Skip to content

Commit fa0a2d8

Browse files
panvadanielleadams
panva
authored and
danielleadams
committedJan 3, 2023
crypto: refactor verify acceptable key usage functions
PR-URL: #45569 Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
·
v18.20.7v18.13.0
1 parent ef64b86 commit fa0a2d8

File tree

3 files changed

+37
-66
lines changed

3 files changed

+37
-66
lines changed
 

‎lib/internal/crypto/cfrg.js

+11-21
Original file line numberDiff line numberDiff line change
@@ -47,32 +47,22 @@ const {
4747

4848
const generateKeyPair = promisify(_generateKeyPair);
4949

50-
function verifyAcceptableCfrgKeyUse(name, type, usages) {
50+
function verifyAcceptableCfrgKeyUse(name, isPublic, usages) {
5151
let checkSet;
5252
switch (name) {
5353
case 'X25519':
5454
// Fall through
5555
case 'X448':
56-
switch (type) {
57-
case 'private':
58-
checkSet = ['deriveKey', 'deriveBits'];
59-
break;
60-
case 'public':
61-
checkSet = [];
62-
break;
63-
}
56+
checkSet = isPublic ? [] : ['deriveKey', 'deriveBits'];
6457
break;
6558
case 'Ed25519':
6659
// Fall through
6760
case 'Ed448':
68-
switch (type) {
69-
case 'private':
70-
checkSet = ['sign'];
71-
break;
72-
case 'public':
73-
checkSet = ['verify'];
74-
break;
75-
}
61+
checkSet = isPublic ? ['verify'] : ['sign'];
62+
break;
63+
default:
64+
throw lazyDOMException(
65+
'The algorithm is not supported', 'NotSupportedError');
7666
}
7767
if (hasAnyNotIn(usages, checkSet)) {
7868
throw lazyDOMException(
@@ -219,7 +209,7 @@ async function cfrgImportKey(
219209
const usagesSet = new SafeSet(keyUsages);
220210
switch (format) {
221211
case 'spki': {
222-
verifyAcceptableCfrgKeyUse(name, 'public', usagesSet);
212+
verifyAcceptableCfrgKeyUse(name, true, usagesSet);
223213
try {
224214
keyObject = createPublicKey({
225215
key: keyData,
@@ -233,7 +223,7 @@ async function cfrgImportKey(
233223
break;
234224
}
235225
case 'pkcs8': {
236-
verifyAcceptableCfrgKeyUse(name, 'private', usagesSet);
226+
verifyAcceptableCfrgKeyUse(name, false, usagesSet);
237227
try {
238228
keyObject = createPrivateKey({
239229
key: keyData,
@@ -298,7 +288,7 @@ async function cfrgImportKey(
298288

299289
verifyAcceptableCfrgKeyUse(
300290
name,
301-
isPublic ? 'public' : 'private',
291+
isPublic,
302292
usagesSet);
303293

304294
const publicKeyObject = createCFRGRawKey(
@@ -321,7 +311,7 @@ async function cfrgImportKey(
321311
break;
322312
}
323313
case 'raw': {
324-
verifyAcceptableCfrgKeyUse(name, 'public', usagesSet);
314+
verifyAcceptableCfrgKeyUse(name, true, usagesSet);
325315
keyObject = createCFRGRawKey(name, keyData, true);
326316
break;
327317
}

‎lib/internal/crypto/ec.js

+14-25
Original file line numberDiff line numberDiff line change
@@ -54,28 +54,18 @@ const {
5454

5555
const generateKeyPair = promisify(_generateKeyPair);
5656

57-
function verifyAcceptableEcKeyUse(name, type, usages) {
57+
function verifyAcceptableEcKeyUse(name, isPublic, usages) {
5858
let checkSet;
5959
switch (name) {
6060
case 'ECDH':
61-
switch (type) {
62-
case 'private':
63-
checkSet = ['deriveKey', 'deriveBits'];
64-
break;
65-
case 'public':
66-
checkSet = [];
67-
break;
68-
}
61+
checkSet = isPublic ? [] : ['deriveKey', 'deriveBits'];
6962
break;
7063
case 'ECDSA':
71-
switch (type) {
72-
case 'private':
73-
checkSet = ['sign'];
74-
break;
75-
case 'public':
76-
checkSet = ['verify'];
77-
break;
78-
}
64+
checkSet = isPublic ? ['verify'] : ['sign'];
65+
break;
66+
default:
67+
throw lazyDOMException(
68+
'The algorithm is not supported', 'NotSupportedError');
7969
}
8070
if (hasAnyNotIn(usages, checkSet)) {
8171
throw lazyDOMException(
@@ -186,7 +176,7 @@ async function ecImportKey(
186176
const usagesSet = new SafeSet(keyUsages);
187177
switch (format) {
188178
case 'spki': {
189-
verifyAcceptableEcKeyUse(name, 'public', usagesSet);
179+
verifyAcceptableEcKeyUse(name, true, usagesSet);
190180
try {
191181
keyObject = createPublicKey({
192182
key: keyData,
@@ -200,7 +190,7 @@ async function ecImportKey(
200190
break;
201191
}
202192
case 'pkcs8': {
203-
verifyAcceptableEcKeyUse(name, 'private', usagesSet);
193+
verifyAcceptableEcKeyUse(name, false, usagesSet);
204194
try {
205195
keyObject = createPrivateKey({
206196
key: keyData,
@@ -221,11 +211,10 @@ async function ecImportKey(
221211
if (keyData.crv !== namedCurve)
222212
throw lazyDOMException('Named curve mismatch', 'DataError');
223213

224-
if (keyData.d !== undefined) {
225-
verifyAcceptableEcKeyUse(name, 'private', usagesSet);
226-
} else {
227-
verifyAcceptableEcKeyUse(name, 'public', usagesSet);
228-
}
214+
verifyAcceptableEcKeyUse(
215+
name,
216+
keyData.d === undefined,
217+
usagesSet);
229218

230219
if (usagesSet.size > 0 && keyData.use !== undefined) {
231220
if (algorithm.name === 'ECDSA' && keyData.use !== 'sig')
@@ -265,7 +254,7 @@ async function ecImportKey(
265254
break;
266255
}
267256
case 'raw': {
268-
verifyAcceptableEcKeyUse(name, 'public', usagesSet);
257+
verifyAcceptableEcKeyUse(name, true, usagesSet);
269258
keyObject = createECPublicKeyRaw(namedCurve, keyData);
270259
break;
271260
}

‎lib/internal/crypto/rsa.js

+12-20
Original file line numberDiff line numberDiff line change
@@ -74,28 +74,20 @@ const kRsaVariants = {
7474
};
7575
const generateKeyPair = promisify(_generateKeyPair);
7676

77-
function verifyAcceptableRsaKeyUse(name, type, usages) {
77+
function verifyAcceptableRsaKeyUse(name, isPublic, usages) {
7878
let checkSet;
7979
switch (name) {
8080
case 'RSA-OAEP':
81-
switch (type) {
82-
case 'private':
83-
checkSet = ['decrypt', 'unwrapKey'];
84-
break;
85-
case 'public':
86-
checkSet = ['encrypt', 'wrapKey'];
87-
break;
88-
}
81+
checkSet = isPublic ? ['encrypt', 'wrapKey'] : ['decrypt', 'unwrapKey'];
82+
break;
83+
case 'RSA-PSS':
84+
// Fall through
85+
case 'RSASSA-PKCS1-v1_5':
86+
checkSet = isPublic ? ['verify'] : ['sign'];
8987
break;
9088
default:
91-
switch (type) {
92-
case 'private':
93-
checkSet = ['sign'];
94-
break;
95-
case 'public':
96-
checkSet = ['verify'];
97-
break;
98-
}
89+
throw lazyDOMException(
90+
'The algorithm is not supported', 'NotSupportedError');
9991
}
10092
if (hasAnyNotIn(usages, checkSet)) {
10193
throw lazyDOMException(
@@ -244,7 +236,7 @@ async function rsaImportKey(
244236
let keyObject;
245237
switch (format) {
246238
case 'spki': {
247-
verifyAcceptableRsaKeyUse(algorithm.name, 'public', usagesSet);
239+
verifyAcceptableRsaKeyUse(algorithm.name, true, usagesSet);
248240
try {
249241
keyObject = createPublicKey({
250242
key: keyData,
@@ -258,7 +250,7 @@ async function rsaImportKey(
258250
break;
259251
}
260252
case 'pkcs8': {
261-
verifyAcceptableRsaKeyUse(algorithm.name, 'private', usagesSet);
253+
verifyAcceptableRsaKeyUse(algorithm.name, false, usagesSet);
262254
try {
263255
keyObject = createPrivateKey({
264256
key: keyData,
@@ -277,7 +269,7 @@ async function rsaImportKey(
277269

278270
verifyAcceptableRsaKeyUse(
279271
algorithm.name,
280-
keyData.d !== undefined ? 'private' : 'public',
272+
keyData.d === undefined,
281273
usagesSet);
282274

283275
if (keyData.kty !== 'RSA')

0 commit comments

Comments
 (0)
Please sign in to comment.