Skip to content

Commit a2f2c8e

Browse files
panvapanva
committed
fixup! lib: improve Web Cryptography key validation ordering
1 parent ad8217c commit a2f2c8e

File tree

2 files changed

+36
-0
lines changed

2 files changed

+36
-0
lines changed

test/parallel/test-webcrypto-encrypt-decrypt-aes.js

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -84,6 +84,22 @@ async function testEncryptWrongAlg({ keyBuffer, algorithm, plaintext }, alg) {
8484
});
8585
}
8686

87+
async function testDecryptWrongAlg({ keyBuffer, algorithm, result }, alg) {
88+
if (result === undefined) return;
89+
assert.notStrictEqual(algorithm.name, alg);
90+
const keyFormat = alg === 'AES-OCB' ? 'raw-secret' : 'raw';
91+
const key = await subtle.importKey(
92+
keyFormat,
93+
keyBuffer,
94+
{ name: alg },
95+
false,
96+
['decrypt']);
97+
98+
return assert.rejects(subtle.decrypt(algorithm, key, result), {
99+
message: /Key algorithm mismatch/
100+
});
101+
}
102+
87103
async function testDecrypt({ keyBuffer, algorithm, result }) {
88104
const keyFormat = algorithm.name === 'AES-OCB' ? 'raw-secret' : 'raw';
89105
const key = await subtle.importKey(
@@ -112,6 +128,7 @@ async function testDecrypt({ keyBuffer, algorithm, result }) {
112128
variations.push(testEncryptNoEncrypt(vector));
113129
variations.push(testEncryptNoDecrypt(vector));
114130
variations.push(testEncryptWrongAlg(vector, 'AES-CTR'));
131+
variations.push(testDecryptWrongAlg(vector, 'AES-CTR'));
115132
});
116133

117134
failing.forEach((vector) => {
@@ -149,6 +166,7 @@ async function testDecrypt({ keyBuffer, algorithm, result }) {
149166
variations.push(testEncryptNoEncrypt(vector));
150167
variations.push(testEncryptNoDecrypt(vector));
151168
variations.push(testEncryptWrongAlg(vector, 'AES-CBC'));
169+
variations.push(testDecryptWrongAlg(vector, 'AES-CBC'));
152170
});
153171

154172
// TODO(@jasnell): These fail for different reasons. Need to
@@ -188,6 +206,7 @@ async function testDecrypt({ keyBuffer, algorithm, result }) {
188206
variations.push(testEncryptNoEncrypt(vector));
189207
variations.push(testEncryptNoDecrypt(vector));
190208
variations.push(testEncryptWrongAlg(vector, 'AES-CBC'));
209+
variations.push(testDecryptWrongAlg(vector, 'AES-CBC'));
191210
});
192211

193212
failing.forEach((vector) => {
@@ -225,6 +244,7 @@ if (hasOpenSSL(3)) {
225244
variations.push(testEncryptNoEncrypt(vector));
226245
variations.push(testEncryptNoDecrypt(vector));
227246
variations.push(testEncryptWrongAlg(vector, 'AES-GCM'));
247+
variations.push(testDecryptWrongAlg(vector, 'AES-GCM'));
228248
});
229249

230250
failing.forEach((vector) => {

test/parallel/test-webcrypto-encrypt-decrypt-chacha20-poly1305.js

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -81,6 +81,21 @@ async function testEncryptWrongAlg({ keyBuffer, algorithm, plaintext }, alg) {
8181
});
8282
}
8383

84+
async function testDecryptWrongAlg({ keyBuffer, algorithm, result }, alg) {
85+
if (result === undefined) return;
86+
assert.notStrictEqual(algorithm.name, alg);
87+
const key = await subtle.importKey(
88+
'raw-secret',
89+
keyBuffer,
90+
{ name: alg },
91+
false,
92+
['decrypt']);
93+
94+
return assert.rejects(subtle.decrypt(algorithm, key, result), {
95+
message: /Key algorithm mismatch/
96+
});
97+
}
98+
8499
async function testDecrypt({ keyBuffer, algorithm, result }) {
85100
const key = await subtle.importKey(
86101
'raw-secret',
@@ -107,6 +122,7 @@ async function testDecrypt({ keyBuffer, algorithm, result }) {
107122
variations.push(testEncryptNoEncrypt(vector));
108123
variations.push(testEncryptNoDecrypt(vector));
109124
variations.push(testEncryptWrongAlg(vector, 'AES-GCM'));
125+
variations.push(testDecryptWrongAlg(vector, 'AES-GCM'));
110126
});
111127

112128
failing.forEach((vector) => {

0 commit comments

Comments
 (0)