Skip to content

crypto: generateKeyPair('ec') should not support NODE-ED* and NODE-X*#37063

Closed
panva wants to merge 4 commits intonodejs:masterfrom
panva:fix-37055
Closed

crypto: generateKeyPair('ec') should not support NODE-ED* and NODE-X*#37063
panva wants to merge 4 commits intonodejs:masterfrom
panva:fix-37055

Conversation

@panva
Copy link
Member

@panva panva commented Jan 25, 2021
edited
Loading

The following "curves" were added to the 'ec' key type in #36879.

  • NODE-ED25519
  • NODE-ED448
  • NODE-X25519
  • NODE-X448

However, none of these are pure EC curves, for example, Curve25519 does not work with ECDSA, which is one of the reasons why crypto.getCurves() does not include Curve25519. This PR makes these "curves" only recognized from the Web Cryptography API experimental interface.

Fixes #37055

cc @jasnell @tniessen

@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. labels Jan 25, 2021
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Jan 25, 2021

CI: https://ci.nodejs.org/job/node-test-pull-request/35727/

tniessen
tniessen reviewed Jan 25, 2021
View reviewed changes
tniessen
tniessen reviewed Jan 25, 2021
View reviewed changes
Copy link
Member

@tniessen tniessen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is the only public API change (outside of WebCrypto) from the referenced PR, but I'm not 100% sure. It definitely fixes the problem with generateKeyPair.

@panva
Copy link
Member Author

panva commented Jan 25, 2021

I still have to manage to change KeyObjectHandle::InitEDRaw to accomodate for the revert in GetCurveFromName

panva
panva commented Jan 25, 2021
View reviewed changes
src/crypto/crypto_ecdh.cc
}

params->id_ = GetCurveFromName(*name);
params->id_ = GetOKPCurveFromName(*name);
Copy link
Member Author

@panva panva Jan 25, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AFAICT id_ is only used to discern between X25519, X448 and then it throws everything else in the default bucket anyway, therefore returning the specific EC curve ids is not necessary and using GetOKPCurveFromName is ok.

@tniessen tniessen requested a review from jasnell January 25, 2021 15:43
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Jan 25, 2021

CI: https://ci.nodejs.org/job/node-test-pull-request/35728/

@panva panva added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Jan 25, 2021
panva added a commit that referenced this pull request Jan 27, 2021
@panva
crypto: generateKeyPair('ec') should not support NODE-ED* and NODE-X*
8b65004 
Fixes #37055

PR-URL: #37063
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
@panva
Copy link
Member Author

panva commented Jan 27, 2021

Landed in 8b65004

@panva panva closed this Jan 27, 2021
targos pushed a commit that referenced this pull request Feb 2, 2021
@panva @targos
crypto: generateKeyPair('ec') should not support NODE-ED* and NODE-X*
cb3b0ec 
Fixes #37055

PR-URL: #37063
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
@targos targos mentioned this pull request Feb 2, 2021
Merged
@panva panva deleted the fix-37055 branch October 13, 2022 09:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jasnell jasnell jasnell approved these changes

@tniessen tniessen tniessen approved these changes

@juanarbol juanarbol juanarbol approved these changes

Assignees

No one assigned

Labels

author ready PRs that have at least one approval, no pending requests for changes, and a CI started. c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

generateKeyPair('ec') should not support NODE-ED* and NODE-X*

6 participants

@panva @nodejs-github-bot @jasnell @tniessen @juanarbol @targos