Skip to content

Commit

Permalink
crypto fix import key pkcs8 (#23365)
Browse files Browse the repository at this point in the history 
fix importKey for PKCS8 format, where the error is "key too long".

GitOrigin-RevId: b3a81c2e4cc6aa611c4343c6f10e9f281a883b34
  • Loading branch information
@ldanilek
ldanilek authored and Convex, Inc. committed Mar 12, 2024
1 parent a1ae51c commit 9a66f7a
Show file tree
Hide file tree
Showing 2 changed files with 104 additions and 5 deletions.
7 changes: 2 additions & 5 deletions crates/isolate/src/ops/crypto/import_key.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,7 @@ use p256::pkcs8::EncodePrivateKey;
use ring::signature::EcdsaKeyPair;
use rsa::{
pkcs1::UintRef,
pkcs8::der::{
Decode as RsaDecode,
EncodeValue,
},
pkcs8::der::Decode as RsaDecode,
};
use serde::{
Deserialize,
Expand Down Expand Up @@ -276,7 +273,7 @@ fn import_key_rsassa(key_data: KeyData) -> anyhow::Result<ImportKeyResult> {
.map_err(|e| data_error(e.to_string()))?;

let bytes_consumed = private_key
.value_len()
.encoded_len()
.map_err(|e| data_error(e.to_string()))?;

if bytes_consumed != spki::der::Length::new(pk_info.private_key.len() as u16) {
Expand Down
102 changes: 102 additions & 0 deletions npm-packages/udf-tests/convex/js_builtins/crypto.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -542,6 +542,107 @@ async function importRsaSpki() {
assert.deepEqual(algorithm.publicExponent, new Uint8Array([1, 0, 1]));
}

// (not from Deno)
// Regression test for PKCS8 importKey.
async function importRsaPKCS8Regression() {
const privateKey = new Uint8Array([
48, 130, 4, 188, 2, 1, 0, 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 1,
5, 0, 4, 130, 4, 166, 48, 130, 4, 162, 2, 1, 0, 2, 130, 1, 1, 0, 184, 88,
246, 32, 206, 209, 185, 156, 139, 115, 244, 51, 207, 16, 151, 38, 55, 53,
18, 244, 83, 233, 101, 45, 180, 223, 24, 250, 195, 220, 145, 144, 122, 213,
86, 219, 252, 149, 109, 180, 34, 224, 155, 134, 68, 64, 7, 172, 223, 141,
70, 107, 248, 104, 162, 16, 202, 155, 67, 46, 48, 227, 113, 167, 49, 28,
121, 253, 184, 163, 89, 26, 71, 146, 94, 112, 252, 76, 29, 67, 192, 139, 90,
150, 197, 184, 149, 26, 118, 210, 232, 192, 237, 75, 182, 64, 193, 128, 90,
100, 227, 7, 66, 118, 48, 115, 148, 128, 152, 27, 155, 47, 254, 179, 71, 7,
250, 249, 57, 57, 51, 44, 130, 131, 94, 120, 159, 80, 86, 227, 0, 48, 200,
130, 82, 73, 186, 166, 59, 226, 137, 207, 30, 84, 56, 165, 60, 126, 95, 246,
152, 199, 187, 150, 97, 140, 99, 177, 60, 88, 121, 197, 235, 50, 147, 208,
194, 107, 47, 100, 224, 116, 221, 195, 97, 61, 209, 10, 248, 217, 53, 42,
104, 149, 31, 250, 59, 234, 111, 141, 157, 100, 96, 39, 29, 94, 92, 3, 114,
59, 169, 243, 139, 42, 102, 252, 71, 16, 199, 183, 15, 138, 17, 158, 186,
87, 77, 140, 163, 156, 23, 240, 37, 198, 78, 8, 152, 232, 48, 172, 233, 205,
206, 100, 7, 30, 92, 148, 29, 148, 3, 197, 3, 183, 104, 203, 14, 206, 86,
97, 152, 95, 251, 31, 242, 143, 2, 3, 1, 0, 1, 2, 130, 1, 0, 15, 88, 161,
87, 22, 112, 129, 71, 159, 101, 129, 60, 69, 174, 13, 200, 188, 241, 52, 9,
61, 131, 109, 242, 235, 106, 253, 227, 65, 115, 3, 220, 90, 229, 99, 12, 51,
92, 49, 143, 111, 225, 216, 154, 47, 229, 182, 170, 168, 49, 33, 68, 141,
31, 171, 37, 93, 77, 63, 191, 39, 190, 133, 201, 224, 49, 12, 199, 241, 65,
112, 181, 91, 11, 85, 95, 35, 25, 167, 101, 157, 100, 15, 160, 2, 136, 176,
16, 26, 108, 100, 33, 178, 152, 253, 108, 144, 2, 104, 170, 104, 196, 68,
62, 209, 236, 190, 215, 34, 223, 72, 167, 17, 72, 111, 40, 111, 54, 216, 69,
41, 162, 184, 109, 125, 5, 81, 102, 135, 77, 2, 158, 221, 112, 106, 41, 246,
113, 76, 170, 230, 227, 141, 69, 222, 218, 252, 15, 35, 99, 5, 232, 69, 50,
39, 192, 73, 74, 76, 64, 218, 35, 2, 31, 203, 15, 77, 66, 139, 180, 104,
170, 75, 126, 196, 168, 197, 124, 155, 86, 45, 114, 30, 108, 232, 0, 231,
237, 203, 38, 144, 21, 65, 207, 238, 142, 53, 89, 190, 82, 200, 214, 136,
227, 68, 248, 236, 241, 63, 122, 204, 142, 242, 63, 134, 180, 47, 169, 253,
131, 149, 178, 153, 178, 251, 255, 193, 252, 223, 51, 124, 152, 239, 246,
34, 52, 148, 140, 81, 2, 188, 0, 231, 170, 196, 239, 167, 104, 111, 7, 120,
69, 116, 136, 212, 117, 2, 129, 129, 0, 250, 142, 86, 177, 204, 179, 222,
171, 122, 121, 232, 185, 144, 121, 93, 130, 10, 0, 194, 159, 118, 156, 153,
3, 95, 234, 99, 234, 188, 27, 195, 100, 43, 74, 221, 41, 202, 145, 202, 115,
174, 59, 131, 115, 252, 80, 63, 143, 100, 74, 22, 76, 213, 130, 45, 170, 85,
220, 219, 121, 24, 234, 252, 92, 144, 209, 124, 132, 112, 13, 28, 221, 150,
167, 109, 252, 154, 163, 0, 5, 148, 193, 216, 190, 124, 234, 206, 159, 145,
47, 192, 11, 245, 232, 95, 176, 225, 143, 25, 95, 41, 104, 237, 205, 125,
239, 185, 49, 211, 66, 164, 102, 68, 252, 106, 102, 108, 237, 128, 62, 23,
53, 0, 173, 58, 108, 89, 51, 2, 129, 129, 0, 188, 90, 90, 87, 148, 72, 245,
136, 7, 6, 227, 141, 124, 102, 30, 0, 30, 110, 187, 231, 172, 182, 217, 244,
218, 112, 91, 184, 102, 177, 186, 74, 245, 225, 188, 4, 79, 116, 222, 92,
249, 46, 0, 48, 83, 167, 84, 207, 217, 211, 242, 230, 225, 94, 32, 24, 52,
143, 86, 139, 238, 77, 154, 44, 143, 126, 231, 86, 115, 146, 184, 147, 137,
122, 74, 67, 64, 228, 131, 59, 207, 135, 152, 49, 39, 216, 180, 206, 176, 2,
79, 27, 161, 134, 209, 171, 119, 81, 14, 54, 191, 171, 249, 225, 16, 178,
55, 120, 112, 209, 215, 248, 144, 248, 109, 230, 58, 111, 205, 13, 75, 191,
222, 251, 173, 22, 153, 53, 2, 129, 128, 7, 47, 254, 28, 171, 154, 157, 80,
157, 250, 209, 74, 65, 114, 185, 211, 249, 37, 124, 111, 198, 159, 71, 100,
105, 99, 247, 233, 203, 235, 159, 247, 71, 166, 166, 33, 132, 198, 25, 224,
167, 166, 221, 102, 126, 94, 110, 244, 86, 20, 41, 255, 154, 64, 89, 191, 1,
39, 140, 196, 52, 138, 201, 34, 126, 165, 3, 197, 104, 209, 119, 122, 131,
207, 217, 191, 221, 79, 191, 184, 105, 68, 6, 75, 176, 153, 171, 195, 184,
14, 126, 155, 217, 58, 9, 68, 177, 179, 193, 46, 145, 169, 136, 232, 212,
44, 4, 76, 1, 155, 111, 203, 223, 62, 190, 110, 161, 193, 78, 100, 121, 149,
243, 167, 4, 126, 7, 49, 2, 129, 128, 52, 179, 79, 45, 204, 6, 177, 244,
114, 138, 225, 230, 119, 149, 22, 245, 207, 142, 10, 51, 99, 102, 242, 11,
9, 135, 128, 146, 82, 225, 141, 143, 101, 198, 216, 85, 152, 105, 201, 193,
215, 210, 160, 40, 229, 111, 31, 82, 220, 206, 233, 218, 225, 217, 245, 62,
240, 141, 222, 152, 94, 128, 6, 16, 75, 194, 37, 54, 82, 54, 14, 64, 241,
169, 110, 215, 236, 115, 67, 168, 219, 131, 67, 249, 20, 254, 20, 112, 244,
92, 97, 8, 9, 36, 240, 203, 122, 34, 10, 201, 20, 206, 40, 167, 105, 133,
131, 241, 198, 23, 96, 199, 98, 192, 175, 247, 72, 8, 122, 38, 43, 56, 175,
74, 89, 254, 197, 181, 2, 129, 128, 40, 144, 147, 99, 34, 203, 195, 186,
196, 188, 19, 32, 254, 129, 26, 138, 172, 40, 30, 3, 87, 124, 149, 234, 23,
144, 105, 229, 28, 192, 71, 45, 149, 10, 51, 53, 37, 54, 49, 156, 106, 150,
200, 26, 222, 1, 157, 30, 202, 255, 245, 74, 252, 96, 210, 20, 224, 110, 21,
7, 250, 150, 10, 198, 222, 107, 51, 55, 159, 12, 64, 56, 46, 162, 30, 52,
68, 53, 229, 224, 93, 139, 192, 180, 126, 183, 215, 171, 136, 176, 147, 201,
223, 8, 91, 49, 139, 100, 220, 93, 151, 118, 118, 73, 118, 193, 154, 120,
158, 237, 139, 20, 77, 250, 207, 188, 140, 189, 120, 30, 227, 178, 23, 132,
216, 7, 64, 71,
]);
const hash = "SHA-256";
const key = await crypto.subtle.importKey(
"pkcs8",
privateKey,
{
name: "RSASSA-PKCS1-v1_5",
hash,
},
true,
["sign"],
);
assert(key);
assert.strictEqual(key.type, "private");
assert.strictEqual(key.extractable, true);
assert.deepEqual(key.usages, ["sign"]);
const algorithm = key.algorithm as RsaHashedKeyAlgorithm;
assert.strictEqual(algorithm.name, "RSASSA-PKCS1-v1_5");
assert.strictEqual(algorithm.hash.name, hash);
assert.strictEqual(algorithm.modulusLength, 2048);
assert.deepEqual(algorithm.publicExponent, new Uint8Array([1, 0, 1]));
}

const pem1 = `-----BEGIN PRIVATE KEY-----
MIIE7gIBADA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3
DQEBCDALBglghkgBZQMEAgGiAwIBHgSCBKgwggSkAgEAAoIBAQClbSUIKRfpCk0W
Expand Down Expand Up @@ -1864,6 +1965,7 @@ export const test = query({
subtleCryptoHmacImportExport,
importRsaPkcs8,
importRsaSpki,
importRsaPKCS8Regression,
importNonInteroperableRsaPkcs8,
testImportRsaJwk,
// importing EC keys requires SecureRandom
Expand Down

0 comments on commit 9a66f7a

Please sign in to comment.