crypto: fix webcrypto ed(25519|448) spki/pkcs8 import

PR-URL: https://github.com/nodejs/node/pull/40131 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
2026-01-15 12:15:26 +00:00 · 2021-09-16 22:03:15 +02:00
parent 4e8f11dee3
commit 453bb6be99
3 changed files with 41 additions and 19 deletions
--- a/lib/internal/crypto/ec.js
+++ b/lib/internal/crypto/ec.js
@@ -269,14 +269,12 @@ async function ecImportKey(
        case 'NODE-X25519':
          // Fall through
        case 'NODE-X448':
-          checkNamedCurve = false;
          if (algorithm.name !== 'ECDH')
            throw lazyDOMException('Invalid algorithm name.', 'DataError');
          break;
        case 'NODE-ED25519':
          // Fall through
        case 'NODE-ED448':
-          checkNamedCurve = false;
          if (algorithm.name !== namedCurve)
            throw lazyDOMException('Invalid algorithm name.', 'DataError');
          break;
@@ -310,7 +308,6 @@ async function ecImportKey(
        throw lazyDOMException('Invalid JWK keyData', 'DataError');
      switch (keyData.kty) {
        case 'OKP': {
-          checkNamedCurve = false;
          const isPublic = keyData.d === undefined;

          let type;
@@ -395,7 +392,6 @@ async function ecImportKey(
        case 'NODE-X25519':
          // Fall through
        case 'NODE-X448':
-          checkNamedCurve = false;
          if (algorithm.public !== undefined)
            validateBoolean(algorithm.public, 'algorithm.public');
          if (algorithm.name !== 'ECDH')
@@ -409,7 +405,6 @@ async function ecImportKey(
        case 'NODE-ED25519':
          // Fall through
        case 'NODE-ED448':
-          checkNamedCurve = false;
          if (algorithm.public !== undefined)
            validateBoolean(algorithm.public, 'algorithm.public');
          if (algorithm.name !== namedCurve)
@@ -436,30 +431,27 @@ async function ecImportKey(
        throw lazyDOMException('Invalid key type', 'DataError');
      break;
    case 'ECDH':
-      if (
-        algorithm.namedCurve === 'NODE-X25519' &&
-        keyObject.asymmetricKeyType !== 'x25519'
-      ) {
-        throw lazyDOMException('Invalid key type', 'DataError');
-      } else if (
-        algorithm.namedCurve === 'NODE-X448' &&
-        keyObject.asymmetricKeyType !== 'x448'
-      ) {
-        throw lazyDOMException('Invalid key type', 'DataError');
-      } else if (
-        algorithm.namedCurve.startsWith('P') &&
-        keyObject.asymmetricKeyType !== 'ec'
-      ) {
+      if (algorithm.namedCurve === 'NODE-X25519') {
+        if (keyObject.asymmetricKeyType !== 'x25519')
+          throw lazyDOMException('Invalid key type', 'DataError');
+        checkNamedCurve = false;
+      } else if (algorithm.namedCurve === 'NODE-X448') {
+        if (keyObject.asymmetricKeyType !== 'x448')
+          throw lazyDOMException('Invalid key type', 'DataError');
+        checkNamedCurve = false;
+      } else if (keyObject.asymmetricKeyType !== 'ec') {
        throw lazyDOMException('Invalid key type', 'DataError');
      }
      break;
    case 'NODE-ED25519':
      if (keyObject.asymmetricKeyType !== 'ed25519')
        throw lazyDOMException('Invalid key type', 'DataError');
+      checkNamedCurve = false;
      break;
    case 'NODE-ED448':
      if (keyObject.asymmetricKeyType !== 'ed448')
        throw lazyDOMException('Invalid key type', 'DataError');
+      checkNamedCurve = false;
      break;
  }

--- a/test/parallel/test-webcrypto-ed25519-ed448.js
+++ b/test/parallel/test-webcrypto-ed25519-ed448.js
@@ -382,6 +382,21 @@ assert.rejects(
        assert.strictEqual(cryptoKey.algorithm.name, namedCurve);
      }, common.mustNotCall());

+      subtle.importKey(
+        keyObject.type === 'private' ? 'pkcs8' : 'spki',
+        keyObject.export({
+          format: 'der',
+          type: keyObject.type === 'private' ? 'pkcs8' : 'spki',
+        }),
+        { name: namedCurve, namedCurve },
+        true,
+        keyObject.type === 'private' ? ['sign'] : ['verify'],
+      ).then((cryptoKey) => {
+        assert.strictEqual(cryptoKey.type, keyObject.type);
+        assert.strictEqual(cryptoKey.algorithm.name, namedCurve);
+        assert.strictEqual(cryptoKey.algorithm.namedCurve, namedCurve);
+      }, common.mustNotCall());
+
      assert.rejects(
        subtle.importKey(
          'node.keyObject',
--- a/test/parallel/test-webcrypto-x25519-x448.js
+++ b/test/parallel/test-webcrypto-x25519-x448.js
@@ -295,6 +295,21 @@ assert.rejects(
        assert.strictEqual(cryptoKey.type, keyObject.type);
        assert.strictEqual(cryptoKey.algorithm.name, 'ECDH');
      }, common.mustNotCall());
+
+      subtle.importKey(
+        keyObject.type === 'private' ? 'pkcs8' : 'spki',
+        keyObject.export({
+          format: 'der',
+          type: keyObject.type === 'private' ? 'pkcs8' : 'spki',
+        }),
+        { name: 'ECDH', namedCurve },
+        true,
+        keyObject.type === 'private' ? ['deriveBits'] : [],
+      ).then((cryptoKey) => {
+        assert.strictEqual(cryptoKey.type, keyObject.type);
+        assert.strictEqual(cryptoKey.algorithm.name, 'ECDH');
+        assert.strictEqual(cryptoKey.algorithm.namedCurve, namedCurve);
+      }, common.mustNotCall());
    }
  }
 }