crypto: fix webcrypto ed(25519|448) spki/pkcs8 import

panva · BethGriggs · commit f0dec58d43b8 · 2021-09-22T00:27:15.000+01:00
PR-URL: #40131 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
diff --git a/lib/internal/crypto/ec.js b/lib/internal/crypto/ec.js
@@ -269,14 +269,12 @@ async function ecImportKey(
         case 'NODE-X25519':
           // Fall through
         case 'NODE-X448':
-          checkNamedCurve = false;
           if (algorithm.name !== 'ECDH')
             throw lazyDOMException('Invalid algorithm name.', 'DataError');
           break;
         case 'NODE-ED25519':
           // Fall through
         case 'NODE-ED448':
-          checkNamedCurve = false;
           if (algorithm.name !== namedCurve)
             throw lazyDOMException('Invalid algorithm name.', 'DataError');
           break;
@@ -310,7 +308,6 @@ async function ecImportKey(
         throw lazyDOMException('Invalid JWK keyData', 'DataError');
       switch (keyData.kty) {
         case 'OKP': {
-          checkNamedCurve = false;
           const isPublic = keyData.d === undefined;
 
           let type;
@@ -395,7 +392,6 @@ async function ecImportKey(
         case 'NODE-X25519':
           // Fall through
         case 'NODE-X448':
-          checkNamedCurve = false;
           if (algorithm.public !== undefined)
             validateBoolean(algorithm.public, 'algorithm.public');
           if (algorithm.name !== 'ECDH')
@@ -409,7 +405,6 @@ async function ecImportKey(
         case 'NODE-ED25519':
           // Fall through
         case 'NODE-ED448':
-          checkNamedCurve = false;
           if (algorithm.public !== undefined)
             validateBoolean(algorithm.public, 'algorithm.public');
           if (algorithm.name !== namedCurve)
@@ -436,30 +431,27 @@ async function ecImportKey(
         throw lazyDOMException('Invalid key type', 'DataError');
       break;
     case 'ECDH':
-      if (
-        algorithm.namedCurve === 'NODE-X25519' &&
-        keyObject.asymmetricKeyType !== 'x25519'
-      ) {
-        throw lazyDOMException('Invalid key type', 'DataError');
-      } else if (
-        algorithm.namedCurve === 'NODE-X448' &&
-        keyObject.asymmetricKeyType !== 'x448'
-      ) {
-        throw lazyDOMException('Invalid key type', 'DataError');
-      } else if (
-        algorithm.namedCurve.startsWith('P') &&
-        keyObject.asymmetricKeyType !== 'ec'
-      ) {
+      if (algorithm.namedCurve === 'NODE-X25519') {
+        if (keyObject.asymmetricKeyType !== 'x25519')
+          throw lazyDOMException('Invalid key type', 'DataError');
+        checkNamedCurve = false;
+      } else if (algorithm.namedCurve === 'NODE-X448') {
+        if (keyObject.asymmetricKeyType !== 'x448')
+          throw lazyDOMException('Invalid key type', 'DataError');
+        checkNamedCurve = false;
+      } else if (keyObject.asymmetricKeyType !== 'ec') {
         throw lazyDOMException('Invalid key type', 'DataError');
       }
       break;
     case 'NODE-ED25519':
       if (keyObject.asymmetricKeyType !== 'ed25519')
         throw lazyDOMException('Invalid key type', 'DataError');
+      checkNamedCurve = false;
       break;
     case 'NODE-ED448':
       if (keyObject.asymmetricKeyType !== 'ed448')
         throw lazyDOMException('Invalid key type', 'DataError');
+      checkNamedCurve = false;
       break;
   }
 
diff --git a/test/parallel/test-webcrypto-ed25519-ed448.js b/test/parallel/test-webcrypto-ed25519-ed448.js
@@ -382,6 +382,21 @@ assert.rejects(
         assert.strictEqual(cryptoKey.algorithm.name, namedCurve);
       }, common.mustNotCall());
 
+      subtle.importKey(
+        keyObject.type === 'private' ? 'pkcs8' : 'spki',
+        keyObject.export({
+          format: 'der',
+          type: keyObject.type === 'private' ? 'pkcs8' : 'spki',
+        }),
+        { name: namedCurve, namedCurve },
+        true,
+        keyObject.type === 'private' ? ['sign'] : ['verify'],
+      ).then((cryptoKey) => {
+        assert.strictEqual(cryptoKey.type, keyObject.type);
+        assert.strictEqual(cryptoKey.algorithm.name, namedCurve);
+        assert.strictEqual(cryptoKey.algorithm.namedCurve, namedCurve);
+      }, common.mustNotCall());
+
       assert.rejects(
         subtle.importKey(
           'node.keyObject',
diff --git a/test/parallel/test-webcrypto-x25519-x448.js b/test/parallel/test-webcrypto-x25519-x448.js
@@ -295,6 +295,21 @@ assert.rejects(
         assert.strictEqual(cryptoKey.type, keyObject.type);
         assert.strictEqual(cryptoKey.algorithm.name, 'ECDH');
       }, common.mustNotCall());
+
+      subtle.importKey(
+        keyObject.type === 'private' ? 'pkcs8' : 'spki',
+        keyObject.export({
+          format: 'der',
+          type: keyObject.type === 'private' ? 'pkcs8' : 'spki',
+        }),
+        { name: 'ECDH', namedCurve },
+        true,
+        keyObject.type === 'private' ? ['deriveBits'] : [],
+      ).then((cryptoKey) => {
+        assert.strictEqual(cryptoKey.type, keyObject.type);
+        assert.strictEqual(cryptoKey.algorithm.name, 'ECDH');
+        assert.strictEqual(cryptoKey.algorithm.namedCurve, namedCurve);
+      }, common.mustNotCall());
     }
   }
 }
