Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
crypto: handle invalid prepareAsymmetricKey JWK inputs
Fixes #44471

PR-URL: #44475
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
  • Loading branch information
panva authored and RafaelGSS committed Sep 7, 2022
1 parent c868e36 commit 5cefd02
Show file tree
Hide file tree
Showing 4 changed files with 39 additions and 7 deletions.
5 changes: 4 additions & 1 deletion lib/internal/crypto/keygen.js
Expand Up @@ -31,7 +31,6 @@ const {
SecretKeyObject,
parsePublicKeyEncoding,
parsePrivateKeyEncoding,
isJwk
} = require('internal/crypto/keys');

const {
Expand Down Expand Up @@ -66,6 +65,10 @@ const { isArrayBufferView } = require('internal/util/types');

const { getOptionValue } = require('internal/options');

function isJwk(obj) {
return obj != null && obj.kty !== undefined;
}

function wrapKey(key, ctor) {
if (typeof key === 'string' ||
isArrayBufferView(key) ||
Expand Down
11 changes: 5 additions & 6 deletions lib/internal/crypto/keys.js
Expand Up @@ -525,14 +525,18 @@ function prepareAsymmetricKey(key, ctx) {
return { format: kKeyFormatPEM, data: getArrayBufferOrView(key, 'key') };
} else if (typeof key === 'object') {
const { key: data, encoding, format } = key;

// The 'key' property can be a KeyObject as well to allow specifying
// additional options such as padding along with the key.
if (isKeyObject(data))
return { data: getKeyObjectHandle(data, ctx) };
else if (isCryptoKey(data))
return { data: getKeyObjectHandle(data[kKeyObject], ctx) };
else if (isJwk(data) && format === 'jwk')
else if (format === 'jwk') {
validateObject(data, 'key.key');
return { data: getKeyObjectHandleFromJwk(data, ctx), format: 'jwk' };
}

// Either PEM or DER using PKCS#1 or SPKI.
if (!isStringOrBuffer(data)) {
throw new ERR_INVALID_ARG_TYPE(
Expand Down Expand Up @@ -720,10 +724,6 @@ function isCryptoKey(obj) {
return obj != null && obj[kKeyObject] !== undefined;
}

function isJwk(obj) {
return obj != null && obj.kty !== undefined;
}

module.exports = {
// Public API.
createSecretKey,
Expand All @@ -745,5 +745,4 @@ module.exports = {
PrivateKeyObject,
isKeyObject,
isCryptoKey,
isJwk,
};
12 changes: 12 additions & 0 deletions test/parallel/test-crypto-key-objects.js
Expand Up @@ -868,3 +868,15 @@ const privateDsa = fixtures.readKey('dsa_private_encrypted_1025.pem',
assert(!first.equals(third));
assert(!third.equals(first));
}

{
// This should not cause a crash: https://github.com/nodejs/node/issues/44471
for (const key of ['', 'foo', null, undefined, true, Boolean]) {
assert.throws(() => {
createPublicKey({ key, format: 'jwk' });
}, { code: 'ERR_INVALID_ARG_TYPE', message: /The "key\.key" property must be of type object/ });
assert.throws(() => {
createPrivateKey({ key, format: 'jwk' });
}, { code: 'ERR_INVALID_ARG_TYPE', message: /The "key\.key" property must be of type object/ });
}
}
18 changes: 18 additions & 0 deletions test/parallel/test-crypto-sign-verify.js
Expand Up @@ -756,3 +756,21 @@ assert.throws(
message: /digest too big for rsa key/
});
}

{
// This should not cause a crash: https://github.com/nodejs/node/issues/44471
for (const key of ['', 'foo', null, undefined, true, Boolean]) {
assert.throws(() => {
crypto.verify('sha256', 'foo', { key, format: 'jwk' }, Buffer.alloc(0));
}, { code: 'ERR_INVALID_ARG_TYPE', message: /The "key\.key" property must be of type object/ });
assert.throws(() => {
crypto.createVerify('sha256').verify({ key, format: 'jwk' }, Buffer.alloc(0));
}, { code: 'ERR_INVALID_ARG_TYPE', message: /The "key\.key" property must be of type object/ });
assert.throws(() => {
crypto.sign('sha256', 'foo', { key, format: 'jwk' });
}, { code: 'ERR_INVALID_ARG_TYPE', message: /The "key\.key" property must be of type object/ });
assert.throws(() => {
crypto.createSign('sha256').sign({ key, format: 'jwk' });
}, { code: 'ERR_INVALID_ARG_TYPE', message: /The "key\.key" property must be of type object/ });
}
}

0 comments on commit 5cefd02

Please sign in to comment.