From ef8532e89d0caf8156b822805b38c1f3953c1090 Mon Sep 17 00:00:00 2001 From: Daniel Huigens Date: Fri, 20 Sep 2024 02:45:09 +0200 Subject: [PATCH 1/2] Fix P-521 bit length in Web Crypto ECDH over P-521 returns 66 bytes, i.e. 528 bits. Requesting 521 bits entails a truncation of the derived value, which seems unintended. --- packages/crypto/src/keys/ecdh/index.browser.ts | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/packages/crypto/src/keys/ecdh/index.browser.ts b/packages/crypto/src/keys/ecdh/index.browser.ts index 63d3470673..4b880cf871 100644 --- a/packages/crypto/src/keys/ecdh/index.browser.ts +++ b/packages/crypto/src/keys/ecdh/index.browser.ts @@ -7,13 +7,13 @@ import webcrypto from '../../webcrypto/index.js' import type { Curve } from './index.js' import type { ECDHKey, ECDHKeyPair, JWKEncodedPrivateKey, JWKEncodedPublicKey } from '../interface.js' -const bits = { - 'P-256': 256, - 'P-384': 384, - 'P-521': 521 +const curveLengths = { + 'P-256': 32, + 'P-384': 48, + 'P-521': 66 } -const curveTypes = Object.keys(bits) +const curveTypes = Object.keys(curveLengths) const names = curveTypes.join(' / ') export async function generateEphemeralKeyPair (curve: Curve): Promise { @@ -68,7 +68,7 @@ export async function generateEphemeralKeyPair (curve: Curve): Promise public: key }, privateKey, - bits[curve] + curveLengths[curve] * 8 ) return new Uint8Array(buffer, 0, buffer.byteLength) @@ -84,12 +84,6 @@ export async function generateEphemeralKeyPair (curve: Curve): Promise return ecdhKey } -const curveLengths = { - 'P-256': 32, - 'P-384': 48, - 'P-521': 66 -} - // Marshal converts a jwk encoded ECDH public key into the // form specified in section 4.3.6 of ANSI X9.62. (This is the format // go-ipfs uses) From 7353bf6ab4d9567f6fe477b4c476777847336632 Mon Sep 17 00:00:00 2001 From: Daniel Huigens Date: Fri, 20 Sep 2024 02:47:43 +0200 Subject: [PATCH 2/2] Remove superfluous `namedCurve` property in deriveBits algorithm --- packages/crypto/src/keys/ecdh/index.browser.ts | 2 -- 1 file changed, 2 deletions(-) diff --git a/packages/crypto/src/keys/ecdh/index.browser.ts b/packages/crypto/src/keys/ecdh/index.browser.ts index 4b880cf871..742bd19a7b 100644 --- a/packages/crypto/src/keys/ecdh/index.browser.ts +++ b/packages/crypto/src/keys/ecdh/index.browser.ts @@ -63,8 +63,6 @@ export async function generateEphemeralKeyPair (curve: Curve): Promise const buffer = await webcrypto.get().subtle.deriveBits( { name: 'ECDH', - // @ts-expect-error namedCurve is missing from the types - namedCurve: curve, public: key }, privateKey,