From 7ad2a268b9485d676c5cec7e2881c82ecafb1836 Mon Sep 17 00:00:00 2001
From: Filip Skokan <panva.ip@gmail.com>
Date: Mon, 8 Aug 2022 12:02:00 +0200
Subject: [PATCH] crypto: fix webcrypto EC key namedCurve validation errors
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

PR-URL: https://github.com/nodejs/node/pull/44172
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Backport-PR-URL: https://github.com/nodejs/node/pull/44872
---
 lib/internal/crypto/ec.js              | 29 ++++++++++-----------
 test/parallel/test-webcrypto-keygen.js |  2 +-
 test/wpt/status/WebCryptoAPI.json      | 36 --------------------------
 3 files changed, 15 insertions(+), 52 deletions(-)

diff --git a/lib/internal/crypto/ec.js b/lib/internal/crypto/ec.js
index 719aa94f95f82c..ed7484dbbb596e 100644
--- a/lib/internal/crypto/ec.js
+++ b/lib/internal/crypto/ec.js
@@ -1,6 +1,7 @@
 'use strict';
 
 const {
+  ArrayPrototypeIncludes,
   ObjectKeys,
   SafeSet,
 } = primordials;
@@ -16,11 +17,6 @@ const {
   kSigEncP1363,
 } = internalBinding('crypto');
 
-const {
-  validateOneOf,
-  validateString,
-} = require('internal/validators');
-
 const {
   codes: {
     ERR_MISSING_OPTION,
@@ -90,11 +86,12 @@ function createECPublicKeyRaw(namedCurve, keyData) {
 
 async function ecGenerateKey(algorithm, extractable, keyUsages) {
   const { name, namedCurve } = algorithm;
-  validateString(namedCurve, 'algorithm.namedCurve');
-  validateOneOf(
-    namedCurve,
-    'algorithm.namedCurve',
-    ObjectKeys(kNamedCurveAliases));
+
+  if (!ArrayPrototypeIncludes(ObjectKeys(kNamedCurveAliases), namedCurve)) {
+    throw lazyDOMException(
+      'Unrecognized namedCurve',
+      'NotSupportedError');
+  }
 
   const usageSet = new SafeSet(keyUsages);
   switch (name) {
@@ -168,11 +165,13 @@ async function ecImportKey(
   keyUsages) {
 
   const { name, namedCurve } = algorithm;
-  validateString(namedCurve, 'algorithm.namedCurve');
-  validateOneOf(
-    namedCurve,
-    'algorithm.namedCurve',
-    ObjectKeys(kNamedCurveAliases));
+
+  if (!ArrayPrototypeIncludes(ObjectKeys(kNamedCurveAliases), namedCurve)) {
+    throw lazyDOMException(
+      'Unrecognized namedCurve',
+      'NotSupportedError');
+  }
+
   let keyObject;
   const usagesSet = new SafeSet(keyUsages);
   switch (format) {
diff --git a/test/parallel/test-webcrypto-keygen.js b/test/parallel/test-webcrypto-keygen.js
index 9c79e1517c07a8..5acea2debdd292 100644
--- a/test/parallel/test-webcrypto-keygen.js
+++ b/test/parallel/test-webcrypto-keygen.js
@@ -452,7 +452,7 @@ const vectors = {
     [1, true, {}, [], undefined, null].forEach(async (namedCurve) => {
       await assert.rejects(
         subtle.generateKey({ name, namedCurve }, true, privateUsages), {
-          code: 'ERR_INVALID_ARG_TYPE'
+          name: 'NotSupportedError'
         });
     });
   }
diff --git a/test/wpt/status/WebCryptoAPI.json b/test/wpt/status/WebCryptoAPI.json
index f4c964631a4550..a0439ed8d5f59a 100644
--- a/test/wpt/status/WebCryptoAPI.json
+++ b/test/wpt/status/WebCryptoAPI.json
@@ -2690,48 +2690,12 @@
   "generateKey/failures_ECDH.https.any.js": {
     "fail": {
       "expected": [
-        "Bad algorithm property: generateKey({name: ECDH, namedCurve: P-512}, false, [deriveKey])",
-        "Bad algorithm property: generateKey({name: ECDH, namedCurve: P-512}, true, [deriveKey])",
-        "Bad algorithm property: generateKey({name: ECDH, namedCurve: P-512}, false, [deriveBits, deriveKey])",
-        "Bad algorithm property: generateKey({name: ECDH, namedCurve: P-512}, true, [deriveBits, deriveKey])",
-        "Bad algorithm property: generateKey({name: ECDH, namedCurve: P-512}, false, [deriveBits])",
-        "Bad algorithm property: generateKey({name: ECDH, namedCurve: P-512}, true, [deriveBits])",
-        "Bad algorithm property: generateKey({name: ECDH, namedCurve: P-512}, false, [])",
-        "Bad algorithm property: generateKey({name: ECDH, namedCurve: P-512}, true, [])",
-        "Bad algorithm property: generateKey({name: ECDH, namedCurve: P-512}, false, [deriveKey, deriveBits, deriveKey, deriveBits, deriveKey, deriveBits])",
-        "Bad algorithm property: generateKey({name: ECDH, namedCurve: P-512}, true, [deriveKey, deriveBits, deriveKey, deriveBits, deriveKey, deriveBits])",
-        "Bad algorithm property: generateKey({name: ECDH, namedCurve: Curve25519}, false, [deriveKey])",
-        "Bad algorithm property: generateKey({name: ECDH, namedCurve: Curve25519}, true, [deriveKey])",
-        "Bad algorithm property: generateKey({name: ECDH, namedCurve: Curve25519}, false, [deriveBits, deriveKey])",
-        "Bad algorithm property: generateKey({name: ECDH, namedCurve: Curve25519}, true, [deriveBits, deriveKey])",
-        "Bad algorithm property: generateKey({name: ECDH, namedCurve: Curve25519}, false, [deriveBits])",
-        "Bad algorithm property: generateKey({name: ECDH, namedCurve: Curve25519}, true, [deriveBits])",
-        "Bad algorithm property: generateKey({name: ECDH, namedCurve: Curve25519}, false, [])",
-        "Bad algorithm property: generateKey({name: ECDH, namedCurve: Curve25519}, true, [])",
-        "Bad algorithm property: generateKey({name: ECDH, namedCurve: Curve25519}, false, [deriveKey, deriveBits, deriveKey, deriveBits, deriveKey, deriveBits])",
-        "Bad algorithm property: generateKey({name: ECDH, namedCurve: Curve25519}, true, [deriveKey, deriveBits, deriveKey, deriveBits, deriveKey, deriveBits])"
       ]
     }
   },
   "generateKey/failures_ECDSA.https.any.js": {
     "fail": {
       "expected": [
-        "Bad algorithm property: generateKey({name: ECDSA, namedCurve: P-512}, false, [sign])",
-        "Bad algorithm property: generateKey({name: ECDSA, namedCurve: P-512}, true, [sign])",
-        "Bad algorithm property: generateKey({name: ECDSA, namedCurve: P-512}, false, [verify, sign])",
-        "Bad algorithm property: generateKey({name: ECDSA, namedCurve: P-512}, true, [verify, sign])",
-        "Bad algorithm property: generateKey({name: ECDSA, namedCurve: P-512}, false, [])",
-        "Bad algorithm property: generateKey({name: ECDSA, namedCurve: P-512}, true, [])",
-        "Bad algorithm property: generateKey({name: ECDSA, namedCurve: P-512}, false, [sign, verify, sign, sign, verify])",
-        "Bad algorithm property: generateKey({name: ECDSA, namedCurve: P-512}, true, [sign, verify, sign, sign, verify])",
-        "Bad algorithm property: generateKey({name: ECDSA, namedCurve: Curve25519}, false, [sign])",
-        "Bad algorithm property: generateKey({name: ECDSA, namedCurve: Curve25519}, true, [sign])",
-        "Bad algorithm property: generateKey({name: ECDSA, namedCurve: Curve25519}, false, [verify, sign])",
-        "Bad algorithm property: generateKey({name: ECDSA, namedCurve: Curve25519}, true, [verify, sign])",
-        "Bad algorithm property: generateKey({name: ECDSA, namedCurve: Curve25519}, false, [])",
-        "Bad algorithm property: generateKey({name: ECDSA, namedCurve: Curve25519}, true, [])",
-        "Bad algorithm property: generateKey({name: ECDSA, namedCurve: Curve25519}, false, [sign, verify, sign, sign, verify])",
-        "Bad algorithm property: generateKey({name: ECDSA, namedCurve: Curve25519}, true, [sign, verify, sign, sign, verify])"
       ]
     }
   },