Skip to content

fix: support EC keys in diffieHellman() and validate curve match#960

Merged
boorad merged 3 commits into
mainfrom
fix/ec-diffiehellman
Mar 1, 2026
Merged

fix: support EC keys in diffieHellman() and validate curve match#960
boorad merged 3 commits into
mainfrom
fix/ec-diffiehellman

Conversation

@boorad
Copy link
Copy Markdown
Collaborator

@boorad boorad commented Mar 1, 2026

Summary

Adds EC key support (P-256, P-384, P-521) to the diffieHellman() API and fixes related correctness issues. Previously, diffieHellman() only supported x25519/x448 keys and threw Unknown curve type: ec for EC keys.

Fixes #959

Changes

  • Route EC keys in diffieHellman() to a new ecDiffieHellman() handler that leverages the existing ECDH class via JWK export/import
  • Move checkDiffieHellmanOptions() validation to the top-level diffieHellman() dispatcher so it applies to all key types
  • Add 'ec' to the allowed key types in checkDiffieHellmanOptions()
  • Add curve mismatch validation for EC keys — throws a clear error if private/public key curves differ (e.g., P-256 vs P-384) instead of an opaque OpenSSL failure
  • Fix ecDeriveBits() to decode JWK parameters with 'base64url' (per RFC 7517) instead of 'base64'

Testing

  • Generate EC key pairs (P-256, P-384, P-521) with crypto.generateKeyPairSync('ec', { namedCurve: '...' })
  • Call crypto.diffieHellman({ privateKey, publicKey }) with EC keys
  • Verify curve mismatch throws: use a P-256 private key with a P-384 public key
  • Verify x25519/x448 diffieHellman() still works unchanged

boorad added 2 commits March 1, 2026 10:57
@boorad
fix: support EC keys in diffieHellman() (#959)
1f0c13f 
The diffieHellman() function only accepted x25519/x448 keys, throwing
"Unknown curve type: ec" for EC keys like secp384r1. Route EC keys
through the ECDH class to compute the shared secret.
@boorad
fix: validate EC curve match and use correct base64url for JWK params
0f24ce3 
Add curve mismatch validation in checkDiffieHellmanOptions for EC keys
so mismatched curves (e.g. P-256 vs P-384) throw a clear error instead
of an opaque OpenSSL failure. Also fix ecDeriveBits to decode JWK
parameters with 'base64url' per RFC 7517 instead of 'base64'.
@boorad boorad self-assigned this Mar 1, 2026
@boorad
test: add EC diffieHellman tests for #959
73a62d2 
Cover P-256, P-384, P-521 via crypto.diffieHellman() with tests for
shared secret size, symmetry, determinism, uniqueness across key pairs,
and curve mismatch error.
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Mar 1, 2026

🤖 End-to-End Test Results - Android

Status: ✅ Passed
Platform: Android
Run: 22547846266

📸 Final Test Screenshot

Maestro Test Results - android

Screenshot automatically captured from End-to-End tests and will expire in 30 days

This comment is automatically updated on each test run.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Mar 1, 2026

🤖 End-to-End Test Results - iOS

Status: ✅ Passed
Platform: iOS
Run: 22547846282

📸 Final Test Screenshot

Maestro Test Results - ios

Screenshot automatically captured from End-to-End tests and will expire in 30 days

This comment is automatically updated on each test run.

@boorad boorad merged commit 8446e86 into main Mar 1, 2026
6 checks passed
@boorad boorad deleted the fix/ec-diffiehellman branch March 1, 2026 17:07
@tp26610 tp26610 mentioned this pull request Mar 31, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@boorad boorad

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

🐛 Method diffieHellman({options}) - [Error: Unknown curve type: ec]

1 participant

@boorad