-
Notifications
You must be signed in to change notification settings - Fork 29.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Web Cryptography API compliance wrt. key import/export #39959
Comments
There are a number of quick easy fixes that I'll work on - that is checking the key type upon import. See #39962 That's however about the only thing with a sure resolution from the above list. When coming up with a resolution for these points it's important to keep in mind that we should strive for the possibility of generate/import/export or import/export/import round trips. We should not force export compliance with the standard if it means we won't be able to import the key material. Likewise we have the other implementations of Web Cryptography API to interoperate with. I did not test every browser vendor out there. But I did find a list of caveats from the Chromium project which, wrt. support key OIDs only chose to support (via import and export) the Firefox apparently also only supports |
I believe another reasonable fixes would be to the RSA-PSS import steps checking the It is easy to say we only support import/export of |
closes #39959 see w3c/webcrypto#307 see w3c/webcrypto#305 PR-URL: #42816 Reviewed-By: Tobias Nießen <tniessen@tnie.de>
closes #39959 see w3c/webcrypto#307 see w3c/webcrypto#305 PR-URL: #42816 Reviewed-By: Tobias Nießen <tniessen@tnie.de>
closes #39959 see w3c/webcrypto#307 see w3c/webcrypto#305 PR-URL: #42816 Reviewed-By: Tobias Nießen <tniessen@tnie.de>
closes #39959 see w3c/webcrypto#307 see w3c/webcrypto#305 PR-URL: #42816 Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Having gone through Web Cryptography API W3C Editor's Draft here are the discrepancies between the specification and Node.js v16.8.0 Web Crypto API Module actual implementation when it comes to SubtleCrypto.importKey, SubtleCrypto.exportKey, and in the case of RSA-PSS also SubtleCrypto.sign and SubtleCrypto.verify.
The point is to make a catalogue of known issues and open a discussion about how and if to handle them, knowing upfront that not everything can be achieved the possible resolution for some may just be a note in the documentation about the caveats, similar to what the Chromium Project > WebCrypto page lists.
RSASSA-PKCS1-v1_5 importKey "spki"
keyObject.asymmetricKeyType
is'rsa'
and throwDataError
if it is notsha1WithRSAEncryption
,sha256WithRSAEncryption
,sha384WithRSAEncryption
, andsha512WithRSAEncryption
RSASSA-PKCS1-v1_5 importKey "pkcs8"
keyObject.asymmetricKeyType
is'rsa'
and throwDataError
if it is notsha1WithRSAEncryption
,sha256WithRSAEncryption
,sha384WithRSAEncryption
, andsha512WithRSAEncryption
RSA-PSS importKey "spki"
keyObject.asymmetricKeyType
is'rsa'
or'rsa-pss'
and throwDataError
if it is notrsa-pss
keyRSASSA-PSS-params
sequence is presentkeyObject.asymmetricKeyType
is'rsa-pss'
assert thatkeyObject.asymmetricKeyDetails.mgf1HashAlgorithm
is notundefined
rsa-pss
keyRSASSA-PSS-params
sequencemaskGenAlgorithm
andhashAlgorithm
match the values required for the given algorithmkeyObject.asymmetricKeyType
is'rsa-pss'
assert thatkeyObject.asymmetricKeyDetails.hashAlgorithm
which in turn equals the Node.js normalized digest algorithm name for the WebCrypto algorithm specifiedhash.name
RSA-PSS exportKey "spki"
id-RSASSA-PSS
keys. The OID and content of the key will always depend on the internal KeyObject representation. If it is an'rsa'
key, the result will usersaEncryption
.id-RSASSA-PSS
keys withRSASSA-PSS-params
sequence with values depending on the WebCrypto algorithm of the CryptoKey. The behaviour will only be per-spec if the key imported was an RSA-PSS one (given we choose to fix the import steps), but when the imported key was anrsaEncryption
one (allowed) this requirement will not be upheld.RSA-PSS verify
rsa-pss
KeyObject haskeyObject.asymmetricKeyDetails.saltLength
specified larger than the one requested to be used.false
.RSA-PSS importKey "pkcs8"
keyObject.asymmetricKeyType
is'rsa'
or'rsa-pss'
and throwDataError
if it is notrsa-pss
keyRSASSA-PSS-params
sequence is presentkeyObject.asymmetricKeyType
is'rsa-pss'
assert thatkeyObject.asymmetricKeyDetails.mgf1HashAlgorithm
is notundefined
rsa-pss
keyRSASSA-PSS-params
sequencemaskGenAlgorithm
andhashAlgorithm
match the values required for the given algorithmkeyObject.asymmetricKeyType
is'rsa-pss'
assert thatkeyObject.asymmetricKeyDetails.hashAlgorithm
which in turn equals the Node.js normalized digest algorithm name for the WebCrypto algorithm specifiedhash.name
RSA-PSS exportKey "pkcs8"
id-RSASSA-PSS
keys. The OID and content of the key will always depend on the internal KeyObject representation. If it is an'rsa'
key, the result will usersaEncryption
.id-RSASSA-PSS
keys withRSASSA-PSS-params
sequence with values depending on the WebCrypto algorithm of the CryptoKey. The behaviour will only be per-spec if the key imported was an RSA-PSS one (given we choose to fix the import steps), but when the imported key was anrsaEncryption
one (allowed) this requirement will not be upheld.RSA-PSS sign
rsa-pss
KeyObject haskeyObject.asymmetricKeyDetails.saltLength
specified larger than the one requested to be used.OperationError
.RSA-OAEP importKey "spki"
keyObject.asymmetricKeyType
is'rsa'
and throwDataError
if it is notid-RSAES-OAEP
keysRSA-OAEP importKey "pkcs8"
keyObject.asymmetricKeyType
is'rsa'
or'rsa-pss'
and throwDataError
if it is notid-RSAES-OAEP
keysRSA-OAEP exportKey "spki" and "pkcs8"
id-RSAES-OAEP
we will always export OIDrsaEncryption
ECDH exportKey "spki" and "pkcs8"
id-ecDH
we will always export OIDid-ecPublicKey
General
CryptoKey implementation is a rather thin layer on top of a KeyObject instance and that's where most of the import/export OID issues stem from, this is further elevated when
'node.keyObject'
is used as the import key format.NB: spki and pkcs8 OID mappings
The text was updated successfully, but these errors were encountered: