Skip to content

Commit

Permalink
crypto: do not add undefined hash in webcrypto normalizeAlgorithm
Browse files Browse the repository at this point in the history
  • Loading branch information
panva committed Apr 1, 2022
1 parent 8dbdca8 commit df21856
Show file tree
Hide file tree
Showing 3 changed files with 47 additions and 14 deletions.
32 changes: 20 additions & 12 deletions lib/internal/crypto/util.js
Original file line number Diff line number Diff line change
Expand Up @@ -206,35 +206,43 @@ function validateMaxBufferLength(data, name) {
}
}

function normalizeAlgorithm(algorithm, label = 'algorithm') {
function validateAlgorithmName(name) {
if (typeof name !== 'string' ||
!ArrayPrototypeIncludes(
kAlgorithmsKeys,
StringPrototypeToLowerCase(name))) {
throw lazyDOMException('Unrecognized name.', 'NotSupportedError');
}
}

function normalizeAlgorithm(algorithm) {
if (algorithm != null) {
if (typeof algorithm === 'string')
algorithm = { name: algorithm };

if (typeof algorithm === 'object') {
const { name } = algorithm;
let hash;
if (typeof name !== 'string' ||
!ArrayPrototypeIncludes(
kAlgorithmsKeys,
StringPrototypeToLowerCase(name))) {
throw lazyDOMException('Unrecognized name.', 'NotSupportedError');
}
if (algorithm.hash !== undefined) {
hash = normalizeAlgorithm(algorithm.hash, 'algorithm.hash');
validateAlgorithmName(name);
let { hash } = algorithm;
if (hash !== undefined) {
hash = normalizeAlgorithm(hash);
if (!ArrayPrototypeIncludes(kHashTypes, hash.name))
throw lazyDOMException('Unrecognized name.', 'NotSupportedError');
}
return {
const normalized = {
...algorithm,
name: kAlgorithms[StringPrototypeToLowerCase(name)],
hash,
};
if (hash) {
normalized.hash = hash;
}
return normalized;
}
}
throw lazyDOMException('Unrecognized name.', 'NotSupportedError');
}


function hasAnyNotIn(set, checks) {
for (const s of set)
if (!ArrayPrototypeIncludes(checks, s))
Expand Down
4 changes: 2 additions & 2 deletions lib/internal/crypto/webcrypto.js
Original file line number Diff line number Diff line change
Expand Up @@ -557,10 +557,10 @@ async function unwrapKey(
extractable,
keyUsages) {
wrappedKey = getArrayBufferOrView(wrappedKey, 'wrappedKey');

unwrapAlgo = normalizeAlgorithm(unwrapAlgo);
let keyData = await cipherOrWrap(
kWebCryptoCipherDecrypt,
normalizeAlgorithm(unwrapAlgo),
unwrapAlgo,
unwrappingKey,
wrappedKey,
'unwrapKey');
Expand Down
25 changes: 25 additions & 0 deletions test/parallel/test-webcrypto-utils.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
// Flags: --expose-internals
'use strict';

const common = require('../common');
if (!common.hasCrypto)
common.skip('missing crypto');

const assert = require('assert');

const {
normalizeAlgorithm,
} = require('internal/crypto/util');

{
// Check that normalizeAlgorithm does not add an undefined hash property
assert.strictEqual('hash' in normalizeAlgorithm({ name: 'ECDH' }), false);
assert.strictEqual('hash' in normalizeAlgorithm('ECDH'), false);
}

{
// Check that normalizeAlgorithm does not mutate object inputs
const algorithm = { name: 'ECDH', hash: 'SHA-256' };
assert.strictEqual(normalizeAlgorithm(algorithm) !== algorithm, true);
assert.deepStrictEqual(algorithm, { name: 'ECDH', hash: 'SHA-256' });
}

0 comments on commit df21856

Please sign in to comment.