crypto: fix webcrypto EC key namedCurve validation errors

panva · ruyadorno · commit 4c902be5a597 · 2022-08-22T19:37:23.000-04:00
PR-URL: #44172 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
diff --git a/lib/internal/crypto/ec.js b/lib/internal/crypto/ec.js
@@ -1,6 +1,7 @@
 'use strict';
 
 const {
+  ArrayPrototypeIncludes,
   ObjectKeys,
   SafeSet,
 } = primordials;
@@ -16,11 +17,6 @@ const {
   kSigEncP1363,
 } = internalBinding('crypto');
 
-const {
-  validateOneOf,
-  validateString,
-} = require('internal/validators');
-
 const {
   codes: {
     ERR_MISSING_OPTION,
@@ -90,11 +86,12 @@ function createECPublicKeyRaw(namedCurve, keyData) {
 
 async function ecGenerateKey(algorithm, extractable, keyUsages) {
   const { name, namedCurve } = algorithm;
-  validateString(namedCurve, 'algorithm.namedCurve');
-  validateOneOf(
-    namedCurve,
-    'algorithm.namedCurve',
-    ObjectKeys(kNamedCurveAliases));
+
+  if (!ArrayPrototypeIncludes(ObjectKeys(kNamedCurveAliases), namedCurve)) {
+    throw lazyDOMException(
+      'Unrecognized namedCurve',
+      'NotSupportedError');
+  }
 
   const usageSet = new SafeSet(keyUsages);
   switch (name) {
@@ -168,11 +165,13 @@ async function ecImportKey(
   keyUsages) {
 
   const { name, namedCurve } = algorithm;
-  validateString(namedCurve, 'algorithm.namedCurve');
-  validateOneOf(
-    namedCurve,
-    'algorithm.namedCurve',
-    ObjectKeys(kNamedCurveAliases));
+
+  if (!ArrayPrototypeIncludes(ObjectKeys(kNamedCurveAliases), namedCurve)) {
+    throw lazyDOMException(
+      'Unrecognized namedCurve',
+      'NotSupportedError');
+  }
+
   let keyObject;
   const usagesSet = new SafeSet(keyUsages);
   switch (format) {
diff --git a/test/parallel/test-webcrypto-keygen.js b/test/parallel/test-webcrypto-keygen.js
@@ -452,7 +452,7 @@ const vectors = {
     [1, true, {}, [], undefined, null].forEach(async (namedCurve) => {
       await assert.rejects(
         subtle.generateKey({ name, namedCurve }, true, privateUsages), {
-          code: 'ERR_INVALID_ARG_TYPE'
+          name: 'NotSupportedError'
         });
     });
   }
diff --git a/test/wpt/status/WebCryptoAPI.json b/test/wpt/status/WebCryptoAPI.json
@@ -2690,48 +2690,12 @@
   "generateKey/failures_ECDH.https.any.js": {
     "fail": {
       "expected": [
-        "Bad algorithm property: generateKey({name: ECDH, namedCurve: P-512}, false, [deriveKey])",
-        "Bad algorithm property: generateKey({name: ECDH, namedCurve: P-512}, true, [deriveKey])",
-        "Bad algorithm property: generateKey({name: ECDH, namedCurve: P-512}, false, [deriveBits, deriveKey])",
-        "Bad algorithm property: generateKey({name: ECDH, namedCurve: P-512}, true, [deriveBits, deriveKey])",
-        "Bad algorithm property: generateKey({name: ECDH, namedCurve: P-512}, false, [deriveBits])",
-        "Bad algorithm property: generateKey({name: ECDH, namedCurve: P-512}, true, [deriveBits])",
-        "Bad algorithm property: generateKey({name: ECDH, namedCurve: P-512}, false, [])",
-        "Bad algorithm property: generateKey({name: ECDH, namedCurve: P-512}, true, [])",
-        "Bad algorithm property: generateKey({name: ECDH, namedCurve: P-512}, false, [deriveKey, deriveBits, deriveKey, deriveBits, deriveKey, deriveBits])",
-        "Bad algorithm property: generateKey({name: ECDH, namedCurve: P-512}, true, [deriveKey, deriveBits, deriveKey, deriveBits, deriveKey, deriveBits])",
-        "Bad algorithm property: generateKey({name: ECDH, namedCurve: Curve25519}, false, [deriveKey])",
-        "Bad algorithm property: generateKey({name: ECDH, namedCurve: Curve25519}, true, [deriveKey])",
-        "Bad algorithm property: generateKey({name: ECDH, namedCurve: Curve25519}, false, [deriveBits, deriveKey])",
-        "Bad algorithm property: generateKey({name: ECDH, namedCurve: Curve25519}, true, [deriveBits, deriveKey])",
-        "Bad algorithm property: generateKey({name: ECDH, namedCurve: Curve25519}, false, [deriveBits])",
-        "Bad algorithm property: generateKey({name: ECDH, namedCurve: Curve25519}, true, [deriveBits])",
-        "Bad algorithm property: generateKey({name: ECDH, namedCurve: Curve25519}, false, [])",
-        "Bad algorithm property: generateKey({name: ECDH, namedCurve: Curve25519}, true, [])",
-        "Bad algorithm property: generateKey({name: ECDH, namedCurve: Curve25519}, false, [deriveKey, deriveBits, deriveKey, deriveBits, deriveKey, deriveBits])",
-        "Bad algorithm property: generateKey({name: ECDH, namedCurve: Curve25519}, true, [deriveKey, deriveBits, deriveKey, deriveBits, deriveKey, deriveBits])"
       ]
     }
   },
   "generateKey/failures_ECDSA.https.any.js": {
     "fail": {
       "expected": [
-        "Bad algorithm property: generateKey({name: ECDSA, namedCurve: P-512}, false, [sign])",
-        "Bad algorithm property: generateKey({name: ECDSA, namedCurve: P-512}, true, [sign])",
-        "Bad algorithm property: generateKey({name: ECDSA, namedCurve: P-512}, false, [verify, sign])",
-        "Bad algorithm property: generateKey({name: ECDSA, namedCurve: P-512}, true, [verify, sign])",
-        "Bad algorithm property: generateKey({name: ECDSA, namedCurve: P-512}, false, [])",
-        "Bad algorithm property: generateKey({name: ECDSA, namedCurve: P-512}, true, [])",
-        "Bad algorithm property: generateKey({name: ECDSA, namedCurve: P-512}, false, [sign, verify, sign, sign, verify])",
-        "Bad algorithm property: generateKey({name: ECDSA, namedCurve: P-512}, true, [sign, verify, sign, sign, verify])",
-        "Bad algorithm property: generateKey({name: ECDSA, namedCurve: Curve25519}, false, [sign])",
-        "Bad algorithm property: generateKey({name: ECDSA, namedCurve: Curve25519}, true, [sign])",
-        "Bad algorithm property: generateKey({name: ECDSA, namedCurve: Curve25519}, false, [verify, sign])",
-        "Bad algorithm property: generateKey({name: ECDSA, namedCurve: Curve25519}, true, [verify, sign])",
-        "Bad algorithm property: generateKey({name: ECDSA, namedCurve: Curve25519}, false, [])",
-        "Bad algorithm property: generateKey({name: ECDSA, namedCurve: Curve25519}, true, [])",
-        "Bad algorithm property: generateKey({name: ECDSA, namedCurve: Curve25519}, false, [sign, verify, sign, sign, verify])",
-        "Bad algorithm property: generateKey({name: ECDSA, namedCurve: Curve25519}, true, [sign, verify, sign, sign, verify])"
       ]
     }
   },

Original file line number	Diff line number	Diff line change
`@@ -452,7 +452,7 @@ const vectors = {`
`452`	`452`	`[1, true, {}, [], undefined, null].forEach(async (namedCurve) => {`
`453`	`453`	`await assert.rejects(`
`454`	`454`	`subtle.generateKey({ name, namedCurve }, true, privateUsages), {`
`455`		`- code: 'ERR_INVALID_ARG_TYPE'`
	`455`	`+ name: 'NotSupportedError'`
`456`	`456`	`});`
`457`	`457`	`});`
`458`	`458`	`}`