From d723b37e476e25994645a1bdb90e406c3c56684e Mon Sep 17 00:00:00 2001 From: Divy Srivastava Date: Fri, 20 Sep 2024 18:10:11 +0530 Subject: [PATCH] fix(ext/crypto): ensure EC public keys are exported uncompressed Fixes https://github.com/denoland/deno/issues/18050 --- ext/crypto/shared.rs | 16 +++++-------- tests/wpt/runner/expectation.json | 38 ++++--------------------------- 2 files changed, 11 insertions(+), 43 deletions(-) diff --git a/ext/crypto/shared.rs b/ext/crypto/shared.rs index 21fddc745f22ed..d5b2d6593ab099 100644 --- a/ext/crypto/shared.rs +++ b/ext/crypto/shared.rs @@ -98,11 +98,9 @@ impl V8RawKeyData { pub fn as_ec_public_key_p256(&self) -> Result { match self { - V8RawKeyData::Public(data) => { - // public_key is a serialized EncodedPoint - p256::EncodedPoint::from_bytes(data) - .map_err(|_| type_error("expected valid public EC key")) - } + V8RawKeyData::Public(data) => p256::PublicKey::from_sec1_bytes(data) + .map(|p| p.to_encoded_point(false)) + .map_err(|_| type_error("expected valid public EC key")), V8RawKeyData::Private(data) => { let signing_key = p256::SecretKey::from_pkcs8_der(data) .map_err(|_| type_error("expected valid private EC key"))?; @@ -115,11 +113,9 @@ impl V8RawKeyData { pub fn as_ec_public_key_p384(&self) -> Result { match self { - V8RawKeyData::Public(data) => { - // public_key is a serialized EncodedPoint - p384::EncodedPoint::from_bytes(data) - .map_err(|_| type_error("expected valid public EC key")) - } + V8RawKeyData::Public(data) => p384::PublicKey::from_sec1_bytes(data) + .map(|p| p.to_encoded_point(false)) + .map_err(|_| type_error("expected valid public EC key")), V8RawKeyData::Private(data) => { let signing_key = p384::SecretKey::from_pkcs8_der(data) .map_err(|_| type_error("expected valid private EC key"))?; diff --git a/tests/wpt/runner/expectation.json b/tests/wpt/runner/expectation.json index 642dbc8af35347..bf6da73383e3b9 100644 --- a/tests/wpt/runner/expectation.json +++ b/tests/wpt/runner/expectation.json @@ -918,22 +918,10 @@ ], "import_export": { "ec_importKey.https.any.html": [ - "Good parameters: P-256 bits (spki, buffer(59, compressed), {name: ECDSA, namedCurve: P-256}, true, [verify])", - "Good parameters: P-256 bits (raw, buffer(33, compressed), {name: ECDSA, namedCurve: P-256}, true, [verify])", - "Good parameters: P-256 bits (spki, buffer(59, compressed), {name: ECDSA, namedCurve: P-256}, true, [])", - "Good parameters: P-256 bits (raw, buffer(33, compressed), {name: ECDSA, namedCurve: P-256}, true, [])", - "Good parameters: P-256 bits (spki, buffer(59, compressed), {name: ECDSA, namedCurve: P-256}, true, [verify, verify])", - "Good parameters: P-256 bits (raw, buffer(33, compressed), {name: ECDSA, namedCurve: P-256}, true, [verify, verify])", "Empty Usages: P-256 bits (pkcs8, buffer(138), {name: ECDSA, namedCurve: P-256}, true, [])", "Empty Usages: P-256 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-256}, true, [])", "Empty Usages: P-256 bits (pkcs8, buffer(138), {name: ECDSA, namedCurve: P-256}, false, [])", "Empty Usages: P-256 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-256}, false, [])", - "Good parameters: P-384 bits (spki, buffer(72, compressed), {name: ECDSA, namedCurve: P-384}, true, [verify])", - "Good parameters: P-384 bits (raw, buffer(49, compressed), {name: ECDSA, namedCurve: P-384}, true, [verify])", - "Good parameters: P-384 bits (spki, buffer(72, compressed), {name: ECDSA, namedCurve: P-384}, true, [])", - "Good parameters: P-384 bits (raw, buffer(49, compressed), {name: ECDSA, namedCurve: P-384}, true, [])", - "Good parameters: P-384 bits (spki, buffer(72, compressed), {name: ECDSA, namedCurve: P-384}, true, [verify, verify])", - "Good parameters: P-384 bits (raw, buffer(49, compressed), {name: ECDSA, namedCurve: P-384}, true, [verify, verify])", "Empty Usages: P-384 bits (pkcs8, buffer(185), {name: ECDSA, namedCurve: P-384}, true, [])", "Empty Usages: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-384}, true, [])", "Empty Usages: P-384 bits (pkcs8, buffer(185), {name: ECDSA, namedCurve: P-384}, false, [])", @@ -965,14 +953,10 @@ "Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-521}, false, [sign])", "Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-521}, false, [sign, sign])", "Empty Usages: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-521}, false, [])", - "Good parameters: P-256 bits (spki, buffer(59, compressed), {name: ECDH, namedCurve: P-256}, true, [])", - "Good parameters: P-256 bits (raw, buffer(33, compressed), {name: ECDH, namedCurve: P-256}, true, [])", "Empty Usages: P-256 bits (pkcs8, buffer(138), {name: ECDH, namedCurve: P-256}, true, [])", "Empty Usages: P-256 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-256}, true, [])", "Empty Usages: P-256 bits (pkcs8, buffer(138), {name: ECDH, namedCurve: P-256}, false, [])", "Empty Usages: P-256 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-256}, false, [])", - "Good parameters: P-384 bits (spki, buffer(72, compressed), {name: ECDH, namedCurve: P-384}, true, [])", - "Good parameters: P-384 bits (raw, buffer(49, compressed), {name: ECDH, namedCurve: P-384}, true, [])", "Empty Usages: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, true, [])", "Empty Usages: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, true, [])", "Empty Usages: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, false, [])", @@ -1012,22 +996,10 @@ "Empty Usages: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-521}, false, [])" ], "ec_importKey.https.any.worker.html": [ - "Good parameters: P-256 bits (spki, buffer(59, compressed), {name: ECDSA, namedCurve: P-256}, true, [verify])", - "Good parameters: P-256 bits (raw, buffer(33, compressed), {name: ECDSA, namedCurve: P-256}, true, [verify])", - "Good parameters: P-256 bits (spki, buffer(59, compressed), {name: ECDSA, namedCurve: P-256}, true, [])", - "Good parameters: P-256 bits (raw, buffer(33, compressed), {name: ECDSA, namedCurve: P-256}, true, [])", - "Good parameters: P-256 bits (spki, buffer(59, compressed), {name: ECDSA, namedCurve: P-256}, true, [verify, verify])", - "Good parameters: P-256 bits (raw, buffer(33, compressed), {name: ECDSA, namedCurve: P-256}, true, [verify, verify])", "Empty Usages: P-256 bits (pkcs8, buffer(138), {name: ECDSA, namedCurve: P-256}, true, [])", "Empty Usages: P-256 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-256}, true, [])", "Empty Usages: P-256 bits (pkcs8, buffer(138), {name: ECDSA, namedCurve: P-256}, false, [])", "Empty Usages: P-256 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-256}, false, [])", - "Good parameters: P-384 bits (spki, buffer(72, compressed), {name: ECDSA, namedCurve: P-384}, true, [verify])", - "Good parameters: P-384 bits (raw, buffer(49, compressed), {name: ECDSA, namedCurve: P-384}, true, [verify])", - "Good parameters: P-384 bits (spki, buffer(72, compressed), {name: ECDSA, namedCurve: P-384}, true, [])", - "Good parameters: P-384 bits (raw, buffer(49, compressed), {name: ECDSA, namedCurve: P-384}, true, [])", - "Good parameters: P-384 bits (spki, buffer(72, compressed), {name: ECDSA, namedCurve: P-384}, true, [verify, verify])", - "Good parameters: P-384 bits (raw, buffer(49, compressed), {name: ECDSA, namedCurve: P-384}, true, [verify, verify])", "Empty Usages: P-384 bits (pkcs8, buffer(185), {name: ECDSA, namedCurve: P-384}, true, [])", "Empty Usages: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-384}, true, [])", "Empty Usages: P-384 bits (pkcs8, buffer(185), {name: ECDSA, namedCurve: P-384}, false, [])", @@ -1059,14 +1031,10 @@ "Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-521}, false, [sign])", "Good parameters: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-521}, false, [sign, sign])", "Empty Usages: P-521 bits (jwk, object(kty, crv, x, y, d), {name: ECDSA, namedCurve: P-521}, false, [])", - "Good parameters: P-256 bits (spki, buffer(59, compressed), {name: ECDH, namedCurve: P-256}, true, [])", - "Good parameters: P-256 bits (raw, buffer(33, compressed), {name: ECDH, namedCurve: P-256}, true, [])", "Empty Usages: P-256 bits (pkcs8, buffer(138), {name: ECDH, namedCurve: P-256}, true, [])", "Empty Usages: P-256 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-256}, true, [])", "Empty Usages: P-256 bits (pkcs8, buffer(138), {name: ECDH, namedCurve: P-256}, false, [])", "Empty Usages: P-256 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-256}, false, [])", - "Good parameters: P-384 bits (spki, buffer(72, compressed), {name: ECDH, namedCurve: P-384}, true, [])", - "Good parameters: P-384 bits (raw, buffer(49, compressed), {name: ECDH, namedCurve: P-384}, true, [])", "Empty Usages: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, true, [])", "Empty Usages: P-384 bits (jwk, object(kty, crv, x, y, d), {name: ECDH, namedCurve: P-384}, true, [])", "Empty Usages: P-384 bits (pkcs8, buffer(185), {name: ECDH, namedCurve: P-384}, false, [])", @@ -1788,7 +1756,11 @@ "Invalid key pair: importKey(jwk(private), {name: X25519}, true, [deriveKey, deriveBits, deriveKey, deriveBits])" ], "okp_importKey_failures_X448.https.any.html": false, - "okp_importKey_failures_X448.https.any.worker.html": false + "okp_importKey_failures_X448.https.any.worker.html": false, + "crashtests": { + "importKey-unsettled-promise.https.any.html": true, + "importKey-unsettled-promise.https.any.worker.html": true + } }, "randomUUID.https.any.html": true, "randomUUID.https.any.worker.html": true,