Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto: ensure expected JWK alg in SubtleCrypto.importKey RSA imports #57450

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

crypto: ensure expected JWK alg in SubtleCrypto.importKey RSA imports #57450

wants to merge 1 commit into from
+74 −19

Conversation

panva
Copy link
Member

@panva panva commented Mar 13, 2025
edited
Loading

While working on SHA-3 addition to webcrypto and updating the test suite I noticed that RSA import JWK "alg" values were forced to e.g. PS256 (depending on the digest) even for RSA-OAEP and RSASSA-PKCS1-v1_5 algorithms which should be rejected.

While debugging this I noticed that

  1. the expected JWK "alg" prefix (RS, PS, RSA-OAEP) is not checked at all; and after fixing that by using the right normalizeHashName context that;
  2. the JWK "alg" is not checked as a case-sensitive value

In this PR I made the following changes:

  • normalizeHashName is now case sensitive (as the need for its lowercasing went away when I've implemented the proper WebCryptoAPI normalize algorithm routine in crypto: use WebIDL converters in WebCryptoAPI #46067)
  • RSA JWK alg check uses the right RSA algorithm type context

I've updated tests to

  • use the expected "alg" value on valid tests
  • added tests checking for a rejection when alg mismatch happens (e.g. alg: PS256 instead of RS256 on RSASSA-PKCS1-v1_5 algorithm)
  • added tests checking for a rejection when alg values were lowercased

You can verify the prior bugged behaviour with the following script

Details 
const jwk = {
  kty: 'RSA',
  n:
    'zZn4sRGfjQos56yL_Qy1R9NI-THMnFynn94g5RxA6wGrJh4BJT3x6I9x0IbpS3q-d' +
    '4ORA6R2vuDMh8dDFRr9RDH6XY-gUScc9U5Jz3UA2KmVfsCbnUPvcAmMV_ENA7_TF0' +
    'ivVjuIFodyDTx7EKHNVTrHHSlrbt7spbmcivs23Zc',
  e: 'AQAB',
};

const results = await Promise.allSettled([
  crypto.subtle.importKey(
    'jwk',
    {
      ...jwk,
      alg: 'RS256', // RS256 is not a valid alg value for RSA-PSS
    },
    {
      name: 'RSA-PSS',
      hash: 'SHA-256',
    },
    false,
    ['verify']
  ),
  crypto.subtle.importKey(
    'jwk',
    {
      ...jwk,
      alg: 'ps256', // alg values are case-sensitive
    },
    {
      name: 'RSA-PSS',
      hash: 'SHA-256',
    },
    false,
    ['verify']
  ),
]);

results.forEach((result, i) => {
  if (result.status === 'rejected') {
    console.log('vector', i, 'correctly rejected with', result.reason.name);
  } else {
    console.log('vector', i, 'missing expected rejection');
  }
});

@panva panva added confirmed-bug Issues with confirmed bugs. crypto Issues and PRs related to the crypto subsystem. webcrypto labels Mar 13, 2025
@nodejs-github-bot
Copy link
Collaborator

Review requested:

  • @nodejs/crypto

@nodejs-github-bot nodejs-github-bot added the needs-ci PRs that need a full CI run. label Mar 13, 2025
@panva panva added web-standards Issues and PRs related to Web APIs needs-ci PRs that need a full CI run. and removed needs-ci PRs that need a full CI run. labels Mar 13, 2025
@codecov Codecov
Copy link

codecov bot commented Mar 13, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 90.21%. Comparing base (3329efe) to head (131cf21).
Report is 5 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main   #57450   +/-   ##
=======================================
  Coverage   90.20%   90.21%           
=======================================
  Files         629      629           
  Lines      184948   184947    -1     
  Branches    36204    36214   +10     
=======================================
+ Hits       166837   166853   +16     
+ Misses      11057    11048    -9     
+ Partials     7054     7046    -8
Files with missing lines Coverage Δ
lib/internal/crypto/hashnames.js 100.00% <100.00%> (+2.38%) ⬆️
lib/internal/crypto/rsa.js 92.14% <100.00%> (+0.08%) ⬆️

... and 35 files with indirect coverage changes

🚀 New features to boost your workflow:
  • Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@panva panva added author ready PRs that have at least one approval, no pending requests for changes, and a CI started. request-ci Add this label to start a Jenkins CI on a PR. labels Mar 14, 2025
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Mar 14, 2025
@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/65739/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasnell jasnell jasnell approved these changes

Assignees
No one assigned
Labels
author ready PRs that have at least one approval, no pending requests for changes, and a CI started. confirmed-bug Issues with confirmed bugs. crypto Issues and PRs related to the crypto subsystem. needs-ci PRs that need a full CI run. web-standards Issues and PRs related to Web APIs webcrypto
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@panva @nodejs-github-bot @jasnell