Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🐛 ECDH JWK imports should not be checking the JWK "alg" parameter #1403

Closed
panva opened this issue Nov 11, 2023 · 0 comments · Fixed by #1503
Closed

🐛 ECDH JWK imports should not be checking the JWK "alg" parameter #1403

panva opened this issue Nov 11, 2023 · 0 comments · Fixed by #1503

Comments

@panva
Copy link
Contributor

panva commented Nov 11, 2023

The following should successfully import, ECDH JWK key import steps do not have a step for checking the JWK alg. This is a problem for when ECDH is used in fully specified JOSE Algorithms such as the upcoming HPKE-Base-P256-SHA256-AES128GCM and other HPKE based algorithms.

const publicJwk = {
  kty: 'EC',
  crv: 'P-256',
  alg: 'THIS CAN BE ANYTHING',
  x: 'Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0',
  y: 'HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw',
}

await crypto.subtle.importKey('jwk', publicJwk, { name: 'ECDH', namedCurve: 'P-256' }, true, [])

cc @jasnell
@panva panva changed the title 🐛 ECDH/X25519 JWK imports should not be checking the JWK "alg" parameter. 🐛 ECDHJWK imports should not be checking the JWK "alg" parameter. Nov 11, 2023
@panva panva changed the title 🐛 ECDHJWK imports should not be checking the JWK "alg" parameter. 🐛 ECDH JWK imports should not be checking the JWK "alg" parameter. Nov 11, 2023
@panva panva mentioned this issue Nov 11, 2023
Closed
@panva panva changed the title 🐛 ECDH JWK imports should not be checking the JWK "alg" parameter. 🐛 ECDH JWK imports should not be checking the JWK "alg" parameter Nov 11, 2023
This was referenced Nov 11, 2023
Merged
Merged
jasnell added a commit that referenced this issue Dec 21, 2023
@jasnell @panva
fix ECDH JWK key imports do not check alg
7874b49 
Completed alternative to #1404

Fixes: #1403
Co-authored-by: Filip Skokan <[email protected]>
@jasnell jasnell mentioned this issue Dec 21, 2023
Merged
jasnell added a commit that referenced this issue Dec 21, 2023
@jasnell @panva
fix ECDH JWK key imports do not check alg
aff8686 
Completed alternative to #1404

Fixes: #1403
Co-authored-by: Filip Skokan <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix ECDH JWK key imports do not check alg cloudflare/workerd
1 participant
@panva