Skip to content

Commit

Permalink
crypto: reject Ed25519/Ed448 in Sign/Verify prototypes
Browse files Browse the repository at this point in the history
fixes: #52097
PR-URL: #52340
Fixes: #52097
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
  • Loading branch information
panva authored Apr 8, 2024
1 parent 128c60d commit 9f939f5
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 0 deletions.
10 changes: 10 additions & 0 deletions src/crypto/crypto_sig.cc
Original file line number Diff line number Diff line change
Expand Up @@ -423,6 +423,11 @@ void Sign::SignFinal(const FunctionCallbackInfo<Value>& args) {
if (!key)
return;

if (IsOneShot(key)) {
THROW_ERR_CRYPTO_UNSUPPORTED_OPERATION(env);
return;
}

int padding = GetDefaultSignPadding(key);
if (!args[offset]->IsUndefined()) {
CHECK(args[offset]->IsInt32());
Expand Down Expand Up @@ -548,6 +553,11 @@ void Verify::VerifyFinal(const FunctionCallbackInfo<Value>& args) {
if (!pkey)
return;

if (IsOneShot(pkey)) {
THROW_ERR_CRYPTO_UNSUPPORTED_OPERATION(env);
return;
}

ArrayBufferOrViewContents<char> hbuf(args[offset]);
if (UNLIKELY(!hbuf.CheckSizeInt32()))
return THROW_ERR_OUT_OF_RANGE(env, "buffer is too big");
Expand Down
20 changes: 20 additions & 0 deletions test/parallel/test-crypto-sign-verify.js
Original file line number Diff line number Diff line change
Expand Up @@ -773,3 +773,23 @@ assert.throws(
}, { code: 'ERR_INVALID_ARG_TYPE', message: /The "key\.key" property must be of type object/ });
}
}

{
// Ed25519 and Ed448 must use the one-shot methods
const keys = [{ privateKey: fixtures.readKey('ed25519_private.pem', 'ascii'),
publicKey: fixtures.readKey('ed25519_public.pem', 'ascii') },
{ privateKey: fixtures.readKey('ed448_private.pem', 'ascii'),
publicKey: fixtures.readKey('ed448_public.pem', 'ascii') }];

for (const { publicKey, privateKey } of keys) {
assert.throws(() => {
crypto.createSign('SHA256').update('Test123').sign(privateKey);
}, { code: 'ERR_CRYPTO_UNSUPPORTED_OPERATION', message: 'Unsupported crypto operation' });
assert.throws(() => {
crypto.createVerify('SHA256').update('Test123').verify(privateKey, 'sig');
}, { code: 'ERR_CRYPTO_UNSUPPORTED_OPERATION', message: 'Unsupported crypto operation' });
assert.throws(() => {
crypto.createVerify('SHA256').update('Test123').verify(publicKey, 'sig');
}, { code: 'ERR_CRYPTO_UNSUPPORTED_OPERATION', message: 'Unsupported crypto operation' });
}
}

0 comments on commit 9f939f5

Please sign in to comment.