diff options
author | Jose M. Palacios Diaz <jmpd1988@gmail.com> | 2017-11-06 17:22:42 -0500 |
---|---|---|
committer | Anna Henningsen <anna@addaleax.net> | 2017-12-01 21:18:11 +0100 |
commit | 845633a7c62ad9ffd33880a43e05a49382bb76bb (patch) | |
tree | aaa2e2e15a13b207e8db74f1011e00870c16cb22 /doc | |
parent | 31e0dbc0c700e7bb8fa453258ba0233975ece575 (diff) | |
download | android-node-v8-845633a7c62ad9ffd33880a43e05a49382bb76bb.tar.gz android-node-v8-845633a7c62ad9ffd33880a43e05a49382bb76bb.tar.bz2 android-node-v8-845633a7c62ad9ffd33880a43e05a49382bb76bb.zip |
crypto: better docs for cases where peer's public key is invalid
changes in c++ are in the computeSecret function, but the thrown
exception that was moved to JS land was in BufferToPoint
function, here i let the allocation error be thrown so the only value
returned is the nullptr that i use later to catch the error in
computeSecret, to then construct the exception in JS land.
an ERR_CRYPTO_ECDH_INVALID_PUBLIC_KEY error was added to errors.js
and with that, subsequent changes to docs and tests were made.
PR-URL: https://github.com/nodejs/node/pull/16849
Refs: https://www.iacr.org/archive/pkc2003/25670211/25670211.pdf
Fixes: https://github.com/nodejs/node/issues/16625
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/api/crypto.md | 12 | ||||
-rw-r--r-- | doc/api/errors.md | 7 |
2 files changed, 18 insertions, 1 deletions
diff --git a/doc/api/crypto.md b/doc/api/crypto.md index 9d6e344667..a5619b92df 100644 --- a/doc/api/crypto.md +++ b/doc/api/crypto.md @@ -651,7 +651,11 @@ added: v0.11.14 changes: - version: v6.0.0 pr-url: https://github.com/nodejs/node/pull/5522 - description: The default `inputEncoding` changed from `binary` to `utf8`. + description: The default `inputEncoding` changed from `binary` to `utf8` + - version: REPLACEME + pr-url: https://github.com/nodejs/node/pull/16849 + description: Changed error format to better support invalid public key + error --> - `otherPublicKey` {string | Buffer | TypedArray | DataView} - `inputEncoding` {string} @@ -668,6 +672,12 @@ provided, `otherPublicKey` is expected to be a [`Buffer`][], `TypedArray`, or If `outputEncoding` is given a string will be returned; otherwise a [`Buffer`][] is returned. +`ecdh.computeSecret` will throw an +`ERR_CRYPTO_ECDH_INVALID_PUBLIC_KEY` error when `otherPublicKey` +lies outside of the elliptic curve. Since `otherPublicKey` is +usually supplied from a remote user over an insecure network, +its recommended for developers to handle this exception accordingly. + ### ecdh.generateKeys([encoding[, format]]) <!-- YAML added: v0.11.14 diff --git a/doc/api/errors.md b/doc/api/errors.md index df38bf32a9..fab75e9bc4 100644 --- a/doc/api/errors.md +++ b/doc/api/errors.md @@ -676,6 +676,13 @@ of OpenSSL being used. An invalid value for the `format` argument was passed to the `crypto.ECDH()` class `getPublicKey()` method. +<a id="ERR_CRYPTO_ECDH_INVALID_PUBLIC_KEY"></a> +### ERR_CRYPTO_ECDH_INVALID_PUBLIC_KEY + +An invalid value for the `key` argument has been passed to the +`crypto.ECDH()` class `computeSecret()` method. It means that the public +key lies outside of the elliptic curve. + <a id="ERR_CRYPTO_ENGINE_UNKNOWN"></a> ### ERR_CRYPTO_ENGINE_UNKNOWN |