crypto: fix ECDH webcrypto public CryptoKey usages

PR-URL: #45569
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>

lib/internal/crypto/ec.js

@@ -58,7 +58,14 @@ function verifyAcceptableEcKeyUse(name, type, usages) {
   let checkSet;
   switch (name) {
     case 'ECDH':
-      checkSet = ['deriveKey', 'deriveBits'];
+      switch (type) {
+        case 'private':
+          checkSet = ['deriveKey', 'deriveBits'];
+          break;
+        case 'public':
+          checkSet = [];
+          break;
+      }
       break;
     case 'ECDSA':
       switch (type) {

test/parallel/test-webcrypto-derivebits-ecdh.js

@@ -73,7 +73,7 @@ async function prepareKeys() {
             namedCurve
           },
           true,
-          ['deriveKey', 'deriveBits']),
+          []),
       ]);
       keys[namedCurve] = {
         privateKey,
@@ -235,17 +235,17 @@ async function prepareKeys() {
       name: 'ECDH',
       public: keys['P-521'].publicKey
     }, keys['P-521'].publicKey, null), {
-      message: /baseKey must be a private key/
+      name: 'InvalidAccessError'
     });
   }
 
   {
-    // Base key is not a private key
+    // Public is not a public key
     await assert.rejects(subtle.deriveBits({
       name: 'ECDH',
       public: keys['P-521'].privateKey
-    }, keys['P-521'].publicKey, null), {
-      message: /algorithm\.public must be a public key/
+    }, keys['P-521'].privateKey, null), {
+      name: 'InvalidAccessError'
     });
   }
 
@@ -262,7 +262,7 @@ async function prepareKeys() {
       name: 'ECDH',
       public: key
     }, keys['P-521'].publicKey, null), {
-      message: /algorithm\.public must be a public key/
+      name: 'InvalidAccessError'
     });
   }
 })().then(common.mustCall());

test/parallel/test-webcrypto-derivekey-ecdh.js

@@ -68,7 +68,7 @@ async function prepareKeys() {
             namedCurve
           },
           true,
-          ['deriveKey', 'deriveBits']),
+          []),
       ]);
       keys[namedCurve] = {
         privateKey,
@@ -209,7 +209,7 @@ async function prepareKeys() {
         },
         keys['P-521'].publicKey,
         ...otherArgs),
-      { message: /baseKey must be a private key/ });
+      { name: 'InvalidAccessError' });
   }
 
   {
@@ -222,7 +222,7 @@ async function prepareKeys() {
         },
         keys['P-521'].publicKey,
         ...otherArgs),
-      { message: /algorithm\.public must be a public key/ });
+      { name: 'InvalidAccessError' });
   }
 
   {
@@ -242,6 +242,6 @@ async function prepareKeys() {
         },
         keys['P-521'].publicKey,
         ...otherArgs),
-      { message: /algorithm\.public must be a public key/ });
+      { name: 'InvalidAccessError' });
   }
 })().then(common.mustCall());

test/parallel/test-webcrypto-export-import-ec.js

@@ -333,19 +333,19 @@ async function testImportRaw({ name, publicUsages }, namedCurve) {
   const rsaPrivate = crypto.createPrivateKey(
     fixtures.readKey('rsa_private_2048.pem'));
 
-  for (const [name, [publicUsage, privateUsage]] of Object.entries({
-    'ECDSA': ['verify', 'sign'],
-    'ECDH': ['deriveBits', 'deriveBits'],
-  })) {
+  for (const [name, publicUsages, privateUsages] of [
+    ['ECDSA', ['verify'], ['sign']],
+    ['ECDH', [], ['deriveBits', 'deriveBits']],
+  ]) {
     assert.rejects(subtle.importKey(
       'spki',
       rsaPublic.export({ format: 'der', type: 'spki' }),
       { name, hash: 'SHA-256', namedCurve: 'P-256' },
-      true, [publicUsage]), { message: /Invalid key type/ });
+      true, publicUsages), { message: /Invalid key type/ });
     assert.rejects(subtle.importKey(
       'pkcs8',
       rsaPrivate.export({ format: 'der', type: 'pkcs8' }),
       { name, hash: 'SHA-256', namedCurve: 'P-256' },
-      true, [privateUsage]), { message: /Invalid key type/ });
+      true, privateUsages), { message: /Invalid key type/ });
   }
 }