-
Notifications
You must be signed in to change notification settings - Fork 5.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(ext/crypto): Update rsa to 0.7.0 #16327
Conversation
const hashAlgorithm = key[_algorithm].hash.name; | ||
const saltLength = normalizedAlgorithm.saltLength; | ||
return await core.opAsync("op_crypto_verify_key", { | ||
key: keyData, | ||
algorithm: "RSA-PSS", | ||
hash: hashAlgorithm, | ||
saltLength, | ||
signature, | ||
}, data); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This doesn't seem right.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This change will fly under the WPT radar because it only performs a round-trip test with the same parameters.
It is however expected that when signed with saltLength of a given value, only verify with a the same value will succeed. With the rsa update in place that's not the case.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add the following test to cli/tests/unit/webcrypto_test.ts
// https://github.com/denoland/deno/pull/16327#pullrequestreview-1144702051
Deno.test(async function pssSaltLengthRoundTrip() {
const keyPair = await crypto.subtle.generateKey(
{
name: "RSA-PSS",
modulusLength: 2048,
publicExponent: new Uint8Array([1, 0, 1]),
hash: "SHA-256",
},
true,
["sign", "verify"],
);
const data = crypto.getRandomValues(new Uint8Array(16));
const algorithm = { name: "RSA-PSS", saltLength: 20 };
const sig = await crypto.subtle.sign(algorithm, keyPair.privateKey, data);
assert(await crypto.subtle.verify(algorithm, keyPair.publicKey, sig, data));
assertEquals(
await crypto.subtle.verify(
{ ...algorithm, saltLength: 32 },
keyPair.publicKey,
sig,
data,
),
false,
);
});
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That may be a valid test. But it fails on main
and this patch has no affect on it.
The salt length is not needed during verification because it can be determined from the signature. And as far as I can tell, the rsa
crate does not have a way to validate the salt length during verification (in either the current or previous version).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You're correct that this indeed also happens on main
too. That does not however make this an acceptable state. I've opened an issue to track this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That does not however make this an acceptable state.
I agree. My point was simply that it should not hold up this PR as this patch does not make the issue any better or worse.
I don't think this patch is causing the benchmark failure. Maybe that just needs to be re-run? |
Is there anything that I should do to help move this PR forward? |
@kylewillmon could you rebase? |
@crowlKats Done. Let me know if anything else is needed. |
Bump the rsa crate to 0.7.0
The API for the
rsa
crate has changed significantly, but I have verified that tests continue to pass throughout this update.