKey])",
Expand All @@ -89,16 +63,6 @@
"import_export/okp_importKey_failures_X448.https.any.js": {
"fail": {
"expected": [
"Bad key length: importKey(spki, {name: X448}, true, [])",
"Bad key length: importKey(spki, {name: X448}, false, [])",
"Bad key length: importKey(pkcs8, {name: X448}, true, [deriveKey])",
"Bad key length: importKey(pkcs8, {name: X448}, false, [deriveKey])",
"Bad key length: importKey(pkcs8, {name: X448}, true, [deriveBits, deriveKey])",
"Bad key length: importKey(pkcs8, {name: X448}, false, [deriveBits, deriveKey])",
"Bad key length: importKey(pkcs8, {name: X448}, true, [deriveBits])",
"Bad key length: importKey(pkcs8, {name: X448}, false, [deriveBits])",
"Bad key length: importKey(pkcs8, {name: X448}, true, [deriveKey, deriveBits, deriveKey, deriveBits])",
"Bad key length: importKey(pkcs8, {name: X448}, false, [deriveKey, deriveBits, deriveKey, deriveBits])",
"Bad key length: importKey(jwk(private), {name: X448}, true, [deriveKey])",
"Bad key length: importKey(jwk(private), {name: X448}, false, [deriveKey])",
"Bad key length: importKey(jwk(private), {name: X448}, true, [deriveBits, deriveKey])",
Expand Down

0 comments on commit 9e2e3de

Please sign in to comment.