Skip to content

Commit

Permalink
crypto: re-add padding for AES-KW wrapped JWKs
Browse files Browse the repository at this point in the history 
PR-URL: #46563
Reviewed-By: James M Snell <jasnell@gmail.com>
Backport-PR-URL: #46252
  • Loading branch information
@panva @RafaelGSS
panva authored and RafaelGSS committed Jun 20, 2023
1 parent 9d894c1 commit 76e4d12
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 8 deletions.
12 changes: 11 additions & 1 deletion lib/internal/crypto/webcrypto.js
View file
Expand Up @@ -8,6 +8,7 @@ const {
ReflectApply,
ReflectConstruct,
SafeSet,
StringPrototypeRepeat,
SymbolToStringTag,
} = primordials;

Expand Down Expand Up @@ -680,7 +681,16 @@ async function wrapKey(format, key, wrappingKey, algorithm) {
let keyData = await ReflectApply(exportKey, this, [format, key]);

if (format === 'jwk') {
keyData = new TextEncoder().encode(JSONStringify(keyData));
const ec = new TextEncoder();
const raw = JSONStringify(keyData);
// As per the NOTE in step 13 https://w3c.github.io/webcrypto/#SubtleCrypto-method-wrapKey
// we're padding AES-KW wrapped JWK to make sure it is always a multiple of 8 bytes
// in length
if (algorithm.name === 'AES-KW' && raw.length % 8 !== 0) {
keyData = ec.encode(raw + StringPrototypeRepeat(' ', 8 - (raw.length % 8)));
} else {
keyData = ec.encode(raw);
}
}

return cipherOrWrap(
Expand Down
13 changes: 6 additions & 7 deletions test/parallel/test-webcrypto-wrap-unwrap.js
View file
Expand Up @@ -231,6 +231,10 @@ function getFormats(key) {
// material length must be a multiple of 8.
// If the wrapping algorithm is RSA-OAEP, the exported key
// material maximum length is a factor of the modulusLength
//
// As per the NOTE in step 13 https://w3c.github.io/webcrypto/#SubtleCrypto-method-wrapKey
// we're padding AES-KW wrapped JWK to make sure it is always a multiple of 8 bytes
// in length
async function wrappingIsPossible(name, exported) {
if ('byteLength' in exported) {
switch (name) {
Expand All @@ -239,13 +243,8 @@ async function wrappingIsPossible(name, exported) {
case 'RSA-OAEP':
return exported.byteLength <= 446;
}
} else if ('kty' in exported) {
switch (name) {
case 'AES-KW':
return JSON.stringify(exported).length % 8 === 0;
case 'RSA-OAEP':
return JSON.stringify(exported).length <= 478;
}
} else if ('kty' in exported && name === 'RSA-OAEP') {
return JSON.stringify(exported).length <= 478;
}
return true;
}
Expand Down

0 comments on commit 76e4d12

Please sign in to comment.