crypto: harden CryptoKey algorithm slots

Clone CryptoKey algorithm dictionaries into null-prototype objects
before storing or caching them internally. Copy nested hash dictionaries
and publicExponent bytes so internal consumers and transferred keys do
not observe user-mutable input objects or polluted Object.prototype
fields.

Keep public algorithm and inspect output as ordinary objects. Make the
clone path check only own hash and publicExponent properties.

Signed-off-by: Filip Skokan <panva.ip@gmail.com>

Author: panva

lib/internal/crypto/keys.js

@@ -3,6 +3,7 @@
 const {
   ArrayPrototypeSlice,
   ObjectDefineProperties,
+  ObjectPrototypeHasOwnProperty,
   ObjectSetPrototypeOf,
   SafeSet,
   SymbolToStringTag,
@@ -928,6 +929,8 @@ function isKeyObject(obj) {
 // CryptoKey's hidden class pristine. The `getCryptoKey{Type,
 // Extractable,Algorithm,Usages,Handle}` helpers index into that
 // array and convert native enums/masks back to Web Crypto strings.
+// The internal algorithm object is stored as a null-prototype clone
+// so it cannot observe polluted Object.prototype properties.
 // The public `algorithm` getter caches a cloned dictionary and the
 // public `usages` getter caches a synthesized array (as Web Crypto
 // requires repeat reads to return the same object so a consumer's
@@ -945,9 +948,27 @@ const kSlotUsages = 7;
 
 function cloneAlgorithm(raw) {
   const cloned = { ...raw };
-  if (cloned.hash !== undefined) cloned.hash = { ...cloned.hash };
-  if (cloned.publicExponent !== undefined)
+  if (ObjectPrototypeHasOwnProperty(cloned, 'hash') &&
+      cloned.hash !== undefined) {
+    cloned.hash = { ...cloned.hash };
+  }
+  if (ObjectPrototypeHasOwnProperty(cloned, 'publicExponent') &&
+      cloned.publicExponent !== undefined) {
+    cloned.publicExponent = new Uint8Array(cloned.publicExponent);
+  }
+  return cloned;
+}
+
+function cloneInternalAlgorithm(raw) {
+  const cloned = { __proto__: null, ...raw };
+  if (ObjectPrototypeHasOwnProperty(cloned, 'hash') &&
+      cloned.hash !== undefined) {
+    cloned.hash = { __proto__: null, ...cloned.hash };
+  }
+  if (ObjectPrototypeHasOwnProperty(cloned, 'publicExponent') &&
+      cloned.publicExponent !== undefined) {
     cloned.publicExponent = new Uint8Array(cloned.publicExponent);
+  }
   return cloned;
 }
 
@@ -972,8 +993,8 @@ const {
       return `CryptoKey ${inspect({
         type: getCryptoKeyType(this),
         extractable: getCryptoKeyExtractable(this),
-        algorithm: getCryptoKeyAlgorithm(this),
-        usages: getCryptoKeyUsages(this),
+        algorithm: cloneAlgorithm(getCryptoKeyAlgorithm(this)),
+        usages: ArrayPrototypeSlice(getCryptoKeyUsages(this), 0),
       }, opts)}`;
     }
 
@@ -1009,6 +1030,12 @@ const {
   class InternalCryptoKey extends NativeCryptoKey {
     #slots;
 
+    constructor(handle, algorithm, usagesMask, extractable) {
+      if (algorithm !== undefined)
+        algorithm = cloneInternalAlgorithm(algorithm);
+      super(handle, algorithm, usagesMask, extractable);
+    }
+
     static {
       getSlots = (key) => {
         if (!key || typeof key !== 'object')
@@ -1018,6 +1045,7 @@ const {
           if (cached !== undefined) return cached;
         }
         const slots = nativeGetCryptoKeySlots(key);
+        slots[kSlotAlgorithm] = cloneInternalAlgorithm(slots[kSlotAlgorithm]);
         key.#slots = slots;
         return slots;
       };

test/parallel/test-webcrypto-cryptokey-hidden-slots.js

@@ -47,6 +47,71 @@ common.expectWarning({
       false,
       ['sign', 'verify'],
     );
+  const { publicKey: rsaPublicKey } = await subtle.generateKey(
+    {
+      name: 'RSA-PSS',
+      modulusLength: 1024,
+      publicExponent: new Uint8Array([1, 0, 1]),
+      hash: 'SHA-256',
+    },
+    true,
+    ['sign', 'verify'],
+  );
+
+  // Public algorithm/usages objects are mutable, but they must be
+  // separate from the native-backed internal slots.
+  rsaPublicKey.algorithm.name = 'FORGED-ALGORITHM';
+  rsaPublicKey.algorithm.hash.name = 'FORGED-HASH';
+  rsaPublicKey.algorithm.publicExponent[0] = 0xff;
+  rsaPublicKey.usages.push('forged-usage');
+
+  const clonedRsaPublicKey = structuredClone(rsaPublicKey);
+  assert.strictEqual(clonedRsaPublicKey.algorithm.name, 'RSA-PSS');
+  assert.strictEqual(clonedRsaPublicKey.algorithm.hash.name, 'SHA-256');
+  assert.deepStrictEqual(
+    clonedRsaPublicKey.algorithm.publicExponent,
+    new Uint8Array([1, 0, 1]));
+  assert.deepStrictEqual(clonedRsaPublicKey.usages, ['verify']);
+
+  const rsaJwk = await subtle.exportKey('jwk', rsaPublicKey);
+  assert.strictEqual(rsaJwk.alg, 'PS256');
+  assert.deepStrictEqual(rsaJwk.key_ops, ['verify']);
+
+  Object.defineProperties(Object.prototype, {
+    hash: {
+      configurable: true,
+      value: { name: 'FORGED-HASH' },
+    },
+    publicExponent: {
+      configurable: true,
+      value: new Uint8Array([0xff]),
+    },
+  });
+
+  try {
+    const aesKey = await subtle.generateKey(
+      { name: 'AES-GCM', length: 128 },
+      true,
+      ['encrypt'],
+    );
+    assert.deepStrictEqual(aesKey.algorithm, {
+      name: 'AES-GCM',
+      length: 128,
+    });
+    assert.strictEqual(Object.hasOwn(aesKey.algorithm, 'hash'), false);
+    assert.strictEqual(
+      Object.hasOwn(aesKey.algorithm, 'publicExponent'),
+      false);
+
+    const clonedAesKey = structuredClone(aesKey);
+    assert.deepStrictEqual(clonedAesKey.algorithm, {
+      name: 'AES-GCM',
+      length: 128,
+    });
+  } finally {
+    delete Object.prototype.hash;
+    delete Object.prototype.publicExponent;
+  }
 
   // Snapshot the real values BEFORE tampering.
   const realType = key.type;