diff options
| author | Filip Skokan <panva.ip@gmail.com> | 2023-03-05 13:34:07 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-03-05 12:34:07 +0000 |
| commit | 7d13d65468c37022f003bb680dfbddd07ea72173 (patch) | |
| tree | fc472af54de017c8fa2480eabbc21c27cecae314 /ext/crypto/00_crypto.js | |
| parent | de0d148d933520e7ee519576c83e4ca282ee9021 (diff) | |
fix(ext/crypto): correctly limit ECDSA and hash algorithms (#18030)
Closes #18029
Diffstat (limited to 'ext/crypto/00_crypto.js')
| -rw-r--r-- | ext/crypto/00_crypto.js | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/ext/crypto/00_crypto.js b/ext/crypto/00_crypto.js index 7bc62714f..417281068 100644 --- a/ext/crypto/00_crypto.js +++ b/ext/crypto/00_crypto.js @@ -827,6 +827,18 @@ class SubtleCrypto { throw new DOMException("Curve not supported", "NotSupportedError"); } + if ( + (key[_algorithm].namedCurve === "P-256" && + hashAlgorithm !== "SHA-256") || + (key[_algorithm].namedCurve === "P-384" && + hashAlgorithm !== "SHA-384") + ) { + throw new DOMException( + "Not implemented", + "NotSupportedError", + ); + } + const signature = await core.opAsync("op_crypto_sign_key", { key: keyData, algorithm: "ECDSA", @@ -1331,6 +1343,16 @@ class SubtleCrypto { // 2. const hash = normalizedAlgorithm.hash.name; + if ( + (key[_algorithm].namedCurve === "P-256" && hash !== "SHA-256") || + (key[_algorithm].namedCurve === "P-384" && hash !== "SHA-384") + ) { + throw new DOMException( + "Not implemented", + "NotSupportedError", + ); + } + // 3-8. return await core.opAsync("op_crypto_verify_key", { key: keyData, |