-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto: fix JWK RSA-PSS SubtleCrypto.exportKey #39828
Conversation
cc @nodejs/crypto |
Does this intentionally drop RSA-PSS parameters? That seems to be in violation of the Web Crypto API spec (RSA-PSS "Export Key" operation), and it also seems wrong to remove parameters from a key. If crypto does that (#39805 (comment)), then that's probably a bug in crypto. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Making my concerns explicit.
@tniessen You've got it backwards - this explicitly allows the JWK export only in Web Crypto API because the CryptoKey instance is already tied to a single Algorithm that represents the digest and use/value of RSA-PSS parameters. WebCryptoAPI exports the "alg" in addition to the key material here in accordance with the Web Cryptography API specification RSA-PSS > Export Key > JWK. The WebCrypto API does not drop anything. However, because KeyObject does not have that strong tie between its instance and digest and RSA-PSS parameters (and it therefore does not export any "alg" value) we continue to not allow rsa-pss key export as JWK from |
This is actually fixing a regression introduced in #39319 |
Ah, so the import function ensures that the |
{ name: 'RSA-PSS', hash: 'SHA-256' }, | ||
true, | ||
['verify']); | ||
await subtle.exportKey('jwk', key); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you add assertions about the returned JWK then? In particular, that it preserves the hash function?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done.
Since we have no way of checking the PSS Params (as you know) it does not. You can end up with CryptoKey that does have a different algorithm than the underlying key material. Such key will however fail to be used with both sign and verify. I would say that is a different bug in the Web Crypto API implementation that we should think about how to fix - i.e. how to add RSA-PSS params to |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I trust your judgement on this, @panva. If this is a regression fix and only affects WebCrypto, not Node.js crypto, and is spec compliant, it should be fine.
This comment has been minimized.
This comment has been minimized.
PR-URL: #39828 Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: James M Snell <jasnell@gmail.com>
Landed in 4441c3e |
PR-URL: #39828 Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: James M Snell <jasnell@gmail.com>
Allows JWK export from WebCryptoAPI whilst keeping the restriction on
KeyObject.prototype.export()
Refs #39805