Skip to content

crypto: reject duplicate ML-KEM JWK key_ops#62905

Merged
nodejs-github-bot merged 1 commit intonodejs:mainfrom
panva:check-kem-key_ops
Apr 25, 2026
Merged

crypto: reject duplicate ML-KEM JWK key_ops#62905
nodejs-github-bot merged 1 commit intonodejs:mainfrom
panva:check-kem-key_ops

Conversation

@panva
Copy link
Copy Markdown
Member

@panva panva commented Apr 23, 2026

I missed this in #62706. Web Cryptography JWK import must reject duplicate entries in the JWK's key_ops.

@panva
crypto: reject duplicate ML-KEM JWK key_ops
ca2bb43 
Signed-off-by: Filip Skokan <panva.ip@gmail.com>
@panva panva added confirmed-bug Issues with confirmed bugs. crypto Issues and PRs related to the crypto subsystem. experimental Issues and PRs related to experimental features. webcrypto labels Apr 23, 2026
@nodejs-github-bot
Copy link
Copy Markdown
Collaborator

nodejs-github-bot commented Apr 23, 2026

Review requested:

  • @nodejs/crypto

@nodejs-github-bot nodejs-github-bot added the needs-ci PRs that need a full CI run. label Apr 23, 2026
@panva panva requested a review from ChALkeR April 23, 2026 07:18
@panva panva added the request-ci Add this label to start a Jenkins CI on a PR. label Apr 23, 2026
@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 23, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 89.62%. Comparing base (acb1bd7) to head (ca2bb43).
⚠️ Report is 51 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #62905      +/-   ##
==========================================
- Coverage   91.43%   89.62%   -1.82%     
==========================================
  Files         356      706     +350     
  Lines      150580   219201   +68621     
  Branches    23602    41989   +18387     
==========================================
+ Hits       137686   196449   +58763     
- Misses      12625    14629    +2004     
- Partials      269     8123    +7854
Files with missing lines Coverage Δ
lib/internal/crypto/util.js 95.53% <100.00%> (+2.85%) ⬆️

... and 472 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@github-actions github-actions Bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Apr 24, 2026
@nodejs-github-bot
Copy link
Copy Markdown
Collaborator

nodejs-github-bot commented Apr 24, 2026

CI: https://ci.nodejs.org/job/node-test-pull-request/72908/

@panva panva added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Apr 24, 2026
ChALkeR
ChALkeR reviewed Apr 24, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@ChALkeR ChALkeR left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's a bit unfortunate that the api allows unrecognized keys (which was why this failed open and wasn't noticed)
Not an impl issue though

@panva
Copy link
Copy Markdown
Member Author

panva commented Apr 24, 2026

It's a bit unfortunate that the api allows unrecognized keys (which was why this failed open and wasn't noticed) Not an impl issue though

That's the nature of depending on formats that are meant to be extensible. If this was rejecting unrecognized you couldn't evolve the JWK format with additional ops.

Not that key_ops in JWK is ever used in practice though. It's an annoyance. The "use" parameter or better yet an explicit "alg" is more than enough.

@panva panva added the commit-queue Add this label to land a pull request using GitHub Actions. label Apr 25, 2026
@nodejs-github-bot nodejs-github-bot removed the commit-queue Add this label to land a pull request using GitHub Actions. label Apr 25, 2026
@nodejs-github-bot nodejs-github-bot merged commit 8f348bc into nodejs:main Apr 25, 2026
92 checks passed
@nodejs-github-bot
Copy link
Copy Markdown
Collaborator

nodejs-github-bot commented Apr 25, 2026

Landed in 8f348bc

@panva panva deleted the check-kem-key_ops branch April 25, 2026 07:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ChALkeR ChALkeR ChALkeR approved these changes

@anonrig anonrig anonrig approved these changes

Assignees

No one assigned

Labels

author ready PRs that have at least one approval, no pending requests for changes, and a CI started. confirmed-bug Issues with confirmed bugs. crypto Issues and PRs related to the crypto subsystem. experimental Issues and PRs related to experimental features. needs-ci PRs that need a full CI run. webcrypto

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@panva @nodejs-github-bot @ChALkeR @anonrig