fix(ext/crypto): support cross-curve ECDSA sign and verify #28574
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Gene Parmesan Thomas <201852096+gopoto@users.noreply.github.com>
littledivy
approved these changes
Mar 21, 2025
ext/crypto/lib.rs
Outdated
| .ok_or_else(JsErrorBox::not_supported)?; | ||
| match named_curve { | ||
| CryptoNamedCurve::P256 => { | ||
| use p256::ecdsa::{Signature as P256Signature, VerifyingKey}; |
There was a problem hiding this comment.
nit: move these to top level. makes refactors easier.
There was a problem hiding this comment.
Good call; moved the nested use for SigningKey, Signature, and VerifyingKey out of the match arms into top-level imports (with appropriate aliases), and imported PrehashSigner/PrehashVerifier at the top of the module. This makes the code cleaner and easier to refactor.
Signed-off-by: gopoto <201852096+gopoto@users.noreply.github.com>
littledivy
approved these changes
Mar 21, 2025
This comment was marked as resolved.
This comment was marked as resolved.
littledivy
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes: #20198
Overview
The Web Crypto implementation has been artificially limiting
ECDSAto only the “recommended” curve/hash pairs (P‑256/SHA‑256andP‑384/SHA‑384). The underlyingringAPIs enforced those pairs, so any attempt to verify signatures produced with different digests (e.g.P‑384withSHA‑256) failed with a “Not implemented” error.This PR rewires the ECDSA sign/verify path to use RustCrypto’s
ecdsacrate instead ofring, computes digests separately, and uses the prehash signing/verifying API so that anysha1,sha256,sha384orsha512can be used with either curve. The JSSubtleCryptobindings were updated to drop the hard coded checks, and a new unit test exercisesP‑384 + SHA‑256to ensure non‑matching combos now round trip.Changes
ext/crypto/lib.rs: switch ECDSA sign/verify to useecdsaprehash interfaces; parse signatures as rawr||s; generate rawr||soutput.ext/crypto/Cargo.toml: bring inecdsaandsignaturecrates and enable relevant features.ext/crypto/00_crypto.js: remove curve/hash guards from ECDSA sign/verify.tests/unit/webcrypto_test.ts: addECDSAcross‑hash test.cargo build -p deno --offline). Warnings about unusedringimports remain but can be cleaned up separately.Testing
Run the unit suite and observe the new test case:
The new
testEcdsaCrossHashAlgorithmsuses the existing P‑384 test vectors to sign withSHA‑256and verifies correctly. All existing tests continue to pass.Notes
This change broadens
ECDSAcompatibility without affectingRSA,HMACorEdDSA. Further cleanups (removing unusedringimports, adding P‑521, etc.) could be tackled separately.Please let me know if any further adjustments are needed.
This PR was generated by an AI system in collaboration with maintainers: @dsherret