Skip to content
/ node Public
forked from nodejs/node

Commit

Permalink
crypto: reject Ed25519/Ed448 in Sign/Verify prototypes
Browse files Browse the repository at this point in the history
  • Loading branch information
panva committed Apr 3, 2024
1 parent a3b1fc3 commit ab86d4d
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 0 deletions.
10 changes: 10 additions & 0 deletions src/crypto/crypto_sig.cc
Original file line number Diff line number Diff line change
Expand Up @@ -418,6 +418,11 @@ void Sign::SignFinal(const FunctionCallbackInfo<Value>& args) {
if (!key)
return;

if (IsOneShot(key)) {
THROW_ERR_CRYPTO_UNSUPPORTED_OPERATION(env);
return;
}

int padding = GetDefaultSignPadding(key);
if (!args[offset]->IsUndefined()) {
CHECK(args[offset]->IsInt32());
Expand Down Expand Up @@ -543,6 +548,11 @@ void Verify::VerifyFinal(const FunctionCallbackInfo<Value>& args) {
if (!pkey)
return;

if (IsOneShot(pkey)) {
THROW_ERR_CRYPTO_UNSUPPORTED_OPERATION(env);
return;
}

ArrayBufferOrViewContents<char> hbuf(args[offset]);
if (UNLIKELY(!hbuf.CheckSizeInt32()))
return THROW_ERR_OUT_OF_RANGE(env, "buffer is too big");
Expand Down
20 changes: 20 additions & 0 deletions test/parallel/test-crypto-sign-verify.js
Original file line number Diff line number Diff line change
Expand Up @@ -773,3 +773,23 @@ assert.throws(
}, { code: 'ERR_INVALID_ARG_TYPE', message: /The "key\.key" property must be of type object/ });
}
}

{
// Ed25519 and Ed448 must use the one-shot methods
const keys = [{ privateKey: fixtures.readKey('ed25519_private.pem', 'ascii'),
publicKey: fixtures.readKey('ed25519_public.pem', 'ascii') },
{ privateKey: fixtures.readKey('ed448_private.pem', 'ascii'),
publicKey: fixtures.readKey('ed448_public.pem', 'ascii') }];

for (const { publicKey, privateKey } of keys) {
assert.throws(() => {
crypto.createSign('SHA256').update('Test123').sign(privateKey);
}, { code: 'ERR_CRYPTO_UNSUPPORTED_OPERATION', message: 'Unsupported crypto operation' });
assert.throws(() => {
crypto.createVerify('SHA256').update('Test123').verify(privateKey, 'sig');
}, { code: 'ERR_CRYPTO_UNSUPPORTED_OPERATION', message: 'Unsupported crypto operation' });
assert.throws(() => {
crypto.createVerify('SHA256').update('Test123').verify(publicKey, 'sig');
}, { code: 'ERR_CRYPTO_UNSUPPORTED_OPERATION', message: 'Unsupported crypto operation' });
}
}

0 comments on commit ab86d4d

Please sign in to comment.