Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(ext/crypto): fix identity test for x25519 derive bits #26011

Merged
merged 2 commits into from
Oct 3, 2024
Merged

fix(ext/crypto): fix identity test for x25519 derive bits #26011

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b8304b3
fix(ext/crypto): fix identity test for x25519 derive bits
littledivy Oct 3, 2024
cd1d6ec
Update expectation
littledivy Oct 3, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions ext/crypto/x25519.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,10 +47,10 @@ pub fn op_crypto_derive_bits_x25519(
let sh_sec = x25519_dalek::x25519(k, u);
let point = MontgomeryPoint(sh_sec);
if point.ct_eq(&MONTGOMERY_IDENTITY).unwrap_u8() == 1 {
return false;
return true;
}
secret.copy_from_slice(&sh_sec);
true
false
}

// id-X25519 OBJECT IDENTIFIER ::= { 1 3 101 110 }
Expand Down
40 changes: 40 additions & 0 deletions tests/unit/webcrypto_test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2045,3 +2045,43 @@ Deno.test(async function p521Generate() {
assert(key.privateKey instanceof CryptoKey);
assert(key.publicKey instanceof CryptoKey);
});

Deno.test(async function x25519SharedSecret() {
const alicesKeyPair = await crypto.subtle.generateKey(
{
name: "X25519",
},
false,
["deriveBits"],
) as CryptoKeyPair;

const bobsKeyPair = await crypto.subtle.generateKey(
{
name: "X25519",
},
false,
["deriveBits"],
) as CryptoKeyPair;

const sharedSecret1 = await crypto.subtle.deriveBits(
{
name: "X25519",
public: bobsKeyPair.publicKey,
},
alicesKeyPair.privateKey,
128,
);

const sharedSecret2 = await crypto.subtle.deriveBits(
{
name: "X25519",
public: alicesKeyPair.publicKey,
},
bobsKeyPair.privateKey,
128,
);

assertEquals(sharedSecret1.byteLength, sharedSecret2.byteLength);
assertEquals(sharedSecret1.byteLength, 16);
assertEquals(new Uint8Array(sharedSecret1), new Uint8Array(sharedSecret2));
});
72 changes: 4 additions & 68 deletions tests/wpt/runner/expectation.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,23 +54,12 @@
"pbkdf2.https.any.worker.html?7001-8000": true,
"pbkdf2.https.any.worker.html?8001-last": true,
"cfrg_curves_bits.https.any.html": [
"X25519 key derivation checks for all-zero value result with a key of order 0",
"X25519 key derivation checks for all-zero value result with a key of order 1",
"X25519 key derivation checks for all-zero value result with a key of order 8",
"X25519 key derivation checks for all-zero value result with a key of order p-1 (order 2)",
"X25519 key derivation checks for all-zero value result with a key of order p (=0, order 4)",
"X25519 key derivation checks for all-zero value result with a key of order p+1 (=1, order 1)",
"X448 key derivation checks for all-zero value result with a key of order 0",
"X448 key derivation checks for all-zero value result with a key of order 1",
"X448 key derivation checks for all-zero value result with a key of order p-1 (order 2)",
"X448 key derivation checks for all-zero value result with a key of order p (=0, order 4)",
"X448 key derivation checks for all-zero value result with a key of order p+1 (=1, order 1)",
"X25519 good parameters",
"X25519 mixed case parameters",
"X25519 short result",
"X25519 non-multiple of 8 bits",
"X25519 mismatched algorithms",
"X25519 no deriveBits usage for base key",
"X448 good parameters",
"X448 mixed case parameters",
"X448 short result",
Expand All @@ -83,23 +72,12 @@
"X448 asking for too many bits"
],
"cfrg_curves_bits.https.any.worker.html": [
"X25519 key derivation checks for all-zero value result with a key of order 0",
"X25519 key derivation checks for all-zero value result with a key of order 1",
"X25519 key derivation checks for all-zero value result with a key of order 8",
"X25519 key derivation checks for all-zero value result with a key of order p-1 (order 2)",
"X25519 key derivation checks for all-zero value result with a key of order p (=0, order 4)",
"X25519 key derivation checks for all-zero value result with a key of order p+1 (=1, order 1)",
"X448 key derivation checks for all-zero value result with a key of order 0",
"X448 key derivation checks for all-zero value result with a key of order 1",
"X448 key derivation checks for all-zero value result with a key of order p-1 (order 2)",
"X448 key derivation checks for all-zero value result with a key of order p (=0, order 4)",
"X448 key derivation checks for all-zero value result with a key of order p+1 (=1, order 1)",
"X25519 good parameters",
"X25519 mixed case parameters",
"X25519 short result",
"X25519 non-multiple of 8 bits",
"X25519 mismatched algorithms",
"X25519 no deriveBits usage for base key",
"X448 good parameters",
"X448 mixed case parameters",
"X448 short result",
Expand All @@ -112,21 +90,12 @@
"X448 asking for too many bits"
],
"cfrg_curves_keys.https.any.html": [
"X25519 deriveBits checks for all-zero value result with a key of order 0",
"X25519 deriveBits checks for all-zero value result with a key of order 1",
"X25519 deriveBits checks for all-zero value result with a key of order 8",
"X25519 deriveBits checks for all-zero value result with a key of order p-1 (order 2)",
"X25519 deriveBits checks for all-zero value result with a key of order p (=0, order 4)",
"X25519 deriveBits checks for all-zero value result with a key of order p+1 (=1, order 1)",
"X448 deriveBits checks for all-zero value result with a key of order 0",
"X448 deriveBits checks for all-zero value result with a key of order 1",
"X448 deriveBits checks for all-zero value result with a key of order p-1 (order 2)",
"X448 deriveBits checks for all-zero value result with a key of order p (=0, order 4)",
"X448 deriveBits checks for all-zero value result with a key of order p+1 (=1, order 1)",
"Key derivation using a X25519 generated keys.",
"Key derivation using a X448 generated keys.",
"X25519 good parameters",
"X25519 mixed case parameters",
"X25519 mismatched algorithms",
"X448 good parameters",
"X448 mixed case parameters",
Expand All @@ -137,21 +106,12 @@
"X448 public property value is a secret key"
],
"cfrg_curves_keys.https.any.worker.html": [
"X25519 deriveBits checks for all-zero value result with a key of order 0",
"X25519 deriveBits checks for all-zero value result with a key of order 1",
"X25519 deriveBits checks for all-zero value result with a key of order 8",
"X25519 deriveBits checks for all-zero value result with a key of order p-1 (order 2)",
"X25519 deriveBits checks for all-zero value result with a key of order p (=0, order 4)",
"X25519 deriveBits checks for all-zero value result with a key of order p+1 (=1, order 1)",
"X448 deriveBits checks for all-zero value result with a key of order 0",
"X448 deriveBits checks for all-zero value result with a key of order 1",
"X448 deriveBits checks for all-zero value result with a key of order p-1 (order 2)",
"X448 deriveBits checks for all-zero value result with a key of order p (=0, order 4)",
"X448 deriveBits checks for all-zero value result with a key of order p+1 (=1, order 1)",
"Key derivation using a X25519 generated keys.",
"Key derivation using a X448 generated keys.",
"X25519 good parameters",
"X25519 mixed case parameters",
"X25519 mismatched algorithms",
"X448 good parameters",
"X448 mixed case parameters",
Expand All @@ -161,20 +121,8 @@
"X448 public property value is a private key",
"X448 public property value is a secret key"
],
"derived_bits_length.https.any.html": [
"X25519 derivation with 256 as 'length' parameter",
"X25519 derivation with 0 as 'length' parameter",
"X25519 derivation with null as 'length' parameter",
"X25519 derivation with undefined as 'length' parameter",
"X25519 derivation with omitted as 'length' parameter"
],
"derived_bits_length.https.any.worker.html": [
"X25519 derivation with 256 as 'length' parameter",
"X25519 derivation with 0 as 'length' parameter",
"X25519 derivation with null as 'length' parameter",
"X25519 derivation with undefined as 'length' parameter",
"X25519 derivation with omitted as 'length' parameter"
]
"derived_bits_length.https.any.html": true,
"derived_bits_length.https.any.worker.html": true
},
"digest": {
"digest.https.any.html": true,
Expand Down Expand Up @@ -1530,20 +1478,8 @@
"crypto-subtle-secure-context-available.https.sub.html": true
},
"wrapKey_unwrapKey": {
"wrapKey_unwrapKey.https.any.html": [
"Can wrap and unwrap X25519 private key keys as non-extractable using pkcs8 and AES-CTR",
"Can wrap and unwrap X25519 private key keys as non-extractable using pkcs8 and AES-CBC",
"Can wrap and unwrap X25519 private key keys as non-extractable using pkcs8 and AES-GCM",
"Can wrap and unwrap X25519 private key keys as non-extractable using pkcs8 and AES-KW",
"Can wrap and unwrap X25519 private key keys as non-extractable using pkcs8 and RSA-OAEP"
],
"wrapKey_unwrapKey.https.any.worker.html": [
"Can wrap and unwrap X25519 private key keys as non-extractable using pkcs8 and AES-CTR",
"Can wrap and unwrap X25519 private key keys as non-extractable using pkcs8 and AES-CBC",
"Can wrap and unwrap X25519 private key keys as non-extractable using pkcs8 and AES-GCM",
"Can wrap and unwrap X25519 private key keys as non-extractable using pkcs8 and AES-KW",
"Can wrap and unwrap X25519 private key keys as non-extractable using pkcs8 and RSA-OAEP"
]
"wrapKey_unwrapKey.https.any.html": true,
"wrapKey_unwrapKey.https.any.worker.html": true
}
},
"console": {
Expand Down