diff options
| author |  Derrick Farris <mr.dcfarris@gmail.com>
| 2023-02-04 02:24:35 -0600 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2023-02-04 00:24:35 -0800 |
| commit | 7db87fe0cbac2d4eeba1c8a3d530897e1f16e78f (patch) | |
| tree | 29e7e102e630222c1b80a3a13f4322365c29c866 | |
| parent | 76f72517ff41e3b4892b5e7d3225586aa789f103 (diff) | |
| download | bun-7db87fe0cbac2d4eeba1c8a3d530897e1f16e78f.tar.gz bun-7db87fe0cbac2d4eeba1c8a3d530897e1f16e78f.tar.zst bun-7db87fe0cbac2d4eeba1c8a3d530897e1f16e78f.zip | |
fix(webcrypto): fix ed25519 keypair gen (#1985)
| -rw-r--r-- | src/bun.js/bindings/webcrypto/CryptoKeyOKP.cpp | 7 | ||||
| -rw-r--r-- | src/bun.js/bindings/webcrypto/CryptoKeyOKP.h | 3 | ||||
| -rw-r--r-- | src/bun.js/bindings/webcrypto/CryptoKeyOKPOpenSSL.cpp | 35 |
3 files changed, 35 insertions, 10 deletions
diff --git a/src/bun.js/bindings/webcrypto/CryptoKeyOKP.cpp b/src/bun.js/bindings/webcrypto/CryptoKeyOKP.cpp index 77d099427..58b46cbc4 100644 --- a/src/bun.js/bindings/webcrypto/CryptoKeyOKP.cpp +++ b/src/bun.js/bindings/webcrypto/CryptoKeyOKP.cpp @@ -37,19 +37,20 @@ namespace WebCore { static const ASCIILiteral X25519 { "X25519"_s }; static const ASCIILiteral Ed25519 { "Ed25519"_s }; -static constexpr size_t keySizeInBytesFromNamedCurve(CryptoKeyOKP::NamedCurve curve) +static constexpr size_t keySizeInBytesFromNamedCurve(CryptoKeyOKP::NamedCurve curve, CryptoKeyType type) { switch (curve) { case CryptoKeyOKP::NamedCurve::X25519: - case CryptoKeyOKP::NamedCurve::Ed25519: return 32; + case CryptoKeyOKP::NamedCurve::Ed25519: + return type == CryptoKeyType::Private ? 64 : 32; } return 32; } RefPtr<CryptoKeyOKP> CryptoKeyOKP::create(CryptoAlgorithmIdentifier identifier, NamedCurve curve, CryptoKeyType type, KeyMaterial&& platformKey, bool extractable, CryptoKeyUsageBitmap usages) { - if (platformKey.size() != keySizeInBytesFromNamedCurve(curve)) + if (platformKey.size() != keySizeInBytesFromNamedCurve(curve, type)) return nullptr; return adoptRef(*new CryptoKeyOKP(identifier, curve, type, WTFMove(platformKey), extractable, usages)); } diff --git a/src/bun.js/bindings/webcrypto/CryptoKeyOKP.h b/src/bun.js/bindings/webcrypto/CryptoKeyOKP.h index db94dbd23..40642fe68 100644 --- a/src/bun.js/bindings/webcrypto/CryptoKeyOKP.h +++ b/src/bun.js/bindings/webcrypto/CryptoKeyOKP.h @@ -75,6 +75,9 @@ private: String generateJwkD() const; String generateJwkX() const; + String getEd25519PublicFromPrivate() const; + String getX25519PublicFromPrivate() const; + static bool isPlatformSupportedCurve(NamedCurve); static std::optional<CryptoKeyPair> platformGeneratePair(CryptoAlgorithmIdentifier, NamedCurve, bool extractable, CryptoKeyUsageBitmap); Vector<uint8_t> platformExportRaw() const; diff --git a/src/bun.js/bindings/webcrypto/CryptoKeyOKPOpenSSL.cpp b/src/bun.js/bindings/webcrypto/CryptoKeyOKPOpenSSL.cpp index 79e99d917..0372443fc 100644 --- a/src/bun.js/bindings/webcrypto/CryptoKeyOKPOpenSSL.cpp +++ b/src/bun.js/bindings/webcrypto/CryptoKeyOKPOpenSSL.cpp @@ -46,17 +46,19 @@ std::optional<CryptoKeyPair> CryptoKeyOKP::platformGeneratePair(CryptoAlgorithmI if (namedCurve != NamedCurve::Ed25519) return {}; - uint8_t public_key[X25519_PUBLIC_VALUE_LEN], private_key[X25519_PRIVATE_KEY_LEN]; + uint8_t public_key[ED25519_PUBLIC_KEY_LEN], private_key[ED25519_PRIVATE_KEY_LEN]; - if (identifier == CryptoAlgorithmIdentifier::Ed25519) { + bool isEd25519 = identifier == CryptoAlgorithmIdentifier::Ed25519; + if (isEd25519) { ED25519_keypair(public_key, private_key); } else { X25519_keypair(public_key, private_key); } + bool isPublicKeyExtractable = true; auto publicKey = CryptoKeyOKP::create(identifier, namedCurve, CryptoKeyType::Public, Vector<uint8_t>(public_key), isPublicKeyExtractable, usages); ASSERT(publicKey); - auto privateKey = CryptoKeyOKP::create(identifier, namedCurve, CryptoKeyType::Private, Vector<uint8_t>(private_key), extractable, usages); + auto privateKey = CryptoKeyOKP::create(identifier, namedCurve, CryptoKeyType::Private, Vector<uint8_t>(private_key, isEd25519 ? ED25519_PRIVATE_KEY_LEN : X25519_PRIVATE_KEY_LEN), extractable, usages); ASSERT(privateKey); return CryptoKeyPair { WTFMove(publicKey), WTFMove(privateKey) }; } @@ -295,6 +297,25 @@ String CryptoKeyOKP::generateJwkD() const return base64URLEncodeToString(m_data); } +String CryptoKeyOKP::getEd25519PublicFromPrivate() const +{ + uint8_t publicKey[ED25519_PUBLIC_KEY_LEN]; + uint8_t privateKey[ED25519_PRIVATE_KEY_LEN]; + + ED25519_keypair_from_seed(publicKey, privateKey, m_data.data()); + + return base64URLEncodeToString(Span<const uint8_t> { publicKey, sizeof(publicKey) }); +} + +String CryptoKeyOKP::getX25519PublicFromPrivate() const +{ + uint8_t publicKey[X25519_PUBLIC_VALUE_LEN]; + + X25519_public_from_private(publicKey, m_data.data()); + + return base64URLEncodeToString(Span<const uint8_t> { publicKey, sizeof(publicKey) }); +} + String CryptoKeyOKP::generateJwkX() const { if (type() == CryptoKeyType::Public) @@ -302,11 +323,11 @@ String CryptoKeyOKP::generateJwkX() const ASSERT(type() == CryptoKeyType::Private); - uint8_t publicKey[ED25519_PUBLIC_KEY_LEN]; - uint8_t privateKey[ED25519_PRIVATE_KEY_LEN]; - ED25519_keypair_from_seed(publicKey, privateKey, m_data.data()); + if (namedCurve() == NamedCurve::Ed25519) + return getEd25519PublicFromPrivate(); - return base64URLEncodeToString(Span<const uint8_t> { publicKey, sizeof(publicKey) }); + ASSERT(namedCurve() == NamedCurve::X25519); + return getX25519PublicFromPrivate(); } Vector<uint8_t> CryptoKeyOKP::platformExportRaw() const |