crypto: handle webcrypto generateKey() usages edge case

panva · targos · commit bb326f7ece04 · 2022-07-12T07:41:38.000+02:00
PR-URL: #43454 Reviewed-By: Tobias Nießen <tniessen@tnie.de>
diff --git a/lib/internal/crypto/webcrypto.js b/lib/internal/crypto/webcrypto.js
@@ -89,48 +89,68 @@ async function generateKey(
   algorithm = normalizeAlgorithm(algorithm);
   validateBoolean(extractable, 'extractable');
   validateArray(keyUsages, 'keyUsages');
-  if (keyUsages.length === 0) {
-    throw lazyDOMException(
-      'Usages cannot be empty when creating a key',
-      'SyntaxError');
-  }
+  let result;
+  let resultType;
   switch (algorithm.name) {
     case 'RSASSA-PKCS1-v1_5':
       // Fall through
     case 'RSA-PSS':
       // Fall through
     case 'RSA-OAEP':
-      return lazyRequire('internal/crypto/rsa')
+      resultType = 'CryptoKeyPair';
+      result = await lazyRequire('internal/crypto/rsa')
         .rsaKeyGenerate(algorithm, extractable, keyUsages);
+      break;
     case 'Ed25519':
       // Fall through
     case 'Ed448':
       // Fall through
     case 'X25519':
       // Fall through
     case 'X448':
-      return lazyRequire('internal/crypto/cfrg')
+      resultType = 'CryptoKeyPair';
+      result = await lazyRequire('internal/crypto/cfrg')
         .cfrgGenerateKey(algorithm, extractable, keyUsages);
+      break;
     case 'ECDSA':
       // Fall through
     case 'ECDH':
-      return lazyRequire('internal/crypto/ec')
+      resultType = 'CryptoKeyPair';
+      result = await lazyRequire('internal/crypto/ec')
         .ecGenerateKey(algorithm, extractable, keyUsages);
+      break;
     case 'HMAC':
-      return lazyRequire('internal/crypto/mac')
+      resultType = 'CryptoKey';
+      result = await lazyRequire('internal/crypto/mac')
         .hmacGenerateKey(algorithm, extractable, keyUsages);
+      break;
     case 'AES-CTR':
       // Fall through
     case 'AES-CBC':
       // Fall through
     case 'AES-GCM':
       // Fall through
     case 'AES-KW':
-      return lazyRequire('internal/crypto/aes')
+      resultType = 'CryptoKey';
+      result = await lazyRequire('internal/crypto/aes')
         .aesGenerateKey(algorithm, extractable, keyUsages);
+      break;
     default:
       throw lazyDOMException('Unrecognized name.');
   }
+
+  if (
+    (resultType === 'CryptoKey' &&
+      (result.type === 'secret' || result.type === 'private') &&
+      result.usages.length === 0) ||
+    (resultType === 'CryptoKeyPair' && result.privateKey.usages.length === 0)
+  ) {
+    throw lazyDOMException(
+      'Usages cannot be empty when creating a key.',
+      'SyntaxError');
+  }
+
+  return result;
 }
 
 async function deriveBits(algorithm, baseKey, length) {
diff --git a/test/parallel/test-webcrypto-derivebits-ecdh.js b/test/parallel/test-webcrypto-derivebits-ecdh.js
@@ -201,7 +201,7 @@ async function prepareKeys() {
       {
         name: 'ECDSA',
         namedCurve: 'P-521'
-      }, false, ['verify']);
+      }, false, ['sign', 'verify']);
 
     await assert.rejects(subtle.deriveBits({
       name: 'ECDH',
diff --git a/test/parallel/test-webcrypto-derivekey-ecdh.js b/test/parallel/test-webcrypto-derivekey-ecdh.js
@@ -165,7 +165,7 @@ async function prepareKeys() {
         namedCurve: 'P-521'
       },
       false,
-      ['verify']);
+      ['sign', 'verify']);
 
     await assert.rejects(
       subtle.deriveKey(
diff --git a/test/parallel/test-webcrypto-keygen.js b/test/parallel/test-webcrypto-keygen.js
@@ -29,143 +29,131 @@ const allUsages = [
 const vectors = {
   'AES-CTR': {
     algorithm: { length: 256 },
+    result: 'CryptoKey',
     usages: [
       'encrypt',
       'decrypt',
       'wrapKey',
       'unwrapKey',
     ],
-    mandatoryUsages: []
   },
   'AES-CBC': {
     algorithm: { length: 256 },
+    result: 'CryptoKey',
     usages: [
       'encrypt',
       'decrypt',
       'wrapKey',
       'unwrapKey',
     ],
-    mandatoryUsages: []
   },
   'AES-GCM': {
     algorithm: { length: 256 },
+    result: 'CryptoKey',
     usages: [
       'encrypt',
       'decrypt',
       'wrapKey',
       'unwrapKey',
     ],
-    mandatoryUsages: []
   },
   'AES-KW': {
     algorithm: { length: 256 },
+    result: 'CryptoKey',
     usages: [
       'wrapKey',
       'unwrapKey',
     ],
-    mandatoryUsages: []
   },
   'HMAC': {
     algorithm: { length: 256, hash: 'SHA-256' },
+    result: 'CryptoKey',
     usages: [
       'sign',
       'verify',
     ],
-    mandatoryUsages: []
   },
   'RSASSA-PKCS1-v1_5': {
     algorithm: {
       modulusLength: 1024,
       publicExponent: new Uint8Array([1, 0, 1]),
       hash: 'SHA-256'
     },
+    result: 'CryptoKeyPair',
     usages: [
       'sign',
       'verify',
     ],
-    mandatoryUsages: ['sign'],
   },
   'RSA-PSS': {
     algorithm: {
       modulusLength: 1024,
       publicExponent: new Uint8Array([1, 0, 1]),
       hash: 'SHA-256'
     },
+    result: 'CryptoKeyPair',
     usages: [
       'sign',
       'verify',
     ],
-    mandatoryUsages: ['sign']
   },
   'RSA-OAEP': {
     algorithm: {
       modulusLength: 1024,
       publicExponent: new Uint8Array([1, 0, 1]),
       hash: 'SHA-256'
     },
+    result: 'CryptoKeyPair',
     usages: [
       'encrypt',
       'decrypt',
       'wrapKey',
       'unwrapKey',
     ],
-    mandatoryUsages: [
-      'decrypt',
-      'unwrapKey',
-    ]
   },
   'ECDSA': {
     algorithm: { namedCurve: 'P-521' },
+    result: 'CryptoKeyPair',
     usages: [
       'sign',
       'verify',
     ],
-    mandatoryUsages: ['sign']
   },
   'ECDH': {
     algorithm: { namedCurve: 'P-521' },
+    result: 'CryptoKeyPair',
     usages: [
       'deriveKey',
       'deriveBits',
     ],
-    mandatoryUsages: [
-      'deriveKey',
-      'deriveBits',
-    ]
   },
   'Ed25519': {
+    result: 'CryptoKeyPair',
     usages: [
       'sign',
       'verify',
     ],
-    mandatoryUsages: ['sign']
   },
   'Ed448': {
+    result: 'CryptoKeyPair',
     usages: [
       'sign',
       'verify',
     ],
-    mandatoryUsages: ['sign']
   },
   'X25519': {
+    result: 'CryptoKeyPair',
     usages: [
       'deriveKey',
       'deriveBits',
     ],
-    mandatoryUsages: [
-      'deriveKey',
-      'deriveBits',
-    ]
   },
   'X448': {
+    result: 'CryptoKeyPair',
     usages: [
       'deriveKey',
       'deriveBits',
     ],
-    mandatoryUsages: [
-      'deriveKey',
-      'deriveBits',
-    ]
   },
 };
 
@@ -219,6 +207,25 @@ const vectors = {
         []),
       { message: /Usages cannot be empty/ });
 
+    // For CryptoKeyPair results the private key
+    // usages must not be empty.
+    // - ECDH(-like) algorithm key pairs only have private key usages
+    // - Signing algorithm key pairs may pass a non-empty array but
+    //   with only a public key usage
+    if (
+      vectors[name].result === 'CryptoKeyPair' &&
+      vectors[name].usages.includes('verify')
+    ) {
+      await assert.rejects(
+        subtle.generateKey(
+          {
+            name, ...vectors[name].algorithm
+          },
+          true,
+          ['verify']),
+        { message: /Usages cannot be empty/ });
+    }
+
     const invalidUsages = [];
     allUsages.forEach((usage) => {
       if (!vectors[name].usages.includes(usage))

Original file line number	Diff line number	Diff line change
`@@ -201,7 +201,7 @@ async function prepareKeys() {`
`201`	`201`	`{`
`202`	`202`	`name: 'ECDSA',`
`203`	`203`	`namedCurve: 'P-521'`
`204`		`- }, false, ['verify']);`
	`204`	`+ }, false, ['sign', 'verify']);`
`205`	`205`
`206`	`206`	`await assert.rejects(subtle.deriveBits({`
`207`	`207`	`name: 'ECDH',`