mirror of
https://github.com/denoland/deno.git
synced 2024-12-26 00:59:24 -05:00
fix(ext/crypto): support EC p256 private key material in exportKey (#13547)
Co-authored-by: Luca Casonato <hello@lcas.dev>
This commit is contained in:
parent
4799aaac15
commit
e218d567d5
3 changed files with 83 additions and 32 deletions
|
@ -1668,3 +1668,19 @@ Deno.test(async function testAesGcmTagLength() {
|
|||
);
|
||||
});
|
||||
});
|
||||
|
||||
Deno.test(async function ecPrivateKeyMaterialExportSpki() {
|
||||
// `generateKey` generates a key pair internally stored as "private" key.
|
||||
const keys = await crypto.subtle.generateKey(
|
||||
{ name: "ECDSA", namedCurve: "P-256" },
|
||||
true,
|
||||
["sign", "verify"],
|
||||
);
|
||||
|
||||
assert(keys.privateKey instanceof CryptoKey);
|
||||
assert(keys.publicKey instanceof CryptoKey);
|
||||
|
||||
// `exportKey` should be able to perform necessary conversion to export spki.
|
||||
const spki = await crypto.subtle.exportKey("spki", keys.publicKey);
|
||||
assert(spki instanceof ArrayBuffer);
|
||||
});
|
||||
|
|
|
@ -4,12 +4,16 @@ use deno_core::error::custom_error;
|
|||
use deno_core::error::type_error;
|
||||
use deno_core::error::AnyError;
|
||||
use deno_core::ZeroCopyBuf;
|
||||
use elliptic_curve::sec1::ToEncodedPoint;
|
||||
use p256::pkcs8::FromPrivateKey;
|
||||
use rsa::pkcs1::FromRsaPrivateKey;
|
||||
use rsa::pkcs1::ToRsaPublicKey;
|
||||
use rsa::RsaPrivateKey;
|
||||
use serde::Deserialize;
|
||||
use serde::Serialize;
|
||||
|
||||
use crate::ec_key::ECPrivateKey;
|
||||
|
||||
pub const RSA_ENCRYPTION_OID: rsa::pkcs8::ObjectIdentifier =
|
||||
rsa::pkcs8::ObjectIdentifier::new("1.2.840.113549.1.1.1");
|
||||
pub const SHA1_RSA_ENCRYPTION_OID: rsa::pkcs8::ObjectIdentifier =
|
||||
|
@ -112,9 +116,15 @@ impl RawKeyData {
|
|||
RawKeyData::Public(data) => {
|
||||
// public_key is a serialized EncodedPoint
|
||||
p256::EncodedPoint::from_bytes(&data)
|
||||
.map_err(|_| type_error("expected valid private EC key"))
|
||||
.map_err(|_| type_error("expected valid public EC key"))
|
||||
}
|
||||
_ => Err(type_error("expected private key")),
|
||||
RawKeyData::Private(data) => {
|
||||
let signing_key = p256::SecretKey::from_pkcs8_der(data)
|
||||
.map_err(|_| type_error("expected valid private EC key"))?;
|
||||
Ok(signing_key.public_key().to_encoded_point(false))
|
||||
}
|
||||
// Should never reach here.
|
||||
RawKeyData::Secret(_) => unreachable!(),
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -123,9 +133,22 @@ impl RawKeyData {
|
|||
RawKeyData::Public(data) => {
|
||||
// public_key is a serialized EncodedPoint
|
||||
p384::EncodedPoint::from_bytes(&data)
|
||||
.map_err(|_| type_error("expected valid private EC key"))
|
||||
.map_err(|_| type_error("expected valid public EC key"))
|
||||
}
|
||||
_ => Err(type_error("expected private key")),
|
||||
RawKeyData::Private(data) => {
|
||||
let ec_key = ECPrivateKey::<p384::NistP384>::try_from(&**data)
|
||||
.map_err(|_| {
|
||||
custom_error(
|
||||
"DOMExceptionOperationError",
|
||||
"failed to decode private key",
|
||||
)
|
||||
})?;
|
||||
let point = p384::EncodedPoint::from_bytes(&ec_key.encoded_point)
|
||||
.map_err(|_| data_error("expected valid public EC key"))?;
|
||||
Ok(point)
|
||||
}
|
||||
// Should never reach here.
|
||||
RawKeyData::Secret(_) => unreachable!(),
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -852,28 +852,28 @@
|
|||
},
|
||||
"wrapKey_unwrapKey": {
|
||||
"wrapKey_unwrapKey.https.any.html": [
|
||||
"setup",
|
||||
"Can wrap and unwrap ECDH public key keys using spki and AES-CTR",
|
||||
"Can wrap and unwrap AES-GCM keys as non-extractable using raw and AES-CTR",
|
||||
"Can wrap and unwrap AES-GCM keys as non-extractable using jwk and AES-CTR",
|
||||
"Can unwrap AES-GCM non-extractable keys using jwk and AES-CTR",
|
||||
"Can wrap and unwrap ECDH public key keys using spki and AES-CBC",
|
||||
"Can wrap and unwrap AES-GCM keys as non-extractable using raw and AES-CBC",
|
||||
"Can wrap and unwrap AES-GCM keys as non-extractable using jwk and AES-CBC",
|
||||
"Can unwrap AES-GCM non-extractable keys using jwk and AES-CBC",
|
||||
"Can wrap and unwrap ECDSA public key keys using spki and AES-GCM",
|
||||
"Can wrap and unwrap ECDSA public key keys using jwk and AES-GCM",
|
||||
"Can wrap and unwrap ECDSA private key keys using pkcs8 and AES-GCM",
|
||||
"Can wrap and unwrap ECDSA private key keys as non-extractable using pkcs8 and AES-GCM",
|
||||
"Can wrap and unwrap ECDSA private key keys using jwk and AES-GCM",
|
||||
"Can wrap and unwrap ECDSA private key keys as non-extractable using jwk and AES-GCM",
|
||||
"Can unwrap ECDSA private key non-extractable keys using jwk and AES-GCM",
|
||||
"Can wrap and unwrap ECDH public key keys using spki and AES-GCM",
|
||||
"Can wrap and unwrap ECDH public key keys using jwk and AES-GCM",
|
||||
"Can wrap and unwrap ECDH private key keys using pkcs8 and AES-GCM",
|
||||
"Can wrap and unwrap ECDH private key keys as non-extractable using pkcs8 and AES-GCM",
|
||||
"Can wrap and unwrap ECDH private key keys using jwk and AES-GCM",
|
||||
"Can wrap and unwrap ECDH private key keys as non-extractable using jwk and AES-GCM",
|
||||
"Can unwrap ECDH private key non-extractable keys using jwk and AES-GCM",
|
||||
"Can wrap and unwrap HMAC keys using raw and AES-GCM",
|
||||
"Can wrap and unwrap HMAC keys as non-extractable using raw and AES-GCM",
|
||||
"Can wrap and unwrap HMAC keys using jwk and AES-GCM",
|
||||
"Can wrap and unwrap HMAC keys as non-extractable using jwk and AES-GCM",
|
||||
"Can unwrap HMAC non-extractable keys using jwk and AES-GCM",
|
||||
"Can wrap and unwrap AES-CTR keys using raw and AES-GCM",
|
||||
"Can wrap and unwrap AES-CTR keys as non-extractable using raw and AES-GCM",
|
||||
"Can wrap and unwrap AES-CTR keys using jwk and AES-GCM",
|
||||
|
@ -894,13 +894,11 @@
|
|||
"Can wrap and unwrap AES-KW keys using jwk and AES-GCM",
|
||||
"Can wrap and unwrap AES-KW keys as non-extractable using jwk and AES-GCM",
|
||||
"Can unwrap AES-KW non-extractable keys using jwk and AES-GCM",
|
||||
"Can wrap and unwrap RSASSA-PKCS1-v1_5 public key keys using spki and AES-GCM",
|
||||
"Can wrap and unwrap RSASSA-PKCS1-v1_5 public key keys using jwk and AES-GCM",
|
||||
"Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys using pkcs8 and AES-GCM",
|
||||
"Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys as non-extractable using pkcs8 and AES-GCM",
|
||||
"Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys using jwk and AES-GCM",
|
||||
"Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys as non-extractable using jwk and AES-GCM",
|
||||
"Can unwrap RSASSA-PKCS1-v1_5 private key non-extractable keys using jwk and AES-GCM",
|
||||
"Can wrap and unwrap HMAC keys using raw and AES-GCM",
|
||||
"Can wrap and unwrap HMAC keys as non-extractable using raw and AES-GCM",
|
||||
"Can wrap and unwrap HMAC keys using jwk and AES-GCM",
|
||||
"Can wrap and unwrap HMAC keys as non-extractable using jwk and AES-GCM",
|
||||
"Can unwrap HMAC non-extractable keys using jwk and AES-GCM",
|
||||
"Can wrap and unwrap RSA-PSS public key keys using spki and AES-GCM",
|
||||
"Can wrap and unwrap RSA-PSS public key keys using jwk and AES-GCM",
|
||||
"Can wrap and unwrap RSA-PSS private key keys using pkcs8 and AES-GCM",
|
||||
|
@ -915,24 +913,37 @@
|
|||
"Can wrap and unwrap RSA-OAEP private key keys using jwk and AES-GCM",
|
||||
"Can wrap and unwrap RSA-OAEP private key keys as non-extractable using jwk and AES-GCM",
|
||||
"Can unwrap RSA-OAEP private key non-extractable keys using jwk and AES-GCM",
|
||||
"Can wrap and unwrap RSASSA-PKCS1-v1_5 public key keys using spki and AES-GCM",
|
||||
"Can wrap and unwrap RSASSA-PKCS1-v1_5 public key keys using jwk and AES-GCM",
|
||||
"Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys using pkcs8 and AES-GCM",
|
||||
"Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys as non-extractable using pkcs8 and AES-GCM",
|
||||
"Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys using jwk and AES-GCM",
|
||||
"Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys as non-extractable using jwk and AES-GCM",
|
||||
"Can unwrap RSASSA-PKCS1-v1_5 private key non-extractable keys using jwk and AES-GCM",
|
||||
"Can wrap and unwrap AES-GCM keys as non-extractable using raw and AES-KW",
|
||||
"Can wrap and unwrap ECDH public key keys using spki and RSA-OAEP",
|
||||
"Can wrap and unwrap AES-GCM keys as non-extractable using raw and RSA-OAEP",
|
||||
"Can wrap and unwrap AES-GCM keys as non-extractable using jwk and RSA-OAEP",
|
||||
"Can unwrap AES-GCM non-extractable keys using jwk and RSA-OAEP"
|
||||
],
|
||||
"wrapKey_unwrapKey.https.any.worker.html": [
|
||||
"setup",
|
||||
"Can wrap and unwrap ECDH public key keys using spki and AES-CTR",
|
||||
"Can wrap and unwrap AES-GCM keys as non-extractable using raw and AES-CTR",
|
||||
"Can wrap and unwrap AES-GCM keys as non-extractable using jwk and AES-CTR",
|
||||
"Can unwrap AES-GCM non-extractable keys using jwk and AES-CTR",
|
||||
"Can wrap and unwrap ECDH public key keys using spki and AES-CBC",
|
||||
"Can wrap and unwrap AES-GCM keys as non-extractable using raw and AES-CBC",
|
||||
"Can wrap and unwrap AES-GCM keys as non-extractable using jwk and AES-CBC",
|
||||
"Can unwrap AES-GCM non-extractable keys using jwk and AES-CBC",
|
||||
"Can wrap and unwrap ECDSA public key keys using spki and AES-GCM",
|
||||
"Can wrap and unwrap ECDSA public key keys using jwk and AES-GCM",
|
||||
"Can wrap and unwrap ECDSA private key keys using pkcs8 and AES-GCM",
|
||||
"Can wrap and unwrap ECDSA private key keys as non-extractable using pkcs8 and AES-GCM",
|
||||
"Can wrap and unwrap ECDSA private key keys using jwk and AES-GCM",
|
||||
"Can wrap and unwrap ECDSA private key keys as non-extractable using jwk and AES-GCM",
|
||||
"Can unwrap ECDSA private key non-extractable keys using jwk and AES-GCM",
|
||||
"Can wrap and unwrap ECDH public key keys using spki and AES-GCM",
|
||||
"Can wrap and unwrap ECDH public key keys using jwk and AES-GCM",
|
||||
"Can wrap and unwrap ECDH private key keys using pkcs8 and AES-GCM",
|
||||
"Can wrap and unwrap ECDH private key keys as non-extractable using pkcs8 and AES-GCM",
|
||||
"Can wrap and unwrap ECDH private key keys using jwk and AES-GCM",
|
||||
|
@ -963,20 +974,6 @@
|
|||
"Can wrap and unwrap AES-KW keys using jwk and AES-GCM",
|
||||
"Can wrap and unwrap AES-KW keys as non-extractable using jwk and AES-GCM",
|
||||
"Can unwrap AES-KW non-extractable keys using jwk and AES-GCM",
|
||||
"Can wrap and unwrap RSA-PSS public key keys using spki and AES-GCM",
|
||||
"Can wrap and unwrap RSA-PSS public key keys using jwk and AES-GCM",
|
||||
"Can wrap and unwrap RSA-PSS private key keys using pkcs8 and AES-GCM",
|
||||
"Can wrap and unwrap RSA-PSS private key keys as non-extractable using pkcs8 and AES-GCM",
|
||||
"Can wrap and unwrap RSA-PSS private key keys using jwk and AES-GCM",
|
||||
"Can wrap and unwrap RSA-PSS private key keys as non-extractable using jwk and AES-GCM",
|
||||
"Can unwrap RSA-PSS private key non-extractable keys using jwk and AES-GCM",
|
||||
"Can wrap and unwrap RSA-OAEP public key keys using spki and AES-GCM",
|
||||
"Can wrap and unwrap RSA-OAEP public key keys using jwk and AES-GCM",
|
||||
"Can wrap and unwrap RSA-OAEP private key keys using pkcs8 and AES-GCM",
|
||||
"Can wrap and unwrap RSA-OAEP private key keys as non-extractable using pkcs8 and AES-GCM",
|
||||
"Can wrap and unwrap RSA-OAEP private key keys using jwk and AES-GCM",
|
||||
"Can wrap and unwrap RSA-OAEP private key keys as non-extractable using jwk and AES-GCM",
|
||||
"Can unwrap RSA-OAEP private key non-extractable keys using jwk and AES-GCM",
|
||||
"Can wrap and unwrap RSASSA-PKCS1-v1_5 public key keys using spki and AES-GCM",
|
||||
"Can wrap and unwrap RSASSA-PKCS1-v1_5 public key keys using jwk and AES-GCM",
|
||||
"Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys using pkcs8 and AES-GCM",
|
||||
|
@ -984,7 +981,22 @@
|
|||
"Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys using jwk and AES-GCM",
|
||||
"Can wrap and unwrap RSASSA-PKCS1-v1_5 private key keys as non-extractable using jwk and AES-GCM",
|
||||
"Can unwrap RSASSA-PKCS1-v1_5 private key non-extractable keys using jwk and AES-GCM",
|
||||
"Can wrap and unwrap RSA-OAEP public key keys using spki and AES-GCM",
|
||||
"Can wrap and unwrap RSA-OAEP public key keys using jwk and AES-GCM",
|
||||
"Can wrap and unwrap RSA-OAEP private key keys using pkcs8 and AES-GCM",
|
||||
"Can wrap and unwrap RSA-OAEP private key keys as non-extractable using pkcs8 and AES-GCM",
|
||||
"Can wrap and unwrap RSA-OAEP private key keys using jwk and AES-GCM",
|
||||
"Can wrap and unwrap RSA-OAEP private key keys as non-extractable using jwk and AES-GCM",
|
||||
"Can unwrap RSA-OAEP private key non-extractable keys using jwk and AES-GCM",
|
||||
"Can wrap and unwrap RSA-PSS public key keys using spki and AES-GCM",
|
||||
"Can wrap and unwrap RSA-PSS public key keys using jwk and AES-GCM",
|
||||
"Can wrap and unwrap RSA-PSS private key keys using pkcs8 and AES-GCM",
|
||||
"Can wrap and unwrap RSA-PSS private key keys as non-extractable using pkcs8 and AES-GCM",
|
||||
"Can wrap and unwrap RSA-PSS private key keys using jwk and AES-GCM",
|
||||
"Can wrap and unwrap RSA-PSS private key keys as non-extractable using jwk and AES-GCM",
|
||||
"Can unwrap RSA-PSS private key non-extractable keys using jwk and AES-GCM",
|
||||
"Can wrap and unwrap AES-GCM keys as non-extractable using raw and AES-KW",
|
||||
"Can wrap and unwrap ECDH public key keys using spki and RSA-OAEP",
|
||||
"Can wrap and unwrap AES-GCM keys as non-extractable using raw and RSA-OAEP",
|
||||
"Can wrap and unwrap AES-GCM keys as non-extractable using jwk and RSA-OAEP",
|
||||
"Can unwrap AES-GCM non-extractable keys using jwk and RSA-OAEP"
|
||||
|
|
Loading…
Reference in a new issue