summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDivy Srivastava <dj.srivastava23@gmail.com>2024-10-03 16:46:48 +0530
committerGitHub <noreply@github.com>2024-10-03 16:46:48 +0530
commite54809f2d56c8e91089d55d60e674cba37fd2863 (patch)
tree7dfbf4025488c86eeaeec4a6be84b94935f9e148
parentac73b1042b4dda6416ad82d5468c57de6d53d038 (diff)
fix(ext/crypto): fix identity test for x25519 derive bits (#26011)
Diffstat
-rw-r--r--ext/crypto/x25519.rs4
-rw-r--r--tests/unit/webcrypto_test.ts40
-rw-r--r--tests/wpt/runner/expectation.json72
3 files changed, 46 insertions, 70 deletions
diff --git a/ext/crypto/x25519.rs b/ext/crypto/x25519.rs
index 8fcad3ef2..cdbd1d7c8 100644
--- a/ext/crypto/x25519.rs
+++ b/ext/crypto/x25519.rs
@@ -47,10 +47,10 @@ pub fn op_crypto_derive_bits_x25519(
let sh_sec = x25519_dalek::x25519(k, u);
let point = MontgomeryPoint(sh_sec);
if point.ct_eq(&MONTGOMERY_IDENTITY).unwrap_u8() == 1 {
- return false;
+ return true;
}
secret.copy_from_slice(&sh_sec);
- true
+ false
}
// id-X25519 OBJECT IDENTIFIER ::= { 1 3 101 110 }
diff --git a/tests/unit/webcrypto_test.ts b/tests/unit/webcrypto_test.ts
index 57aa19eae..09552a058 100644
--- a/tests/unit/webcrypto_test.ts
+++ b/tests/unit/webcrypto_test.ts
@@ -2045,3 +2045,43 @@ Deno.test(async function p521Generate() {
assert(key.privateKey instanceof CryptoKey);
assert(key.publicKey instanceof CryptoKey);
});
+
+Deno.test(async function x25519SharedSecret() {
+ const alicesKeyPair = await crypto.subtle.generateKey(
+ {
+ name: "X25519",
+ },
+ false,
+ ["deriveBits"],
+ ) as CryptoKeyPair;
+
+ const bobsKeyPair = await crypto.subtle.generateKey(
+ {
+ name: "X25519",
+ },
+ false,
+ ["deriveBits"],
+ ) as CryptoKeyPair;
+
+ const sharedSecret1 = await crypto.subtle.deriveBits(
+ {
+ name: "X25519",
+ public: bobsKeyPair.publicKey,
+ },
+ alicesKeyPair.privateKey,
+ 128,
+ );
+
+ const sharedSecret2 = await crypto.subtle.deriveBits(
+ {
+ name: "X25519",
+ public: alicesKeyPair.publicKey,
+ },
+ bobsKeyPair.privateKey,
+ 128,
+ );
+
+ assertEquals(sharedSecret1.byteLength, sharedSecret2.byteLength);
+ assertEquals(sharedSecret1.byteLength, 16);
+ assertEquals(new Uint8Array(sharedSecret1), new Uint8Array(sharedSecret2));
+});
diff --git a/tests/wpt/runner/expectation.json b/tests/wpt/runner/expectation.json
index 4449c5d15..f7da5e51f 100644
--- a/tests/wpt/runner/expectation.json
+++ b/tests/wpt/runner/expectation.json
@@ -54,23 +54,12 @@
"pbkdf2.https.any.worker.html?7001-8000": true,
"pbkdf2.https.any.worker.html?8001-last": true,
"cfrg_curves_bits.https.any.html": [
- "X25519 key derivation checks for all-zero value result with a key of order 0",
- "X25519 key derivation checks for all-zero value result with a key of order 1",
- "X25519 key derivation checks for all-zero value result with a key of order 8",
- "X25519 key derivation checks for all-zero value result with a key of order p-1 (order 2)",
- "X25519 key derivation checks for all-zero value result with a key of order p (=0, order 4)",
- "X25519 key derivation checks for all-zero value result with a key of order p+1 (=1, order 1)",
"X448 key derivation checks for all-zero value result with a key of order 0",
"X448 key derivation checks for all-zero value result with a key of order 1",
"X448 key derivation checks for all-zero value result with a key of order p-1 (order 2)",
"X448 key derivation checks for all-zero value result with a key of order p (=0, order 4)",
"X448 key derivation checks for all-zero value result with a key of order p+1 (=1, order 1)",
- "X25519 good parameters",
- "X25519 mixed case parameters",
- "X25519 short result",
- "X25519 non-multiple of 8 bits",
"X25519 mismatched algorithms",
- "X25519 no deriveBits usage for base key",
"X448 good parameters",
"X448 mixed case parameters",
"X448 short result",
@@ -83,23 +72,12 @@
"X448 asking for too many bits"
],
"cfrg_curves_bits.https.any.worker.html": [
- "X25519 key derivation checks for all-zero value result with a key of order 0",
- "X25519 key derivation checks for all-zero value result with a key of order 1",
- "X25519 key derivation checks for all-zero value result with a key of order 8",
- "X25519 key derivation checks for all-zero value result with a key of order p-1 (order 2)",
- "X25519 key derivation checks for all-zero value result with a key of order p (=0, order 4)",
- "X25519 key derivation checks for all-zero value result with a key of order p+1 (=1, order 1)",
"X448 key derivation checks for all-zero value result with a key of order 0",
"X448 key derivation checks for all-zero value result with a key of order 1",
"X448 key derivation checks for all-zero value result with a key of order p-1 (order 2)",
"X448 key derivation checks for all-zero value result with a key of order p (=0, order 4)",
"X448 key derivation checks for all-zero value result with a key of order p+1 (=1, order 1)",
- "X25519 good parameters",
- "X25519 mixed case parameters",
- "X25519 short result",
- "X25519 non-multiple of 8 bits",
"X25519 mismatched algorithms",
- "X25519 no deriveBits usage for base key",
"X448 good parameters",
"X448 mixed case parameters",
"X448 short result",
@@ -112,21 +90,12 @@
"X448 asking for too many bits"
],
"cfrg_curves_keys.https.any.html": [
- "X25519 deriveBits checks for all-zero value result with a key of order 0",
- "X25519 deriveBits checks for all-zero value result with a key of order 1",
- "X25519 deriveBits checks for all-zero value result with a key of order 8",
- "X25519 deriveBits checks for all-zero value result with a key of order p-1 (order 2)",
- "X25519 deriveBits checks for all-zero value result with a key of order p (=0, order 4)",
- "X25519 deriveBits checks for all-zero value result with a key of order p+1 (=1, order 1)",
"X448 deriveBits checks for all-zero value result with a key of order 0",
"X448 deriveBits checks for all-zero value result with a key of order 1",
"X448 deriveBits checks for all-zero value result with a key of order p-1 (order 2)",
"X448 deriveBits checks for all-zero value result with a key of order p (=0, order 4)",
"X448 deriveBits checks for all-zero value result with a key of order p+1 (=1, order 1)",
- "Key derivation using a X25519 generated keys.",
"Key derivation using a X448 generated keys.",
- "X25519 good parameters",
- "X25519 mixed case parameters",
"X25519 mismatched algorithms",
"X448 good parameters",
"X448 mixed case parameters",
@@ -137,21 +106,12 @@
"X448 public property value is a secret key"
],
"cfrg_curves_keys.https.any.worker.html": [
- "X25519 deriveBits checks for all-zero value result with a key of order 0",
- "X25519 deriveBits checks for all-zero value result with a key of order 1",
- "X25519 deriveBits checks for all-zero value result with a key of order 8",
- "X25519 deriveBits checks for all-zero value result with a key of order p-1 (order 2)",
- "X25519 deriveBits checks for all-zero value result with a key of order p (=0, order 4)",
- "X25519 deriveBits checks for all-zero value result with a key of order p+1 (=1, order 1)",
"X448 deriveBits checks for all-zero value result with a key of order 0",
"X448 deriveBits checks for all-zero value result with a key of order 1",
"X448 deriveBits checks for all-zero value result with a key of order p-1 (order 2)",
"X448 deriveBits checks for all-zero value result with a key of order p (=0, order 4)",
"X448 deriveBits checks for all-zero value result with a key of order p+1 (=1, order 1)",
- "Key derivation using a X25519 generated keys.",
"Key derivation using a X448 generated keys.",
- "X25519 good parameters",
- "X25519 mixed case parameters",
"X25519 mismatched algorithms",
"X448 good parameters",
"X448 mixed case parameters",
@@ -161,20 +121,8 @@
"X448 public property value is a private key",
"X448 public property value is a secret key"
],
- "derived_bits_length.https.any.html": [
- "X25519 derivation with 256 as 'length' parameter",
- "X25519 derivation with 0 as 'length' parameter",
- "X25519 derivation with null as 'length' parameter",
- "X25519 derivation with undefined as 'length' parameter",
- "X25519 derivation with omitted as 'length' parameter"
- ],
- "derived_bits_length.https.any.worker.html": [
- "X25519 derivation with 256 as 'length' parameter",
- "X25519 derivation with 0 as 'length' parameter",
- "X25519 derivation with null as 'length' parameter",
- "X25519 derivation with undefined as 'length' parameter",
- "X25519 derivation with omitted as 'length' parameter"
- ]
+ "derived_bits_length.https.any.html": true,
+ "derived_bits_length.https.any.worker.html": true
},
"digest": {
"digest.https.any.html": true,
@@ -1530,20 +1478,8 @@
"crypto-subtle-secure-context-available.https.sub.html": true
},
"wrapKey_unwrapKey": {
- "wrapKey_unwrapKey.https.any.html": [
- "Can wrap and unwrap X25519 private key keys as non-extractable using pkcs8 and AES-CTR",
- "Can wrap and unwrap X25519 private key keys as non-extractable using pkcs8 and AES-CBC",
- "Can wrap and unwrap X25519 private key keys as non-extractable using pkcs8 and AES-GCM",
- "Can wrap and unwrap X25519 private key keys as non-extractable using pkcs8 and AES-KW",
- "Can wrap and unwrap X25519 private key keys as non-extractable using pkcs8 and RSA-OAEP"
- ],
- "wrapKey_unwrapKey.https.any.worker.html": [
- "Can wrap and unwrap X25519 private key keys as non-extractable using pkcs8 and AES-CTR",
- "Can wrap and unwrap X25519 private key keys as non-extractable using pkcs8 and AES-CBC",
- "Can wrap and unwrap X25519 private key keys as non-extractable using pkcs8 and AES-GCM",
- "Can wrap and unwrap X25519 private key keys as non-extractable using pkcs8 and AES-KW",
- "Can wrap and unwrap X25519 private key keys as non-extractable using pkcs8 and RSA-OAEP"
- ]
+ "wrapKey_unwrapKey.https.any.html": true,
+ "wrapKey_unwrapKey.https.any.worker.html": true
}
},
"console": {
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-26 23:09:50 +0000