From 82b086752a381ecd47d8ee8a401a86a44347fe08 Mon Sep 17 00:00:00 2001 From: Luca Casonato Date: Wed, 19 Jan 2022 16:20:28 +0100 Subject: [PATCH] feat(ext/crypto): support importing raw EC keys (#13079) Co-authored-by: Divy Srivastava --- ext/crypto/00_crypto.js | 62 ++++++++++++++++++++++++----------------- ext/crypto/01_webidl.js | 15 ++++++++++ 2 files changed, 51 insertions(+), 26 deletions(-) diff --git a/ext/crypto/00_crypto.js b/ext/crypto/00_crypto.js index 2596bb0526..aa328d1d70 100644 --- a/ext/crypto/00_crypto.js +++ b/ext/crypto/00_crypto.js @@ -72,6 +72,7 @@ Pbkdf2Params: { hash: "HashAlgorithmIdentifier", salt: "BufferSource" }, RsaOaepParams: { label: "BufferSource" }, RsaHashedImportParams: { hash: "HashAlgorithmIdentifier" }, + EcKeyImportParams: {}, }; const supportedAlgorithms = { @@ -109,8 +110,8 @@ "RSASSA-PKCS1-v1_5": "RsaHashedImportParams", "RSA-PSS": "RsaHashedImportParams", "RSA-OAEP": "RsaHashedImportParams", - "ECDSA": "EcImportParams", - "ECDH": "EcImportParams", + "ECDSA": "EcKeyImportParams", + "ECDH": "EcKeyImportParams", "HMAC": "HmacImportParams", "HKDF": null, "PBKDF2": null, @@ -2347,19 +2348,6 @@ return key; } - const SUPPORTED_EC_KEY_USAGES = { - "ECDSA": { - public: ["verify"], - private: ["sign"], - jwtUse: "sig", - }, - "ECDH": { - public: [], - private: ["deriveKey", "deriveBits"], - jwtUse: "enc", - }, - }; - function importKeyEC( format, normalizedAlgorithm, @@ -2367,7 +2355,7 @@ extractable, keyUsages, ) { - const supportedUsages = SUPPORTED_EC_KEY_USAGES[normalizedAlgorithm.name]; + const supportedUsages = SUPPORTED_KEY_USAGES[normalizedAlgorithm.name]; switch (format) { case "raw": { @@ -2388,7 +2376,11 @@ if ( ArrayPrototypeFind( keyUsages, - (u) => !ArrayPrototypeIncludes(supportedUsages.public, u), + (u) => + !ArrayPrototypeIncludes( + SUPPORTED_KEY_USAGES[normalizedAlgorithm.name].public, + u, + ), ) !== undefined ) { throw new DOMException("Invalid key usages", "SyntaxError"); @@ -2425,7 +2417,11 @@ if ( ArrayPrototypeFind( keyUsages, - (u) => !ArrayPrototypeIncludes(supportedUsages.private, u), + (u) => + !ArrayPrototypeIncludes( + SUPPORTED_KEY_USAGES[normalizedAlgorithm.name].private, + u, + ), ) !== undefined ) { throw new DOMException("Invalid key usages", "SyntaxError"); @@ -2461,7 +2457,11 @@ if ( ArrayPrototypeFind( keyUsages, - (u) => !ArrayPrototypeIncludes(supportedUsages.public, u), + (u) => + !ArrayPrototypeIncludes( + SUPPORTED_KEY_USAGES[normalizedAlgorithm.name].public, + u, + ), ) !== undefined ) { throw new DOMException("Invalid key usages", "SyntaxError"); @@ -2667,7 +2667,7 @@ } } - const SUPPORTED_RSA_KEY_USAGES = { + const SUPPORTED_KEY_USAGES = { "RSASSA-PKCS1-v1_5": { public: ["verify"], private: ["sign"], @@ -2683,6 +2683,16 @@ private: ["decrypt", "unwrapKey"], jwtUse: "enc", }, + "ECDSA": { + public: ["verify"], + private: ["sign"], + jwtUse: "sig", + }, + "ECDH": { + public: [], + private: ["deriveKey", "deriveBits"], + jwtUse: "enc", + }, }; function importKeyRSA( @@ -2700,7 +2710,7 @@ keyUsages, (u) => !ArrayPrototypeIncludes( - SUPPORTED_RSA_KEY_USAGES[normalizedAlgorithm.name].private, + SUPPORTED_KEY_USAGES[normalizedAlgorithm.name].private, u, ), ) !== undefined @@ -2746,7 +2756,7 @@ keyUsages, (u) => !ArrayPrototypeIncludes( - SUPPORTED_RSA_KEY_USAGES[normalizedAlgorithm.name].public, + SUPPORTED_KEY_USAGES[normalizedAlgorithm.name].public, u, ), ) !== undefined @@ -2796,7 +2806,7 @@ keyUsages, (u) => !ArrayPrototypeIncludes( - SUPPORTED_RSA_KEY_USAGES[normalizedAlgorithm.name].private, + SUPPORTED_KEY_USAGES[normalizedAlgorithm.name].private, u, ), ) !== undefined @@ -2808,7 +2818,7 @@ keyUsages, (u) => !ArrayPrototypeIncludes( - SUPPORTED_RSA_KEY_USAGES[normalizedAlgorithm.name].public, + SUPPORTED_KEY_USAGES[normalizedAlgorithm.name].public, u, ), ) !== undefined @@ -2828,11 +2838,11 @@ if ( keyUsages.length > 0 && jwk.use !== undefined && StringPrototypeToLowerCase(jwk.use) !== - SUPPORTED_RSA_KEY_USAGES[normalizedAlgorithm.name].jwtUse + SUPPORTED_KEY_USAGES[normalizedAlgorithm.name].jwtUse ) { throw new DOMException( `'use' property of JsonWebKey must be '${ - SUPPORTED_RSA_KEY_USAGES[normalizedAlgorithm.name].jwtUse + SUPPORTED_KEY_USAGES[normalizedAlgorithm.name].jwtUse }'`, "DataError", ); diff --git a/ext/crypto/01_webidl.js b/ext/crypto/01_webidl.js index 39d1eb1e4f..67156ce3a6 100644 --- a/ext/crypto/01_webidl.js +++ b/ext/crypto/01_webidl.js @@ -116,8 +116,23 @@ "RsaHashedImportParams", dictRsaHashedImportParams, ); + webidl.converters.NamedCurve = webidl.converters.DOMString; + const dictEcKeyImportParams = [ + ...dictAlgorithm, + { + key: "namedCurve", + converter: webidl.converters.NamedCurve, + required: true, + }, + ]; + + webidl.converters.EcKeyImportParams = webidl.createDictionaryConverter( + "EcKeyImportParams", + dictEcKeyImportParams, + ); + const dictEcKeyGenParams = [ ...dictAlgorithm, {