Skip to content

Commit

Permalink
crypto: fix webcrypto AES-KW keys accepting encrypt/decrypt usages
Browse files Browse the repository at this point in the history
PR-URL: #43431
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
  • Loading branch information
panva authored and targos committed Jul 12, 2022
1 parent 3ee0bb8 commit 018f61c
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 11 deletions.
10 changes: 7 additions & 3 deletions lib/internal/crypto/aes.js
Original file line number Diff line number Diff line change
Expand Up @@ -230,13 +230,17 @@ async function aesGenerateKey(algorithm, extractable, keyUsages) {
validateInteger(length, 'algorithm.length');
validateOneOf(length, 'algorithm.length', kAesKeyLengths);

const usageSet = new SafeSet(keyUsages);
const checkUsages = ['wrapKey', 'unwrapKey'];
if (name !== 'AES-KW')
ArrayPrototypePush(checkUsages, 'encrypt', 'decrypt');

if (hasAnyNotIn(usageSet, ['encrypt', 'decrypt', 'wrapKey', 'unwrapKey'])) {
const usagesSet = new SafeSet(keyUsages);
if (hasAnyNotIn(usagesSet, checkUsages)) {
throw lazyDOMException(
'Unsupported key usage for an AES key',
'SyntaxError');
}

return new Promise((resolve, reject) => {
generateKey('aes', { length }, (err, key) => {
if (err) {
Expand All @@ -249,7 +253,7 @@ async function aesGenerateKey(algorithm, extractable, keyUsages) {
resolve(new InternalCryptoKey(
key,
{ name, length },
ArrayFrom(usageSet),
ArrayFrom(usagesSet),
extractable));
});
});
Expand Down
18 changes: 10 additions & 8 deletions test/parallel/test-webcrypto-keygen.js
Original file line number Diff line number Diff line change
Expand Up @@ -211,14 +211,16 @@ const vectors = {
if (!vectors[name].usages.includes(usage))
invalidUsages.push(usage);
});
return assert.rejects(
subtle.generateKey(
{
name, ...vectors[name].algorithm
},
true,
invalidUsages),
{ message: /Unsupported key usage/ });
for (const invalidUsage of invalidUsages) {
await assert.rejects(
subtle.generateKey(
{
name, ...vectors[name].algorithm
},
true,
[...vectors[name].usages, invalidUsage]),
{ message: /Unsupported key usage/ });
}
}

const tests = Object.keys(vectors).map(test);
Expand Down

0 comments on commit 018f61c

Please sign in to comment.