]> git.kaiwu.me - njs.git/commitdiff
projects / njs.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f6c6444)
WebCrypto: fixed importKey() for AES-* keys.
authorDmitry Volyntsev <xeioex@nginx.com>
Fri, 30 Dec 2022 04:39:29 +0000 (20:39 -0800)
committerDmitry Volyntsev <xeioex@nginx.com>
Fri, 30 Dec 2022 04:39:29 +0000 (20:39 -0800)
Previously, key of of any length were accepted, whereas according to the
spec only 128, 192 and 256 bits are allowed.

external/njs_webcrypto_module.c patch | blob | history
test/webcrypto/aes.t.js patch | blob | history

diff --git a/external/njs_webcrypto_module.c b/external/njs_webcrypto_module.c
index 84bf5363cdc06481644e331b02bc4ec295c0c6c3..886dcb7c1d05abe707b56bb52d5bf1eb68e98a37 100644 (file)
--- a/external/njs_webcrypto_module.c
+++ b/external/njs_webcrypto_module.c
@@ -1840,11 +1840,25 @@ njs_ext_import_key(njs_vm_t *vm, njs_value_t *args, njs_uint_t nargs,
             goto fail;
         }
 
-        /* Fall through. */
+        key->raw = key_data;
+        break;
 
     case NJS_ALGORITHM_AES_GCM:
     case NJS_ALGORITHM_AES_CTR:
     case NJS_ALGORITHM_AES_CBC:
+        switch (key_data.length) {
+        case 16:
+        case 24:
+        case 32:
+            break;
+
+        default:
+            njs_type_error(vm, "Invalid key length");
+            goto fail;
+        }
+
+        /* Fall through. */
+
     case NJS_ALGORITHM_PBKDF2:
     case NJS_ALGORITHM_HKDF:
         key->raw = key_data;
diff --git a/test/webcrypto/aes.t.js b/test/webcrypto/aes.t.js
index ad08e35b837119ae4f6023c583466eb82b3861cb..03acd6d774bbb4c0dd3ad612b7744083fafa38d5 100644 (file)
--- a/test/webcrypto/aes.t.js
+++ b/test/webcrypto/aes.t.js
@@ -65,6 +65,7 @@ let aes_tsuite = {
         { name: "AES-GCM", data: "aabbcc", tagLength: 96 },
         { name: "AES-GCM", data: "aabbcc", tagLength: 112 },
         { name: "AES-GCM", data: "aabbcc", tagLength: 113, exception: "TypeError: AES-GCM Invalid tagLength" },
+        { name: "AES-GCM", data: "aabbcc", key: "aabbcc", exception: "TypeError: Invalid key length" },
         { name: "AES-GCM", data: "aabbccdd".repeat(4096) },
 
         { name: "AES-CTR", data: "aa" },
@@ -85,11 +86,13 @@ let aes_tsuite = {
         { name: "AES-CTR", data: "aabbccdd".repeat(4096), length: 24 },
         { name: "AES-CTR", data: "aabbccdd", length: 129,
           exception: "TypeError: AES-CTR algorithm.length must be between 1 and 128" },
+        { name: "AES-CTR", data: "aabbcc", key: "aabbcc", exception: "TypeError: Invalid key length" },
 
         { name: "AES-CBC", data: "aa" },
         { name: "AES-CBC", data: "aabbccdd".repeat(4) },
         { name: "AES-CBC", data: "aabbccdd".repeat(4096) },
         { name: "AES-CBC", data: "aabbccdd".repeat(5), iv: "ffffffffffffffffffffffffffffffff" },
+        { name: "AES-CBC", data: "aabbcc", key: "aabbcc", exception: "TypeError: Invalid key length" },
 ]};
 
 run([aes_tsuite])
njs upstream