Skip to content

Commit

Permalink
crypto: generateKeyPair('ec') should not support NODE-ED* and NODE-X*
Browse files Browse the repository at this point in the history
Fixes #37055

PR-URL: #37063
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
  • Loading branch information
panva committed Jan 27, 2021
1 parent 35fe310 commit 8b65004
Show file tree
Hide file tree
Showing 5 changed files with 55 additions and 14 deletions.
22 changes: 21 additions & 1 deletion lib/internal/crypto/ec.js
Original file line number Diff line number Diff line change
Expand Up @@ -166,7 +166,27 @@ async function ecGenerateKey(algorithm, extractable, keyUsages) {
// Fall through
}
return new Promise((resolve, reject) => {
generateKeyPair('ec', { namedCurve }, (err, pubKey, privKey) => {
let genKeyType;
let genOpts;
switch (namedCurve) {
case 'NODE-ED25519':
genKeyType = 'ed25519';
break;
case 'NODE-ED448':
genKeyType = 'ed448';
break;
case 'NODE-X25519':
genKeyType = 'x25519';
break;
case 'NODE-X448':
genKeyType = 'x448';
break;
default:
genKeyType = 'ec';
genOpts = { namedCurve };
break;
}
generateKeyPair(genKeyType, genOpts, (err, pubKey, privKey) => {
if (err) {
return reject(lazyDOMException(
'The operation failed for an operation-specific reason',
Expand Down
28 changes: 16 additions & 12 deletions src/crypto/crypto_ec.cc
Original file line number Diff line number Diff line change
Expand Up @@ -36,17 +36,21 @@ int GetCurveFromName(const char* name) {
int nid = EC_curve_nist2nid(name);
if (nid == NID_undef)
nid = OBJ_sn2nid(name);
// If there is still no match, check manually for known curves
if (nid == NID_undef) {
if (strcmp(name, "NODE-ED25519") == 0) {
nid = EVP_PKEY_ED25519;
} else if (strcmp(name, "NODE-ED448") == 0) {
nid = EVP_PKEY_ED448;
} else if (strcmp(name, "NODE-X25519") == 0) {
nid = EVP_PKEY_X25519;
} else if (strcmp(name, "NODE-X448") == 0) {
nid = EVP_PKEY_X448;
}
return nid;
}

int GetOKPCurveFromName(const char* name) {
int nid;
if (strcmp(name, "NODE-ED25519") == 0) {
nid = EVP_PKEY_ED25519;
} else if (strcmp(name, "NODE-ED448") == 0) {
nid = EVP_PKEY_ED448;
} else if (strcmp(name, "NODE-X25519") == 0) {
nid = EVP_PKEY_X25519;
} else if (strcmp(name, "NODE-X448") == 0) {
nid = EVP_PKEY_X448;
} else {
nid = NID_undef;
}
return nid;
}
Expand Down Expand Up @@ -443,7 +447,7 @@ Maybe<bool> ECDHBitsTraits::AdditionalConfig(
return Nothing<bool>();
}

params->id_ = GetCurveFromName(*name);
params->id_ = GetOKPCurveFromName(*name);
params->private_ = private_key->Data();
params->public_ = public_key->Data();

Expand Down
1 change: 1 addition & 0 deletions src/crypto/crypto_ec.h
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
namespace node {
namespace crypto {
int GetCurveFromName(const char* name);
int GetOKPCurveFromName(const char* name);

class ECDH final : public BaseObject {
public:
Expand Down
2 changes: 1 addition & 1 deletion src/crypto/crypto_keys.cc
Original file line number Diff line number Diff line change
Expand Up @@ -1058,7 +1058,7 @@ void KeyObjectHandle::InitEDRaw(const FunctionCallbackInfo<Value>& args) {
? EVP_PKEY_new_raw_private_key
: EVP_PKEY_new_raw_public_key;

int id = GetCurveFromName(*name);
int id = GetOKPCurveFromName(*name);

switch (id) {
case EVP_PKEY_X25519:
Expand Down
16 changes: 16 additions & 0 deletions test/parallel/test-crypto-keygen.js
Original file line number Diff line number Diff line change
Expand Up @@ -1283,3 +1283,19 @@ const sec1EncExp = (cipher) => getRegExpForPEM('EC PRIVATE KEY', cipher);
}));
}
}

{
// Proprietary Web Cryptography API ECDH/ECDSA namedCurve parameters
// should not be recognized in this API.
// See https://github.com/nodejs/node/issues/37055
const curves = ['NODE-ED25519', 'NODE-ED448', 'NODE-X25519', 'NODE-X448'];
for (const namedCurve of curves) {
assert.throws(
() => generateKeyPair('ec', { namedCurve }, common.mustNotCall()),
{
name: 'TypeError',
message: 'Invalid EC curve name'
}
);
}
}

0 comments on commit 8b65004

Please sign in to comment.