crypto: update webcrypto WPT

lib/internal/crypto/aes.js

@@ -230,13 +230,17 @@ async function aesGenerateKey(algorithm, extractable, keyUsages) {
   validateInteger(length, 'algorithm.length');
   validateOneOf(length, 'algorithm.length', kAesKeyLengths);
 
-  const usageSet = new SafeSet(keyUsages);
+  const checkUsages = ['wrapKey', 'unwrapKey'];
+  if (name !== 'AES-KW')
+    ArrayPrototypePush(checkUsages, 'encrypt', 'decrypt');
 
-  if (hasAnyNotIn(usageSet, ['encrypt', 'decrypt', 'wrapKey', 'unwrapKey'])) {
+  const usagesSet = new SafeSet(keyUsages);
+  if (hasAnyNotIn(usagesSet, checkUsages)) {
     throw lazyDOMException(
       'Unsupported key usage for an AES key',
       'SyntaxError');
   }
+
   return new Promise((resolve, reject) => {
     generateKey('aes', { length }, (err, key) => {
       if (err) {
@@ -249,7 +253,7 @@ async function aesGenerateKey(algorithm, extractable, keyUsages) {
       resolve(new InternalCryptoKey(
         key,
         { name, length },
-        ArrayFrom(usageSet),
+        ArrayFrom(usagesSet),
         extractable));
     });
   });

lib/internal/crypto/diffiehellman.js

@@ -3,7 +3,7 @@
 const {
   ArrayBufferPrototypeSlice,
   FunctionPrototypeCall,
-  MathFloor,
+  MathCeil,
   ObjectDefineProperty,
   Promise,
   SafeSet,
@@ -386,9 +386,9 @@ async function asyncDeriveBitsECDH(algorithm, baseKey, length) {
   if (length === null)
     return bits;
 
-  // If the length is not a multiple of 8, it will be truncated
-  // down to the nearest multiple of 8.
-  length = MathFloor(length / 8);
+  // If the length is not a multiple of 8 the nearest ceiled
+  // multiple of 8 is sliced.
+  length = MathCeil(length / 8);
   const { byteLength } = bits;
 
   // If the length is larger than the derived secret, throw.

lib/internal/crypto/hash.js

@@ -28,6 +28,10 @@ const {
   prepareSecretKey,
 } = require('internal/crypto/keys');
 
+const {
+  lazyDOMException,
+} = require('internal/util');
+
 const {
   Buffer,
 } = require('buffer');
@@ -171,11 +175,22 @@ async function asyncDigest(algorithm, data) {
   if (algorithm.length !== undefined)
     validateUint32(algorithm.length, 'algorithm.length');
 
-  return jobPromise(new HashJob(
-    kCryptoJobAsync,
-    normalizeHashName(algorithm.name),
-    data,
-    algorithm.length));
+  switch (algorithm.name) {
+    case 'SHA-1':
+      // Fall through
+    case 'SHA-256':
+      // Fall through
+    case 'SHA-384':
+      // Fall through
+    case 'SHA-512':
+      return jobPromise(new HashJob(
+        kCryptoJobAsync,
+        normalizeHashName(algorithm.name),
+        data,
+        algorithm.length));
+  }
+
+  throw lazyDOMException('Unrecognized name.', 'NotSupportedError');
 }
 
 module.exports = {

lib/internal/crypto/rsa.js

@@ -176,7 +176,7 @@ async function rsaKeyGenerate(
   return new Promise((resolve, reject) => {
     generateKeyPair('rsa', {
       modulusLength,
-      publicExponentConverted,
+      publicExponent: publicExponentConverted,
     }, (err, pubKey, privKey) => {
       if (err) {
         return reject(lazyDOMException(

lib/internal/crypto/webcrypto.js

@@ -89,6 +89,11 @@ async function generateKey(
   algorithm = normalizeAlgorithm(algorithm);
   validateBoolean(extractable, 'extractable');
   validateArray(keyUsages, 'keyUsages');
+  if (keyUsages.length === 0) {
+    throw lazyDOMException(
+      'Usages cannot be empty when creating a key',
+      'SyntaxError');
+  }
   switch (algorithm.name) {
     case 'RSASSA-PKCS1-v1_5':
       // Fall through

test/fixtures/wpt/README.md

@@ -28,7 +28,7 @@ Last update:
 - user-timing: https://github.com/web-platform-tests/wpt/tree/df24fb604e/user-timing
 - wasm/jsapi: https://github.com/web-platform-tests/wpt/tree/1dd414c796/wasm/jsapi
 - wasm/webapi: https://github.com/web-platform-tests/wpt/tree/fd1b23eeaa/wasm/webapi
-- WebCryptoAPI: https://github.com/web-platform-tests/wpt/tree/cdd0f03df4/WebCryptoAPI
+- WebCryptoAPI: https://github.com/web-platform-tests/wpt/tree/edca84af42/WebCryptoAPI
 - webidl/ecmascript-binding/es-exceptions: https://github.com/web-platform-tests/wpt/tree/a370aad338/webidl/ecmascript-binding/es-exceptions
 
 [Web Platform Tests]: https://github.com/web-platform-tests/wpt

test/fixtures/wpt/WebCryptoAPI/algorithm-discards-context.https.window.js

@@ -0,0 +1,213 @@
+// META: title=WebCryptoAPI: Properties discard the context in algorithm normalization
+
+let nextTest = 0;
+let tests = {};
+function closeChild(testId) {
+  if (tests[testId]) {
+    let {child, t} = tests[testId];
+    delete tests[testId];
+    document.body.removeChild(child);
+    t.done();
+  }
+}
+
+function runInChild(t, childScript) {
+  let testId = nextTest++;
+  const preamble = `
+let testId = ${testId};
+function closeChildOnAccess(obj, key) {
+  const oldValue = obj[key];
+  Object.defineProperty(obj, key, {get: () => {
+    top.closeChild(testId);
+    return oldValue;
+  }});
+}
+`;
+  childScript = preamble + childScript;
+
+  let child = document.createElement("iframe");
+  tests[testId] = {t, child};
+  document.body.appendChild(child);
+  let script = document.createElement("script");
+  script.textContent = childScript;
+  child.contentDocument.body.appendChild(script);
+}
+
+async_test((t) => {
+  const childScript = `
+let algorithm = {name: "AES-GCM", length: 128};
+closeChildOnAccess(algorithm, "name");
+crypto.subtle.generateKey(algorithm, true, ["encrypt", "decrypt"]);`;
+  runInChild(t, childScript);
+}, "Context is discarded in generateKey");
+
+async_test((t) => {
+  const childScript = `
+let algorithm = {name: "AES-GCM"};
+closeChildOnAccess(algorithm, "name");
+crypto.subtle.importKey("raw", new Uint8Array(16), algorithm, true,
+                        ["encrypt", "decrypt"]);`;
+  runInChild(t, childScript);
+}, "Context is discarded in importKey");
+
+async_test((t) => {
+  const childScript = `
+(async () => {
+  let key = await crypto.subtle.generateKey(
+     {name: "AES-GCM", length: 128}, true, ["encrypt", "decrypt"]);
+  let algorithm = {name: "AES-GCM", iv: new Uint8Array(12)};
+  closeChildOnAccess(algorithm, "name");
+  crypto.subtle.encrypt(algorithm, key, new Uint8Array());
+})();`;
+  runInChild(t, childScript);
+}, "Context is discarded in encrypt");
+
+async_test((t) => {
+  const childScript = `
+(async () => {
+  let key = await crypto.subtle.generateKey(
+     {name: "AES-GCM", length: 128}, true, ["encrypt", "decrypt"]);
+  let algorithm = {name: "AES-GCM", iv: new Uint8Array(12)};
+  let encrypted = await crypto.subtle.encrypt(algorithm, key, new Uint8Array());
+  closeChildOnAccess(algorithm, "name");
+  crypto.subtle.decrypt(algorithm, key, encrypted);
+})();`;
+  runInChild(t, childScript);
+}, "Context is discarded in decrypt");
+
+async_test((t) => {
+  const childScript = `
+let algorithm = {name: "SHA-256"};
+closeChildOnAccess(algorithm, "name");
+crypto.subtle.digest(algorithm, new Uint8Array());`;
+  runInChild(t, childScript);
+}, "Context is discarded in digest");
+
+async_test((t) => {
+  const childScript = `
+(async () => {
+  let key = await crypto.subtle.generateKey(
+      {name: "ECDSA", namedCurve: "P-256"}, true, ["sign", "verify"]);
+  let algorithm = {name: "ECDSA", hash: "SHA-256"};
+  closeChildOnAccess(algorithm, "name");
+  crypto.subtle.sign(algorithm, key.privateKey, new Uint8Array());
+})();`;
+  runInChild(t, childScript);
+}, "Context is discarded in sign");
+
+async_test((t) => {
+  const childScript = `
+(async () => {
+  let key = await crypto.subtle.generateKey(
+      {name: "ECDSA", namedCurve: "P-256"}, true, ["sign", "verify"]);
+  let algorithm = {name: "ECDSA", hash: "SHA-256"};
+  let data = new Uint8Array();
+  let signature = await crypto.subtle.sign(algorithm, key.privateKey, data);
+  closeChildOnAccess(algorithm, "name");
+  crypto.subtle.verify(algorithm, key.publicKey, signature, data);
+})();`;
+  runInChild(t, childScript);
+}, "Context is discarded in verify");
+
+async_test((t) => {
+  const childScript = `
+(async () => {
+  let key = await crypto.subtle.importKey(
+      "raw", new Uint8Array(16), "HKDF", false, ["deriveBits"]);
+  let algorithm = {
+      name: "HKDF",
+      hash: "SHA-256",
+      salt: new Uint8Array(),
+      info: new Uint8Array(),
+  };
+  closeChildOnAccess(algorithm, "name");
+  crypto.subtle.deriveBits(algorithm, key, 16);
+})();`;
+  runInChild(t, childScript);
+}, "Context is discarded in deriveBits");
+
+async_test((t) => {
+  const childScript = `
+(async () => {
+  let key = await crypto.subtle.importKey(
+      "raw", new Uint8Array(16), "HKDF", false, ["deriveKey"]);
+  let algorithm = {
+      name: "HKDF",
+      hash: "SHA-256",
+      salt: new Uint8Array(),
+      info: new Uint8Array(),
+  };
+  let derivedAlgorithm = {name: "AES-GCM", length: 128};
+  closeChildOnAccess(algorithm, "name");
+  crypto.subtle.deriveKey(algorithm, key, derivedAlgorithm, true,
+                          ["encrypt", "decrypt"]);
+})();`;
+  runInChild(t, childScript);
+}, "Context is discarded in deriveKey");
+
+async_test((t) => {
+  const childScript = `
+(async () => {
+  let key = await crypto.subtle.importKey(
+      "raw", new Uint8Array(16), "HKDF", false, ["deriveKey"]);
+  let algorithm = {
+      name: "HKDF",
+      hash: "SHA-256",
+      salt: new Uint8Array(),
+      info: new Uint8Array(),
+  };
+  let derivedAlgorithm = {name: "AES-GCM", length: 128};
+  closeChildOnAccess(derivedAlgorithm, "name");
+  crypto.subtle.deriveKey(algorithm, key, derivedAlgorithm, true,
+                          ["encrypt", "decrypt"]);
+})();`;
+  runInChild(t, childScript);
+}, "Context is discarded in deriveKey (2)");
+
+async_test((t) => {
+  const childScript = `
+(async () => {
+  let wrapKey = await crypto.subtle.generateKey(
+      {name: "AES-GCM", length: 128}, true, ["wrapKey", "unwrapKey"]);
+  let key = await crypto.subtle.generateKey(
+      {name: "AES-GCM", length: 128}, true, ["encrypt", "decrypt"]);
+  let wrapAlgorithm = {name: "AES-GCM", iv: new Uint8Array(12)};
+  closeChildOnAccess(wrapAlgorithm, "name");
+  crypto.subtle.wrapKey("raw", key, wrapKey, wrapAlgorithm);
+})();`;
+  runInChild(t, childScript);
+}, "Context is discarded in wrapKey");
+
+async_test((t) => {
+  const childScript = `
+(async () => {
+  let wrapKey = await crypto.subtle.generateKey(
+      {name: "AES-GCM", length: 128}, true, ["wrapKey", "unwrapKey"]);
+  let keyAlgorithm = {name: "AES-GCM", length: 128};
+  let keyUsages = ["encrypt", "decrypt"];
+  let key = await crypto.subtle.generateKey(keyAlgorithm, true, keyUsages);
+  let wrapAlgorithm = {name: "AES-GCM", iv: new Uint8Array(12)};
+  let wrapped = await crypto.subtle.wrapKey("raw", key, wrapKey, wrapAlgorithm);
+  closeChildOnAccess(wrapAlgorithm, "name");
+  crypto.subtle.unwrapKey(
+      "raw", wrapped, wrapKey, wrapAlgorithm, keyAlgorithm, true, keyUsages);
+})();`;
+  runInChild(t, childScript);
+}, "Context is discarded in unwrapKey");
+
+async_test((t) => {
+  const childScript = `
+(async () => {
+  let wrapKey = await crypto.subtle.generateKey(
+      {name: "AES-GCM", length: 128}, true, ["wrapKey", "unwrapKey"]);
+  let keyAlgorithm = {name: "AES-GCM", length: 128};
+  let keyUsages = ["encrypt", "decrypt"];
+  let key = await crypto.subtle.generateKey(keyAlgorithm, true, keyUsages);
+  let wrapAlgorithm = {name: "AES-GCM", iv: new Uint8Array(12)};
+  let wrapped = await crypto.subtle.wrapKey("raw", key, wrapKey, wrapAlgorithm);
+  closeChildOnAccess(keyAlgorithm, "name");
+  crypto.subtle.unwrapKey(
+      "raw", wrapped, wrapKey, wrapAlgorithm, keyAlgorithm, true, keyUsages);
+})();`;
+  runInChild(t, childScript);
+}, "Context is discarded in unwrapKey (2)");

test/fixtures/wpt/WebCryptoAPI/derive_bits_keys/cfrg_curves_bits.https.any.js

@@ -0,0 +1,9 @@
+// META: title=WebCryptoAPI: deriveBits() Using ECDH with CFRG Elliptic Curves
+// META: script=cfrg_curves_bits.js
+
+// Define subtests from a `promise_test` to ensure the harness does not
+// complete before the subtests are available. `explicit_done` cannot be used
+// for this purpose because the global `done` function is automatically invoked
+// by the WPT infrastructure in dedicated worker tests defined using the
+// "multi-global" pattern.
+promise_test(define_tests, 'setup - define tests');