Check length when importing raw X25519 and Ed25519 keys#410
Conversation
|
Should ed25519 get the same treatment? |
|
might as well be done in this very PR |
hopafoot
changed the title
done. |
davidben
left a comment
davidben
left a comment
There was a problem hiding this comment.
The "length in bits" thing threw me off at first, but I see it's just byte length * 8 and not something cursed like "check that the high bit is set". :-)
|
plehegar marked as non substantive for IPR from ash-nazg. |
twiss
left a comment
twiss
left a comment
There was a problem hiding this comment.
Thanks for the PR! Small nitpick below.
Co-authored-by: Daniel Huigens <d.huigens@protonmail.com>
|
@twiss Thanks for the suggestion, committed! I did get a little too verbose. |
twiss
changed the title
Co-authored-by: Daniel Huigens <d.huigens@protonmail.com>
twiss
force-pushed
the
patch/reject-x25519-import-wrong-raw-length
branch
from
60bb8fd to
7173306
Compare
SHA: 432f094 Reason: push, by twiss Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
|
Ok, I'm a bit lost now. This patch does the same thing? |
|
Yes; due to me being slow in merging WICG/webcrypto-secure-curves#35 (and updating this repo) we got an equivalent PR in both repos (apologies for the duplicate work!) The root issue is that Curve25519 is still in both repos. Perhaps we can remove Curve25519 from WICG/webcrypto-secure-curves to prevent this from happening (or more ideally, also merge Curve448 into this repo, and just archive WICG/webcrypto-secure-curves..) |
6 participants
Closes #409
Section 5 of RFC7748 specifies that X25519 private and public keys are 32 bytes/256 bits. The spec, however, does not explicitly reject raw keys of different lengths.
This behaviour is already being tested for by WPT and common implementations already throw a DataError in such cases.
Preview | Diff