Fix rawBlindRSA to ensure RSA-RAW algorithm is on the signing key #16
Conversation
thibmeu
force-pushed
the
fix-raw-raw-import
branch
from
f165a7a to
7945935
Compare
| Object.assign(global, { crypto: webcrypto }); | ||
| // webcrypto calls crypto, which is mocked. We need to restore the original implementation. | ||
| crypto.subtle.sign = parentSign; | ||
| const res = crypto.subtle.sign(algorithm, key, data); |
There was a problem hiding this comment.
Does this have the desired behavior? sign can be overwritten before the promise is resolved.
Should you do something like this?
res.finally(() => {
crypto.subtile.sign = mockSign;
});
src/blindrsa.ts
Outdated
| @@ -188,6 +188,17 @@ export class BlindRSA { | |||
| ): Promise<Uint8Array> { | |||
| const algorithmName = privateKey.algorithm.name; | |||
| privateKey.algorithm.name = BlindRSA.NATIVE_SUPPORT_NAME; | |||
| // only creates a copy if the private key algorithm name cannot be overwritten | |||
| if (privateKey.algorithm.name !== BlindRSA.NATIVE_SUPPORT_NAME) { | |||
| const privateKeyCopy = await crypto.subtle.exportKey('pkcs8', privateKey); | |||
There was a problem hiding this comment.
Where does this key come from? It might fail if privateKey.extractable is false.
There was a problem hiding this comment.
it is passed by the caller. the error will propagate if the key is not extractable
src/blindrsa.ts
Outdated
| @@ -188,6 +188,17 @@ export class BlindRSA { | |||
| ): Promise<Uint8Array> { | |||
| const algorithmName = privateKey.algorithm.name; | |||
| privateKey.algorithm.name = BlindRSA.NATIVE_SUPPORT_NAME; | |||
| // only creates a copy if the private key algorithm name cannot be overwritten | |||
There was a problem hiding this comment.
Additionally to pwu's comments: note that the spec establishes that the fields of a key are readonly.
interface CryptoKey {
readonly attribute [KeyType];
readonly attribute boolean [extractable];
readonly attribute object [algorithm];
readonly attribute object [usages];
};There was a problem hiding this comment.
this does not seem to be strictly enforced on multiple runtime for what I've experience.
nevertheless, I've updated the logic to support keys passed with RSA-RAW (avoiding copies), and otherwise copying
Certain platforms do not trigger an error when the algorithm name is not updated, while the setter is called. This commit improves this behaviour by checking if the name is actually set. If it's a silent fail, copy the key and import it with a new algorithm.
thibmeu
force-pushed
the
fix-raw-raw-import
branch
from
7945935 to
475607f
Compare
Certain platforms do not trigger an error when the algorithm name is not updated, while the setter is called.
This commit improves this behaviour by checking if the name is actually set.
If it's a silent fail, copy the key and import it with a new algorithm.
The commit also improves the test function.