crypto: refactor hasAnyNotIn to avoid unsafe array iteration

Author: aduh95

lib/internal/crypto/aes.js

@@ -223,7 +223,7 @@ async function aesGenerateKey(algorithm, extractable, keyUsages) {
 
   const usageSet = new SafeSet(keyUsages);
 
-  if (hasAnyNotIn(usageSet, 'encrypt', 'decrypt', 'wrapKey', 'unwrapKey')) {
+  if (hasAnyNotIn(usageSet, ['encrypt', 'decrypt', 'wrapKey', 'unwrapKey'])) {
     throw lazyDOMException(
       'Unsupported key usage for an AES key',
       'SyntaxError');
@@ -258,7 +258,8 @@ async function aesImportKey(
   if (name !== 'AES-KW')
     ArrayPrototypePush(checkUsages, 'encrypt', 'decrypt');
 
-  if (ReflectApply(hasAnyNotIn, null, checkUsages)) {
+  const usagesSet = new SafeSet(keyUsages);
+  if (hasAnyNotIn(usagesSet, checkUsages)) {
     throw lazyDOMException(
       'Unsupported key usage for an AES key',
       'SyntaxError');

lib/internal/crypto/diffiehellman.js

@@ -357,7 +357,7 @@ function verifyAcceptableDhKeyUse(name, type, usages) {
     case 'public':
       break;
   }
-  if (ReflectApply(hasAnyNotIn, null, args)) {
+  if (hasAnyNotIn(usages, checkSet)) {
     throw lazyDOMException(
       `Unsupported key usage for an ${name} key`,
       'SyntaxError');
@@ -370,7 +370,7 @@ async function dhGenerateKey(
   keyUsages) {
   const usageSet = new SafeSet(keyUsages);
 
-  if (hasAnyNotIn(usageSet, 'deriveKey', 'deriveBits')) {
+  if (hasAnyNotIn(usageSet, ['deriveKey', 'deriveBits'])) {
     throw lazyDOMException(
       'Unsupported key usage for a DH key',
       'SyntaxError');

lib/internal/crypto/dsa.js

@@ -60,7 +60,7 @@ function verifyAcceptableDsaKeyUse(name, type, usages) {
       check = 'verify';
       break;
   }
-  if (hasAnyNotIn(usages, check)) {
+  if (hasAnyNotIn(usages, checkSet)) {
     throw lazyDOMException(
       `Unsupported key usage for an ${name} key`,
       'SyntaxError');
@@ -84,7 +84,7 @@ async function dsaGenerateKey(
 
   const usageSet = new SafeSet(keyUsages);
 
-  if (hasAnyNotIn(usageSet, 'sign', 'verify')) {
+  if (hasAnyNotIn(usageSet, ['sign', 'verify'])) {
     throw lazyDOMException(
       'Unsupported key usage for a DSA key',
       'SyntaxError');

lib/internal/crypto/ec.js

@@ -80,7 +80,7 @@ function verifyAcceptableEcKeyUse(name, type, usages) {
           break;
       }
   }
-  if (ReflectApply(hasAnyNotIn, null, args)) {
+  if (hasAnyNotIn(usages, checkSet)) {
     throw lazyDOMException(
       `Unsupported key usage for a ${name} key`,
       'SyntaxError');
@@ -150,14 +150,14 @@ async function ecGenerateKey(algorithm, extractable, keyUsages) {
     case 'NODE-ED25519':
       // Fall through
     case 'NODE-ED448':
-      if (hasAnyNotIn(usageSet, 'sign', 'verify')) {
+      if (hasAnyNotIn(usageSet, ['sign', 'verify'])) {
         throw lazyDOMException(
           'Unsupported key usage for an ECDSA key',
           'SyntaxError');
       }
       break;
     case 'ECDH':
-      if (hasAnyNotIn(usageSet, 'deriveKey', 'deriveBits')) {
+      if (hasAnyNotIn(usageSet, ['deriveKey', 'deriveBits'])) {
         throw lazyDOMException(
           'Unsupported key usage for an ECDH key',
           'SyntaxError');

lib/internal/crypto/mac.js

@@ -56,7 +56,7 @@ async function hmacGenerateKey(algorithm, extractable, keyUsages) {
   validateBitLength(length, 'algorithm.length', true);
 
   const usageSet = new SafeSet(keyUsages);
-  if (hasAnyNotIn(usageSet, 'sign', 'verify')) {
+  if (hasAnyNotIn(usageSet, ['sign', 'verify'])) {
     throw lazyDOMException(
       'Unsupported key usage for an HMAC key',
       'SyntaxError');
@@ -89,7 +89,7 @@ async function hmacImportKey(
     throw new ERR_MISSING_OPTION('algorithm.hash');
 
   const usagesSet = new SafeSet(keyUsages);
-  if (hasAnyNotIn(usagesSet, 'sign', 'verify')) {
+  if (hasAnyNotIn(usagesSet, ['sign', 'verify'])) {
     throw lazyDOMException(
       'Unsupported key usage for an HMAC key',
       'SyntaxError');

lib/internal/crypto/rsa.js

@@ -95,7 +95,7 @@ function verifyAcceptableRsaKeyUse(name, type, usages) {
           break;
       }
   }
-  if (ReflectApply(hasAnyNotIn, null, args)) {
+  if (hasAnyNotIn(usages, checkSet)) {
     throw lazyDOMException(
       `Unsupported key usage for an ${name} key`,
       'SyntaxError');
@@ -157,14 +157,15 @@ async function rsaKeyGenerate(
 
   switch (name) {
     case 'RSA-OAEP':
-      if (hasAnyNotIn(usageSet, 'encrypt', 'decrypt', 'wrapKey', 'unwrapKey')) {
+      if (hasAnyNotIn(usageSet,
+                      ['encrypt', 'decrypt', 'wrapKey', 'unwrapKey'])) {
         throw lazyDOMException(
           'Unsupported key usage for a RSA key',
           'SyntaxError');
       }
       break;
     default:
-      if (hasAnyNotIn(usageSet, 'sign', 'verify')) {
+      if (hasAnyNotIn(usageSet, ['sign', 'verify'])) {
         throw lazyDOMException(
           'Unsupported key usage for a RSA key',
           'SyntaxError');

lib/internal/crypto/util.js

@@ -236,7 +236,7 @@ function normalizeAlgorithm(algorithm, label = 'algorithm') {
   throw lazyDOMException('Unrecognized name.', 'NotSupportedError');
 }
 
-function hasAnyNotIn(set, ...check) {
+function hasAnyNotIn(set, check) {
   for (const s of set)
     if (!ArrayPrototypeIncludes(check, s))
       return true;

lib/internal/crypto/webcrypto.js

@@ -402,7 +402,7 @@ async function importGenericSecretKey(
   if (extractable)
     throw lazyDOMException(`${name} keys are not extractable`, 'SyntaxError');
 
-  if (hasAnyNotIn(usagesSet, 'deriveKey', 'deriveBits')) {
+  if (hasAnyNotIn(usagesSet, ['deriveKey', 'deriveBits'])) {
     throw lazyDOMException(
       `Unsupported key usage for a ${name} key`,
       'SyntaxError');
@@ -419,7 +419,7 @@ async function importGenericSecretKey(
       break;
     }
     case 'raw':
-      if (hasAnyNotIn(usagesSet, 'deriveKey', 'deriveBits')) {
+      if (hasAnyNotIn(usagesSet, ['deriveKey', 'deriveBits'])) {
         throw lazyDOMException(
           `Unsupported key usage for a ${name} key`,
           'SyntaxError');