Welcome! Log In Create A New Profile

Advanced

[njs] WebCrypto: fixed importKey() for AES-* keys.

Dmitry Volyntsev
January 04, 2023 11:44PM
details: https://hg.nginx.org/njs/rev/02aa50753dc1
branches:
changeset: 2017:02aa50753dc1
user: Dmitry Volyntsev <xeioex@nginx.com>
date: Thu Dec 29 20:39:29 2022 -0800
description:
WebCrypto: fixed importKey() for AES-* keys.

Previously, key of of any length were accepted, whereas according to the
spec only 128, 192 and 256 bits are allowed.

diffstat:

external/njs_webcrypto_module.c | 16 +++++++++++++++-
test/webcrypto/aes.t.js | 3 +++
2 files changed, 18 insertions(+), 1 deletions(-)

diffs (55 lines):

diff -r 5fc0aa4a4e72 -r 02aa50753dc1 external/njs_webcrypto_module.c
--- a/external/njs_webcrypto_module.c Thu Dec 15 13:04:46 2022 +0100
+++ b/external/njs_webcrypto_module.c Thu Dec 29 20:39:29 2022 -0800
@@ -1840,11 +1840,25 @@ njs_ext_import_key(njs_vm_t *vm, njs_val
goto fail;
}

- /* Fall through. */
+ key->raw = key_data;
+ break;

case NJS_ALGORITHM_AES_GCM:
case NJS_ALGORITHM_AES_CTR:
case NJS_ALGORITHM_AES_CBC:
+ switch (key_data.length) {
+ case 16:
+ case 24:
+ case 32:
+ break;
+
+ default:
+ njs_type_error(vm, "Invalid key length");
+ goto fail;
+ }
+
+ /* Fall through. */
+
case NJS_ALGORITHM_PBKDF2:
case NJS_ALGORITHM_HKDF:
key->raw = key_data;
diff -r 5fc0aa4a4e72 -r 02aa50753dc1 test/webcrypto/aes.t.js
--- a/test/webcrypto/aes.t.js Thu Dec 15 13:04:46 2022 +0100
+++ b/test/webcrypto/aes.t.js Thu Dec 29 20:39:29 2022 -0800
@@ -65,6 +65,7 @@ let aes_tsuite = {
{ name: "AES-GCM", data: "aabbcc", tagLength: 96 },
{ name: "AES-GCM", data: "aabbcc", tagLength: 112 },
{ name: "AES-GCM", data: "aabbcc", tagLength: 113, exception: "TypeError: AES-GCM Invalid tagLength" },
+ { name: "AES-GCM", data: "aabbcc", key: "aabbcc", exception: "TypeError: Invalid key length" },
{ name: "AES-GCM", data: "aabbccdd".repeat(4096) },

{ name: "AES-CTR", data: "aa" },
@@ -85,11 +86,13 @@ let aes_tsuite = {
{ name: "AES-CTR", data: "aabbccdd".repeat(4096), length: 24 },
{ name: "AES-CTR", data: "aabbccdd", length: 129,
exception: "TypeError: AES-CTR algorithm.length must be between 1 and 128" },
+ { name: "AES-CTR", data: "aabbcc", key: "aabbcc", exception: "TypeError: Invalid key length" },

{ name: "AES-CBC", data: "aa" },
{ name: "AES-CBC", data: "aabbccdd".repeat(4) },
{ name: "AES-CBC", data: "aabbccdd".repeat(4096) },
{ name: "AES-CBC", data: "aabbccdd".repeat(5), iv: "ffffffffffffffffffffffffffffffff" },
+ { name: "AES-CBC", data: "aabbcc", key: "aabbcc", exception: "TypeError: Invalid key length" },
]};

run([aes_tsuite])
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[njs] WebCrypto: fixed importKey() for AES-* keys.

Dmitry Volyntsev 271 January 04, 2023 11:44PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 92
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready