Skip to content

test: update WPT for WebCryptoAPI to edd42c005c #57365

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
nodejs-github-bot merged 2 commits into from
Mar 9, 2025
Merged

test: update WPT for WebCryptoAPI to edd42c005c #57365

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c8e511b
test: update WPT for WebCryptoAPI to edd42c005c
nodejs-github-bot Mar 7, 2025
8d55707
crypto: update WebCryptoAPI Ed25519/448 JWK alg handling
panva Mar 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
crypto: update WebCryptoAPI Ed25519/448 JWK alg handling
  • Loading branch information
@panva
panva committed Mar 7, 2025
commit 8d557073859b73649da38c9bf43b2ae361eba4cb
8 changes: 8 additions & 0 deletions lib/internal/crypto/cfrg.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -279,6 +279,14 @@ function cfrgImportKey(
'DataError');
}

if (keyData.alg !== undefined && (name === 'Ed25519' || name === 'Ed448')) {
if (keyData.alg !== name && keyData.alg !== 'EdDSA') {
throw lazyDOMException(
'JWK "alg" does not match the requested algorithm',
'DataError');
}
}

if (!isPublic && typeof keyData.x !== 'string') {
throw lazyDOMException('Invalid JWK', 'DataError');
}
Expand Down
1 change: 1 addition & 0 deletions lib/internal/crypto/webcrypto.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -467,6 +467,7 @@ async function exportKeyJWK(key) {
// Fall through
case 'Ed448':
jwk.crv ||= key.algorithm.name;
jwk.alg = key.algorithm.name;
return jwk;
case 'AES-CTR':
// Fall through
Expand Down
80 changes: 57 additions & 23 deletions test/parallel/test-webcrypto-export-import-cfrg.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ const { subtle } = globalThis.crypto;

const keyData = {
'Ed25519': {
jwsAlg: 'EdDSA',
jwsAlg: 'Ed25519',
spki: Buffer.from(
'302a300506032b6570032100a054b618c12b26c8d43595a5c38dd2b0140b944a' +
'151f75003278c2b6c58ec08f', 'hex'),
Expand All @@ -27,7 +27,7 @@ const keyData = {
}
},
'Ed448': {
jwsAlg: 'EdDSA',
jwsAlg: 'Ed448',
spki: Buffer.from(
'3043300506032b6571033a0008cc38160c85bca5656ac4924af7ea97a9161b20' +
'2528273dcb84afd2eeb99ac912a401b34ef15ef4d9486406a6eecc31e5909219' +
Expand Down Expand Up @@ -183,10 +183,7 @@ async function testImportJwk({ name, publicUsages, privateUsages }, extractable)

const jwk = keyData[name].jwk;

const [
publicKey,
privateKey,
] = await Promise.all([
const tests = [
subtle.importKey(
'jwk',
{
Expand Down Expand Up @@ -221,7 +218,37 @@ async function testImportJwk({ name, publicUsages, privateUsages }, extractable)
{ name },
extractable,
privateUsages),
]);
];

// Test the deprecated "alg" value
if (keyData[name].jwsAlg?.startsWith('Ed')) {
tests.push(
subtle.importKey(
'jwk',
{
alg: 'EdDSA',
kty: jwk.kty,
crv: jwk.crv,
x: jwk.x,
},
{ name },
extractable, publicUsages),
subtle.importKey(
'jwk',
{
...jwk,
alg: 'EdDSA',
},
{ name },
extractable,
privateUsages),
);
}

const [
publicKey,
privateKey,
] = await Promise.all(tests);

assert.strictEqual(publicKey.type, 'public');
assert.strictEqual(privateKey.type, 'private');
Expand Down Expand Up @@ -259,8 +286,13 @@ async function testImportJwk({ name, publicUsages, privateUsages }, extractable)
assert.strictEqual(pvtJwk.crv, jwk.crv);
assert.strictEqual(pvtJwk.d, jwk.d);

assert.strictEqual(pubJwk.alg, undefined);
assert.strictEqual(pvtJwk.alg, undefined);
if (jwk.crv.startsWith('Ed')) {
assert.strictEqual(pubJwk.alg, jwk.crv);
assert.strictEqual(pvtJwk.alg, jwk.crv);
} else {
assert.strictEqual(pubJwk.alg, undefined);
assert.strictEqual(pvtJwk.alg, undefined);
}
} else {
await assert.rejects(
subtle.exportKey('jwk', publicKey), {
Expand All @@ -284,22 +316,24 @@ async function testImportJwk({ name, publicUsages, privateUsages }, extractable)
{ message: 'Invalid JWK "use" Parameter' });
}

// The JWK alg member is ignored
// https://github.com/WICG/webcrypto-secure-curves/pull/24
if (name.startsWith('Ed')) {
await subtle.importKey(
'jwk',
{ kty: jwk.kty, x: jwk.x, crv: jwk.crv, alg: 'foo' },
{ name },
extractable,
publicUsages);
await assert.rejects(
subtle.importKey(
'jwk',
{ kty: jwk.kty, x: jwk.x, crv: jwk.crv, alg: 'foo' },
{ name },
extractable,
publicUsages),
{ message: 'JWK "alg" does not match the requested algorithm' });

await subtle.importKey(
'jwk',
{ ...jwk, alg: 'foo' },
{ name },
extractable,
privateUsages);
await assert.rejects(
subtle.importKey(
'jwk',
{ ...jwk, alg: 'foo' },
{ name },
extractable,
privateUsages),
{ message: 'JWK "alg" does not match the requested algorithm' });
}

for (const crv of [undefined, name === 'Ed25519' ? 'Ed448' : 'Ed25519']) {
Expand Down