diff --git a/ext/crypto/x25519.rs b/ext/crypto/x25519.rs index 8fcad3ef21..cdbd1d7c8f 100644 --- a/ext/crypto/x25519.rs +++ b/ext/crypto/x25519.rs @@ -47,10 +47,10 @@ pub fn op_crypto_derive_bits_x25519( let sh_sec = x25519_dalek::x25519(k, u); let point = MontgomeryPoint(sh_sec); if point.ct_eq(&MONTGOMERY_IDENTITY).unwrap_u8() == 1 { - return false; + return true; } secret.copy_from_slice(&sh_sec); - true + false } // id-X25519 OBJECT IDENTIFIER ::= { 1 3 101 110 } diff --git a/tests/unit/webcrypto_test.ts b/tests/unit/webcrypto_test.ts index 57aa19eaee..09552a0587 100644 --- a/tests/unit/webcrypto_test.ts +++ b/tests/unit/webcrypto_test.ts @@ -2045,3 +2045,43 @@ Deno.test(async function p521Generate() { assert(key.privateKey instanceof CryptoKey); assert(key.publicKey instanceof CryptoKey); }); + +Deno.test(async function x25519SharedSecret() { + const alicesKeyPair = await crypto.subtle.generateKey( + { + name: "X25519", + }, + false, + ["deriveBits"], + ) as CryptoKeyPair; + + const bobsKeyPair = await crypto.subtle.generateKey( + { + name: "X25519", + }, + false, + ["deriveBits"], + ) as CryptoKeyPair; + + const sharedSecret1 = await crypto.subtle.deriveBits( + { + name: "X25519", + public: bobsKeyPair.publicKey, + }, + alicesKeyPair.privateKey, + 128, + ); + + const sharedSecret2 = await crypto.subtle.deriveBits( + { + name: "X25519", + public: alicesKeyPair.publicKey, + }, + bobsKeyPair.privateKey, + 128, + ); + + assertEquals(sharedSecret1.byteLength, sharedSecret2.byteLength); + assertEquals(sharedSecret1.byteLength, 16); + assertEquals(new Uint8Array(sharedSecret1), new Uint8Array(sharedSecret2)); +}); diff --git a/tests/wpt/runner/expectation.json b/tests/wpt/runner/expectation.json index 4449c5d15e..f7da5e51f0 100644 --- a/tests/wpt/runner/expectation.json +++ b/tests/wpt/runner/expectation.json @@ -54,23 +54,12 @@ "pbkdf2.https.any.worker.html?7001-8000": true, "pbkdf2.https.any.worker.html?8001-last": true, "cfrg_curves_bits.https.any.html": [ - "X25519 key derivation checks for all-zero value result with a key of order 0", - "X25519 key derivation checks for all-zero value result with a key of order 1", - "X25519 key derivation checks for all-zero value result with a key of order 8", - "X25519 key derivation checks for all-zero value result with a key of order p-1 (order 2)", - "X25519 key derivation checks for all-zero value result with a key of order p (=0, order 4)", - "X25519 key derivation checks for all-zero value result with a key of order p+1 (=1, order 1)", "X448 key derivation checks for all-zero value result with a key of order 0", "X448 key derivation checks for all-zero value result with a key of order 1", "X448 key derivation checks for all-zero value result with a key of order p-1 (order 2)", "X448 key derivation checks for all-zero value result with a key of order p (=0, order 4)", "X448 key derivation checks for all-zero value result with a key of order p+1 (=1, order 1)", - "X25519 good parameters", - "X25519 mixed case parameters", - "X25519 short result", - "X25519 non-multiple of 8 bits", "X25519 mismatched algorithms", - "X25519 no deriveBits usage for base key", "X448 good parameters", "X448 mixed case parameters", "X448 short result", @@ -83,23 +72,12 @@ "X448 asking for too many bits" ], "cfrg_curves_bits.https.any.worker.html": [ - "X25519 key derivation checks for all-zero value result with a key of order 0", - "X25519 key derivation checks for all-zero value result with a key of order 1", - "X25519 key derivation checks for all-zero value result with a key of order 8", - "X25519 key derivation checks for all-zero value result with a key of order p-1 (order 2)", - "X25519 key derivation checks for all-zero value result with a key of order p (=0, order 4)", - "X25519 key derivation checks for all-zero value result with a key of order p+1 (=1, order 1)", "X448 key derivation checks for all-zero value result with a key of order 0", "X448 key derivation checks for all-zero value result with a key of order 1", "X448 key derivation checks for all-zero value result with a key of order p-1 (order 2)", "X448 key derivation checks for all-zero value result with a key of order p (=0, order 4)", "X448 key derivation checks for all-zero value result with a key of order p+1 (=1, order 1)", - "X25519 good parameters", - "X25519 mixed case parameters", - "X25519 short result", - "X25519 non-multiple of 8 bits", "X25519 mismatched algorithms", - "X25519 no deriveBits usage for base key", "X448 good parameters", "X448 mixed case parameters", "X448 short result", @@ -112,21 +90,12 @@ "X448 asking for too many bits" ], "cfrg_curves_keys.https.any.html": [ - "X25519 deriveBits checks for all-zero value result with a key of order 0", - "X25519 deriveBits checks for all-zero value result with a key of order 1", - "X25519 deriveBits checks for all-zero value result with a key of order 8", - "X25519 deriveBits checks for all-zero value result with a key of order p-1 (order 2)", - "X25519 deriveBits checks for all-zero value result with a key of order p (=0, order 4)", - "X25519 deriveBits checks for all-zero value result with a key of order p+1 (=1, order 1)", "X448 deriveBits checks for all-zero value result with a key of order 0", "X448 deriveBits checks for all-zero value result with a key of order 1", "X448 deriveBits checks for all-zero value result with a key of order p-1 (order 2)", "X448 deriveBits checks for all-zero value result with a key of order p (=0, order 4)", "X448 deriveBits checks for all-zero value result with a key of order p+1 (=1, order 1)", - "Key derivation using a X25519 generated keys.", "Key derivation using a X448 generated keys.", - "X25519 good parameters", - "X25519 mixed case parameters", "X25519 mismatched algorithms", "X448 good parameters", "X448 mixed case parameters", @@ -137,21 +106,12 @@ "X448 public property value is a secret key" ], "cfrg_curves_keys.https.any.worker.html": [ - "X25519 deriveBits checks for all-zero value result with a key of order 0", - "X25519 deriveBits checks for all-zero value result with a key of order 1", - "X25519 deriveBits checks for all-zero value result with a key of order 8", - "X25519 deriveBits checks for all-zero value result with a key of order p-1 (order 2)", - "X25519 deriveBits checks for all-zero value result with a key of order p (=0, order 4)", - "X25519 deriveBits checks for all-zero value result with a key of order p+1 (=1, order 1)", "X448 deriveBits checks for all-zero value result with a key of order 0", "X448 deriveBits checks for all-zero value result with a key of order 1", "X448 deriveBits checks for all-zero value result with a key of order p-1 (order 2)", "X448 deriveBits checks for all-zero value result with a key of order p (=0, order 4)", "X448 deriveBits checks for all-zero value result with a key of order p+1 (=1, order 1)", - "Key derivation using a X25519 generated keys.", "Key derivation using a X448 generated keys.", - "X25519 good parameters", - "X25519 mixed case parameters", "X25519 mismatched algorithms", "X448 good parameters", "X448 mixed case parameters", @@ -161,20 +121,8 @@ "X448 public property value is a private key", "X448 public property value is a secret key" ], - "derived_bits_length.https.any.html": [ - "X25519 derivation with 256 as 'length' parameter", - "X25519 derivation with 0 as 'length' parameter", - "X25519 derivation with null as 'length' parameter", - "X25519 derivation with undefined as 'length' parameter", - "X25519 derivation with omitted as 'length' parameter" - ], - "derived_bits_length.https.any.worker.html": [ - "X25519 derivation with 256 as 'length' parameter", - "X25519 derivation with 0 as 'length' parameter", - "X25519 derivation with null as 'length' parameter", - "X25519 derivation with undefined as 'length' parameter", - "X25519 derivation with omitted as 'length' parameter" - ] + "derived_bits_length.https.any.html": true, + "derived_bits_length.https.any.worker.html": true }, "digest": { "digest.https.any.html": true, @@ -1530,20 +1478,8 @@ "crypto-subtle-secure-context-available.https.sub.html": true }, "wrapKey_unwrapKey": { - "wrapKey_unwrapKey.https.any.html": [ - "Can wrap and unwrap X25519 private key keys as non-extractable using pkcs8 and AES-CTR", - "Can wrap and unwrap X25519 private key keys as non-extractable using pkcs8 and AES-CBC", - "Can wrap and unwrap X25519 private key keys as non-extractable using pkcs8 and AES-GCM", - "Can wrap and unwrap X25519 private key keys as non-extractable using pkcs8 and AES-KW", - "Can wrap and unwrap X25519 private key keys as non-extractable using pkcs8 and RSA-OAEP" - ], - "wrapKey_unwrapKey.https.any.worker.html": [ - "Can wrap and unwrap X25519 private key keys as non-extractable using pkcs8 and AES-CTR", - "Can wrap and unwrap X25519 private key keys as non-extractable using pkcs8 and AES-CBC", - "Can wrap and unwrap X25519 private key keys as non-extractable using pkcs8 and AES-GCM", - "Can wrap and unwrap X25519 private key keys as non-extractable using pkcs8 and AES-KW", - "Can wrap and unwrap X25519 private key keys as non-extractable using pkcs8 and RSA-OAEP" - ] + "wrapKey_unwrapKey.https.any.html": true, + "wrapKey_unwrapKey.https.any.worker.html": true } }, "console": {