crypto: validate raw private import formats

Reject raw-private and raw-seed imports before key construction
when the selected asymmetric key type does not support that raw
private material.

Signed-off-by: Filip Skokan <panva.ip@gmail.com>

Author: panva

src/crypto/crypto_keys.cc

@@ -283,6 +283,71 @@ int GetNidFromName(const char* name) {
   return NID_undef;
 #endif
 }
+
+enum class RawPrivateKeyImportFormat {
+  kInvalid,
+  kUnsupported,
+  kUnavailable,
+  kRawPrivate,
+  kRawSeed,
+};
+
+bool IsUnavailablePqcKeyType(Environment* env, Local<String> key_type) {
+  return key_type->StringEquals(env->crypto_ml_dsa_44_string()) ||
+         key_type->StringEquals(env->crypto_ml_dsa_65_string()) ||
+         key_type->StringEquals(env->crypto_ml_dsa_87_string()) ||
+         key_type->StringEquals(env->crypto_ml_kem_512_string()) ||
+         key_type->StringEquals(env->crypto_ml_kem_768_string()) ||
+         key_type->StringEquals(env->crypto_ml_kem_1024_string()) ||
+         key_type->StringEquals(env->crypto_slh_dsa_sha2_128f_string()) ||
+         key_type->StringEquals(env->crypto_slh_dsa_sha2_128s_string()) ||
+         key_type->StringEquals(env->crypto_slh_dsa_sha2_192f_string()) ||
+         key_type->StringEquals(env->crypto_slh_dsa_sha2_192s_string()) ||
+         key_type->StringEquals(env->crypto_slh_dsa_sha2_256f_string()) ||
+         key_type->StringEquals(env->crypto_slh_dsa_sha2_256s_string()) ||
+         key_type->StringEquals(env->crypto_slh_dsa_shake_128f_string()) ||
+         key_type->StringEquals(env->crypto_slh_dsa_shake_128s_string()) ||
+         key_type->StringEquals(env->crypto_slh_dsa_shake_192f_string()) ||
+         key_type->StringEquals(env->crypto_slh_dsa_shake_192s_string()) ||
+         key_type->StringEquals(env->crypto_slh_dsa_shake_256f_string()) ||
+         key_type->StringEquals(env->crypto_slh_dsa_shake_256s_string());
+}
+
+RawPrivateKeyImportFormat GetRawPrivateKeyImportFormat(Environment* env,
+                                                       Local<String> key_type,
+                                                       int id) {
+  if (key_type->StringEquals(env->crypto_ec_string())) {
+    return RawPrivateKeyImportFormat::kRawPrivate;
+  }
+
+  switch (id) {
+    case EVP_PKEY_X25519:
+    case EVP_PKEY_X448:
+    case EVP_PKEY_ED25519:
+    case EVP_PKEY_ED448:
+      return RawPrivateKeyImportFormat::kRawPrivate;
+    default:
+      break;
+  }
+
+#if OPENSSL_WITH_PQC
+  if (IsPqcSeedKeyId(id)) return RawPrivateKeyImportFormat::kRawSeed;
+  if (IsPqcRawPrivateKeyId(id)) return RawPrivateKeyImportFormat::kRawPrivate;
+#endif
+
+  if (IsUnavailablePqcKeyType(env, key_type)) {
+    return RawPrivateKeyImportFormat::kUnavailable;
+  }
+
+  if (key_type->StringEquals(env->crypto_rsa_string()) ||
+      key_type->StringEquals(env->crypto_rsa_pss_string()) ||
+      key_type->StringEquals(env->crypto_dsa_string()) ||
+      key_type->StringEquals(env->crypto_dh_string())) {
+    return RawPrivateKeyImportFormat::kUnsupported;
+  }
+
+  return RawPrivateKeyImportFormat::kInvalid;
+}
 }  // namespace
 
 bool KeyObjectData::ToEncodedPublicKey(
@@ -487,6 +552,39 @@ static KeyObjectData ImportRawKey(Environment* env,
       THROW_ERR_INVALID_ARG_VALUE(env, "Invalid key data");
     }
   };
+  auto throw_incompatible = [&]() -> KeyObjectData {
+    THROW_ERR_CRYPTO_INCOMPATIBLE_KEY_OPTIONS(env);
+    return {};
+  };
+
+  const int id = GetNidFromName(key_type_name);
+  const RawPrivateKeyImportFormat private_format =
+      GetRawPrivateKeyImportFormat(env, key_type, id);
+
+  switch (private_format) {
+    case RawPrivateKeyImportFormat::kInvalid:
+      THROW_ERR_INVALID_ARG_VALUE(
+          env, "Invalid asymmetricKeyType: %s", key_type_name);
+      return {};
+    case RawPrivateKeyImportFormat::kUnsupported:
+      return throw_incompatible();
+    case RawPrivateKeyImportFormat::kUnavailable:
+      THROW_ERR_INVALID_ARG_VALUE(env, "Unsupported key type");
+      return {};
+    case RawPrivateKeyImportFormat::kRawPrivate:
+    case RawPrivateKeyImportFormat::kRawSeed:
+      break;
+  }
+
+  if (format == EVPKeyPointer::PKFormatType::RAW_PRIVATE &&
+      private_format != RawPrivateKeyImportFormat::kRawPrivate) {
+    return throw_incompatible();
+  }
+
+  if (format == EVPKeyPointer::PKFormatType::RAW_SEED &&
+      private_format != RawPrivateKeyImportFormat::kRawSeed) {
+    return throw_incompatible();
+  }
 
   // EC keys
   if (key_type->StringEquals(env->crypto_ec_string())) {
@@ -545,8 +643,6 @@ static KeyObjectData ImportRawKey(Environment* env,
     return KeyObjectData::CreateAsymmetric(target_type, std::move(pkey));
   }
 
-  int id = GetNidFromName(key_type_name);
-
   typedef EVPKeyPointer (*new_key_fn)(
       int, const ncrypto::Buffer<const unsigned char>&);
   new_key_fn fn = nullptr;
@@ -562,8 +658,9 @@ static KeyObjectData ImportRawKey(Environment* env,
 #if OPENSSL_WITH_PQC
       if (IsPqcKeyId(id)) {
         if (target_type == kKeyTypePrivate) {
-          fn = IsPqcSeedKeyId(id) ? EVPKeyPointer::NewRawSeed
-                                  : EVPKeyPointer::NewRawPrivate;
+          fn = private_format == RawPrivateKeyImportFormat::kRawSeed
+                   ? EVPKeyPointer::NewRawSeed
+                   : EVPKeyPointer::NewRawPrivate;
         } else {
           fn = EVPKeyPointer::NewRawPublic;
         }
@@ -584,41 +681,6 @@ static KeyObjectData ImportRawKey(Environment* env,
     }
     return KeyObjectData::CreateAsymmetric(target_type, std::move(pkey));
   }
-
-  if (key_type->StringEquals(env->crypto_rsa_string()) ||
-      key_type->StringEquals(env->crypto_rsa_pss_string()) ||
-      key_type->StringEquals(env->crypto_dsa_string()) ||
-      key_type->StringEquals(env->crypto_dh_string())) {
-    THROW_ERR_CRYPTO_INCOMPATIBLE_KEY_OPTIONS(env);
-    return {};
-  }
-
-#if !OPENSSL_WITH_PQC
-  if (key_type->StringEquals(env->crypto_ml_dsa_44_string()) ||
-      key_type->StringEquals(env->crypto_ml_dsa_65_string()) ||
-      key_type->StringEquals(env->crypto_ml_dsa_87_string()) ||
-      key_type->StringEquals(env->crypto_ml_kem_512_string()) ||
-      key_type->StringEquals(env->crypto_ml_kem_768_string()) ||
-      key_type->StringEquals(env->crypto_ml_kem_1024_string()) ||
-      key_type->StringEquals(env->crypto_slh_dsa_sha2_128f_string()) ||
-      key_type->StringEquals(env->crypto_slh_dsa_sha2_128s_string()) ||
-      key_type->StringEquals(env->crypto_slh_dsa_sha2_192f_string()) ||
-      key_type->StringEquals(env->crypto_slh_dsa_sha2_192s_string()) ||
-      key_type->StringEquals(env->crypto_slh_dsa_sha2_256f_string()) ||
-      key_type->StringEquals(env->crypto_slh_dsa_sha2_256s_string()) ||
-      key_type->StringEquals(env->crypto_slh_dsa_shake_128f_string()) ||
-      key_type->StringEquals(env->crypto_slh_dsa_shake_128s_string()) ||
-      key_type->StringEquals(env->crypto_slh_dsa_shake_192f_string()) ||
-      key_type->StringEquals(env->crypto_slh_dsa_shake_192s_string()) ||
-      key_type->StringEquals(env->crypto_slh_dsa_shake_256f_string()) ||
-      key_type->StringEquals(env->crypto_slh_dsa_shake_256s_string())) {
-    THROW_ERR_INVALID_ARG_VALUE(env, "Unsupported key type");
-    return {};
-  }
-#endif
-
-  THROW_ERR_INVALID_ARG_VALUE(
-      env, "Invalid asymmetricKeyType: %s", key_type_name);
   return {};
 }
 

test/parallel/test-crypto-key-objects-raw.js

@@ -281,6 +281,12 @@ if (hasOpenSSL(3, 5)) {
     fixtures.readKey('ec_p256_private.pem', 'ascii'));
   assert.throws(() => ecPriv.export({ format: 'raw-seed' }),
                 { code: 'ERR_CRYPTO_INCOMPATIBLE_KEY_OPTIONS' });
+  assert.throws(() => crypto.createPrivateKey({
+    key: ecPriv.export({ format: 'raw-private' }),
+    format: 'raw-seed',
+    asymmetricKeyType: 'ec',
+    namedCurve: 'P-256',
+  }), { code: 'ERR_CRYPTO_INCOMPATIBLE_KEY_OPTIONS' });
 
   if (process.features.openssl_is_boringssl) {
     common.printSkipMessage('Skipping unsupported ed448/x448 test cases');
@@ -292,13 +298,23 @@ if (hasOpenSSL(3, 5)) {
       fixtures.readKey(`${type}_private.pem`, 'ascii'));
     assert.throws(() => priv.export({ format: 'raw-seed' }),
                   { code: 'ERR_CRYPTO_INCOMPATIBLE_KEY_OPTIONS' });
+    assert.throws(() => crypto.createPrivateKey({
+      key: priv.export({ format: 'raw-private' }),
+      format: 'raw-seed',
+      asymmetricKeyType: type,
+    }), { code: 'ERR_CRYPTO_INCOMPATIBLE_KEY_OPTIONS' });
   }
 
   if (hasOpenSSL(3, 5)) {
     const slhPriv = crypto.createPrivateKey(
       fixtures.readKey('slh_dsa_sha2_128f_private.pem', 'ascii'));
     assert.throws(() => slhPriv.export({ format: 'raw-seed' }),
                   { code: 'ERR_CRYPTO_INCOMPATIBLE_KEY_OPTIONS' });
+    assert.throws(() => crypto.createPrivateKey({
+      key: slhPriv.export({ format: 'raw-private' }),
+      format: 'raw-seed',
+      asymmetricKeyType: 'slh-dsa-sha2-128f',
+    }), { code: 'ERR_CRYPTO_INCOMPATIBLE_KEY_OPTIONS' });
   }
 }
 
@@ -309,6 +325,11 @@ if (hasOpenSSL(3, 5) || process.features.openssl_is_boringssl) {
       fixtures.readKey(`${type.replaceAll('-', '_')}_private_seed_only.pem`, 'ascii'));
     assert.throws(() => priv.export({ format: 'raw-private' }),
                   { code: 'ERR_CRYPTO_INCOMPATIBLE_KEY_OPTIONS' });
+    assert.throws(() => crypto.createPrivateKey({
+      key: priv.export({ format: 'raw-seed' }),
+      format: 'raw-private',
+      asymmetricKeyType: type,
+    }), { code: 'ERR_CRYPTO_INCOMPATIBLE_KEY_OPTIONS' });
   }
 }
 

test/parallel/test-crypto-pqc-key-objects-slh-dsa.js

@@ -91,6 +91,12 @@ for (const asymmetricKeyType of [
       key: rawPriv, format: 'raw-private', asymmetricKeyType,
     });
     assert.strictEqual(importedPriv.equals(key), true);
+    assert.throws(() => createPrivateKey({
+      key: rawPriv, format: 'raw-seed', asymmetricKeyType,
+    }), { code: 'ERR_CRYPTO_INCOMPATIBLE_KEY_OPTIONS' });
+    assert.throws(() => createPublicKey({
+      key: rawPriv, format: 'raw-seed', asymmetricKeyType,
+    }), { code: 'ERR_CRYPTO_INCOMPATIBLE_KEY_OPTIONS' });
   }
 
   if (!hasOpenSSL(3, 5)) {